Created
April 28, 2018 16:40
-
-
Save Saren-Arterius/b6e63b749a6befa705b98ab6f018506c to your computer and use it in GitHub Desktop.
anbox lxc 3.0 aur patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/src/anbox/container/lxc_container.cpp | |
| b/src/anbox/container/lxc_container.cpp | |
| index 962832b..6c5d3b9 100644 | |
| --- a/src/anbox/container/lxc_container.cpp | |
| +++ b/src/anbox/container/lxc_container.cpp | |
| @@ -65,24 +65,24 @@ void LxcContainer::setup_id_maps() { | |
| const auto base_id = unprivileged_user_id; | |
| const auto max_id = 65536; | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("u 0 %d %d", base_id, creds_.uid() - 1)); | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("g 0 %d %d", base_id, creds_.gid() - 1)); | |
| // We need to bind the user id for the one running the client side | |
| // process as he is the owner of various socket files we bind mount | |
| // into the container. | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("u %d %d 1", creds_.uid(), creds_.uid())); | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("g %d %d 1", creds_.gid(), creds_.gid())); | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("u %d %d %d", creds_.uid() + 1, | |
| base_id + creds_.uid() + 1, | |
| max_id - creds_.uid() - 1)); | |
| - set_config_item("lxc.id_map", | |
| + set_config_item("lxc.idmap", | |
| utils::string_format("g %d %d %d", creds_.uid() + 1, | |
| base_id + creds_.gid() + 1, | |
| max_id - creds_.gid() - 1)); | |
| @@ -188,42 +188,40 @@ void LxcContainer::start(const Configuration &configuration) { | |
| set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed"); | |
| set_config_item("lxc.autodev", "1"); | |
| - set_config_item("lxc.pts", "1024"); | |
| - set_config_item("lxc.tty", "0"); | |
| - set_config_item("lxc.utsname", "anbox"); | |
| + set_config_item("lxc.tty.max", "0"); | |
| + set_config_item("lxc.uts.name", "anbox"); | |
| set_config_item("lxc.group.devices.deny", ""); | |
| set_config_item("lxc.group.devices.allow", ""); | |
| // We can't move bind-mounts, so don't use /dev/lxc/ | |
| - set_config_item("lxc.devttydir", ""); | |
| + set_config_item("lxc.tty.dir", ""); | |
| set_config_item("lxc.environment", | |
| "PATH=/system/bin:/system/sbin:/system/xbin"); | |
| - set_config_item("lxc.init_cmd", "/anbox-init.sh"); | |
| - set_config_item("lxc.rootfs.backend", "dir"); | |
| + set_config_item("lxc.init.cmd", "/anbox-init.sh"); | |
| const auto rootfs_path = SystemConfiguration::instance().rootfs_dir(); | |
| DEBUG("Using rootfs path %s", rootfs_path); | |
| - set_config_item("lxc.rootfs", rootfs_path); | |
| + set_config_item("lxc.rootfs.path", rootfs_path); | |
| - set_config_item("lxc.loglevel", "0"); | |
| + set_config_item("lxc.log.level", "0"); | |
| const auto log_path = SystemConfiguration::instance().log_dir(); | |
| - set_config_item("lxc.logfile", utils::string_format("%s/container.log", log_path).c_str()); | |
| + set_config_item("lxc.log.file", utils::string_format("%s/container.log", log_path).c_str()); | |
| setup_network(); | |
| #if 0 | |
| // Android uses namespaces as well so we have to allow nested namespaces for LXC | |
| // which are otherwise forbidden by AppArmor. | |
| - set_config_item("lxc.aa_profile", "lxc-container-default-with-nesting"); | |
| + set_config_item("lxc.apparmor.profile", "lxc-container-default-with-nesting"); | |
| #else | |
| // FIXME: when using the nested profile we still get various denials from | |
| // things Android tries to do but isn't allowed to. We need to look into | |
| // those and see how we can switch back to a confined way of running the | |
| // container. | |
| - set_config_item("lxc.aa_profile", "unconfined"); | |
| + set_config_item("lxc.apparmor.profile", "unconfined"); | |
| #endif | |
| if (!privileged_) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Maintainer: Iwan Timmer <irtimmer@gmail.com> | |
| pkgname=('anbox-git' 'anbox-modules-dkms-git') | |
| _pkgname=anbox | |
| pkgver=r735.f68725c | |
| pkgrel=1 | |
| epoch=1 | |
| arch=('x86_64') | |
| url="http://anbox.io/" | |
| license=('GPL3') | |
| makedepends=('cmake' 'git' 'glm' 'dbus-cpp' 'lxc' 'sdl2_image' 'protobuf' 'boost' 'properties-cpp' 'gtest') | |
| source=("git+https://github.com/anbox/anbox.git" | |
| 'lxc3-0.patch' | |
| 'anbox-container-manager.service' | |
| 'anbox-session-manager.service' | |
| '99-anbox.rules' | |
| 'anbox.conf' | |
| 'anbox.desktop' | |
| 'anbox-bridge.network' | |
| 'anbox-bridge.netdev') | |
| sha256sums=('SKIP' | |
| 'SKIP' | |
| '5be94b63dc30d141f15ca7d1be6e3e81f26ef33f844614975537562f5d08236c' | |
| '1f22dbb5a3ca6925bbf62899cd0f0bbaa0b77c879adcdd12ff9d43adfa61b1d8' | |
| '210eb93342228168f7bb632c8b93d9bfda6f53f62459a6b74987fa1e17530475' | |
| '3e07dc524a827c1651857cce28a06c1565bc5188101c140ed213bbafedc5abff' | |
| '7332d09865be553a259a53819cebddd21f661c7a251d78c2f46acd75c66676b6' | |
| '44899328725667041e6e84912da81c1d0147b708006eb2c2bb6503f271629ff0' | |
| '559190df4d6d595480b30d8b13b862081fc4aac52790e33eb24cf7fbcb8003b8') | |
| pkgver() { | |
| cd "$srcdir/$_pkgname" | |
| ( set -o pipefail | |
| git describe --long 2>/dev/null | sed 's/\([^-]*-g\)/r\1/;s/-/./g' || | |
| printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" | |
| ) | |
| } | |
| prepare() { | |
| cd "$srcdir/${_pkgname}" | |
| patch -Np1 -i ../lxc3-0.patch | |
| # Don't build tests | |
| truncate -s 0 cmake/FindGMock.cmake | |
| truncate -s 0 tests/CMakeLists.txt | |
| # Fix loading translators | |
| sed -i 's/${CMAKE_INSTALL_PREFIX}\/${ANBOX_TRANSLATOR_INSTALL_DIR}/${ANBOX_TRANSLATOR_INSTALL_DIR}/' CMakeLists.txt | |
| # Fix usage of Python 2 | |
| sed -i 's:#!.*python$:&2:' scripts/*.py | |
| } | |
| build() { | |
| mkdir -p "$srcdir/${_pkgname}/build" | |
| cd "$srcdir/${_pkgname}/build" | |
| cmake .. -DCMAKE_INSTALL_LIBDIR=/usr/lib -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release | |
| make | |
| } | |
| package_anbox-git() { | |
| depends=('dbus-cpp' 'lxc' 'sdl2_image' 'protobuf' 'anbox-image') | |
| optdepends=('anbox-modules-dkms-git: Required Android kernel modules') | |
| pkgdesc="Running Android in a container" | |
| cd "$srcdir/${_pkgname}" | |
| make -C build DESTDIR="$pkgdir" install | |
| install -Dm 644 -t $pkgdir/usr/lib/systemd/system $srcdir/anbox-container-manager.service | |
| install -Dm 644 -t $pkgdir/usr/lib/systemd/user $srcdir/anbox-session-manager.service | |
| install -Dm 644 $srcdir/anbox-bridge.network $pkgdir/usr/lib/systemd/network/80-anbox-bridge.network | |
| install -Dm 644 $srcdir/anbox-bridge.netdev $pkgdir/usr/lib/systemd/network/80-anbox-bridge.netdev | |
| install -Dm 644 -t $pkgdir/usr/lib/udev/rules.d $srcdir/99-anbox.rules | |
| install -Dm 644 -t $pkgdir/usr/share/applications $srcdir/anbox.desktop | |
| install -Dm 644 snap/gui/icon.png $pkgdir/usr/share/pixmaps/anbox.png | |
| } | |
| package_anbox-modules-dkms-git() { | |
| pkgdesc="Required kernel module sources for Android" | |
| depends=('dkms') | |
| cd "$srcdir/${_pkgname}" | |
| modules=(ashmem binder) | |
| for mod in "${modules[@]}"; do | |
| install -dm 755 $pkgdir/usr/src | |
| cp -a kernel/$mod $pkgdir/usr/src/anbox-modules-$mod-$pkgver | |
| done; | |
| install -Dm 644 -t $pkgdir/usr/lib/modules-load.d $srcdir/anbox.conf | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment