Creating nsjail RPM specification and build patch based on upstream-git branch

Upstream git was created with "nsjail 2021-07-07 version"
For Tizen RPM, additional patches were created based on the open source version

1) Linking to upstream-git branch - .gbs.conf
   : You can check the Tizen open source updating guide at https://wiki.tizen.org/Updating_packages

2) Creating kafel.tar.gz
   : Unfortunately, Tizen does not provide git tool at build time. (git-core package is required)
   : Thus, instead of using git submodule command, create kafel.tar.gz from the git submodule.
   : For your information, following patch is added for the kafel for fixing build error (TODO)

	+// Fix for Linux <3.12
	+#ifndef EM_ARM
	+#define EM_ARM 40
	+#endif
	+

3) NSJail requires 3.2.24 over libnl3 vesion.
   Unfortunately, current Tizen libnl3 version 3.2.22. (TODO)

diff --git a/.gbs.conf b/.gbs.conf
new file mode 100644 (file)
index 0000000..657a101
--- /dev/null
+++ b/.gbs.conf
@@ -0,0 +1,3 @@
+[general]
+upstream_branch = upstream-git
+upstream_tag = ${upstreamversion}

diff --git a/Makefile b/Makefile
index 9494732196e250538111f9df06bb499551ee3ed8..7722452da4c80fe0c6ed3276502b8f2a7ab5c08f 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -72,7 +72,8 @@ endif
 .PHONY: kafel_init
 kafel_init:
 ifeq ("$(wildcard kafel/Makefile)","")
-       git submodule update --init
+       tar xvfz kafel.tar.gz
+#      git submodule update --init
 endif
 
 kafel/include/kafel.h: kafel_init

diff --git a/kafel.tar.gz b/kafel.tar.gz
new file mode 100644 (file)
index 0000000..3b570ba
Binary files /dev/null and b/kafel.tar.gz differ

diff --git a/packaging/nsjail.spec b/packaging/nsjail.spec
new file mode 100644 (file)
index 0000000..250bc19
--- /dev/null
+++ b/packaging/nsjail.spec
@@ -0,0 +1,48 @@
+#
+# spec file for package nsjail
+#
+
+Name:           nsjail
+Version:        3.0.20210707 
+Release:       0
+Summary:        A light-weight process isolation tool
+License:        Apache-2.0
+Group:          System/Other
+URL:            https://nsjail.com
+Source0:        nsjail-%{version}.tar.gz
+#Source1:        kafel.tar.gz
+BuildRequires:  autoconf
+BuildRequires:  bison
+BuildRequires:  flex
+BuildRequires:  gcc-c++
+#BuildRequires:  git-core
+BuildRequires:  glibc-devel
+BuildRequires:  libnl3-devel
+BuildRequires:  make
+BuildRequires:  pkgconfig
+BuildRequires:  protobuf-devel
+
+%description
+A light-weight process isolation tool, making use of Linux namespaces and
+seccomp-bpf syscall filters (with help of the kafel bpf language)
+
+%prep
+%setup -q
+
+%build
+%define _lto_cflags %{nil}
+export CFLAGS="%{optflags}"
+export CXXFLAGS="$CFLAGS"
+make %{?_smp_mflags}
+
+%install
+mkdir -p %{buildroot}/%{_bindir}/
+cp nsjail %{buildroot}/%{_bindir}/
+
+%files
+%license LICENSE
+%{_bindir}/nsjail
+
+%changelog
+* Mon Jul 7 2021 Baik 
+ - Initial import of version latest version of nsjail - 2021-07-07 version