epm repack: add fix_chrome_sandbox and use it

b1b652d5 · Vitaly Lipatov · cba62f35 · b1b652d5 · b1b652d5 · b1b652d5
Commit b1b652d5 authored Mar 26, 2022 by Vitaly Lipatov
7 changed files
--- a/play.d/teams.sh
+++ b/play.d/teams.sh
@@ -13,4 +13,3 @@ DESCRIPTION="Microsoft Teams for Linux from the official site"
 # epm uses eget to download * names
 epm install "https://packages.microsoft.com/repos/ms-teams/pool/main/t/teams/$(epm print constructname teams "*" amd64 deb)"
-chmod 4755 /opt/teams/chrome-sandbox
--- a/repack.d/common-chromium-browser.sh
+++ b/repack.d/common-chromium-browser.sh
@@ -112,3 +112,14 @@ add_bin_commands()
        subst "s|%files|%files\n/usr/bin/$PRODUCT|" $SPEC
    fi
 }
+fix_chrome_sandbox()
+{
+    local sandbox="$1"
+    # Set SUID for chrome-sandbox if userns_clone is not supported
+    userns_path='/proc/sys/kernel/unprivileged_userns_clone'
+    userns_val="$(cat $userns_path 2>/dev/null)"
+    [ "$userns_val" = '1' ] && return
+    [ -n "$sandbox" ] || sandbox=$PRODUCTDIR/chrome-sandbox
+    chmod 4755 $BUILDROOT/$sandbox
+}
--- a/repack.d/sferum.sh
+++ b/repack.d/sferum.sh
@@ -3,16 +3,13 @@
 BUILDROOT="$1"
 SPEC="$2"
-mkdir -p $BUILDROOT/usr/bin/
+PRODUCT=Sferum
+PRODUCTDIR=/opt/$PRODUCT
-# Link to the binary
-ln -s /opt/Sferum/sferum $BUILDROOT/usr/bin/sferum
+. $(dirname $0)/common-chromium-browser.sh
-# Set SUID for chrome-sandbox if userns_clone is not supported
+mkdir -p $BUILDROOT/usr/bin/
-userns_path='/proc/sys/kernel/unprivileged_userns_clone'
+ln -s $PRODUCTDIR/sferum $BUILDROOT/usr/bin/sferum
-userns_val="$(cat $userns_path 2>/dev/null)"
-[ "$userns_val" = '1' ] || chmod 4755 $BUILDROOT/opt/Sferum/chrome-sandbox
 subst 's|%files|%files\n/usr/bin/sferum|' $SPEC
+fix_chrome_sandbox
--- a/repack.d/skypeforlinux.sh
+++ b/repack.d/skypeforlinux.sh
@@ -5,19 +5,19 @@ BUILDROOT="$1"
 SPEC="$2"
 PRODUCT=skype
-# move binaries from /usr/share/PKGNAME to _libdir/PKGNAME
+PRODUCTDIR=/opt/skype
-#LIBDIR=$(rpmbuild --eval %_libdir 2>/dev/null)
-LIBDIR=/opt
+. $(dirname $0)/common-chromium-browser.sh
 # remove key install script
 rm -rvf $BUILDROOT/opt/skypeforlinux/
 subst "s|.*/opt/skypeforlinux/.*||" $SPEC
-mkdir -p $BUILDROOT$LIBDIR/
+mkdir -p $BUILDROOT$PRODUCTDIR/
-mv $BUILDROOT/usr/share/skypeforlinux/ $BUILDROOT$LIBDIR/$PRODUCT/
+mv $BUILDROOT/usr/share/skypeforlinux/* $BUILDROOT$PRODUCTDIR/
-subst "s|/usr/share/skypeforlinux|$LIBDIR/$PRODUCT|g" $SPEC
+subst "s|/usr/share/skypeforlinux|$PRODUCTDIR|g" $SPEC
-subst "s|^SKYPE_PATH=.*|SKYPE_PATH=$LIBDIR/$PRODUCT/skypeforlinux|" $BUILDROOT/usr/bin/skypeforlinux
+subst "s|^SKYPE_PATH=.*|SKYPE_PATH=$PRODUCTDIR/skypeforlinux|" $BUILDROOT/usr/bin/skypeforlinux
 subst '1iAutoProv:no' $SPEC
@@ -31,7 +31,4 @@ mkdir -p $BUILDROOT/usr/bin/
 ln -s /usr/bin/skypeforlinux $BUILDROOT/usr/bin/skype
 subst 's|%files|%files\n/usr/bin/skype|' $SPEC
-# Set SUID for chrome-sandbox if userns_clone is not supported
+fix_chrome_sandbox
-userns_path='/proc/sys/kernel/unprivileged_userns_clone'
-userns_val="$(cat $userns_path 2>/dev/null)"
-[ "$userns_val" = '1' ] || chmod 4755 $BUILDROOT/$LIBDIR/$PRODUCT/chrome-sandbox
--- a/repack.d/tamtam-app.sh
+++ b/repack.d/tamtam-app.sh
@@ -5,17 +5,15 @@ BUILDROOT="$1"
 SPEC="$2"
 PRODUCT=TamTam
-LIBDIR=/opt
+PRODUCTDIR=/opt/$PRODUCT
+. $(dirname $0)/common-chromium-browser.sh
 subst '1iAutoProv:no' $SPEC
 mkdir -p $BUILDROOT/usr/bin/
-ln -sf $LIBDIR/$PRODUCT/tamtam $BUILDROOT/usr/bin/tamtam
+ln -sf $PRODUCTDIRT/tamtam $BUILDROOT/usr/bin/tamtam
 subst "s|%files|%files\n%_bindir/tamtam|" $SPEC
+fix_chrome_sandbox
-# Set SUID for chrome-sandbox if userns_clone is not supported
-userns_path='/proc/sys/kernel/unprivileged_userns_clone'
-userns_val="$(cat $userns_path 2>/dev/null)"
-[ "$userns_val" = '1' ] || chmod 4755 $BUILDROOT/$LIBDIR/$PRODUCT/chrome-sandbox
--- a/repack.d/teams.sh
+++ b/repack.d/teams.sh
@@ -6,6 +6,9 @@ SPEC="$2"
 PRODUCT=teams
 LIBDIR=/opt
+PRODUCTDIR=/opt/teams
+. $(dirname $0)/common-chromium-browser.sh
 if [ "$($DISTRVENDOR -e)" = "ALTLinux/p8" ] ; then
    # drop unsupported binary
@@ -26,3 +29,5 @@ subst '1iAutoProv:no' $SPEC
 subst '1i%filter_from_requires /^libGLESv2.so().*/d' $SPEC
 subst '1i%filter_from_requires /^libEGL.so().*/d' $SPEC
 subst '1i%filter_from_requires /^libffmpeg.so().*/d' $SPEC
+fix_chrome_sandbox
--- a/repack.d/zoom.sh
+++ b/repack.d/zoom.sh
 #!/bin/sh -x
 # It will run with two args: buildroot spec
 BUILDROOT="$1"
 SPEC="$2"
+PRODUCT=zoom
+PRODUCTDIR=/opt/zoom
+. $(dirname $0)/common-chromium-browser.sh
 # TODO: s/freetype/libfreetype/
 # see https://bugzilla.altlinux.org/show_bug.cgi?id=38892
@@ -36,3 +40,5 @@ done
 rm -v $BUILDROOT/opt/zoom/QtQuick/Scene2D/libqtquickscene2dplugin.so $BUILDROOT/opt/zoom/QtQuick/Scene3D/libqtquickscene3dplugin.so
 subst 's|.*/opt/zoom/QtQuick/Scene2D/libqtquickscene2dplugin.so.*||' $SPEC
 subst 's|.*/opt/zoom/QtQuick/Scene3D/libqtquickscene3dplugin.so.*||' $SPEC
+fix_chrome_sandbox $PRODUCTDIR/cef