tools: add fakeroot

SELinux support requires setting the appropriate SELinux security context
to files and directories, which needs to happen at build time in order
to support read-only root filesystem scenarios. In order to create these
security contexts, we will have to run some SELinux-specific tools on
the host machine, but that requires root access. This adds support for
fakeroot, which the build process will use to run the SELinux security
context creation and the image creation.

Signed-off-by: Thomas Petazzoni <[email protected]>

Apply to current master, and adjust commit message

Thomas' original work is available at
http://lists.infradead.org/pipermail/openwrt-devel/2019-November/025976.html.

Signed-off-by: W. Michael Petullo <[email protected]>
[add rules.mk FAKEROOT variable]
Signed-off-by: Paul Spooren <[email protected]>
[update, fix macos build]
Signed-off-by: Felix Fietkau <[email protected]>

rules.mk

@@ -264,6 +264,7 @@ endif
 
 BUILD_KEY=$(TOPDIR)/key-build
 
+FAKEROOT:=$(STAGING_DIR_HOST)/bin/fakeroot
 TARGET_CC:=$(TARGET_CROSS)gcc
 TARGET_CXX:=$(TARGET_CROSS)g++
 KPATCH:=$(SCRIPT_DIR)/patch-kernel.sh

tools/Makefile

@@ -26,7 +26,7 @@ tools-y += m4 libtool autoconf autoconf-archive automake flex bison pkgconf mkli
 tools-y += sstrip make-ext4fs e2fsprogs mtd-utils mkimage
 tools-y += firmware-utils patch-image quilt padjffs2
 tools-y += mm-macros missing-macros cmake bc findutils gengetopt patchelf
-tools-y += mtools dosfstools libressl
+tools-y += mtools dosfstools libressl fakeroot
 tools-$(CONFIG_TARGET_orion_generic) += wrt350nv2-builder upslug2
 tools-$(CONFIG_TARGET_x86) += qemu
 tools-$(CONFIG_TARGET_mxs) += elftosb sdimage

tools/fakeroot/Makefile

@@ -0,0 +1,20 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fakeroot
+PKG_VERSION:=1.24
+
+PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).orig.tar.gz
+PKG_SOURCE_URL:=http://deb.debian.org/debian/pool/main/f/fakeroot
+PKG_HASH:=2e045b3160370b8ab4d44d1f8d267e5d1d555f1bb522d650e7167b09477266ed
+
+include $(INCLUDE_DIR)/host-build.mk
+
+HOST_CONFIGURE_VARS += \
+	ac_cv_header_sys_capability_h=no \
+	ac_cv_func_capset=no
+
+$(eval $(call HostBuild))

tools/fakeroot/patches/100-portability.patch

@@ -0,0 +1,112 @@
+--- a/libfakeroot.c
++++ b/libfakeroot.c
+@@ -110,8 +110,16 @@
+ #define INT_NEXT_FSTATAT(a,b,c,d) NEXT_FSTATAT(_STAT_VER,a,b,c,d)
+ #define INT_SEND_STAT(a,b) SEND_STAT(a,b,_STAT_VER)
+ #define INT_SEND_GET_XATTR(a,b) SEND_GET_XATTR(a,b,_STAT_VER)
++
++/* 10.10 uses id_t in getpriority/setpriority calls, so pretend
++   id_t is used everywhere, just happens to be int on some OSes */
++#ifndef _ID_T
++#define _ID_T
++typedef int id_t;
++#endif
+ #endif
+
++#include <sys/types.h>
+ #include <stdlib.h>
+ #include <sys/ipc.h>
+ #include <sys/msg.h>
+@@ -123,7 +131,6 @@
+ #include <unistd.h>
+ #include <dirent.h>
+ #include <errno.h>
+-#include <sys/types.h>
+ #ifdef HAVE_SYS_ACL_H
+ #include <sys/acl.h>
+ #endif /* HAVE_SYS_ACL_H */
+@@ -1894,7 +1901,7 @@ ssize_t fremovexattr(int fd, const char
+ }
+ #endif /* HAVE_FREMOVEXATTR */
+
+-int setpriority(int which, int who, int prio){
++int setpriority(int which, id_t who, int prio){
+   if (fakeroot_disabled)
+     return next_setpriority(which, who, prio);
+   next_setpriority(which, who, prio);
+@@ -2426,3 +2433,19 @@ int sysinfo(int command, char *buf, long
+     }
+ }
+ #endif
++
++#ifdef HAVE_OPENAT
++int openat(int dir_fd, const char *pathname, int flags, ...)
++{
++	mode_t mode;
++
++    if (flags & O_CREAT) {
++        va_list args;
++        va_start(args, flags);
++        mode = va_arg(args, int);
++        va_end(args);
++    }
++
++    return next_openat(dir_fd, pathname, flags, mode);
++}
++#endif
+--- a/wrapfunc.inp
++++ b/wrapfunc.inp
+@@ -145,7 +145,7 @@ setfsgid;gid_t;(gid_t fsgid);(fsgid)
+ #endif /* HAVE_SETFSGID */
+ initgroups;int;(const char *user, INITGROUPS_SECOND_ARG group);(user, group)
+ setgroups;int;(SETGROUPS_SIZE_TYPE size, const gid_t *list);(size, list)
+-setpriority;int;(int which, int who, int prio);(which, who, prio)
++setpriority;int;(int which, id_t who, int prio);(which, who, prio)
+ #ifdef HAVE_CAPSET
+ capset;int;(cap_user_header_t hdrp, const cap_user_data_t datap);(hdrp, datap)
+ #endif /* HAVE_CAPSET */
+@@ -197,7 +197,7 @@ fchownat;int;(int dir_fd, const char *pa
+ mkdirat;int;(int dir_fd, const char *pathname, mode_t mode);(dir_fd, pathname, mode)
+ #endif /* HAVE_MKDIRAT */
+ #ifdef HAVE_OPENAT
+-openat;int;(int dir_fd, const char *pathname, int flags);(dir_fd, pathname, flags)
++openat;int;(int dir_fd, const char *pathname, int flags, mode_t mode);(dir_fd, pathname, flags, mode);;(int dir_fd, const char *pathname, int flags, ...)
+ #endif /* HAVE_OPENAT */
+ #ifdef HAVE_RENAMEAT
+ renameat;int;(int olddir_fd, const char *oldpath, int newdir_fd, const char *newpath);(olddir_fd, oldpath, newdir_fd, newpath)
+--- a/wrapawk_macosx
++++ b/wrapawk_macosx
+@@ -46,26 +46,30 @@ BEGIN{
+   argtype=$3;
+   argname=$4;
+   MACRO=$5;
++  argtype_def=$6
++  if(!argtype_def) {
++    argtype_def = argtype
++  }
+   if(MACRO){
+     print "extern " ret " MY_DEF(" name ")" argtype " __attribute__((visibility(\"hidden\")));" > headerfile;
+     print "INTERPOSE(MY_DEF(" name "_RAW)," name "_RAW);"   > structfile;
+     print "#undef " name                      > deffile
+     print "#define " name " MY_DEF(" name "_RAW)" > deffile
+
+-    print "extern " ret, name, argtype ";"              > tmpffile;
++    print "extern " ret, name, argtype_def ";"          > tmpffile;
+     print "static __inline__ " ret " NEXT_" MACRO "_NOARG " argtype " __attribute__((always_inline));" > tmpffile;
+     print "static __inline__ " ret " NEXT_" MACRO "_NOARG " argtype " {" > tmpffile;
+     print "  return " name, argname ";"                 > tmpffile;
+     print "}"                                           > tmpffile;
+     print ""                                            > tmpffile;
+   } else {
+-    print "extern " ret " my_" name, argtype " __attribute__((visibility(\"hidden\")));" > headerfile;
++    print "extern " ret " my_" name, argtype_def " __attribute__((visibility(\"hidden\")));" > headerfile;
+     print "#undef " name                                > structfile;
+     print "INTERPOSE(my_" name "," name ");"            > structfile;
+     print "#define " name " my_" name                   > structfile
+     print "#define " name " my_" name                   > deffile
+
+-    print "extern " ret, name, argtype ";"              > tmpffile;
++    print "extern " ret, name, argtype_def ";"          > tmpffile;
+     if(argname){
+         print "static __inline__ " ret " next_" name, argtype " __attribute__((always_inline));" > tmpffile;
+         print "static __inline__ " ret " next_" name, argtype " {" > tmpffile;