A sr.ht/qemu-minimal-static/80-kvm.rules => sr.ht/qemu-minimal-static/80-kvm.rules +1 -0
@@ 0,0 1,1 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0666"
A sr.ht/qemu-minimal-static/APKBUILD => sr.ht/qemu-minimal-static/APKBUILD +82 -0
@@ 0,0 1,82 @@
+# Maintainer: Drew DeVault <sir@cmpwn.com>
+pkgname=qemu-minimal-static
+pkgver=4.2.0
+pkgrel=0
+pkgdesc="A stripped down, chrooted version of qemu for untrusted guests"
+url="https://qemu.org/"
+arch="all"
+license="GPL-2.0 LGPL-2"
+makedepends="
+ glib-dev
+ glib-static
+ libaio-dev
+ libcap-dev
+ libcap-ng-dev
+ linux-headers
+ lzo-dev
+ perl
+ pixman-static
+ pixman-dev
+ python3
+ texinfo
+ util-linux-dev
+ vde2-dev
+ zlib-dev
+ zlib-static
+ "
+install="$pkgname.pre-install"
+options="suid !strip !check" # strip fails on .img files; suid for chroot binary
+source="
+ https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz
+ 80-kvm.rules
+ qemu-chroot.c
+"
+builddir="$srcdir/qemu-$pkgver"
+
+prepare() {
+ default_prepare
+ sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \
+ Makefile.target
+}
+
+build() {
+ ./configure \
+ --prefix=/ \
+ --static \
+ --python=/usr/bin/python3 \
+ --audio-drv-list="" \
+ --disable-docs \
+ --disable-debug-info \
+ --disable-opengl \
+ --disable-virglrenderer \
+ --disable-vte \
+ --disable-gtk \
+ --disable-sdl \
+ --disable-bluez \
+ --disable-spice \
+ --disable-vnc \
+ --disable-curses \
+ --disable-xen \
+ --disable-smartcard \
+ --disable-libnfs \
+ --disable-libusb \
+ --disable-glusterfs \
+ --disable-tools \
+ --disable-werror \
+ --target-list="x86_64-softmmu,i386-softmmu,aarch64-softmmu,arm-softmmu,ppc64-softmmu,s390x-softmmu,riscv64-softmmu,mips-softmmu,mipsel-softmmu,mips64el-softmmu"
+ cc -o qemu-chroot "$srcdir"/qemu-chroot.c
+}
+
+package() {
+ make DESTDIR="$pkgdir/usr/lib/qemu-minimal-static" install
+ install -Dm644 "$srcdir"/80-kvm.rules \
+ "$pkgdir"/lib/udev/rules.d/80-kvm.rules
+ mkdir -p "$pkgdir"/usr/bin
+ install -Dm755 qemu-chroot "$pkgdir"/usr/bin/qemu-chroot
+ chmod a+s "$pkgdir"/usr/bin/qemu-chroot
+ rm "$pkgdir"/usr/lib/qemu-minimal-static/libexec/qemu-bridge-helper
+}
+
+sha512sums="2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56 qemu-4.2.0.tar.xz
+9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2 80-kvm.rules
+731b946f0c2fe188b8c4f7c96758359d86995d6ea45a8476c0e741268d03c7b65c0507f9298309224810558c825ee03bba13e8ebef0ee7d6dbd9e8194990312b qemu-chroot.c"
A sr.ht/qemu-minimal-static/qemu-chroot.c => sr.ht/qemu-minimal-static/qemu-chroot.c +41 -0
@@ 0,0 1,41 @@
+#define _XOPEN_SOURCE
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <unistd.h>
+
+int chroot(char *path);
+
+void check(int p, char *ctx) {
+ if (p) {
+ return;
+ }
+ fprintf(stderr, "%s: %s\n", ctx, strerror(errno));
+ exit(1);
+}
+
+int main(int argc, char *argv[]) {
+ struct passwd *nobody = getpwnam("nobody");
+ check(nobody != NULL, "getpwnam");
+
+ int r;
+ r = chroot("/usr/lib/qemu-minimal-static");
+ check(r == 0, "chroot");
+
+ r = setgid(nobody->pw_gid);
+ check(r == 0, "setgid");
+ r = setegid(nobody->pw_gid);
+ check(r == 0, "setegid");
+ r = setuid(nobody->pw_uid);
+ check(r == 0, "setuid");
+ r = seteuid(nobody->pw_uid);
+ check(r == 0, "seteuid");
+
+ r = execv(argv[1], &argv[1]);
+ check(r == 0, "execv");
+ return 1;
+}
A sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install => sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install +7 -0
@@ 0,0 1,7 @@
+#!/bin/sh
+
+addgroup -S -g 34 kvm 2>/dev/null
+addgroup -S -g 36 qemu 2>/dev/null
+adduser -S -u 36 -G kvm -s /sbin/nologin qemu
+
+exit 0