From 2f15413f0d65dc26e67f525a9f4ba6538dfb8a11 Mon Sep 17 00:00:00 2001
From: Drew DeVault <sir@cmpwn.com>
Date: Fri, 6 Mar 2020 19:22:19 -0500
Subject: [PATCH] qemu-minimal-static: new aport

---
 sr.ht/qemu-minimal-static/80-kvm.rules        |  1 +
 sr.ht/qemu-minimal-static/APKBUILD            | 82 +++++++++++++++++++
 sr.ht/qemu-minimal-static/qemu-chroot.c       | 41 ++++++++++
 .../qemu-minimal-static.pre-install           |  7 ++
 4 files changed, 131 insertions(+)
 create mode 100644 sr.ht/qemu-minimal-static/80-kvm.rules
 create mode 100644 sr.ht/qemu-minimal-static/APKBUILD
 create mode 100644 sr.ht/qemu-minimal-static/qemu-chroot.c
 create mode 100644 sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install

diff --git a/sr.ht/qemu-minimal-static/80-kvm.rules b/sr.ht/qemu-minimal-static/80-kvm.rules
new file mode 100644
index 0000000..e61b48f
--- /dev/null
+++ b/sr.ht/qemu-minimal-static/80-kvm.rules
@@ -0,0 +1 @@
+KERNEL=="kvm", GROUP="kvm", MODE="0666"
diff --git a/sr.ht/qemu-minimal-static/APKBUILD b/sr.ht/qemu-minimal-static/APKBUILD
new file mode 100644
index 0000000..92a73e1
--- /dev/null
+++ b/sr.ht/qemu-minimal-static/APKBUILD
@@ -0,0 +1,82 @@
+# Maintainer: Drew DeVault <sir@cmpwn.com>
+pkgname=qemu-minimal-static
+pkgver=4.2.0
+pkgrel=0
+pkgdesc="A stripped down, chrooted version of qemu for untrusted guests"
+url="https://qemu.org/"
+arch="all"
+license="GPL-2.0 LGPL-2"
+makedepends="
+	glib-dev
+	glib-static
+	libaio-dev
+	libcap-dev
+	libcap-ng-dev
+	linux-headers
+	lzo-dev
+	perl
+	pixman-static
+	pixman-dev
+	python3
+	texinfo
+	util-linux-dev
+	vde2-dev
+	zlib-dev
+	zlib-static
+	"
+install="$pkgname.pre-install"
+options="suid !strip !check" # strip fails on .img files; suid for chroot binary
+source="
+	https://wiki.qemu-project.org/download/qemu-$pkgver.tar.xz
+	80-kvm.rules
+	qemu-chroot.c
+"
+builddir="$srcdir/qemu-$pkgver"
+
+prepare() {
+	default_prepare
+	sed -i 's/^VL_LDFLAGS=$/VL_LDFLAGS=-Wl,-z,execheap/' \
+		Makefile.target
+}
+
+build() {
+	./configure \
+		--prefix=/ \
+		--static \
+		--python=/usr/bin/python3 \
+		--audio-drv-list="" \
+		--disable-docs \
+		--disable-debug-info \
+		--disable-opengl \
+		--disable-virglrenderer \
+		--disable-vte \
+		--disable-gtk \
+		--disable-sdl \
+		--disable-bluez \
+		--disable-spice \
+		--disable-vnc \
+		--disable-curses \
+		--disable-xen \
+		--disable-smartcard \
+		--disable-libnfs \
+		--disable-libusb \
+		--disable-glusterfs \
+		--disable-tools \
+		--disable-werror \
+		--target-list="x86_64-softmmu,i386-softmmu,aarch64-softmmu,arm-softmmu,ppc64-softmmu,s390x-softmmu,riscv64-softmmu,mips-softmmu,mipsel-softmmu,mips64el-softmmu"
+	cc -o qemu-chroot "$srcdir"/qemu-chroot.c
+}
+
+package() {
+	make DESTDIR="$pkgdir/usr/lib/qemu-minimal-static" install
+	install -Dm644 "$srcdir"/80-kvm.rules \
+		"$pkgdir"/lib/udev/rules.d/80-kvm.rules
+	mkdir -p "$pkgdir"/usr/bin
+	install -Dm755 qemu-chroot "$pkgdir"/usr/bin/qemu-chroot
+	chmod a+s "$pkgdir"/usr/bin/qemu-chroot
+	rm "$pkgdir"/usr/lib/qemu-minimal-static/libexec/qemu-bridge-helper
+}
+
+sha512sums="2a79973c2b07c53e8c57a808ea8add7b6b2cbca96488ed5d4b669ead8c9318907dec2b6109f180fc8ca8f04c0f73a56e82b3a527b5626b799d7e849f2474ec56  qemu-4.2.0.tar.xz
+9b7a89b20fcf737832cb7b4d5dc7d8301dd88169cbe5339eda69fbb51c2e537d8cb9ec7cf37600899e734209e63410d50d0821bce97e401421db39c294d97be2  80-kvm.rules
+731b946f0c2fe188b8c4f7c96758359d86995d6ea45a8476c0e741268d03c7b65c0507f9298309224810558c825ee03bba13e8ebef0ee7d6dbd9e8194990312b  qemu-chroot.c"
diff --git a/sr.ht/qemu-minimal-static/qemu-chroot.c b/sr.ht/qemu-minimal-static/qemu-chroot.c
new file mode 100644
index 0000000..6ee9814
--- /dev/null
+++ b/sr.ht/qemu-minimal-static/qemu-chroot.c
@@ -0,0 +1,41 @@
+#define _XOPEN_SOURCE
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <unistd.h>
+
+int chroot(char *path);
+
+void check(int p, char *ctx) {
+	if (p) {
+		return;
+	}
+	fprintf(stderr, "%s: %s\n", ctx, strerror(errno));
+	exit(1);
+}
+
+int main(int argc, char *argv[]) {
+	struct passwd *nobody = getpwnam("nobody");
+	check(nobody != NULL, "getpwnam");
+
+	int r;
+	r = chroot("/usr/lib/qemu-minimal-static");
+	check(r == 0, "chroot");
+
+	r = setgid(nobody->pw_gid);
+	check(r == 0, "setgid");
+	r = setegid(nobody->pw_gid);
+	check(r == 0, "setegid");
+	r = setuid(nobody->pw_uid);
+	check(r == 0, "setuid");
+	r = seteuid(nobody->pw_uid);
+	check(r == 0, "seteuid");
+
+	r = execv(argv[1], &argv[1]);
+	check(r == 0, "execv");
+	return 1;
+}
diff --git a/sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install b/sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install
new file mode 100644
index 0000000..19ed30d
--- /dev/null
+++ b/sr.ht/qemu-minimal-static/qemu-minimal-static.pre-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+addgroup -S -g 34 kvm 2>/dev/null
+addgroup -S -g 36 qemu 2>/dev/null
+adduser -S -u 36 -G kvm -s /sbin/nologin qemu
+
+exit 0
-- 
2.45.2