commit: 2dd5290ede8e9dc1941cdaac9999e827c64d6a6b
Author: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 6 19:09:00 2025 +0000
Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Wed Aug 6 19:10:07 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dd5290e
sys-apps/minijail: add 2025.07.02
Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
sys-apps/minijail/Manifest | 1 +
.../files/minijail-2025.07.02-makefile.patch | 56 ++++++++++++++
.../files/minijail-2025.07.02-no-werror.patch | 13 ++++
sys-apps/minijail/minijail-2025.07.02.ebuild | 87 ++++++++++++++++++++++
4 files changed, 157 insertions(+)
diff --git a/sys-apps/minijail/Manifest b/sys-apps/minijail/Manifest
index 068c3a1c0570..2446c4fc5bef 100644
--- a/sys-apps/minijail/Manifest
+++ b/sys-apps/minijail/Manifest
@@ -1,2 +1,3 @@
DIST minijail-17.tar.gz 212425 BLAKE2B
411a0e2f1af21dd689fa669f9658e78c3c3c6439fdbea01b41b1d0cb3cbc1dc017634177350a3d5392783201f80874ec2a1604ed2577dbf5d7dbdf584a087267
SHA512
4b9aa29a78f7525ffeedfb927f6b567044ff7c9d32ef0e6771ed2b5c2d47c7a14ccbe000efc988ce6bb4173c5a9ae734b222aac1a00fb0e60777d7dccc149acf
DIST minijail-18.tar.gz 223537 BLAKE2B
894cca4bd31b12e74a309a99d98eefe24f57e4dae186e79b5800b9857ef6b87c2094ead9a1788d00557d68b0d174bdf1e22f247ffb4fbb2d44a952a8df2c953d
SHA512
685f744b4783600b4c91ec678ae87dd9ae0138638e1e754520f406c203f4d92f6b510b1bcf1a921b9e93965026c461d6fe8e5efb5f90393a54ca27db7c8033e5
+DIST minijail-2025.07.02.tar.gz 241105 BLAKE2B
651bb53bcd1119a1a1ae6188af9140f1d258bec4664a5eb72b2991d8aa7e8bba0bfe2f7c165197cd5d28aae4d7b660ba67ce3b34591b0a19fe7984c61f656ed9
SHA512
322f76c60dace90243f5b8d7c13afad5526c138e1789c9b6377fcbde45fc773fa55c8d39402fe1710a456f9258eb1714dc5bd0dff8bdebcd5a72e5a652935e6a
diff --git a/sys-apps/minijail/files/minijail-2025.07.02-makefile.patch
b/sys-apps/minijail/files/minijail-2025.07.02-makefile.patch
new file mode 100644
index 000000000000..69b1e8c744bd
--- /dev/null
+++ b/sys-apps/minijail/files/minijail-2025.07.02-makefile.patch
@@ -0,0 +1,56 @@
+diff --git a/Makefile b/Makefile
+index 18d9259..612c797 100644
+--- a/Makefile
++++ b/Makefile
+@@ -119,9 +119,9 @@ GTEST_CXXFLAGS := -std=gnu++20
+ GTEST_LIBS := gtest.a
+ UNITTEST_DEPS += $(GTEST_LIBS)
+ else
+-GTEST_CXXFLAGS := $(shell gtest-config --cxxflags 2>/dev/null || \
++GTEST_CXXFLAGS ?= $(shell gtest-config --cxxflags 2>/dev/null || \
+ echo "-pthread")
+-GTEST_LIBS := $(shell gtest-config --libs 2>/dev/null || \
++GTEST_LIBS ?= $(shell gtest-config --libs 2>/dev/null || \
+ echo "-lgtest -pthread -lpthread")
+ endif
+ GTEST_CXXFLAGS += -DGTEST_REMOVE_LEGACY_TEST_CASEAPI_
+@@ -152,6 +152,7 @@ clean: CLEAN(minijail0)
+
+
+ CC_LIBRARY(libminijail.so): LDLIBS += -lcap
++CC_LIBRARY(libminijail.so): LDFLAGS += -Wl,-soname,libminijail.so
+ CC_LIBRARY(libminijail.so): $(CORE_OBJECT_FILES)
+ clean: CLEAN(libminijail.so)
+
+@@ -173,6 +174,7 @@ TEST(CXX_BINARY(libminijail_unittest)):
CC_LIBRARY(libminijailpreload.so)
+
+
+ CC_LIBRARY(libminijailpreload.so): LDLIBS += -lcap -ldl
++CC_LIBRARY(libminijailpreload.so): LDFLAGS +=
-Wl,-soname,libminijailpreload.so
+ CC_LIBRARY(libminijailpreload.so): libminijailpreload.o $(CORE_OBJECT_FILES)
+ clean: CLEAN(libminijailpreload.so)
+
+diff --git a/common.mk b/common.mk
+index dfaa8ca..4fbaa77 100644
+--- a/common.mk
++++ b/common.mk
+@@ -315,8 +315,8 @@ endif
+ # CXXFLAGS := -mahflag $(CXXFLAGS) # Prepend to the list
+ # CXXFLAGS := $(filter-out badflag,$(CXXFLAGS)) # Filter out a value
+ # The same goes for CFLAGS.
+-COMMON_CFLAGS-gcc := -fvisibility=internal -ggdb3 -Wa,--noexecstack
+-COMMON_CFLAGS-clang := -fvisibility=hidden -ggdb -Wimplicit-fallthrough \
++COMMON_CFLAGS-gcc := -fvisibility=internal -Wa,--noexecstack
++COMMON_CFLAGS-clang := -fvisibility=hidden -Wimplicit-fallthrough \
+ -Wstring-plus-int
+ # When a class is exported through __attribute__((visibility("default"))), we
+ # still want to eliminate symbols from inline class member functions to reduce
+@@ -333,7 +333,7 @@ CFLAGS += $(COMMON_CFLAGS) $(COMMON_CFLAGS-$(CDRIVER))
-std=gnu17
+ # We undefine _FORTIFY_SOURCE because some distros enable it by default in
+ # their toolchains. This makes the compiler issue warnings about redefines
+ # and our -Werror usage breaks it all.
+-CPPFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
++CPPFLAGS +=
+
+ # Enable large file support.
+ CPPFLAGS += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
diff --git a/sys-apps/minijail/files/minijail-2025.07.02-no-werror.patch
b/sys-apps/minijail/files/minijail-2025.07.02-no-werror.patch
new file mode 100644
index 000000000000..8715711760b0
--- /dev/null
+++ b/sys-apps/minijail/files/minijail-2025.07.02-no-werror.patch
@@ -0,0 +1,13 @@
+diff --git a/common.mk b/common.mk
+index 3b52a6d..1f27264 100644
+--- a/common.mk
++++ b/common.mk
+@@ -325,7 +325,7 @@ COMMON_CFLAGS-clang := -fvisibility=hidden -ggdb
-Wimplicit-fallthrough \
+ COMMON_CFLAGS := -Wall -Wunused -Wno-unused-parameter -Wunreachable-code \
+ -Wbool-operation -Wstring-compare $(call check_cc,-Wxor-used-as-pow) \
+ -Wint-in-bool-context -Wfree-nonheap-object \
+- -Werror -Wformat=2 -fno-strict-aliasing \
++ -Wformat=2 -fno-strict-aliasing \
+ $(SSP_CFLAGS) -O1
+ CXXFLAGS += $(COMMON_CFLAGS) $(COMMON_CFLAGS-$(CXXDRIVER)) -std=gnu++20 \
+ -fvisibility-inlines-hidden
diff --git a/sys-apps/minijail/minijail-2025.07.02.ebuild
b/sys-apps/minijail/minijail-2025.07.02.ebuild
new file mode 100644
index 000000000000..b26d23c6203b
--- /dev/null
+++ b/sys-apps/minijail/minijail-2025.07.02.ebuild
@@ -0,0 +1,87 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit linux-info toolchain-funcs
+
+DESCRIPTION="helper binary and library for sandboxing & restricting privs of
service"
+HOMEPAGE="
+ https://android.googlesource.com/platform/external/minijail
+ https://github.com/google/minijail
+"
+# Use GitHub mirror as Gitiles doesn't generate stable tarballs.
+SRC_URI="https://github.com/google/${PN}/archive/linux-v${PV}.tar.gz ->
${P}.tar.gz"
+S="${WORKDIR}/${PN}-linux-v${PV}"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~riscv ~x86"
+IUSE="+seccomp test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+ sys-libs/libcap-ng:=
+"
+DEPEND="
+ ${RDEPEND}
+ test? (
+ >=dev-cpp/gtest-1.8.0:=
+ )
+"
+BDEPEND="
+ test? (
+ virtual/pkgconfig
+ )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-2025.07.02-makefile.patch"
+ "${FILESDIR}/${PN}-2025.07.02-no-werror.patch"
+)
+
+pkg_pretend() {
+ local CONFIG_CHECK="~NAMESPACES ~UTS_NS ~IPC_NS ~USER_NS ~PID_NS ~NET_NS
+ ~SECCOMP ~SECCOMP_FILTER ~CGROUPS"
+ check_extra_config
+}
+
+src_configure() {
+ export LIBDIR="/usr/$(get_libdir)"
+ export USE_seccomp="$(usex seccomp)"
+ export USE_SYSTEM_GTEST=yes
+ if use test; then
+ export GTEST_CXXFLAGS="$($(tc-getPKG_CONFIG) --cflags
gtest_main)"
+ export GTEST_LIBS="$($(tc-getPKG_CONFIG) --libs gtest_main)"
+ else
+ export GTEST_CXXFLAGS='' GTEST_LIBS=''
+ fi
+ export VERBOSE=1
+}
+
+src_compile() {
+ tc-env_build emake all parse_seccomp_policy
+}
+
+src_test() {
+
GTEST_FILTER="-NamespaceTest.test_tmpfs_userns:NamespaceTest.test_namespaces" \
+ tc-env_build emake tests
+}
+
+src_install() {
+ dosbin minijail0
+ dolib.so libminijail{,preload}.so
+ dobin parse_seccomp_policy
+
+ doman minijail0.[15]
+ dodoc README.md
+
+ local include_dir="/usr/include"
+
+ "${S}"/platform2_preinstall.sh "${PV}" "${include_dir}"
+ insinto "/usr/$(get_libdir)/pkgconfig"
+ doins libminijail.pc
+
+ insinto "${include_dir}"
+ doins libminijail.h scoped_minijail.h
+}
