+32 -17

bin/docker.ml

··· 1 1 + open Dockerfile 2 2 + 1 3 let platform = function 2 2 - | "x86_64" 3 3 - | "amd64" -> 4 4 - "linux/amd64" 5 5 - | "i386" 6 6 - | "i686" -> 7 7 - "linux/386" 8 8 - | "aarch64" 9 9 - | "arm64" -> 10 10 - "linux/arm64" 4 4 + | "x86_64" | "amd64" -> "linux/amd64" 5 5 + | "i386" | "i486" | "i586" | "i686" -> "linux/386" 6 6 + | "aarch64" -> "linux/arm64" 11 7 | "armv7l" -> "linux/arm/v7" 8 8 + | "armv6l" -> "linux/arm/v6" 9 9 + | "ppc64le" -> "linux/ppc64le" 10 10 + | "riscv64" -> "linux/riscv64" 11 11 + | "s390x" -> "linux/s390x" 12 12 | arch -> "linux/" ^ arch 13 13 14 14 + let opam ~(config : Config.t) base_image = 15 15 + from ~platform:(platform config.arch) ~alias:"opam-builder" base_image 16 16 + @@ run "apt update && apt install -y build-essential git curl libcap-dev sudo" 17 17 + @@ run "git clone --depth 1 --branch 2.4.1 https://github.com/ocaml/opam.git /tmp/opam" 18 18 + @@ workdir "/tmp/opam" 19 19 + @@ run "make cold" 20 20 + @@ run "make install" 21 21 + 22 22 + let opam_build ~(config : Config.t) base_image = 23 23 + from ~platform:(platform config.arch) ~alias:"opam-build-builder" base_image 24 24 + @@ run "apt update && apt install -y build-essential git curl unzip bubblewrap" 25 25 + @@ copy ~from:"opam-builder" ~src:[ "/usr/local/bin/opam" ] ~dst:"/usr/local/bin/opam" () 26 26 + @@ run "opam init --disable-sandboxing -a --bare -y" 27 27 + @@ run "git clone --depth 1 --branch master https://github.com/mtelvers/opam-build.git /tmp/opam-build" 28 28 + @@ workdir "/tmp/opam-build" 29 29 + @@ run "opam switch create . 5.3.0 --deps-only -y" 30 30 + @@ run "opam exec -- dune build --release" 31 31 + @@ run "install -m 755 _build/default/bin/main.exe /usr/local/bin/opam-build" 32 32 + 14 33 let debian ~(config : Config.t) ~temp_dir _opam_repository build_log uid gid = 15 34 let base_image = Printf.sprintf "%s:%s" config.os_distribution config.os_version in 16 35 let dockerfile = 17 17 - let open Dockerfile in 18 18 - from ~platform:(platform config.arch) base_image 36 36 + (opam ~config base_image) @@ (opam_build ~config base_image) 37 37 + @@ from ~platform:(platform config.arch) base_image 19 38 @@ run "apt update && apt upgrade -y" 20 39 @@ run "apt install build-essential unzip bubblewrap git sudo curl rsync -y" 21 21 - @@ run "curl -L https://github.com/ocaml/opam/releases/download/2.3.0/opam-2.3.0-%s-linux -o /usr/local/bin/opam && chmod +x /usr/local/bin/opam" 22 22 - config.arch 23 23 - @@ run 24 24 - "curl -L https://github.com/mtelvers/opam-build/releases/download/1.3.0/opam-build-1.3.0-%s-linux -o /usr/local/bin/opam-build && chmod +x \ 25 25 - /usr/local/bin/opam-build" 26 26 - config.arch 40 40 + @@ copy ~from:"opam-builder" ~src:[ "/usr/local/bin/opam" ] ~dst:"/usr/local/bin/opam" () 41 41 + @@ copy ~from:"opam-build-builder" ~src:[ "/usr/local/bin/opam-build" ] ~dst:"/usr/local/bin/opam-build" () 27 42 @@ run "echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections" 28 43 @@ run "if getent passwd %i; then userdel -r $(id -nu %i); fi" uid uid 29 44 @@ run "groupadd --gid %i opam" gid

+9 -14

bin/linux.ml

··· 1 1 type t = { 2 2 config : Config.t; 3 3 - running_as_root : bool; 4 3 uid : int; 5 4 gid : int; 6 5 } ··· 143 142 ] 144 143 145 144 let init ~(config : Config.t) = 146 146 - let running_as_root = Unix.geteuid () = 0 in 147 147 - { config; running_as_root; uid = 1000; gid = 1000 } 145 145 + (* If the effective UID is 0 but the actual UID is <> 0 then we have a SUID binary *) 146 146 + (* Set the actual UID to 0, as SUID is not inherited *) 147 147 + if Unix.geteuid () = 0 && Unix.getuid () <> 0 then Unix.setuid 0; 148 148 + if Unix.getegid () = 0 && Unix.getgid () <> 0 then Unix.setgid 0; 149 149 + { config; uid = 1000; gid = 1000 } 148 150 149 151 let deinit ~t:_ = () 150 152 let config ~t = t.config ··· 199 201 in 200 202 let () = 201 203 let packages_dir = Path.(lowerdir / "home" / "opam" / ".opam" / "default" / ".opam-switch" / "packages") in 202 202 - let state_dir = Path.(upperdir / "home" / "opam" / ".opam" / "default" / ".opam-switch") in 203 203 - let state_temp = Path.(temp_dir / "switch-state") in 204 204 - match Sys.file_exists packages_dir with 205 205 - | false -> () 206 206 - | true -> 207 207 - Opamh.dump_state packages_dir state_temp; 208 208 - Os.mkdir ~parents:true state_dir; 209 209 - ignore(Os.sudo ["mv"; "-f"; state_temp; state_dir]) 204 204 + let state_file = Path.(upperdir / "home" / "opam" / ".opam" / "default" / ".opam-switch" / "switch-state") in 205 205 + if Sys.file_exists packages_dir then Opamh.dump_state packages_dir state_file 210 206 in 211 207 let () = 212 212 - if t.running_as_root then 213 213 - let home_dir = Path.(upperdir / "home" / "opam") in 214 214 - if Sys.file_exists home_dir then ignore (Os.exec [ "chown"; "-R"; string_of_int t.uid ^ ":" ^ string_of_int t.gid; home_dir ]) 208 208 + let home_dir = Path.(upperdir / "home" / "opam") in 209 209 + if Sys.file_exists home_dir then ignore (Os.sudo [ "chown"; "-R"; string_of_int t.uid ^ ":" ^ string_of_int t.gid; home_dir ]) 215 210 in 216 211 let etc_hosts = Path.(temp_dir / "hosts") in 217 212 let () = Os.write_to_file etc_hosts ("127.0.0.1 localhost " ^ hostname) in

+6 -6

bin/main.ml

··· 5 5 module Role_map = Output.RoleMap 6 6 7 7 let container = 8 8 - match OpamStd.Sys.os () with 9 9 - | Linux -> (module Linux : S.CONTAINER) 10 10 - | FreeBSD -> (module Freebsd : S.CONTAINER) 11 11 - | Cygwin -> (module Windows : S.CONTAINER) 8 8 + match OpamSysPoll.os OpamVariable.Map.empty with 9 9 + | Some "linux" -> (module Linux : S.CONTAINER) 10 10 + | Some "freebsd" -> (module Freebsd : S.CONTAINER) 11 11 + | Some "win32" -> (module Windows : S.CONTAINER) 12 12 | _ -> (module Dummy : S.CONTAINER) 13 13 14 14 module Container = (val container) ··· 526 526 Arg.(value & opt (some string) None & info [ "tag" ] ~docv:"TAG" ~doc) 527 527 528 528 let arch_term = 529 529 - let doc = "Architecture (default: detected from opam)" in 530 530 - let default = OpamStd.Sys.uname "-m" |> Option.value ~default:"unknown" |> Os.normalise_arch in 529 529 + let doc = "Architecture (default: detected from system)" in 530 530 + let default = (OpamStd.Sys.uname ()).machine in 531 531 Arg.(value & opt string default & info [ "arch" ] ~docv:"ARCH" ~doc) 532 532 533 533 let os_term =

-12

bin/os.ml

··· 259 259 in 260 260 process_directory source target 261 261 262 262 - let normalise_arch raw = 263 263 - match String.lowercase_ascii raw with 264 264 - | "x86" | "i386" | "i486" | "i586" | "i686" -> "i686" 265 265 - | "x86_64" | "amd64" -> "x86_64" 266 266 - | "powerpc" | "ppc" | "ppcle" -> "ppc32" 267 267 - | "ppc64" | "ppc64le" -> "ppc64le" 268 268 - | "ppc64be" -> "ppc64be" 269 269 - | "aarch64_be" | "aarch64" -> "arm64" 270 270 - | a when a = "armv8b" || a = "armv8l" || List.exists (fun prefix -> OpamStd.String.starts_with ~prefix a) 271 271 - ["armv5"; "armv6"; "earmv6"; "armv7"; "earmv7"] -> "arm32" 272 272 - | s -> s 273 273 - 274 262 let ls ?extn dir = 275 263 try 276 264 let files = Sys.readdir dir |> Array.to_list |> List.map (Filename.concat dir) in

+6 -6

day10.opam

··· 34 34 ] 35 35 dev-repo: "git+https://github.com/username/reponame.git" 36 36 pin-depends: [ 37 37 - ["opam-client.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 38 38 - ["opam-core.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 39 39 - ["opam-format.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 40 40 - ["opam-repository.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 41 41 - ["opam-solver.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 42 42 - ["opam-state.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 37 37 + ["opam-client.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 38 38 + ["opam-core.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 39 39 + ["opam-format.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 40 40 + ["opam-repository.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 41 41 + ["opam-solver.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 42 42 + ["opam-state.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 43 43 ]

+6 -6

day10.opam.template

··· 1 1 pin-depends: [ 2 2 - ["opam-client.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 3 3 - ["opam-core.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 4 4 - ["opam-format.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 5 5 - ["opam-repository.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 6 6 - ["opam-solver.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 7 7 - ["opam-state.2.3.0" "git+https://github.com/mtelvers/opam#patch"] 2 2 + ["opam-client.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 3 3 + ["opam-core.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 4 4 + ["opam-format.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 5 5 + ["opam-repository.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 6 6 + ["opam-solver.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 7 7 + ["opam-state.2.4.1" "git+https://github.com/dra27/opam#6693-2.4.1"] 8 8 ]