From f558bbc3b58ffd36f8d1c9cc020efb154d01ee2f028ec379a17c99a88aa0dc39 Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Tue, 13 Aug 2019 11:26:38 +0000 Subject: [PATCH] Initial package OBS-URL: https://build.opensuse.org/package/show/Printing/gswrap?expand=0&rev=1 --- .gitattributes | 23 +++++ .gitignore | 1 + gswrap | 258 +++++++++++++++++++++++++++++++++++++++++++++++++ gswrap.changes | 4 + gswrap.spec | 73 ++++++++++++++ 5 files changed, 359 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 gswrap create mode 100644 gswrap.changes create mode 100644 gswrap.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/gswrap b/gswrap new file mode 100644 index 0000000..961a1f2 --- /dev/null +++ b/gswrap @@ -0,0 +1,258 @@ +#!/bin/bash +# +# Copyright (c) 2019 SuSE GmbH Nuernberg, Germany. +# Copyright (c) 2019 Werner Fink +# +# Wrapper script for ghostscript based on bwrap, the container setup +# utility, which does use e.g. unshare(2) system call to create a +# safe container environment. +# +# Please report bugfixes or comments at https://www.suse.com/feedback/ +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# + +ghostscript=@@GS@@ + +user=nobody +home=/home/$user +uid=$(id -u $user) +gid=$(id -g $user) + +finish () +{ + # Used with trap to copy output files back to original cwd or directory + # to be able to hide the original cwd or directory from ghostscript process + local dir="$1" + local tmp="$2" + test -d "$dir" || return + test -d "$tmp" || return + for ps in "$tmp/"* + do + test -e "$ps" || continue + mv -f "$ps" "$dir" + done + rm -rf "$tmp" +} + +typeset -i safer=0 +typeset pipecmd="" +typeset -i pipepos +typeset -a opts +typeset -i o=0 +for lib in $(ldd $ghostscript | sed -rn 's|.*=>[[:blank:]]+||;s|[[:blank:]]*(/[^[:blank:]]+)[[:blank:]]+.*|\1|p') +do + opts[o++]="--ro-bind $lib $lib" +done +for dir in /lib/tls /lib64/tls /lib64/x86_64 /usr/lib/ghostscript /usr/lib64/ghostscript /etc/ghostscript +do + test -d "$dir" || continue + opts[o++]="--ro-bind $dir $dir" +done +typeset -i argc=0 +typeset -a argv=("$@") +for ((argc=0; argc < ${#argv[@]}; argc++)) +do + arg="${argv[argc]}" + case "$arg" in + -dSAFER) + let safer++ + ;; + -sOutputFile=*) + case "${arg#-sOutputFile=}" in + %stdout%|%stderr%|-|"") + continue ;; + %pipe%*) + pipecmd=${arg#-sOutputFile=%pipe%} + let pipepos=argc + ;; + esac + file="${arg#-sOutputFile=}" + dir="${file%/*}" + file="${file##*/}" + if test -n "$file" + then + if test -n "$dir" -a "$dir" = "/dev" + then + # Only /dev/null or /dev/zero allowed + if test "$file" != null -a "$file" != zero + then + echo "GS: only /dev/null or /dev/zero allowed" 1>&2 + exit 1 + fi + opts[o++]="--dir $home/out" + elif test -n "$dir" -a -d "$dir" + then + tmp=$(mktemp -d "$dir/.gswrap-XXXXXXXXXX") || exit 1 + trap "finish '$dir' '$tmp'" ERR EXIT SIGINT SIGHUP + opts[o++]="--bind ${tmp+"$tmp"} $home/out" + else + tmp=$(mktemp -d "$PWD/.gswrap-XXXXXXXXXX") || exit 1 + trap "finish '$PWD' '$tmp'" ERR EXIT SIGINT SIGHUP + opts[o++]="--bind ${tmp+"$tmp"} $home/out" + fi + # change to new working directory in sandbox + opts[o++]="--chdir $home/out" + fi + argv[argc]="-sOutputFile=$home/out/${file}" + continue + ;; + -sDEVICE=*) + case "${arg#-sDEVICE=}" in + x11*) + ;; + *) + unset DISPLAY + ;; + esac + continue + ;; + -*) + continue + ;; + esac + test -e "$arg" || continue + if test "${arg##*/}" = "$arg" + then + opts[o++]="--ro-bind $arg $home/$arg" + else + test "$arg" != / || continue + test "$arg" != /home || continue + test "$arg" != $home || continue + opts[o++]="--ro-bind $arg $arg" + fi +done +# If no -dSAFER then execute the orignal ghostscript program now +if ((safer == 0)) +then + exec -a ${0} $ghostscript ${1+"$@"} +fi +if test -n "$pipecmd" +then + mkfifo -m 666 ${tmp}/fd + fd=${tmp}/fd + exec $pipecmd < $fd & + argv[pipepos]="-sOutputFile=$fd" + opts[o++]="--bind $fd $fd" +fi +# User might have some own font configurations as well +if test -d /var/cache/fontconfig +then + opts[o++]="--ro-bind /var/cache/fontconfig /var/cache/fontconfig" +fi +if test -s "$HOME/.fonts.conf" +then + opts[o++]="--ro-bind ${HOME+"$HOME"}/.fonts.conf $home/.fonts.conf" +fi +for dir in "$HOME/.fontconfig" "$HOME/.config/fontconfig" "$HOME/.cache/fontconfig" +do + test -d "$dir" || continue + opts[o++]="--ro-bind $dir ${home}${dir#$HOME}" +done +# Display +if test -n "$DISPLAY" +then + : ${XAUTHORITY:="$HOME/.Xauthority"} + for dir in /usr/lib/ghostscript /usr/lib64/ghostscript + do + test -d "$dir" || continue + for x11 in $dir/*/X11.so + do + test -e "$x11" || continue + for lib in $(ldd "$x11" | sed -rn 's|.*=>[[:blank:]]+||;s|[[:blank:]]*(/[^[:blank:]]+)[[:blank:]]+.*|\1|p') + do + case "${opts[@]}" in + *[:blank:]${lib}[:blank:]*) continue ;; + esac + opts[o++]="--ro-bind $lib $lib" + done + done + done + opts[o++]="--ro-bind /tmp/.X11-unix /tmp/.X11-unix" + opts[o++]="--ro-bind ${XAUTHORITY+"$XAUTHORITY"} $home/.Xauthority" + opts[o++]="--setenv XAUTHORITY $home/.Xauthority" + opts[o++]="--setenv DISPLAY ${DISPLAY+"$DISPLAY"}" + if test -n "${DISPLAY%:*}" + then + # For display over e.g. local network as with slogin -X skip --unshare-net + # and allow hostname resolution via running nscd (that is nscd should be up) + opts[o++]="--ro-bind /var/run/nscd/socket /var/run/nscd/socket" + opts[o++]="--unshare-user-try --unshare-ipc --unshare-pid --unshare-uts --unshare-cgroup-try" + else + opts[o++]="--unshare-all" + fi +else + opts[o++]="--unshare-all" +fi +if test -e /proc/$$/uid_map +then + opts[o++]="--uid $uid" +fi +if test -e /proc/$$/gid_map +then + opts[o++]="--gid $gid" +fi +# This is for debugging only +# add you binary like /bin/ls or /usr/bin/strace for further usage +# as replacement or prefix of ghostscript in the last line. +# Clearly the `false´ should then changed to `true´ +if false +then + for bin in /usr/bin/strace + do + opts[o++]="--ro-bind $bin $bin" + for lib in $(ldd "$bin" | sed -rn 's|.*=>[[:blank:]]+||;s|[[:blank:]]*(/[^[:blank:]]+)[[:blank:]]+.*|\1|p') + do + case "${opts[@]}" in + *[:blank:]${lib}[:blank:]*) continue ;; + esac + opts[o++]="--ro-bind $lib $lib" + done + done +fi +unset o argc arg +set -- "${argv[@]}" +set -euo pipefail +(exec -c -a gs /usr/bin/bwrap \ + --as-pid-1 \ + --ro-bind /bin/false /bin/false \ + --ro-bind $ghostscript /usr/bin/gs \ + --ro-bind /usr/share/ghostscript /usr/share/ghostscript \ + --ro-bind /usr/share/fonts /usr/share/fonts \ + --ro-bind /etc/fonts /etc/fonts \ + --dev /dev \ + --proc /proc \ + --tmpfs /run \ + --tmpfs /tmp \ + --dir /run/user/$uid \ + --dir /var \ + --symlink ../run var/run \ + --symlink ../tmp var/tmp \ + --dir $home \ + --chdir $home \ + ${opts[@]} \ + --new-session \ + --sync-fd 0 \ + --sync-fd 1 \ + --sync-fd 2 \ + --die-with-parent \ + --setenv XDG_RUNTIME_DIR "/run/user/$uid" \ + --setenv USER $user \ + --setenv LOGNAME $user \ + --setenv SHELL /bin/false \ + --setenv HOME $home \ + --setenv PATH /bin:/usr/bin \ + --setenv MAIL /dev/null \ + /usr/bin/gs ${1+"$@"}) diff --git a/gswrap.changes b/gswrap.changes new file mode 100644 index 0000000..eb99e17 --- /dev/null +++ b/gswrap.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Tue Aug 13 10:25:59 UTC 2019 - Dr. Werner Fink + +- Initial package gswrap to wrap ghostscript within a container diff --git a/gswrap.spec b/gswrap.spec new file mode 100644 index 0000000..14bf123 --- /dev/null +++ b/gswrap.spec @@ -0,0 +1,73 @@ +# +# spec file for package gswrap +# +# Copyright (c) 2019 SUSE Linux GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: gswrap +Version: 0.1 +Release: 0 +Summary: The ghostscript container to wrap ghostscript within +License: LGPL-2.1+ +Group: System/Libraries +Url: https://build.opensuse.org/package/show/Printing/gswrap +Source0: gswrap +Requires: /usr/bin/gs.bin +Requires: bubblewrap +Requires: coreutuils +Requires: sed +BuildRequires: sed +BuildRequires: update-alternatives +Requires(post): update-alternatives +Requires(preun): update-alternatives +BuildArch: noarch +%define debug_package %nil + +%description +If the option -dSAFER is used this script uses bwrap from package +bubblewrap to embbedd the final ghostscript command within a minimal +container. For this a new, completely empty, filesystem namespace onq +a tmpfs is populate with the required libraries and files to run the +final ghostscript command. + +%prep +%setup -q -c -T +%build +sed -r '/ghostscript=@@GS@@/{s^@@GS@@^/usr/bin/gs.bin^}' < %{S:0} > gs.wrap + +%install +install -d %buildroot%{_bindir} +install -d %buildroot%{_sysconfdir}/alternatives +install -m 755 gs.wrap %buildroot%{_bindir}/gs.wrap +ln -sf %{_bindir}/gs.wrap %{buildroot}%{_sysconfdir}/alternatives/gs +ln -sf %{_sysconfdir}/alternatives/gs %{buildroot}%{_bindir}/gs + +%post +%{_sbindir}/update-alternatives \ + --install %{_bindir}/gs gs %{_bindir}/gs.wrap 100 + +%preun +if test $1 -eq 0 ; then + %{_sbindir}/update-alternatives \ + --remove gs %{_bindir}/gs.wrap +fi + +%files +%defattr(-,root,root) +%_bindir/gs.wrap +%_bindir/gs +%ghost %config %{_sysconfdir}/alternatives/gs + +%changelog