-
Notifications
You must be signed in to change notification settings - Fork 290
/
Copy pathbusybox.yaml
144 lines (131 loc) · 4.05 KB
/
busybox.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package:
name: busybox
version: 1.36.1
epoch: 6
description: "swiss-army knife for embedded systems"
copyright:
- license: GPL-2.0-only
dependencies:
provider-priority: 10
scriptlets:
trigger:
paths:
- /bin
- /sbin
- /usr/bin
- /usr/sbin
script: |
#!/bin/busybox sh
/bin/busybox --install -s
environment:
contents:
packages:
- build-base
- busybox
- ca-certificates-bundle
pipeline:
- uses: fetch
with:
uri: https://distfiles.alpinelinux.org/distfiles/edge/busybox-${{package.version}}.tar.bz2
expected-sha256: b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314
- uses: patch
with:
patches: CVE-2022-28391-1.patch
- uses: patch
with:
patches: CVE-2022-28391-2.patch
- name: Configure
runs: |
cp busyboxconfig .config
- runs: |
make CC="${{host.triplet.gnu}}-gcc" V=1 -j$(nproc)
- name: Install
runs: |
mkdir -p "${{targets.destdir}}"/usr/sbin
mkdir -p "${{targets.destdir}}"/usr/bin
mkdir -p "${{targets.destdir}}"/tmp
mkdir -p "${{targets.destdir}}"/var/cache/misc
mkdir -p "${{targets.destdir}}"/bin
mkdir -p "${{targets.destdir}}"/sbin
mkdir -p "${{targets.destdir}}"/etc
mkdir -p "${{targets.destdir}}"/usr/share/man/man1
chmod 1777 "${{targets.destdir}}"/tmp
install -m755 busybox "${{targets.destdir}}"/bin/busybox
install -m644 securetty "${{targets.destdir}}"/etc/securetty
mkdir -p "${{targets.destdir}}"/etc/busybox-paths.d
./busybox --list-path > "${{targets.destdir}}"/etc/busybox-paths.d/busybox
subpackages:
- name: busybox-full
dependencies:
provides:
- busybox=1.36.0-r4
provider-priority: 5
options:
no-commands: true
pipeline:
- name: Configure
runs: |
cp busyboxconfig-full .config
- runs: |
make CC="${{host.triplet.gnu}}-gcc" V=1 -j$(nproc)
- name: Install
runs: |
mkdir -p "${{targets.subpkgdir}}"/usr/sbin
mkdir -p "${{targets.subpkgdir}}"/usr/bin
mkdir -p "${{targets.subpkgdir}}"/tmp
mkdir -p "${{targets.subpkgdir}}"/var/cache/misc
mkdir -p "${{targets.subpkgdir}}"/bin
mkdir -p "${{targets.subpkgdir}}"/sbin
mkdir -p "${{targets.subpkgdir}}"/etc
mkdir -p "${{targets.subpkgdir}}"/usr/share/man/man1
chmod 1777 "${{targets.subpkgdir}}"/tmp
install -m755 busybox "${{targets.subpkgdir}}"/bin/busybox
install -m644 securetty "${{targets.subpkgdir}}"/etc/securetty
mkdir -p "${{targets.subpkgdir}}"/etc/busybox-paths.d
./busybox --list-path > "${{targets.subpkgdir}}"/etc/busybox-paths.d/busybox-full
scriptlets:
trigger:
paths:
- /bin
- /sbin
- /usr/bin
- /usr/sbin
script: |
#!/bin/busybox sh
/bin/busybox --install -s
test:
environment:
contents:
packages:
- wolfi-base
pipeline:
- runs: |
busybox --help
busybox --list-full >full.txt
# These programs are expected to be present
for p in nc netcat wget; do
if ! grep "bin/$p" full.txt; then
echo "$p is not present in busybox --list-full output"
exit 1
fi
"$p" --help ||
{ echo "$p --help exited $?. expected pass"; exit 1; }
done
test:
pipeline:
- runs: |
busybox --help
busybox --list-full >full.txt
# These programs have been intentionally removed from default busybox
for p in nc netcat wget; do
if grep "bin/$p" full.txt; then
echo "Found '$p' in list-full output"
exit 1
fi
command -v "$p" &&
{ echo "command '$p' is present. It should not be."; exit 1; }
done
update:
enabled: true
release-monitor:
identifier: 230