github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/script/seccomp.sh (about) 1 #!/bin/bash 2 3 set -e -u -o pipefail 4 5 # shellcheck source=./script/lib.sh 6 source "$(dirname "${BASH_SOURCE[0]}")/lib.sh" 7 8 # sha256 checksums for seccomp release tarballs. 9 declare -A SECCOMP_SHA256=( 10 ["2.5.5"]=248a2c8a4d9b9858aa6baf52712c34afefcf9c9e94b76dce02c1c9aa25fb3375 11 ) 12 13 # Due to libseccomp being LGPL we must include its sources, 14 # so download, install and build against it. 15 # Parameters: 16 # $1 -- libseccomp version to download and build. 17 # $2 -- destination directory. 18 # $@ -- additional architectures to cross-compile for. 19 function build_libseccomp() { 20 local ver="$1" 21 shift 22 local dest="$1" 23 shift 24 local arches=("$@") 25 local tar="libseccomp-${ver}.tar.gz" 26 27 # Download, check, and extract. 28 wget "https://github.com/seccomp/libseccomp/releases/download/v${ver}/${tar}"{,.asc} 29 sha256sum --strict --check - <<<"${SECCOMP_SHA256[${ver}]} *${tar}" 30 31 local srcdir 32 srcdir="$(mktemp -d)" 33 tar xf "$tar" -C "$srcdir" 34 pushd "$srcdir/libseccomp-$ver" || return 35 36 # Install native version for Dockerfile builds. 37 ./configure \ 38 --prefix="$dest" --libdir="$dest/lib" \ 39 --enable-static --enable-shared 40 make install 41 make clean 42 43 # Save the original cflags. 44 local original_cflags="${CFLAGS:-}" 45 46 # Build and install for all requested architectures. 47 local arch 48 for arch in "${arches[@]}"; do 49 # Reset CFLAGS. 50 CFLAGS="$original_cflags" 51 set_cross_vars "$arch" 52 ./configure --host "$HOST" \ 53 --prefix="$dest/$arch" --libdir="$dest/$arch/lib" \ 54 --enable-static --enable-shared 55 make install 56 make clean 57 done 58 59 # Place the source tarball to $dest/src. 60 popd || return 61 mkdir "$dest"/src 62 mv "$tar"{,.asc} "$dest"/src 63 } 64 65 if [ $# -lt 2 ]; then 66 echo "Usage: seccomp.sh <version> <dest-dir> [<extra-arch> ...]" >&2 67 exit 1 68 fi 69 70 build_libseccomp "$@"