From 369ab0174d74204d362ad98f4591e6b8669d3a99 Mon Sep 17 00:00:00 2001
From: myml <wurongjie@deepin.org>
Date: Mon, 11 Mar 2024 19:26:41 +0800
Subject: [PATCH] feat: support apt install package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

支持在玲珑中使用apt安装软件包

Log:
---
 apps/ll-builder/src/main.cpp              | 28 ++++++++++++++++--
 src/linglong/builder/linglong_builder.cpp | 36 +++++++++++++++++++++--
 src/linglong/builder/linglong_builder.h   | 11 +++----
 src/linglong/runtime/resource/config.json |  3 --
 4 files changed, 65 insertions(+), 13 deletions(-)

diff --git a/apps/ll-builder/src/main.cpp b/apps/ll-builder/src/main.cpp
index f04b8da7f..c683cf066 100644
--- a/apps/ll-builder/src/main.cpp
+++ b/apps/ll-builder/src/main.cpp
@@ -12,6 +12,7 @@
 #include "linglong/service/app_manager.h"
 #include "linglong/util/qserializer/yaml.h"
 #include "linglong/util/xdg.h"
+#include "linglong/utils/command/env.h"
 #include "linglong/utils/error/error.h"
 #include "linglong/utils/global/initialize.h"
 #include "spdlog/logger.h"
@@ -26,6 +27,8 @@
 
 #include <fstream>
 
+#include <sys/wait.h>
+
 int main(int argc, char **argv)
 {
     qputenv("QT_LOGGING_RULES", "*=false");
@@ -315,12 +318,33 @@ int main(int argc, char **argv)
                   std::ofstream fout(projectConfigPath.toStdString());
                   fout << node;
               }
-              auto ret = builder.build();
+
+              auto child_pid = fork();
+              if (child_pid == 0) {
+                  auto ret = builder.build();
+                  if (!ret.has_value()) {
+                      printer.printErr(ret.error());
+                      return ret.error().code();
+                  }
+                  return 0;
+              }
+              sleep(1);
+              QString pidStr = QString("%1").arg(child_pid);
+              auto ret = linglong::utils::command::Exec(
+                "newuidmap",
+                { pidStr, "0", "1000", "1", "1", "100000", "65536" });
               if (!ret.has_value()) {
                   printer.printErr(ret.error());
                   return ret.error().code();
               }
-              return 0;
+              ret = linglong::utils::command::Exec(
+                "newgidmap",
+                { pidStr, "0", "1000", "1", "1", "100000", "65536" });
+              if (!ret.has_value()) {
+                  printer.printErr(ret.error());
+                  return ret.error().code();
+              }
+              return waitpid(child_pid, NULL, 0);
           } },
         { "run",
           [&](QCommandLineParser &parser) -> int {
diff --git a/src/linglong/builder/linglong_builder.cpp b/src/linglong/builder/linglong_builder.cpp
index 5a8b3396a..08f4e1c5e 100644
--- a/src/linglong/builder/linglong_builder.cpp
+++ b/src/linglong/builder/linglong_builder.cpp
@@ -27,6 +27,7 @@
 #include "ocppi/cli/CLI.hpp"
 #include "ocppi/runtime/ContainerID.hpp"
 #include "ocppi/runtime/config/ConfigLoader.hpp"
+#include "ocppi/runtime/config/types/Capabilities.hpp"
 #include "ocppi/runtime/config/types/Hook.hpp"
 #include "ocppi/runtime/config/types/Hooks.hpp"
 #include "project.h"
@@ -47,9 +48,13 @@
 
 #include <fstream>
 #include <optional>
+#include <string>
+#include <vector>
 
+#include <sched.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
+#include <unistd.h>
 
 namespace linglong::builder {
 
@@ -309,6 +314,21 @@ linglong::util::Error LinglongBuilder::config(const QString &userName, const QSt
     return Success();
 }
 
+linglong::utils::error::Result<void> LinglongBuilder::writeFile(QString filename, QByteArray data)
+{
+    LINGLONG_TRACE("write file");
+    QFile f(filename);
+    qDebug() << "write file" << f.fileName();
+    if (!f.open(QIODevice::WriteOnly)) {
+        return LINGLONG_ERR(f);
+    }
+    if (!f.write(data)) {
+        return LINGLONG_ERR(f);
+    }
+    f.close();
+    return LINGLONG_OK;
+}
+
 // FIXME: should merge with runtime
 linglong::utils::error::Result<void> LinglongBuilder::buildStageRunContainer(
   QDir workdir, ocppi::cli::CLI &cli, ocppi::runtime::config::types::Config &r)
@@ -738,6 +758,12 @@ LinglongBuilder::buildStageSource(ocppi::runtime::config::types::Config &r, Proj
     r.process->user = ocppi::runtime::config::types::User();
     r.process->user->uid = getuid();
     r.process->user->gid = getgid();
+    std::vector<std::string> v = { "CAP_CHOWN",   "CAP_DAC_OVERRIDE", "CAP_FOWNER",
+                                   "CAP_FSETID",  "CAP_KILL",         "CAP_NET_BIND_SERVICE",
+                                   "CAP_SETFCAP", "CAP_SETGID",       "CAP_SETPCAP",
+                                   "CAP_SETUID",  "CAP_SYS_CHROOT" };
+    r.process->capabilities =
+      ocppi::runtime::config::types::Capabilities{ .bounding = v, .effective = v, .permitted = v };
     return LINGLONG_OK;
 }
 
@@ -800,7 +826,7 @@ LinglongBuilder::buildStageIDMapping(ocppi::runtime::config::types::Config &r)
     }
     // 映射gid
     QList<QList<quint64>> gidMaps = {
-        { getgid(), getuid(), 1 },
+        { getgid(), getgid(), 1 },
     };
     for (auto const &gidMap : gidMaps) {
         ocppi::runtime::config::types::IdMapping idMap;
@@ -859,7 +885,7 @@ linglong::utils::error::Result<void> LinglongBuilder::buildStageRootfs(
     }
 
     // 使用rootfs做容器根目录
-    r.root->readonly = true;
+    r.root->readonly = false;
     r.root->path = workdir.filePath("rootfs").toStdString();
     return LINGLONG_OK;
 }
@@ -895,7 +921,11 @@ linglong::utils::error::Result<QSharedPointer<Project>> LinglongBuilder::buildSt
 linglong::utils::error::Result<void> LinglongBuilder::build()
 {
     LINGLONG_TRACE("build");
-
+    if (unshare(CLONE_NEWNS | CLONE_NEWUSER) == -1) {
+        perror("unshare");
+        exit(EXIT_FAILURE);
+    }
+    sleep(3);
     auto projectRet = buildStageProjectInit();
     if (!projectRet) {
         return LINGLONG_ERR(projectRet);
diff --git a/src/linglong/builder/linglong_builder.h b/src/linglong/builder/linglong_builder.h
index 479709c6e..3268aa3b2 100644
--- a/src/linglong/builder/linglong_builder.h
+++ b/src/linglong/builder/linglong_builder.h
@@ -39,15 +39,14 @@ class LinglongBuilder : public QObject, public Builder
 
     util::Error exportLayer(const QString &destination) override;
 
-    util::Error extractLayer(const QString &layerPath,
-                                       const QString &destination) override;
+    util::Error extractLayer(const QString &layerPath, const QString &destination) override;
 
     util::Error exportBundle(const QString &outputFilepath, bool useLocalDir) override;
 
     util::Error push(const QString &repoUrl,
-                               const QString &repoName,
-                               const QString &channel,
-                               bool pushWithDevel) override;
+                     const QString &repoName,
+                     const QString &channel,
+                     bool pushWithDevel) override;
 
     util::Error import() override;
 
@@ -94,6 +93,8 @@ class LinglongBuilder : public QObject, public Builder
     linglong::utils::error::Result<void> buildStageCommitBuildOutput(Project *project,
                                                                      const QString &upperdir,
                                                                      const QString &workdir);
+
+    linglong::utils::error::Result<void> writeFile(QString filename, QByteArray data);
 };
 
 // TODO: remove later
diff --git a/src/linglong/runtime/resource/config.json b/src/linglong/runtime/resource/config.json
index 7458aabe3..83a3422f0 100644
--- a/src/linglong/runtime/resource/config.json
+++ b/src/linglong/runtime/resource/config.json
@@ -23,9 +23,6 @@
             },
             {
                 "type": "uts"
-            },
-            {
-                "type": "user"
             }
         ]
     },