Run pulse as root to avoid permission issues (#14)

* Run pulse as root to avoid permission issues * fix tabs * fix lint * add jemalloc
home-assistant · Apr 1, 2020 · bf6fc90 · bf6fc90
1 parent 78dbd8e
commit bf6fc90
Show file tree

Hide file tree

Showing 11 changed files with 268 additions and 41 deletions.
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -1,3 +1,4 @@
 ignored:
+  - DL3003
   - DL3006
   - DL3018
diff --git a/Dockerfile b/Dockerfile
@@ -4,19 +4,107 @@ FROM ${BUILD_FROM}
 SHELL ["/bin/ash", "-o", "pipefail", "-c"]
 
 ARG ALSA_VERSION
+ARG PULSE_VERSION
+ARG JEMALLOC_VERSION
+COPY patches /usr/src/patches
 RUN \
     apk add --no-cache \
         eudev \
-        socat \
-        pulseaudio \
-        pulseaudio-alsa \
+        alsa-lib \
+        dbus-libs \
+        tdb-libs \
+        bluez-libs \
+        libsndfile \
+        speexdsp \
+        openssl \
+        fftw \
+        soxr \
+        sbc \
+    && apk add --no-cache --virtual .build-deps \
+        meson \
+        build-base \
+        tdb-dev \
+        alsa-lib-dev \
+        dbus-dev \
+        glib-dev \
+        libsndfile-dev \
+        soxr-dev \
+        fftw-dev \
+        bluez-dev \
+        openssl-dev \
+        speexdsp-dev \
+        eudev-dev \
+        sbc-dev \
+        libtool \
+        git \
+        m4 \
+        patch \
     \
     && curl -L -s --retry 5 \
         "ftp://ftp.alsa-project.org/pub/lib/alsa-ucm-conf-${ALSA_VERSION}.tar.bz2" \
         | tar xvfj - -C /usr/share/alsa --strip-components=1 \
     \
     && curl -L -s --retry 5 \
         "ftp://ftp.alsa-project.org/pub/lib/alsa-topology-conf-${ALSA_VERSION}.tar.bz2" \
-        | tar xvfj - -C /usr/share/alsa --strip-components=1
+        | tar xvfj - -C /usr/share/alsa --strip-components=1 \
+    \
+    && git clone -b v${PULSE_VERSION} --depth 1 \
+        https://github.com/pulseaudio/pulseaudio /usr/src/pulseaudio \
+    && cd /usr/src/pulseaudio \
+    && for i in /usr/src/patches/*.patch; do \
+        patch -d /usr/src/pulseaudio -p 1 < "${i}"; done \
+    && meson \
+        --prefix=/usr \
+        --sysconfdir=/etc \
+        --localstatedir=/var \
+        --optimization=3 \
+        --buildtype=plain \
+        -Dgcov=false \
+        -Dman=false \
+        -Dtests=false \
+        -Dsystem_user=root \
+        -Dsystem_group=root \
+        -Daccess_group=root \
+        -Ddatabase=tdb \
+        -Dalsa=enabled \
+        -Dasyncns=disabled \
+        -Davahi=disabled \
+        -Dbluez5=true \
+        -Ddbus=enabled \
+        -Dfftw=enabled \
+        -Dglib=enabled \
+        -Dgsettings=disabled \
+        -Dgtk=disabled \
+        -Dhal-compat=false \
+        -Dipv6=false \
+        -Djack=disabled \
+        -Dlirc=disabled \
+        -Dopenssl=enabled \
+        -Dorc=disabled \
+        -Dsamplerate=disabled \
+        -Dsoxr=enabled \
+        -Dspeex=enabled \
+        -Dsystemd=disabled \
+        -Dudev=enabled \
+        -Dx11=disabled \
+        -Dudevrulesdir=/usr/lib/udev/rules.d \
+        . output \
+    && ninja -C output \
+    && ninja -C output install \
+    \
+    && curl -L -s \
+        https://github.com/jemalloc/jemalloc/releases/download/${JEMALLOC_VERSION}/jemalloc-${JEMALLOC_VERSION}.tar.bz2 \
+        | tar -xjf - -C /usr/src \
+    && cd /usr/src/jemalloc-${JEMALLOC_VERSION} \
+    && ./configure \
+    && make \
+    && make install \
+    \
+    && apk del .build-deps \
+    && rm -rf \
+        /usr/src/pulseaudio \
+        /usr/src/patches \
+        /usr/src/jemalloc-${JEMALLOC_VERSION}
 
+ENV LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
 COPY rootfs /
diff --git a/build.json b/build.json
@@ -8,7 +8,9 @@
     "i386": "homeassistant/i386-base:3.11"
   },
   "args": {
-    "ALSA_VERSION": "1.2.2"
+    "ALSA_VERSION": "1.2.2",
+    "PULSE_VERSION": "13.0",
+    "JEMALLOC_VERSION": "5.2.1"
   },
   "labels": {
     "io.hass.type": "audio"

diff --git a/patches/check_uid.patch b/patches/check_uid.patch
@@ -0,0 +1,13 @@
+--- pulseaudio-4.0.orig/src/pulsecore/core-util.c	2014-01-12 23:31:26.281525000 -0800
++++ pulseaudio-4.0/src/pulsecore/core-util.c	2014-01-12 23:32:32.977118803 -0800
+@@ -1524,10 +1524,6 @@
+     if (stat(p, &st) < 0)
+         return -errno;
+
+-#ifdef HAVE_GETUID
+-    if (st.st_uid != getuid())
+-        return -EACCES;
+-#endif
+
+     return 0;
+ }
diff --git a/patches/link-libintl.patch b/patches/link-libintl.patch
@@ -0,0 +1,133 @@
+diff --git a/meson.build b/meson.build
+index a10a1b3c8..c4cf8c6a9 100644
+--- a/meson.build
++++ b/meson.build
+@@ -296,6 +296,12 @@ if cc.has_function('SYS_memfd_create', prefix : '#include <sys/syscall.h>')
+   cdata.set('HAVE_MEMFD', 1)
+ endif
+
++if cc.has_function('libintl_dgettext')
++  libintl_dep = []
++else
++  libintl_dep = cc.find_library('intl')
++endif
++
+ # Symbols
+
+ if cc.has_header_symbol('signal.h', 'SIGXCPU')
+diff --git a/src/daemon/meson.build b/src/daemon/meson.build
+index 9bc3bf18e..9c9f807e7 100644
+--- a/src/daemon/meson.build
++++ b/src/daemon/meson.build
+@@ -31,7 +31,7 @@ executable('pulseaudio',
+   include_directories : [configinc, topinc],
+   link_args : ['-ffast-math'],
+   link_with : [libpulsecore, libpulsecommon, libpulse],
+-  dependencies : [ltdl_dep, cap_dep, dbus_dep, libsystemd_dep, dl_dep],
++  dependencies : [ltdl_dep, cap_dep, dbus_dep, libsystemd_dep, dl_dep, libintl_dep],
+   c_args : pa_c_args,
+ )
+
+diff --git a/src/meson.build b/src/meson.build
+index c9b71a484..832c0de0d 100644
+--- a/src/meson.build
++++ b/src/meson.build
+@@ -183,7 +183,7 @@ libpulsecommon = shared_library('pulsecommon-' + pa_version_major_minor,
+   install_dir : privlibdir,
+   dependencies : [
+     libm_dep, thread_dep, dl_dep, shm_dep, iconv_dep, sndfile_dep, dbus_dep,
+-    x11_dep, libsystemd_dep, glib_dep, gtk_dep, asyncns_dep
++    x11_dep, libsystemd_dep, glib_dep, gtk_dep, asyncns_dep, libintl_dep,
+   ],
+   implicit_include_directories : false)
+
+diff --git a/src/pulse/meson.build b/src/pulse/meson.build
+index 00c686772..2a6f78489 100644
+--- a/src/pulse/meson.build
++++ b/src/pulse/meson.build
+@@ -81,10 +81,10 @@ libpulse = shared_library('pulse',
+   link_args : [nodelete_link_args, versioning_link_args],
+   install : true,
+   install_rpath : privlibdir,
+-  dependencies : [libm_dep, thread_dep, libpulsecommon_dep, dbus_dep, dl_dep, iconv_dep],
++  dependencies : [libm_dep, thread_dep, libpulsecommon_dep, dbus_dep, dl_dep, iconv_dep, libintl_dep],
+   implicit_include_directories : false)
+
+-libpulse_dep = declare_dependency(link_with: libpulse)
++libpulse_dep = declare_dependency(link_with: libpulse, dependencies: libintl_dep)
+
+ install_data(
+   libpulse_headers, 'simple.h',
+diff --git a/src/pulsecore/meson.build b/src/pulsecore/meson.build
+index 19f6b9e99..0bd596cbd 100644
+--- a/src/pulsecore/meson.build
++++ b/src/pulsecore/meson.build
+@@ -198,7 +198,7 @@ libpulsecore = shared_library('pulsecore-' + pa_version_major_minor,
+   install_rpath : privlibdir,
+   install_dir : privlibdir,
+   link_with : libpulsecore_simd_lib,
+-  dependencies : [libm_dep, libpulsecommon_dep, libpulse_dep, ltdl_dep, shm_dep, sndfile_dep, database_dep, dbus_dep, libatomic_ops_dep, orc_dep, samplerate_dep, soxr_dep, speex_dep, x11_dep],
++  dependencies : [libm_dep, libpulsecommon_dep, libpulse_dep, ltdl_dep, shm_dep, sndfile_dep, database_dep, dbus_dep, libatomic_ops_dep, orc_dep, samplerate_dep, soxr_dep, speex_dep, x11_dep, libintl_dep],
+   implicit_include_directories : false)
+
+ libpulsecore_dep = declare_dependency(link_with: libpulsecore)
+diff --git a/src/tests/meson.build b/src/tests/meson.build
+index 621c2c965..a03d73cdb 100644
+--- a/src/tests/meson.build
++++ b/src/tests/meson.build
+@@ -53,7 +53,7 @@ default_tests = [
+   [ 'queue-test', 'queue-test.c',
+     [ check_dep, libpulse_dep, libpulsecommon_dep, libpulsecore_dep ] ],
+   [ 'resampler-test', 'resampler-test.c',
+-    [            libpulse_dep, libpulsecommon_dep, libpulsecore_dep ] ],
++    [            libpulse_dep, libpulsecommon_dep, libpulsecore_dep, libintl_dep ] ],
+   [ 'rtpoll-test', 'rtpoll-test.c',
+     [ check_dep, libpulse_dep, libpulsecommon_dep, libpulsecore_dep ] ],
+   [ 'smoother-test', 'smoother-test.c',
+diff --git a/src/utils/meson.build b/src/utils/meson.build
+index d00e030ae..dedf4e404 100644
+--- a/src/utils/meson.build
++++ b/src/utils/meson.build
+@@ -15,7 +15,7 @@ executable('pacat',
+   install_rpath : privlibdir,
+   include_directories : [configinc, topinc],
+   link_with : [libpulsecommon, libpulse],
+-  dependencies : [sndfile_dep],
++  dependencies : [sndfile_dep, libintl_dep],
+   c_args : pa_c_args,
+ )
+
+@@ -36,7 +36,7 @@ executable('pactl',
+   install_rpath : privlibdir,
+   include_directories : [configinc, topinc],
+   link_with : [libpulsecommon, libpulse],
+-  dependencies : [sndfile_dep],
++  dependencies : [sndfile_dep, libintl_dep],
+   c_args : pa_c_args,
+ )
+
+@@ -50,6 +50,7 @@ executable('pasuspender',
+   install_rpath : privlibdir,
+   include_directories : [configinc, topinc],
+   link_with : [libpulsecommon, libpulse],
++  dependencies: [libintl_dep],
+   c_args : pa_c_args,
+ )
+
+@@ -63,6 +64,7 @@ executable('pacmd',
+   install_rpath : privlibdir,
+   include_directories : [configinc, topinc],
+   link_with : [libpulsecommon, libpulse],
++  dependencies: [libintl_dep],
+   c_args : pa_c_args,
+ )
+
+@@ -77,7 +79,7 @@ if x11_dep.found()
+     install_rpath : privlibdir,
+     include_directories : [configinc, topinc],
+     link_with : [libpulsecommon, libpulse],
+-    dependencies : [x11_dep],
++    dependencies : [x11_dep, libintl_dep],
+     c_args : pa_c_args,
+   )
+ endif
diff --git a/patches/never-append-dirty-to-server-module-version.patch b/patches/never-append-dirty-to-server-module-version.patch
@@ -0,0 +1,24 @@
+From c9d7dcaa87f9ada49d75483a7c604dba27a0d71a Mon Sep 17 00:00:00 2001
+From: Stefan Saraev <[email protected]>
+Date: Tue, 7 Jan 2014 13:22:48 +0200
+Subject: [PATCH] never append -dirty to server/module version
+
+---
+ git-version-gen |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/git-version-gen b/git-version-gen
+index 9d65b80..fcf11fd 100755
+--- a/git-version-gen
++++ b/git-version-gen
+@@ -152,6 +152,7 @@ v=`echo "$v" |sed 's/^v//'`
+ git status > /dev/null 2>&1
+
+ dirty=`sh -c 'git diff-index --name-only HEAD' 2>/dev/null` || dirty=
++dirty=
+ case "$dirty" in
+     '') ;;
+     *) # Append the suffix only if there isn't one already.
+-- 
+1.7.2.5
+
diff --git a/rootfs/etc/cont-init.d/adjust-audio-group.sh b/rootfs/etc/cont-init.d/adjust-audio-group.sh
diff --git a/rootfs/etc/cont-init.d/setup-filesystem.sh b/rootfs/etc/cont-init.d/setup-filesystem.sh
@@ -11,7 +11,6 @@ fi
 # Internal
 if [ ! -d /data/internal ]; then
     mkdir -p /data/internal/states
-    chown -R pulse:pulse /data/internal
 fi
 
 # Mount persistant data

diff --git a/rootfs/etc/fix-attrs.d/persistent-data b/rootfs/etc/fix-attrs.d/persistent-data
@@ -1 +1 @@
-/data/internal true pulse 0644 0755
+/data/internal true root 0644 0755
diff --git a/rootfs/etc/pulse/system.pa b/rootfs/etc/pulse/system.pa
@@ -31,7 +31,7 @@ load-module module-switch-on-connect
 load-module module-udev-detect
 
 ### Load several protocols
-load-module module-native-protocol-unix auth-anonymous=1 auth-cookie-enabled=0 socket=/data/internal/pulse.sock
+load-module module-native-protocol-unix auth-anonymous=1 auth-cookie-enabled=0 socket=/data/external/pulse.sock
 
 ### Automatically restore the default sink/source when changed by the user
 ### during runtime

diff --git a/rootfs/etc/services.d/bridge/run b/rootfs/etc/services.d/bridge/run
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		/data/internal true pulse 0644 0755
		/data/internal true root 0644 0755