From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 23 Jun 2026 16:16:08 +0200
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1wc1v6-0091dw-0i
	for lore@lore.pengutronix.de;
	Tue, 23 Jun 2026 16:16:08 +0200
Received: from [127.0.0.1] (helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1wc1v6-0002jo-3I; Tue, 23 Jun 2026 16:16:08 +0200
Received: from dude04.red.stw.pengutronix.de ([2a0a:edc0:0:1101:1d::ac])
 by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
 (envelope-from <s.pueschel@pengutronix.de>)
 id 1wc1v1-0002jb-Cr; Tue, 23 Jun 2026 16:16:03 +0200
From: =?UTF-8?q?Sven=20P=C3=BCschel?= <s.pueschel@pengutronix.de>
To: ptxdist@pengutronix.de
Date: Tue, 23 Jun 2026 16:15:24 +0200
Message-ID: <20260623141556.1127001-1-s.pueschel@pengutronix.de>
X-Mailer: git-send-email 2.47.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: [ptxdist] [PATCH] bubblewrap: new package
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: =?UTF-8?q?Sven=20P=C3=BCschel?= <s.pueschel@pengutronix.de>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Omitted -Drequire_userns, as it's only used when setuid support is
enabled.

Signed-off-by: Sven Püschel <s.pueschel@pengutronix.de>
---
 rules/bubblewrap.in   |  9 ++++++
 rules/bubblewrap.make | 65 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 rules/bubblewrap.in
 create mode 100644 rules/bubblewrap.make

diff --git a/rules/bubblewrap.in b/rules/bubblewrap.in
new file mode 100644
index 000000000..f0b959a69
--- /dev/null
+++ b/rules/bubblewrap.in
@@ -0,0 +1,9 @@
+## SECTION=shell_and_console
+
+config BUBBLEWRAP
+	tristate
+	select HOST_MESON
+	select LIBCAP
+	prompt "bubblewrap"
+	help
+	  Low-level unprivileged sandboxing tool
diff --git a/rules/bubblewrap.make b/rules/bubblewrap.make
new file mode 100644
index 000000000..444386607
--- /dev/null
+++ b/rules/bubblewrap.make
@@ -0,0 +1,65 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2026 by Sven Püschel <s.pueschel@pengutronix.de>
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_BUBBLEWRAP) += bubblewrap
+
+#
+# Paths and names
+#
+BUBBLEWRAP_VERSION	:= 0.11.2
+BUBBLEWRAP_SHA256	:= 69abc30005d2186baf7737feacd8da35633b93cf5af38838ecff17c5f8e924f6
+BUBBLEWRAP		:= bubblewrap-$(BUBBLEWRAP_VERSION)
+BUBBLEWRAP_SUFFIX	:= tar.xz
+BUBBLEWRAP_URL		:= https://github.com/containers/bubblewrap/releases/download/v$(BUBBLEWRAP_VERSION)/$(BUBBLEWRAP).$(BUBBLEWRAP_SUFFIX)
+BUBBLEWRAP_SOURCE	:= $(SRCDIR)/$(BUBBLEWRAP).$(BUBBLEWRAP_SUFFIX)
+BUBBLEWRAP_DIR		:= $(BUILDDIR)/$(BUBBLEWRAP)
+BUBBLEWRAP_LICENSE	:= LGPL-2.0-or-later
+BUBBLEWRAP_LICENSE_FILES := \
+	file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2 \
+	file://bubblewrap.c;startline=3;endline=16;md5=7632ecc0582c89a5ec336efd45feeade
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#
+# meson
+#
+BUBBLEWRAP_CONF_TOOL := meson
+BUBBLEWRAP_CONF_OPT := \
+	$(CROSS_MESON_USR) \
+	-Dbash_completion=disabled \
+	-Dman=disabled \
+	-Dselinux=disabled \
+	-Dsupport_setuid=false \
+	-Dtests=false \
+	-Dzsh_completion=disabled
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/bubblewrap.targetinstall:
+	@$(call targetinfo)
+
+	@$(call install_init, bubblewrap)
+	@$(call install_fixup, bubblewrap,PRIORITY,optional)
+	@$(call install_fixup, bubblewrap,SECTION,base)
+	@$(call install_fixup, bubblewrap,AUTHOR,"Sven Püschel <s.pueschel@pengutronix.de>")
+	@$(call install_fixup, bubblewrap,DESCRIPTION,Low-level unprivileged sandboxing tool)
+
+	@$(call install_copy, bubblewrap, 0, 0, 0755, -, /usr/bin/bwrap)
+
+	@$(call install_finish, bubblewrap)
+
+	@$(call touch)
+
+# vim: syntax=make
-- 
2.47.3