# remirepo spec file for php-pecl-sandbox # # Copyright (c) 2019 Remi Collet # License: CC-BY-SA # http://creativecommons.org/licenses/by-sa/4.0/ # # Please, preserve the changelog entries # %{?scl: %scl_package php-pecl-pthreads} %global pecl_name sandbox %global ini_name 40-%{pecl_name}.ini Summary: Isolated environment Name: %{?scl_prefix}php-pecl-%{pecl_name} Version: 0.1.2 Release: 2%{?dist}%{!?scl:%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')}} License: PHP URL: http://pecl.php.net/package/%{pecl_name} Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz Patch0: %{pecl_name}-php74.patch BuildRequires: %{?scl_prefix}php-zts-devel > 7.1 BuildRequires: %{?scl_prefix}php-pear Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} Provides: %{?scl_prefix}php-%{pecl_name} = %{version} Provides: %{?scl_prefix}php-%{pecl_name}%{?_isa} = %{version} Provides: %{?scl_prefix}php-pecl(%{pecl_name}) = %{version} Provides: %{?scl_prefix}php-pecl(%{pecl_name})%{?_isa} = %{version} Provides: %{?scl_prefix}php-pecl-%{pecl_name} = %{version}-%{release} Provides: %{?scl_prefix}php-pecl-%{pecl_name}%{?_isa} = %{version}-%{release} %if "%{?vendor}" == "Remi Collet" && 0%{!?scl:1} && 0%{?rhel} # Other third party repo stuff Obsoletes: php71u-pecl-%{pecl_name} <= %{version} Obsoletes: php71w-pecl-%{pecl_name} <= %{version} %if "%{php_version}" > "7.2" Obsoletes: php72u-pecl-%{pecl_name} <= %{version} Obsoletes: php72w-pecl-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.3" Obsoletes: php73-pecl-%{pecl_name} <= %{version} Obsoletes: php73w-pecl-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.4" Obsoletes: php74-pecl-%{pecl_name} <= %{version} Obsoletes: php74w-pecl-%{pecl_name} <= %{version} %endif %endif %if 0%{?fedora} < 20 && 0%{?rhel} < 7 # Filter shared private %{?filter_provides_in: %filter_provides_in %{_libdir}/.*\.so$} %{?filter_setup} %endif %description A sandbox is an isolated environment (a thread in our case); Things may go very badly wrong in the sandbox environment and not effect the environment that created it. This means that we must try very hard to limit the influence each environment has on the other. So the prototype and instructions of entry point "Closures" are verified to ensure they will not reduce or break isolation. In practice this means entry point closures must not: * accept or return by reference * accept or return non-scalar values (array, object) * execute a limited set of instructions Instructions prohibited directly in the sandbox are: * declare (anonymous) function * declare (anonymous) class * lexical scope access Nothing is prohibited in the files which the sandbox may include, but allowing these actions directly in the code which the sandbox executes at entry would break the isolation of the sandbox such that we couldn't be sure the system would remain stable. With these restrictions in place, we can be sure that a sandbox may do anything up to but excluding making PHP segfault, and not effect the environment that created it. This extension is only available for PHP in ZTS mode. Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')%{?scl: as Software Collection (%{scl} by %{?scl_vendor}%{!?scl_vendor:rh})}. %prep %setup -q -c # Don't install/register tests sed -e 's/role="test"/role="src"/' \ %{?_licensedir:-e '/LICENSE/s/role="doc"/role="src"/' } \ -i package.xml cd %{pecl_name}-%{version} %patch0 -p1 # Sanity check, really often broken extver=$(sed -n '/define PHP_SANDBOX_VERSION/{s/.* "//;s/".*$//;p}' php_sandbox.h) if test "x${extver}" != "x%{version}"; then : Error: Upstream extension version is ${extver}, expecting %{version}. exit 1 fi cd .. # Create configuration file cat << 'EOF' | tee %{ini_name} ; Enable "%{summary}" extension module extension=%{pecl_name}.so EOF %build %{?dtsenable} cd %{pecl_name}-%{version} %{_bindir}/zts-phpize %configure \ --enable-sandbox \ --with-php-config=%{_bindir}/zts-php-config make %{?_smp_mflags} %install %{?dtsenable} make -C %{pecl_name}-%{version} install INSTALL_ROOT=%{buildroot} # install config file install -D -m 644 %{ini_name} %{buildroot}%{php_ztsinidir}/%{ini_name} # Install XML package description install -D -m 644 package.xml %{buildroot}%{pecl_xmldir}/%{name}.xml # Documentation cd %{pecl_name}-%{version} for i in $(grep 'role="doc"' ../package.xml | sed -e 's/^.*name="//;s/".*$//') do sed -e 's/\r//' -i $i install -Dpm 644 $i %{buildroot}%{pecl_docdir}/%{pecl_name}/$i done %if 0%{?fedora} < 24 && 0%{?rhel} < 8 # when pear installed alone, after us %triggerin -- %{?scl_prefix}php-pear if [ -x %{__pecl} ] ; then %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || : fi # posttrans as pear can be installed after us %posttrans if [ -x %{__pecl} ] ; then %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || : fi %postun if [ $1 -eq 0 -a -x %{__pecl} ] ; then %{pecl_uninstall} %{pecl_name} >/dev/null || : fi %endif %check cd %{pecl_name}-%{version} : Minimal load test for ZTS extension %{__ztsphp} --no-php-ini \ --define extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \ --modules | grep %{pecl_name} : Upstream test suite for ZTS extension TEST_PHP_EXECUTABLE=%{_bindir}/zts-php \ TEST_PHP_ARGS="-n -d extension=$PWD/modules/%{pecl_name}.so" \ SKIP_ONLINE_TESTS=1 \ NO_INTERACTION=1 \ REPORT_EXIT_STATUS=1 \ %{_bindir}/zts-php -n run-tests.php --show-diff %files %{?_licensedir:%license %{pecl_name}-%{version}/LICENSE} %doc %{pecl_docdir}/%{pecl_name} %{pecl_xmldir}/%{name}.xml %config(noreplace) %{php_ztsinidir}/%{ini_name} %{php_ztsextdir}/%{pecl_name}.so %changelog * Fri Sep 6 2019 Remi Collet - 0.1.2-2 - add suptream patch for 7.4.0RC1 * Fri Jun 14 2019 Remi Collet - 0.1.2-1 - update to 0.1.2 * Wed Jan 16 2019 Remi Collet - 0.1.1-1 - update for official release * Thu Jan 10 2019 Remi Collet - 0.1.1-0 - initial package - test build for upcoming version 0.1.1 (beta)