[PATCH 0/3] Add Fakechroot engine for 'guix pack -RR'

+++ b/doc/guix.texi

+Relocatable''.  Neat, isn't it?}, relocatable binaries fall to back to

+other techniques if user namespaces are unavailable, and essentially

+work anywhere---see below for the implications.

+case, binaries will try user namespace support and fall back to another

+@dfn{execution engine} if user namespaces are not supported.  The

+following execution engines are supported:

+@table @code

+@item default

+Try user namespaces and fall back to PRoot if user namespaces are not

+supported (see below).

+

+@item userns

+Run the program through user namespaces and abort if they are not

+supported.

+

+@item proot

+Run through PRoot.  The @uref{https://proot-me.github.io/, PRoot} program

+provides the necessary

+@end table

+

+@vindex GUIX_EXECUTION_ENGINE

+When running a wrapped program, you can explicitly request one of the

+execution engines listed above by setting the

+@code{GUIX_EXECUTION_ENGINE} environment variable accordingly.

+++ b/gnu/packages/aux-files/run-in-namespace.c

+

+/* Execution engines.  */

+

+struct engine

+{

+  const char *name;

+  void (* exec) (const char *, int, char **);

+};

+

+static void

+buffer_stderr (void)

+{

+  static char stderr_buffer[4096];

+  setvbuf (stderr, stderr_buffer, _IOFBF, sizeof stderr_buffer);

+}

+

+/* The default engine.  */

+static void

+exec_default (const char *store, int argc, char *argv[])

+{

+  /* Buffer stderr so that nothing's displayed if 'exec_in_user_namespace'

+     fails but 'exec_with_proot' works.  */

+  buffer_stderr ();

+

+  exec_in_user_namespace (store, argc, argv);

+#ifdef PROOT_PROGRAM

+  exec_with_proot (store, argc, argv);

+#endif

+}

+

+/* List of supported engines.  */

+static const struct engine engines[] =

+  {

+   { "default", exec_default },

+   { "userns", exec_in_user_namespace },

+#ifdef PROOT_PROGRAM

+   { "proot", exec_with_proot },

+#endif

+   { NULL, NULL }

+  };

+

+/* Return the "execution engine" to use.  */

+static const struct engine *

+execution_engine (void)

+{

+  const char *str = getenv ("GUIX_EXECUTION_ENGINE");

+

+  if (str == NULL)

+    str = "default";

+

+ try:

+  for (const struct engine *engine = engines;

+       engine->name != NULL;

+       engine++)

+    {

+      if (strcmp (engine->name, str) == 0)

+	return engine;

+    }

+

+  fprintf (stderr, "%s: unsupported Guix execution engine; ignoring\n",

+	   str);

+  str = "default";

+  goto try;

+}

+

+      const struct engine *engine = execution_engine ();

+      engine->exec (store, argc, argv);

+      /* If we reach this point, that's because ENGINE failed to do the

+	 job.  */

+++ b/tests/guix-pack-relocatable.sh

+case "`uname -m`" in

+    x86_64|i?86)

+	# Try '-RR' and PRoot.

+	tarball="`guix pack -RR -S /Bin=bin sed`"

+	tar tvf "$tarball" | grep /bin/proot

+	(cd "$test_directory"; tar xvf "$tarball")

+	GUIX_EXECUTION_ENGINE="proot"

+	export GUIX_EXECUTION_ENGINE

+	"$test_directory/Bin/sed" --version > "$test_directory/output"

+	grep 'GNU sed' "$test_directory/output"

+	chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*

+	;;

+    *)

+	echo "skipping PRoot test" >&2

+	;;

+esac

+

+++ b/gnu/packages/linux.scm

+(define-public fakechroot

+  (package

+    (name "fakechroot")

+    (version "2.20.1")

+    (source (origin

+              (method url-fetch)

+              (uri (string-append

+                    "https://github.com/dex4er/fakechroot/releases/download/"

+                    version "/fakechroot-" version ".tar.gz"))

+              (sha256

+               (base32

+                "1aijkd0b45wav25v01qhw8zxwa3pl0nnp9fabmmy1nlx7hr09gas"))))

+    (build-system gnu-build-system)

+    (arguments

+     ;; XXX: The tests heavily assume they run on an FHS system so for now

+     ;; skip them.

+     '(#:tests? #f

+       #:configure-flags '("--disable-static")))

+    (synopsis "Emulate @code{chroot} by overriding file system calls")

+    (description

+     "@command{fakechroot} runs a command in an environment were is additional

+possibility to use @code{chroot} command without root privileges.  This is

+useful for allowing users to create own chrooted environment with possibility

+to install another packages without need for root privileges.

+

+It works by providing @file{libfakechroot.so}, a shared library meant to be

+set as @code{LD_PRELOAD} to override the C library file system functions.")

+    (home-page "https://github.com/dex4er/fakechroot/")

+    (license license:lgpl2.1+)))

+

+++ b/doc/guix.texi

+@item performance

+Try user namespaces and fall back to Fakechroot if user namespaces are

+not supported (see below).

+

+

+@item fakechroot

+Run through Fakechroot.  @uref{https://github.com/dex4er/fakechroot/,

+Fakechroot} virtualizes file system accesses by intercepting calls to C

+library functions such as @code{open}, @code{stat}, @code{exec}, and so

+on.  Unlike PRoot, it incurs very little overhead.  However, it does not

+always work: for example, some file system accesses made from within the

+C library are not intercepted, and file system accesses made @i{via}

+direct syscalls are not intercepted either, leading to erratic behavior.

+++ b/gnu/packages/aux-files/run-in-namespace.c

+/* Whether we're building the ld.so/libfakechroot wrapper.  */

+#define HAVE_EXEC_WITH_LOADER					\

+  (defined PROGRAM_INTERPRETER) && (defined PROGRAM_RUNPATH)

+

+

+/* Make TARGET a bind-mount of SOURCE.  Take into account ENTRY's type, which

+   corresponds to SOURCE.  */

+static int

+bind_mount (const char *source, const struct dirent *entry,

+	    const char *target)

+{

+  if (entry->d_type == DT_DIR)

+    {

+      int err = mkdir (target, 0700);

+      if (err != 0)

+	return err;

+    }

+  else

+    close (open (target, O_WRONLY | O_CREAT));

+

+  return mount (source, target, "none",

+		MS_BIND | MS_REC | MS_RDONLY, NULL);

+}

+

+#if HAVE_EXEC_WITH_LOADER

+

+/* Make TARGET a symlink to SOURCE.  */

+static int

+make_symlink (const char *source, const struct dirent *entry,

+	      const char *target)

+{

+  return symlink (source, target);

+}

+

+#endif

+

+/* Mirror with FIRMLINK all the top-level entries in SOURCE to TARGET.  */

+mirror_directory (const char *source, const char *target,

+		  int (* firmlink) (const char *, const struct dirent *,

+				    const char *))

+	  int err = firmlink (abs_source, entry, new_entry);

+      mirror_directory ("/", new_root, bind_mount);

+

+#if HAVE_EXEC_WITH_LOADER

+

+static void

+exec_with_loader (const char *store, int argc, char *argv[])

+{

+  static const char *runpath[] = PROGRAM_RUNPATH;

+  char *library_path;

+  size_t size = 0;

+

+  for (size_t i = 0; runpath[i] != NULL; i++)

+    size += strlen (store) + strlen (runpath[i]) + 1;  /* upper bound */

+

+  library_path = xmalloc (size + 1);

+  library_path[0] = '\0';

+

+  for (size_t i = 0; runpath[i] != NULL; i++)

+    {

+      if (strncmp (runpath[i], "@STORE_DIRECTORY@",

+		   sizeof "@STORE_DIRECTORY@" - 1) == 0)

+	{

+	  strcat (library_path, store);

+	  strcat (library_path, runpath[i] + sizeof "@STORE_DIRECTORY@");

+	}

+      else

+	strcat (library_path, runpath[i]);	  /* possibly $ORIGIN */

+

+      strcat (library_path, ":");

+    }

+

+  library_path[strlen (library_path) - 1] = '\0'; /* Remove trailing colon.  */

+

+  char *loader = concat (store,

+			 PROGRAM_INTERPRETER + sizeof "@STORE_DIRECTORY@");

+  size_t loader_specific_argc = 6;

+  size_t loader_argc = argc + loader_specific_argc;

+  char *loader_argv[loader_argc + 1];

+  loader_argv[0] = argv[0];

+  loader_argv[1] = "--library-path";

+  loader_argv[2] = library_path;

+  loader_argv[3] = "--preload";

+  loader_argv[4] = concat (store,

+			   FAKECHROOT_LIBRARY + sizeof "@STORE_DIRECTORY@");

+  loader_argv[5] = concat (store,

+			   "@WRAPPED_PROGRAM@" + sizeof "@STORE_DIRECTORY@");

+

+  for (size_t i = 0; i < argc; i++)

+    loader_argv[i + loader_specific_argc] = argv[i + 1];

+

+  loader_argv[loader_argc] = NULL;

+

+  /* Set up the root directory.  */

+  int err;

+  char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX"));

+  mirror_directory ("/", new_root, make_symlink);

+

+  char *new_store = concat (new_root, "@STORE_DIRECTORY@");

+  char *new_store_parent = dirname (strdup (new_store));

+  mkdir_p (new_store_parent);

+  symlink (store, new_store);

+

+  setenv ("FAKECHROOT_BASE", new_root, 1);

+

+  pid_t child = fork ();

+  switch (child)

+    {

+    case 0:

+      err = execv (loader, loader_argv);

+      if (err < 0)

+	assert_perror (errno);

+      exit (EXIT_FAILURE);

+      break;

+

+    case -1:

+      assert_perror (errno);

+      exit (EXIT_FAILURE);

+      break;

+

+    default:

+      {

+  	int status;

+	waitpid (child, &status, 0);

+	chdir ("/");			  /* avoid EBUSY */

+	rm_rf (new_root);

+	free (new_root);

+

+	close (2);			/* flushing stderr should be silent */

+

+	if (WIFEXITED (status))

+	  exit (WEXITSTATUS (status));

+	else

+	  /* Abnormal termination cannot really be reproduced, so exit

+	     with 255.  */

+	  exit (255);

+      }

+    }

+}

+

+#endif

+

+/* The default engine: choose a robust method.  */

+/* The "performance" engine: choose performance over robustness.  */

+static void

+exec_performance (const char *store, int argc, char *argv[])

+{

+  buffer_stderr ();

+

+  exec_in_user_namespace (store, argc, argv);

+#if HAVE_EXEC_WITH_LOADER

+  exec_with_loader (store, argc, argv);

+#endif

+}

+

+   { "performance", exec_performance },

+#endif

+#if HAVE_EXEC_WITH_LOADER

+   { "fakechroot", exec_with_loader },

+++ b/guix/scripts/pack.scm

+  (define (fakechroot-library)

+    (file-append (specification->package "fakechroot")

+                 "/lib/fakechroot/libfakechroot.so"))

+

+                              (guix build union)

+                              (guix build gremlin)

+                              (guix elf)))

+                       (guix build gremlin)

+                       (guix elf)

+                       (ice-9 binary-ports)

+                       (ice-9 match)

+                       (srfi srfi-1)

+                       (rnrs bytevectors))

+          (define (elf-interpreter elf)

+            ;; Return the interpreter of ELF as a string, or #f if ELF has no

+            ;; interpreter segment.

+            (match (find (lambda (segment)

+                           (= (elf-segment-type segment) PT_INTERP))

+                         (elf-segments elf))

+              (#f #f)                             ;maybe a .so

+              (segment

+               (let ((bv (make-bytevector (- (elf-segment-memsz segment) 1))))

+                 (bytevector-copy! (elf-bytes elf)

+                                   (elf-segment-offset segment)

+                                   bv 0 (bytevector-length bv))

+                 (utf8->string bv)))))

+

+          (define (elf-loader-compile-flags program)

+            ;; Return the cpp flags defining macros for the ld.so/fakechroot

+            ;; wrapper of PROGRAM.

+

+            ;; TODO: Handle scripts by wrapping their interpreter.

+            (if (elf-file? program)

+                (let* ((bv  (call-with-input-file program get-bytevector-all))

+                       (elf (parse-elf bv)))

+                  (match (elf-dynamic-info elf)

+                    (#f '())

+                    (dyninfo

+                     (let ((runpath (elf-dynamic-info-runpath dyninfo))

+                           (interp  (elf-interpreter elf)))

+                       (if interp

+                           (list (string-append "-DPROGRAM_INTERPRETER=\""

+                                                interp "\"")

+                                 (string-append "-DPROGRAM_RUNPATH={ "

+                                                (string-join

+                                                 (map object->string

+                                                      runpath)

+                                                 ", ")

+                                                ", NULL }")

+                                 (string-append "-DFAKECHROOT_LIBRARY=\""

+                                                #$(fakechroot-library) "\""))

+                           '())))))

+                '()))

+

+                     (append (if proot

+                                 (list (string-append "-DPROOT_PROGRAM=\""

+                                                      proot "\""))

+                                 '())

+                             (elf-loader-compile-flags program)))

+++ b/tests/guix-pack-relocatable.sh

+

+	# Now with fakechroot.

+	GUIX_EXECUTION_ENGINE="fakechroot"

+	"$test_directory/Bin/sed" --version > "$test_directory/output"

+	grep 'GNU sed' "$test_directory/output"

+

+++ b/doc/guix.texi

+Relocatable''.  Neat, isn't it?}, relocatable binaries fall to back to

+other techniques if user namespaces are unavailable, and essentially

+work anywhere---see below for the implications.

+case, binaries will try user namespace support and fall back to another

+@dfn{execution engine} if user namespaces are not supported.  The

+following execution engines are supported:

+@table @code

+@item default

+Try user namespaces and fall back to PRoot if user namespaces are not

+supported (see below).

+

+@item userns

+Run the program through user namespaces and abort if they are not

+supported.

+

+@item proot

+Run through PRoot.  The @uref{https://proot-me.github.io/, PRoot} program

+provides the necessary

+@end table

+

+@vindex GUIX_EXECUTION_ENGINE

+When running a wrapped program, you can explicitly request one of the

+execution engines listed above by setting the

+@code{GUIX_EXECUTION_ENGINE} environment variable accordingly.

+++ b/gnu/packages/aux-files/run-in-namespace.c

+

+/* Execution engines.  */

+

+struct engine

+{

+  const char *name;

+  void (* exec) (const char *, int, char **);

+};

+

+static void

+buffer_stderr (void)

+{

+  static char stderr_buffer[4096];

+  setvbuf (stderr, stderr_buffer, _IOFBF, sizeof stderr_buffer);

+}

+

+/* The default engine.  */

+static void

+exec_default (const char *store, int argc, char *argv[])

+{

+  /* Buffer stderr so that nothing's displayed if 'exec_in_user_namespace'

+     fails but 'exec_with_proot' works.  */

+  buffer_stderr ();

+

+  exec_in_user_namespace (store, argc, argv);

+#ifdef PROOT_PROGRAM

+  exec_with_proot (store, argc, argv);

+#endif

+}

+

+/* List of supported engines.  */

+static const struct engine engines[] =

+  {

+   { "default", exec_default },

+   { "userns", exec_in_user_namespace },

+#ifdef PROOT_PROGRAM

+   { "proot", exec_with_proot },

+#endif

+   { NULL, NULL }

+  };

+

+/* Return the "execution engine" to use.  */

+static const struct engine *

+execution_engine (void)

+{

+  const char *str = getenv ("GUIX_EXECUTION_ENGINE");

+

+  if (str == NULL)

+    str = "default";

+

+ try:

+  for (const struct engine *engine = engines;

+       engine->name != NULL;

+       engine++)

+    {

+      if (strcmp (engine->name, str) == 0)

+	return engine;

+    }

+

+  fprintf (stderr, "%s: unsupported Guix execution engine; ignoring\n",

+	   str);

+  str = "default";

+  goto try;

+}

+

+      const struct engine *engine = execution_engine ();

+      engine->exec (store, argc, argv);

+      /* If we reach this point, that's because ENGINE failed to do the

+	 job.  */

+++ b/tests/guix-pack-relocatable.sh

+case "`uname -m`" in

+    x86_64|i?86)

+	# Try '-RR' and PRoot.

+	tarball="`guix pack -RR -S /Bin=bin sed`"

+	tar tvf "$tarball" | grep /bin/proot

+	(cd "$test_directory"; tar xvf "$tarball")

+	GUIX_EXECUTION_ENGINE="proot"

+	export GUIX_EXECUTION_ENGINE

+	"$test_directory/Bin/sed" --version > "$test_directory/output"

+	grep 'GNU sed' "$test_directory/output"

+	chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*

+	;;

+    *)

+	echo "skipping PRoot test" >&2

+	;;

+esac

+

+++ b/gnu/packages/aux-files/run-in-namespace.c

+/* The original store, "/gnu/store" by default.  */

+static const char original_store[] = "@STORE_DIRECTORY@";

+

+

+  char *new_store = concat (new_root, original_store);

+  char bind_spec[strlen (store) + 1 + sizeof original_store];

+  strcat (bind_spec, original_store);

+    - strlen ("@WRAPPED_PROGRAM@") + strlen (original_store);

+  if (strcmp (store, original_store) != 0

+++ b/gnu/packages/linux.scm

+(define-public fakechroot

+  (package

+    (name "fakechroot")

+    (version "2.20.1")

+    (source (origin

+              (method url-fetch)

+              (uri (string-append

+                    "https://github.com/dex4er/fakechroot/releases/download/"

+                    version "/fakechroot-" version ".tar.gz"))

+              (sha256

+               (base32

+                "1aijkd0b45wav25v01qhw8zxwa3pl0nnp9fabmmy1nlx7hr09gas"))))

+    (build-system gnu-build-system)

+    (arguments

+     ;; XXX: The tests heavily assume they run on an FHS system so for now

+     ;; skip them.

+     '(#:tests? #f

+       #:configure-flags '("--disable-static")))

+    (synopsis "Emulate @code{chroot} by overriding file system calls")

+    (description

+     "@command{fakechroot} runs a command in an environment were is additional

+possibility to use @code{chroot} command without root privileges.  This is

+useful for allowing users to create own chrooted environment with possibility

+to install another packages without need for root privileges.

+

+It works by providing @file{libfakechroot.so}, a shared library meant to be

+set as @code{LD_PRELOAD} to override the C library file system functions.")

+    (home-page "https://github.com/dex4er/fakechroot/")

+    (license license:lgpl2.1+)))

+

+++ b/Makefile.am

+  gnu/packages/aux-files/pack-audit.c			\

+++ b/doc/guix.texi

+@item performance

+Try user namespaces and fall back to Fakechroot if user namespaces are

+not supported (see below).

+

+

+@item fakechroot

+Run through Fakechroot.  @uref{https://github.com/dex4er/fakechroot/,

+Fakechroot} virtualizes file system accesses by intercepting calls to C

+library functions such as @code{open}, @code{stat}, @code{exec}, and so

+on.  Unlike PRoot, it incurs very little overhead.  However, it does not

+always work: for example, some file system accesses made from within the

+C library are not intercepted, and file system accesses made @i{via}

+direct syscalls are not intercepted either, leading to erratic behavior.

+++ b/gnu/packages/aux-files/pack-audit.c

+/* GNU Guix --- Functional package management for GNU

+   Copyright (C) 2020 Ludovic Courtès <ludo@gnu.org>

+

+   This file is part of GNU Guix.

+

+   GNU Guix is free software; you can redistribute it and/or modify it

+   under the terms of the GNU General Public License as published by

+   the Free Software Foundation; either version 3 of the License, or (at

+   your option) any later version.

+

+   GNU Guix is distributed in the hope that it will be useful, but

+   WITHOUT ANY WARRANTY; without even the implied warranty of

+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+   GNU General Public License for more details.

+

+   You should have received a copy of the GNU General Public License

+   along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.  */

+

+/* This file implements part of the GNU ld.so audit interface.  It is used by

+   the "fakechroot" engine of the 'guix pack -RR' wrappers to make sure the

+   loader looks for shared objects under the "fake" root directory.  */

+

+#define _GNU_SOURCE 1

+

+#include <link.h>

+

+#include <error.h>

+#include <stdlib.h>

+#include <string.h>

+#include <assert.h>

+

+/* The pseudo root directory and store that we are relocating to.  */

+static const char *root_directory;

+static char *store;

+

+/* The original store, "/gnu/store" by default.  */

+static const char original_store[] = "@STORE_DIRECTORY@";

+

+/* Like 'malloc', but abort if 'malloc' returns NULL.  */

+static void *

+xmalloc (size_t size)

+{

+  void *result = malloc (size);

+  assert (result != NULL);

+  return result;

+}

+

+unsigned int

+la_version (unsigned int v)

+{

+  if (v != LAV_CURRENT)

+    error (1, 0, "cannot handle interface version %u", v);

+

+  root_directory = getenv ("FAKECHROOT_BASE");

+  if (root_directory == NULL)

+    error (1, 0, "'FAKECHROOT_BASE' is not set");

+

+  store = xmalloc (strlen (root_directory) + sizeof original_store);

+  strcpy (store, root_directory);

+  strcat (store, original_store);

+

+  return v;

+}

+

+/* Return NAME, a shared object file name, relocated under STORE.  This

+   function is called by the loader whenever it looks for a shared object.  */

+char *

+la_objsearch (const char *name, uintptr_t *cookie, unsigned int flag)

+{

+  char *result;

+

+  if (strncmp (name, original_store,

+	       sizeof original_store - 1) == 0)

+    {

+      size_t len = strlen (name) - sizeof original_store

+	+ strlen (store) + 1;

+      result = xmalloc (len);

+      strcpy (result, store);

+      strcat (result, name + sizeof original_store - 1);

+    }

+  else

+    result = strdup (name);

+

+  return result;

+}

+++ b/gnu/packages/aux-files/run-in-namespace.c

+/* Whether we're building the ld.so/libfakechroot wrapper.  */

+#define HAVE_EXEC_WITH_LOADER						\

+  (defined PROGRAM_INTERPRETER) && (defined LOADER_AUDIT_MODULE)	\

+  && (defined FAKECHROOT_LIBRARY)

+

+/* Make TARGET a bind-mount of SOURCE.  Take into account ENTRY's type, which

+   corresponds to SOURCE.  */

+static int

+bind_mount (const char *source, const struct dirent *entry,

+	    const char *target)

+{

+  if (entry->d_type == DT_DIR)

+    {

+      int err = mkdir (target, 0700);

+      if (err != 0)

+	return err;

+    }

+  else

+    close (open (target, O_WRONLY | O_CREAT));

+

+  return mount (source, target, "none",

+		MS_BIND | MS_REC | MS_RDONLY, NULL);

+}

+

+#if HAVE_EXEC_WITH_LOADER

+

+/* Make TARGET a symlink to SOURCE.  */

+static int

+make_symlink (const char *source, const struct dirent *entry,

+	      const char *target)

+{

+  return symlink (source, target);

+}

+

+#endif

+

+/* Mirror with FIRMLINK all the top-level entries in SOURCE to TARGET.  */

+mirror_directory (const char *source, const char *target,

+		  int (* firmlink) (const char *, const struct dirent *,

+				    const char *))

+	  int err = firmlink (abs_source, entry, new_entry);

+      mirror_directory ("/", new_root, bind_mount);

+

+#if HAVE_EXEC_WITH_LOADER

+

+/* Execute the wrapped program by invoking the loader (ld.so) directly,

+   passing it the audit module and preloading libfakechroot.so.  */

+static void

+exec_with_loader (const char *store, int argc, char *argv[])

+{

+  char *loader = concat (store,

+			 PROGRAM_INTERPRETER + sizeof original_store);

+  size_t loader_specific_argc = 6;

+  size_t loader_argc = argc + loader_specific_argc;

+  char *loader_argv[loader_argc + 1];

+  loader_argv[0] = argv[0];

+  loader_argv[1] = "--audit";

+  loader_argv[2] = concat (store,

+			   LOADER_AUDIT_MODULE + sizeof original_store);

+  loader_argv[3] = "--preload";

+  loader_argv[4] = concat (store,

+			   FAKECHROOT_LIBRARY + sizeof original_store);

+  loader_argv[5] = concat (store,

+			   "@WRAPPED_PROGRAM@" + sizeof original_store);

+

+  for (size_t i = 0; i < argc; i++)

+    loader_argv[i + loader_specific_argc] = argv[i + 1];

+

+  loader_argv[loader_argc] = NULL;

+

+  /* Set up the root directory.  */

+  int err;

+  char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX"));

+  mirror_directory ("/", new_root, make_symlink);

+

+  char *new_store = concat (new_root, original_store);

+  char *new_store_parent = dirname (strdup (new_store));

+  mkdir_p (new_store_parent);

+  symlink (store, new_store);

+

+#ifdef GCONV_DIRECTORY

+  /* Tell libc where to find its gconv modules.  This is necessary because

+     gconv uses non-interposable 'open' calls.  */

+  char *gconv_path = concat (store,

+			     GCONV_DIRECTORY + sizeof original_store);

+  setenv ("GCONV_PATH", gconv_path, 1);

+  free (gconv_path);

+#endif

+

+  setenv ("FAKECHROOT_BASE", new_root, 1);

+

+  pid_t child = fork ();

+  switch (child)

+    {

+    case 0:

+      err = execv (loader, loader_argv);

+      if (err < 0)

+	assert_perror (errno);

+      exit (EXIT_FAILURE);

+      break;

+

+    case -1:

+      assert_perror (errno);

+      exit (EXIT_FAILURE);

+      break;

+

+    default:

+      {

+  	int status;

+	waitpid (child, &status, 0);

+	chdir ("/");			  /* avoid EBUSY */

+	rm_rf (new_root);

+	free (new_root);

+

+	close (2);			/* flushing stderr should be silent */

+

+	if (WIFEXITED (status))

+	  exit (WEXITSTATUS (status));

+	else

+	  /* Abnormal termination cannot really be reproduced, so exit

+	     with 255.  */

+	  exit (255);

+      }

+    }

+}

+

+#endif

+

+/* The default engine: choose a robust method.  */

+/* The "performance" engine: choose performance over robustness.  */

+static void

+exec_performance (const char *store, int argc, char *argv[])

+{

+  buffer_stderr ();

+

+  exec_in_user_namespace (store, argc, argv);

+#if HAVE_EXEC_WITH_LOADER

+  exec_with_loader (store, argc, argv);

+#endif

+}

+

+   { "performance", exec_performance },

+#endif

+#if HAVE_EXEC_WITH_LOADER

+   { "fakechroot", exec_with_loader },

+++ b/guix/scripts/pack.scm

+  (define audit-source

+    (local-file (search-auxiliary-file "pack-audit.c")))

+

+  (define (fakechroot-library)

+    (computed-file "libfakechroot.so"

+                   #~(copy-file #$(file-append

+                                   (specification->package "fakechroot")

+                                   "/lib/fakechroot/libfakechroot.so")

+                                #$output)))

+

+  (define (audit-module)

+    ;; Return an ld.so audit module for use by the 'fakechroot' execution

+    ;; engine that translates file names of all the files ld.so loads.

+    (computed-file "pack-audit.so"

+                   (with-imported-modules '((guix build utils))

+                     #~(begin

+                         (use-modules (guix build utils))

+

+                         (copy-file #$audit-source "audit.c")

+                         (substitute* "audit.c"

+                           (("@STORE_DIRECTORY@")

+                            (%store-directory)))

+

+                         (invoke #$compiler "-std=gnu99"

+                                 "-shared" "-fPIC" "-Os" "-g0"

+                                 "-Wall" "audit.c" "-o" #$output)))))

+

+                              (guix build union)

+                              (guix elf)))

+                       (guix elf)

+                       (ice-9 binary-ports)

+                       (ice-9 match)

+                       (srfi srfi-1)

+                       (rnrs bytevectors))

+          (define (elf-interpreter elf)

+            ;; Return the interpreter of ELF as a string, or #f if ELF has no

+            ;; interpreter segment.

+            (match (find (lambda (segment)

+                           (= (elf-segment-type segment) PT_INTERP))

+                         (elf-segments elf))

+              (#f #f)                             ;maybe a .so

+              (segment

+               (let ((bv (make-bytevector (- (elf-segment-memsz segment) 1))))

+                 (bytevector-copy! (elf-bytes elf)

+                                   (elf-segment-offset segment)

+                                   bv 0 (bytevector-length bv))

+                 (utf8->string bv)))))

+

+          (define (elf-loader-compile-flags program)

+            ;; Return the cpp flags defining macros for the ld.so/fakechroot

+            ;; wrapper of PROGRAM.

+

+            ;; TODO: Handle scripts by wrapping their interpreter.

+            (if (elf-file? program)

+                (let* ((bv      (call-with-input-file program

+                                  get-bytevector-all))

+                       (elf     (parse-elf bv))

+                       (interp  (elf-interpreter elf))

+                       (gconv   (and interp

+                                     (string-append (dirname interp)

+                                                    "/gconv"))))

+                  (if interp

+                      (list (string-append "-DPROGRAM_INTERPRETER=\""

+                                           interp "\"")

+                            (string-append "-DFAKECHROOT_LIBRARY=\""

+                                           #$(fakechroot-library) "\"")

+

+                            (string-append "-DLOADER_AUDIT_MODULE=\""

+                                           #$(audit-module) "\"")

+                            (if gconv

+                                (string-append "-DGCONV_DIRECTORY=\""

+                                               gconv "\"")

+                                "-UGCONV_DIRECTORY"))

+                      '()))

+                '()))

+

+                     (append (if proot

+                                 (list (string-append "-DPROOT_PROGRAM=\""

+                                                      proot "\""))

+                                 '())

+                             (elf-loader-compile-flags program)))

+++ b/tests/guix-pack-relocatable.sh

+

+	# Now with fakechroot.

+	GUIX_EXECUTION_ENGINE="fakechroot"

+	"$test_directory/Bin/sed" --version > "$test_directory/output"

+	grep 'GNU sed' "$test_directory/output"

+