app-emulation/firecracker-bin: new package

Install upsteam's firecracker and jailer binaries (statically linked
against musl).
As of version 0.22.0, seccomp filters only work on musl builds.

Closes: https://bugs.gentoo.org/728124
Signed-off-by: Sebastian Hamann <code@ares-macrotechnology.com>
Closes: https://github.com/gentoo/gentoo/pull/16219
Signed-off-by: Joonas Niilola <juippis@gentoo.org>

3 files changed, 98 insertions, 0 deletions

diff --git a/app-emulation/firecracker-bin/Manifest b/app-emulation/firecracker-bin/Manifest
new file mode 100644
index 000000000000..a7c0eeefd34d
--- /dev/null
+++ b/app-emulation/firecracker-bin/Manifest
@@ -0,0 +1,4 @@
+DIST firecracker-v0.22.0-aarch64 1615168 BLAKE2B 56965a1999038e9b59e37230177812b936ad1b3cba91b6f805a1a6ecc81903f093c13b75ff78c8720d67596bdd71378cc757bda0b6061e3fb4d62607e299b065 SHA512 fb42bc5ecd0af487490f2c4bd3804d2430263740bbdec66c063d9b6c865d6b9c42b31cafb78d4a0cc40c11cc5242608b9d30676e55ac2b8dcb05d5f3db535bdf
+DIST firecracker-v0.22.0-x86_64 1657736 BLAKE2B 84dbe8db596017e312fad1cd3c72d1b5d7306ad400a320431c8cae5b901b534f2735ac75cb5b9133c6c6f2603b877e4842d54165972a46df4193fbbc513c3b2d SHA512 ac9544e8b770ff7a0c9234feb3154522bd6163f3903993cd019cc4abaa90ad24447f18e65e1022aafb7274ca97281286f898a50ac9f27c7f661d48df52d7fd08
+DIST jailer-v0.22.0-aarch64 1322088 BLAKE2B 72db7eba02371af2a53b6ebd8c9fb909bd027cdd2b4207e0b2a02febe587780f9aa3be665b37580907ab8a58d8745cbcda90a85bda56a42b2eb8be9a931af13f SHA512 86ca629b3060cefa9e31292844486c6d9b6fa0538b6d515e4cbb07fa4a675ce93d5f87fcd769f62aea0df029cdbd7a5055a282b8344ed35d895606aca7f22a14
+DIST jailer-v0.22.0-x86_64 1427600 BLAKE2B 7ab09cce8963c89dae7c89c3a2d1dc582fdf8c11c3e051deb08c70fd2995a2154c493432e39851bebc62c1f6a9f98cfc9a9fa4107c5d9cf8ba940d4bb3349d86 SHA512 f2dcaee775cd1cdea4c1c1f6e89b82ba6636ab065291b704faaa836f864f14802a56af76ce397d7f98e9420d55720dc4459ae4443babfc7bb16d64dde11cb854
diff --git a/app-emulation/firecracker-bin/firecracker-bin-0.22.0.ebuild b/app-emulation/firecracker-bin/firecracker-bin-0.22.0.ebuild
new file mode 100644
index 000000000000..a54445d88b2c
--- /dev/null
+++ b/app-emulation/firecracker-bin/firecracker-bin-0.22.0.ebuild
@@ -0,0 +1,82 @@
+# Copyright 2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit linux-info
+
+DESCRIPTION="Secure and fast microVMs for serverless computing (static build)"
+HOMEPAGE="https://firecracker-microvm.github.io https://github.com/firecracker-microvm/firecracker"
+SRC_URI="
+	amd64? (
+		https://github.com/firecracker-microvm/firecracker/releases/download/v${PV}/firecracker-v${PV}-x86_64
+		https://github.com/firecracker-microvm/firecracker/releases/download/v${PV}/jailer-v${PV}-x86_64
+	)
+	arm64? (
+		https://github.com/firecracker-microvm/firecracker/releases/download/v${PV}/firecracker-v${PV}-aarch64
+		https://github.com/firecracker-microvm/firecracker/releases/download/v${PV}/jailer-v${PV}-aarch64
+	)"
+
+LICENSE="|| ( Apache-2.0 MIT Apache-2.0-with-LLVM-exceptions ) MPL-2.0"
+SLOT="0"
+KEYWORDS="-* ~amd64"
+
+RESTRICT="test strip"
+
+RDEPEND="!app-emulation/firecracker
+	acct-group/kvm"
+
+QA_PREBUILT="/usr/bin/firecracker
+	/usr/bin/jailer"
+
+S="${WORKDIR}"
+
+pkg_pretend() {
+	if use kernel_linux && kernel_is lt 4 14; then
+		eerror "Firecracker requires a host kernel of 4.14 or higher."
+	elif use kernel_linux; then
+		if ! linux_config_exists; then
+			eerror "Unable to check your kernel for KVM support"
+		else
+			CONFIG_CHECK="~KVM ~TUN ~BRIDGE ~VHOST_VSOCK"
+			ERROR_KVM="You must enable KVM in your kernel to continue"
+			ERROR_KVM_AMD="If you have an AMD CPU, you must enable KVM_AMD in"
+			ERROR_KVM_AMD+=" your kernel configuration."
+			ERROR_KVM_INTEL="If you have an Intel CPU, you must enable"
+			ERROR_KVM_INTEL+=" KVM_INTEL in your kernel configuration."
+			ERROR_TUN="You will need the Universal TUN/TAP driver compiled"
+			ERROR_TUN+=" into your kernel or loaded as a module to use"
+			ERROR_TUN+=" virtual network devices."
+			ERROR_BRIDGE="You will also need support for 802.1d"
+			ERROR_BRIDGE+=" Ethernet Bridging for some network configurations."
+			ERROR_VHOST_VSOCK="To use AF_VSOCK sockets for communication"
+			ERROR_VHOST_VSOCK+=" between host and guest, you will need to enable"
+			ERROR_VHOST_VSOCK+=" the vhost virtio-vsock driver in your kernel."
+
+			if use amd64 || use amd64-linux; then
+				if grep -q AuthenticAMD /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_AMD"
+				elif grep -q GenuineIntel /proc/cpuinfo; then
+					CONFIG_CHECK+=" ~KVM_INTEL"
+				fi
+			fi
+
+			# Now do the actual checks setup above
+			check_extra_config
+		fi
+	fi
+}
+
+src_unpack() { :; }
+src_compile() { :; }
+
+src_install() {
+	if use amd64; then
+		my_arch=x86_64
+	elif use arm64; then
+		my_arch=aarch64
+	fi
+
+	newbin "${DISTDIR}/firecracker-v${PV}-${my_arch}" firecracker
+	newbin "${DISTDIR}/jailer-v${PV}-${my_arch}" jailer
+}
diff --git a/app-emulation/firecracker-bin/metadata.xml b/app-emulation/firecracker-bin/metadata.xml
new file mode 100644
index 000000000000..7f6b797d9b1f
--- /dev/null
+++ b/app-emulation/firecracker-bin/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>gentoo-bugs@ares-macrotechnology.com</email>
+		<name>Sebastian Hamann</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+</pkgmetadata>