From d39fec05a2fac9978cd77634744637509744b561 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 18 Jan 2023 23:57:59 +0000 Subject: gentoo auto-resync : 18:01:2023 - 23:57:58 --- sys-apps/Manifest.gz | Bin 48784 -> 48786 bytes sys-apps/firejail/Manifest | 2 + sys-apps/firejail/firejail-0.9.72.ebuild | 138 +++++++++++++++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 sys-apps/firejail/firejail-0.9.72.ebuild (limited to 'sys-apps') diff --git a/sys-apps/Manifest.gz b/sys-apps/Manifest.gz index e6bf63543e4d..8c0431fdf8fb 100644 Binary files a/sys-apps/Manifest.gz and b/sys-apps/Manifest.gz differ diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest index 8b4f13c6cdb2..3c7755c70c69 100644 --- a/sys-apps/firejail/Manifest +++ b/sys-apps/firejail/Manifest @@ -5,5 +5,7 @@ AUX profile_patch.local 198 BLAKE2B 6a84eca54c8fa5429b171707d6d2b7617c918798f40a AUX profile_pdftotext.local 132 BLAKE2B 2c98ecf386cdceae4cbaf4e3623187c66ff81540d86f978467a6a0106d57a0f41f7626f1049602fee8b7545fa413ed6ca8e21e1fb1448a374b8d80e6ae72451b SHA512 c0121f1ba4db0a737acdd250834ccd73fcd441b5d7f8d5740f75230edbb10bd6bb038dd09772ba21cb24cf4224a474749a2e0f3d0e9567b4e207f4adf67c19d0 AUX profile_wget.local 128 BLAKE2B d2069517fce414faec2b23f8704fe15683a956af210e6e39321ca9f65bde939c71a7980506fdd3b01a6b15fb6733ebb013c684a63589839c60c53616a52ca5b6 SHA512 ef0b97b11fac742464b6520c6e6293017519b84c137c4aa60976b53b3d072bc9a69588267ac0a79c9647cee1e802fb0cd0d28e1647778e30473518415ce4d699 DIST firejail-0.9.70.tar.xz 485096 BLAKE2B d5164ba5ee08e80415a84999e4152f1f9c897f50def669731098126cec117aed3cf4b21603aeb13ccbdb1bffa9d48de69dcb19fe7135691e891b9b83f48a5ca1 SHA512 a790ccb711da6c3e52677011d7eb38c482ffb5066498d4586018671ab4ee533e02edb31fda872e0647fd27c00014b04305eafcb56f1f1b07f470aa4fb701cbe5 +DIST firejail-0.9.72.tar.xz 503192 BLAKE2B 3d57b345476cb62399859622c88f5d6c22842da5894045c09bc7d84229ec2a01c494e4e9393b6fba6c668f73c6b7046f9a014a315baa5bc56d1479b9cad178a7 SHA512 846fa5caf6e68c669f76a07d6321ed365bf3c45f7992e8be3784ed99ef508ea8dffc5d6cc5da75eeb37964ad358d61b7959e8590051950951de8ca904d8a49de EBUILD firejail-0.9.70.ebuild 3046 BLAKE2B 48f9fc8719e87d123dbb65b2dcc7856c4a6fd5f33c309cef18e4d643b94089fb8af97bd9bf214722fa1255853477839495b71d9dedb7ea7ab5ae66ca702f31cb SHA512 28a1c279e453a27b57a2759f9624bbfbb6d9c372bba58b4fb33a2a1e440dbc3b97b23449bffee9102d869c881f2743930c68fcf45335103017b7439c2cec37a8 +EBUILD firejail-0.9.72.ebuild 3568 BLAKE2B 256a11b122ade41805282b4aad62cb731b1806d80e113e245306c9d778355695dc8ee6f67811d778fe3b54ab7b7e7ac3943df01274a1d6f36579bc14865e9881 SHA512 047cd9d77ac04282ceaae57cdabc0c0522058391a4e781cbeac4988a7f871416e94168aebb05f0be21334f0e84cec72f67d40a3c59cf853728eedf8886c8ec52 MISC metadata.xml 1674 BLAKE2B ccb5e94f6e55a8d1864cb6a1d15239ed0a5dd76173a9c20c1162bb55f1ca97e48f1c09902d429bd1086c7b1b014a146c9eb27f0115941e6f7a44cf8aff690e27 SHA512 e8b6c84d5413f6dd33cfe60c111e51a59c89dc95f874c02e38451639ebd05646e49421852cedeef1f101309d73f2aabf6dea1da664f1a6596fce00c0bb2fffae diff --git a/sys-apps/firejail/firejail-0.9.72.ebuild b/sys-apps/firejail/firejail-0.9.72.ebuild new file mode 100644 index 000000000000..2299d26d5829 --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.72.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{9..11} ) + +inherit toolchain-funcs python-single-r1 linux-info + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/netblue30/firejail.git" + EGIT_BRANCH="master" + inherit git-r3 +else + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home selinux test +userns X" +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" +# Needs a lot of work to function within sandbox/portage. Can look at the alternative +# test targets in Makefile too, bug #769731 +RESTRICT="test" + +RDEPEND=" + !sys-apps/firejail-lts + apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy ) + selinux? ( sys-libs/libselinux ) +" +DEPEND=" + ${RDEPEND} + sys-libs/libseccomp + test? ( dev-tcltk/expect ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.70-envlimits.patch" + "${FILESDIR}/${PN}-0.9.70-firecfg.config.patch" +) + +pkg_setup() { + CONFIG_CHECK="~SQUASHFS" + local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" + check_extra_config + + use contrib && python-single-r1_pkg_setup +} + +src_prepare() { + default + + # Our toolchain already sets SSP by default but forcing it causes problems + # on arches which don't support it. As for F_S, we again set it by defualt + # in our toolchain, but forcing F_S=2 is actually a downgrade if 3 is set. + sed -i \ + -e 's:-fstack-protector-all::' \ + -e 's:-D_FORTIFY_SOURCE=2::' \ + src/so.mk src/prog.mk || die + + find -type f -name Makefile -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + # Fix up hardcoded paths to templates and docs + local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) + for file in ${files[@]} ; do + sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die + done + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + local myeconfargs=( + --disable-fatal-warnings + --disable-firetunnel + --disable-lts + --enable-suid + $(use_enable apparmor) + $(use_enable chroot) + $(use_enable dbusproxy) + $(use_enable file-transfer) + $(use_enable globalcfg) + $(use_enable network) + $(use_enable private-home) + $(use_enable selinux) + $(use_enable userns) + $(use_enable X x11) + ) + + econf "${myeconfargs[@]}" + + cat > 99firejail <<-EOF || die + SANDBOX_WRITE="/run/firejail" + EOF +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_test() { + emake test-utils test-sysutils +} + +src_install() { + default + + # Gentoo-specific profile customizations + insinto /etc/${PN} + local profile_local + for profile_local in "${FILESDIR}"/profile_*local ; do + newins "${profile_local}" "${profile_local/\/*profile_/}" + done + + # Prevent sandbox violations when toolchain is firejailed + insinto /etc/sandbox.d + doins 99firejail + + rm "${ED}"/usr/share/doc/${PF}/COPYING || die + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +} -- cgit v1.2.3