summaryrefslogtreecommitdiff
path: root/sys-apps/firejail
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/firejail')
-rw-r--r--sys-apps/firejail/Manifest3
-rw-r--r--sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch73
-rw-r--r--sys-apps/firejail/firejail-0.9.74.ebuild141
3 files changed, 217 insertions, 0 deletions
diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest
index 953d8d56b98e..e4a1becc5046 100644
--- a/sys-apps/firejail/Manifest
+++ b/sys-apps/firejail/Manifest
@@ -1,9 +1,12 @@
AUX firejail-0.9.70-envlimits.patch 669 BLAKE2B 315d6918b70ea06f7b7aaac95065efd11a309710fb3e23cf57b9960cfa2c8cf339c4e731f5347127c54972105cec4c956d2ff1f418a1b516fdf56ce1c7b354d5 SHA512 92cf47cc3d32f3efb5f203228af0e78cad0f55fe9954f27c4e107ed4c26f6ae39b364a8507d5fe481e92222ede7d572fbe9c0e553b7ac38d6e5b812cb6741516
AUX firejail-0.9.70-firecfg.config.patch 1662 BLAKE2B 71f301c49c97da5794ae4af35c8e0bca20845ef41be5c1db07911cb9de4ae0b52d7e48e37f0400c24302a820f577fe284d5c86d1f19f5b96570d66e5b92dcc0f SHA512 ec10c2e401817bb2833caa01c5f689f623f69c52a5ba48704c52f942c664274ca05755c6afaab89372a2a14122113bf0bc063e121e6ab92aec3e9a30a2b8379d
+AUX firejail-0.9.74-firecfg.config.patch 1497 BLAKE2B ba5780974e18758007da4120c10bcde388f55d0220a9bdb8619811601218469f7f4bec7ebc58d46967a72ce70ded8c9be9cbec562083da5ecfc318e3a1288123 SHA512 20d6a8c2374751115c084f3d1aac15e06d6d3bfc0fe7ff3ec413677745e29ca22b912b34599d21f61507d09ca236b02aba9a63f1e4b706dbec5a157bb68f82bd
AUX profile_display.local 158 BLAKE2B 7bb73bfa3d1a6556f9e4840e425e0bb2ee6a1e9510100a7d22a01978975805f7b80fde9c596147ee42dcc7d098b07e4969e67eaf857e6286ef94a2795671a37c SHA512 d2c85a8de17ffc7d0bac0252f7b6624ff9ff9280ad2e33fc51b4085b72db4b764b4ad719fdb6a95fe62faaeb9c541b9704b3ad764245bedec142c9488ef1e20d
AUX profile_patch.local 198 BLAKE2B 6a84eca54c8fa5429b171707d6d2b7617c918798f40a1ea26fd1c6778a3688aa1db2be9d74025b7b8b863969c94c22de92a610d2b872b37ba216377f50f0ceae SHA512 86829f6b4867564447d06c73119a38e4ae7b5a386253229d5d0603398b9ed4ca64714221fa8aee8a9660644c3c38d762386a7a5a161fb717e6b7d7df723aa9ad
AUX profile_pdftotext.local 132 BLAKE2B 2c98ecf386cdceae4cbaf4e3623187c66ff81540d86f978467a6a0106d57a0f41f7626f1049602fee8b7545fa413ed6ca8e21e1fb1448a374b8d80e6ae72451b SHA512 c0121f1ba4db0a737acdd250834ccd73fcd441b5d7f8d5740f75230edbb10bd6bb038dd09772ba21cb24cf4224a474749a2e0f3d0e9567b4e207f4adf67c19d0
AUX profile_wget.local 128 BLAKE2B d2069517fce414faec2b23f8704fe15683a956af210e6e39321ca9f65bde939c71a7980506fdd3b01a6b15fb6733ebb013c684a63589839c60c53616a52ca5b6 SHA512 ef0b97b11fac742464b6520c6e6293017519b84c137c4aa60976b53b3d072bc9a69588267ac0a79c9647cee1e802fb0cd0d28e1647778e30473518415ce4d699
DIST firejail-0.9.72.tar.xz 503192 BLAKE2B 3d57b345476cb62399859622c88f5d6c22842da5894045c09bc7d84229ec2a01c494e4e9393b6fba6c668f73c6b7046f9a014a315baa5bc56d1479b9cad178a7 SHA512 846fa5caf6e68c669f76a07d6321ed365bf3c45f7992e8be3784ed99ef508ea8dffc5d6cc5da75eeb37964ad358d61b7959e8590051950951de8ca904d8a49de
+DIST firejail-0.9.74.tar.xz 527640 BLAKE2B c71c4b9c6e4cc66ccd0884d98599709f59353f0d270ce7c7e056815a9025ae6b558e210a70a2f8fd4f1c0c5cad72cc3c372bb2af8ffef673c0f5cb3819375191 SHA512 abc79c7d76d6da2c93e9cc5b4529f2950a0de8f292bede5b0e38179551c8ec65adf8d61326c7dbbad0d488234211df2266ce6d59eea06b792c0b7e163d83e69f
EBUILD firejail-0.9.72.ebuild 3567 BLAKE2B 4224a0ea7079e50a7124b3994456795c5f03297ae870aee523a9be8e89426a2cb6be4910dc8148183e20e0e6427085ec1fd8e3ac817ff8afa62f0b6c3ab37f3d SHA512 0e52463ad29cf0e360bf93746accd534b941e55bb42b776b37306b6a5ee9d8360cf18f0a4ce2352bdb3511545c17a29df8a310c027df5d5bc04608b04a5dc18b
+EBUILD firejail-0.9.74.ebuild 3655 BLAKE2B 2a3dba6ae7bd60525dda77ec1d8c2f8ca89b914efb4576b594255c46912b9b52cc8bec5aa89bb50128471f49b252d72557eb929583705aae07f8e01aba488c3b SHA512 1c27d549f076373dfeb96de258a1e849d0728e5539e924c4b5be047d3943a7ecad010ddb42ddb7066ae515391c108959dccf0b1f2e4616b5f0f260ead296b184
MISC metadata.xml 1674 BLAKE2B ccb5e94f6e55a8d1864cb6a1d15239ed0a5dd76173a9c20c1162bb55f1ca97e48f1c09902d429bd1086c7b1b014a146c9eb27f0115941e6f7a44cf8aff690e27 SHA512 e8b6c84d5413f6dd33cfe60c111e51a59c89dc95f874c02e38451639ebd05646e49421852cedeef1f101309d73f2aabf6dea1da664f1a6596fce00c0bb2fffae
diff --git a/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch
new file mode 100644
index 000000000000..e41fcc650856
--- /dev/null
+++ b/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch
@@ -0,0 +1,73 @@
+diff '--color=auto' -urP firejail-0.9.74.orig/src/firecfg/firecfg.config firejail-0.9.74/src/firecfg/firecfg.config
+--- firejail-0.9.74.orig/src/firecfg/firecfg.config 2025-03-19 05:33:03.000000000 -0600
++++ firejail-0.9.74/src/firecfg/firecfg.config 2025-04-24 15:52:18.691898643 -0600
+@@ -243,7 +243,8 @@
+ electron-mail
+ electrum
+ element-desktop
+-elinks
++# Breaks emerge/portage on Gentoo: 'too many environment variables'
++#elinks
+ empathy
+ enchant
+ enchant-2
+@@ -295,7 +296,8 @@
+ fluffychat
+ foliate
+ font-manager
+-fontforge
++# Breaks emerge/portage on Gentoo
++#fontforge
+ fossamail
+ four-in-a-row
+ fractal
+@@ -548,7 +550,8 @@
+ luminance-hdr
+ lximage-qt
+ lxmusic
+-lynx
++# Breaks emerge/portage on Gentoo: 'too many environment variables'
++#lynx
+ lyriek
+ lyx
+ #lz4 # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095)
+@@ -638,7 +641,8 @@
+ musictube
+ musixmatch
+ mutool
+-mutt
++# Breaks when configs are under ~/.mutt/
++#mutt
+ mypaint
+ mypaint-ora-thumbnailer
+ natron
+@@ -705,7 +709,8 @@
+ palemoon
+ #pandoc
+ parole
+-patch
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
++#patch
+ pavucontrol
+ pavucontrol-qt
+ pcsxr
+@@ -853,7 +858,8 @@
+ stellarium
+ straw-viewer
+ strawberry
+-strings
++# Breaks emerge/portage on Gentoo
++#strings
+ studio.sh
+ subdownloader
+ sum
+@@ -988,7 +994,8 @@
+ weechat
+ weechat-curses
+ wesnoth
+-wget
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
++#wget
+ wget2
+ whalebird
+ whois
diff --git a/sys-apps/firejail/firejail-0.9.74.ebuild b/sys-apps/firejail/firejail-0.9.74.ebuild
new file mode 100644
index 000000000000..896150d7af6b
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.74.ebuild
@@ -0,0 +1,141 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit flag-o-matic toolchain-funcs python-single-r1 linux-info
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/"
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://github.com/netblue30/firejail.git"
+ EGIT_BRANCH="master"
+ inherit git-r3
+else
+ SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home selinux test +userns X"
+REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )"
+# Needs a lot of work to function within sandbox/portage. Can look at the alternative
+# test targets in Makefile too, bug #769731
+RESTRICT="test"
+
+RDEPEND="
+ !sys-apps/firejail-lts
+ apparmor? ( sys-libs/libapparmor )
+ contrib? ( ${PYTHON_DEPS} )
+ dbusproxy? ( sys-apps/xdg-dbus-proxy )
+ selinux? ( sys-libs/libselinux )
+"
+DEPEND="
+ ${RDEPEND}
+ sys-libs/libseccomp
+ test? ( dev-tcltk/expect )
+"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-0.9.70-envlimits.patch"
+ "${FILESDIR}/${PN}-0.9.74-firecfg.config.patch"
+)
+
+pkg_setup() {
+ CONFIG_CHECK="~SQUASHFS"
+ local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode"
+ check_extra_config
+
+ use contrib && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ # Our toolchain already sets SSP by default but forcing it causes problems
+ # on arches which don't support it. As for F_S, we again set it by defualt
+ # in our toolchain, but forcing F_S=2 is actually a downgrade if 3 is set.
+ sed -i \
+ -e 's:-fstack-protector-all::' \
+ -e 's:-D_FORTIFY_SOURCE=2::' \
+ src/so.mk src/prog.mk || die
+
+ find -type f -name Makefile -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die
+
+ # Fix up hardcoded paths to templates and docs
+ local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die)
+ for file in ${files[@]} ; do
+ sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die
+ done
+
+ # remove compression of man pages
+ sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile || die
+
+ if use contrib; then
+ python_fix_shebang -f contrib/*.py
+ fi
+}
+
+src_configure() {
+ # bug #937374
+ use elibc_musl && append-cppflags -D_LARGEFILE64_SOURCE
+
+ local myeconfargs=(
+ --disable-fatal-warnings
+ --disable-firetunnel
+ --disable-lts
+ --enable-suid
+ $(use_enable apparmor)
+ $(use_enable chroot)
+ $(use_enable dbusproxy)
+ $(use_enable file-transfer)
+ $(use_enable globalcfg)
+ $(use_enable network)
+ $(use_enable private-home)
+ $(use_enable selinux)
+ $(use_enable userns)
+ $(use_enable X x11)
+ )
+
+ econf "${myeconfargs[@]}"
+
+ cat > 99firejail <<-EOF || die
+ SANDBOX_WRITE="/run/firejail"
+ EOF
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)"
+}
+
+src_test() {
+ emake test-utils test-sysutils
+}
+
+src_install() {
+ default
+
+ # Gentoo-specific profile customizations
+ insinto /etc/${PN}
+ local profile_local
+ for profile_local in "${FILESDIR}"/profile_*local ; do
+ newins "${profile_local}" "${profile_local/\/*profile_/}"
+ done
+
+ # Prevent sandbox violations when toolchain is firejailed
+ insinto /etc/sandbox.d
+ doins 99firejail
+
+ rm "${ED}"/usr/share/doc/${PF}/COPYING || die
+
+ if use contrib; then
+ python_scriptinto /usr/$(get_libdir)/firejail
+ python_doscript contrib/*.py
+ insinto /usr/$(get_libdir)/firejail
+ dobin contrib/*.sh
+ fi
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 07:07:29 +0000