From 4cbcc855382a06088e2f016f62cafdbcb7e40665 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 20 Mar 2022 00:40:44 +0000 Subject: gentoo resync : 20.03.2022 --- sys-apps/firejail/Manifest | 15 ++- .../firejail/files/firejail-0.9.68-envlimits.patch | 12 +++ .../files/firejail-0.9.68-firecfg.config.patch | 81 ++++++++++++++ sys-apps/firejail/files/profile_display.local | 2 + sys-apps/firejail/files/profile_patch.local | 8 ++ sys-apps/firejail/files/profile_pdftotext.local | 2 + sys-apps/firejail/files/profile_wget.local | 5 + sys-apps/firejail/firejail-0.9.64.4.ebuild | 99 ----------------- sys-apps/firejail/firejail-0.9.66.ebuild | 99 ----------------- sys-apps/firejail/firejail-0.9.68-r1.ebuild | 118 +++++++++++++++++++++ sys-apps/firejail/firejail-0.9.68.ebuild | 118 +++++++++++++++++++++ sys-apps/firejail/firejail-9999.ebuild | 8 +- 12 files changed, 360 insertions(+), 207 deletions(-) create mode 100644 sys-apps/firejail/files/firejail-0.9.68-envlimits.patch create mode 100644 sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch create mode 100644 sys-apps/firejail/files/profile_display.local create mode 100644 sys-apps/firejail/files/profile_patch.local create mode 100644 sys-apps/firejail/files/profile_pdftotext.local create mode 100644 sys-apps/firejail/files/profile_wget.local delete mode 100644 sys-apps/firejail/firejail-0.9.64.4.ebuild delete mode 100644 sys-apps/firejail/firejail-0.9.66.ebuild create mode 100644 sys-apps/firejail/firejail-0.9.68-r1.ebuild create mode 100644 sys-apps/firejail/firejail-0.9.68.ebuild (limited to 'sys-apps/firejail') diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest index 83d8b29cb8a7..e65a77026766 100644 --- a/sys-apps/firejail/Manifest +++ b/sys-apps/firejail/Manifest @@ -1,6 +1,11 @@ -DIST firejail-0.9.64.4.tar.xz 431116 BLAKE2B 1e64af1459cdbd6e753299796b2521efdc1fe364a66b8f0f40df1adabec32d0673cb9805a2ab385b96b64aca16e038e615ab1e4dc4df1dbcaa0b5b24f54c89d0 SHA512 580a074cb40e7559f6d532418b5e05e042c30306e8507d32ac3c71a51dec6648035ad810d253da02caaa4adc41f773dfdab55528618f5ca30ff30d4e7bbd12c9 -DIST firejail-0.9.66.tar.xz 449992 BLAKE2B 43243e4d2773f007c9a7ce4e63b009b63113055baaffa5125d279124967f5c07d510edf431b568bbf5d6cf04501f5645accb5756af80298750d8f0ef35f9a88b SHA512 c00222f975df9832940b7e3ef71dc2d2bbab3540db259f8d3011fb6198f1b66d9191dff4609163a2cfe0e2a1f739e144b496260a457ea92601f163675735cbe7 -EBUILD firejail-0.9.64.4.ebuild 2514 BLAKE2B 5169243203fa8e77926aaccce08a9ad82277f8e9d272c99a87e885ab4a6bc251ec30b2c2e9f754ba35744f2933d0845a636ca15132c529a97f304a1be1828963 SHA512 da06a3199f3714b07bb99831d59e796b940d600334b9d8df8d4f2c887cdbd9205a9933e028353b41ae58afa3ecedd3f39c65c11ed01d2b344b4adb9cbc321082 -EBUILD firejail-0.9.66.ebuild 2627 BLAKE2B 33b429e1b4aa19a46242dae15fc02cbadc83acd170cfc143592e191c3fecee8fae48aa7a6ff4be3dcbea4c7fb5fc6a2552b6ef96380b4aa6277462905cce72b1 SHA512 ab36c185d9d890ff478334468d806d8c77fc5bea9fa834279e0721c42f2896331c20f5a7607604eee19f7c73053f346c8db25ee2a65fab530ecc606a37cd5813 -EBUILD firejail-9999.ebuild 2627 BLAKE2B 33b429e1b4aa19a46242dae15fc02cbadc83acd170cfc143592e191c3fecee8fae48aa7a6ff4be3dcbea4c7fb5fc6a2552b6ef96380b4aa6277462905cce72b1 SHA512 ab36c185d9d890ff478334468d806d8c77fc5bea9fa834279e0721c42f2896331c20f5a7607604eee19f7c73053f346c8db25ee2a65fab530ecc606a37cd5813 +AUX firejail-0.9.68-envlimits.patch 669 BLAKE2B 50b2f652e317ed7cc4da53d9ab990b8b857396b7489f0b76532477cd50c0cbbd58099f42d555b12e735a8131552d5b877f9cee4cee2594e112d6bded770728ad SHA512 c91cbe09aa565123a988d44b1a243d1d6c7f501dd97c29e193d1bee36ab674eda45f55cfded4b25b50b023b3d31e7ddb034fb6ad647ad83aeb97c82c60581423 +AUX firejail-0.9.68-firecfg.config.patch 1528 BLAKE2B 9d1408b5311f39fbf1de4f0ce7c3c4b60165fa5e5c6c31b3eb74970d09f1d4ff4d5de7cf8b1a5e6266a53c74ac5010d67a47f38bb565489cd6d49ddfd5323c02 SHA512 7e52918e2d076b01a87c7e420f2e4162be386c5591f8f0720c30301ceabd22c2c83e0e0bc2a94c3b4fc8d3f8f6f4c9363d54204f6a11e5b14acc7057a4497c02 +AUX profile_display.local 158 BLAKE2B 7bb73bfa3d1a6556f9e4840e425e0bb2ee6a1e9510100a7d22a01978975805f7b80fde9c596147ee42dcc7d098b07e4969e67eaf857e6286ef94a2795671a37c SHA512 d2c85a8de17ffc7d0bac0252f7b6624ff9ff9280ad2e33fc51b4085b72db4b764b4ad719fdb6a95fe62faaeb9c541b9704b3ad764245bedec142c9488ef1e20d +AUX profile_patch.local 198 BLAKE2B 6a84eca54c8fa5429b171707d6d2b7617c918798f40a1ea26fd1c6778a3688aa1db2be9d74025b7b8b863969c94c22de92a610d2b872b37ba216377f50f0ceae SHA512 86829f6b4867564447d06c73119a38e4ae7b5a386253229d5d0603398b9ed4ca64714221fa8aee8a9660644c3c38d762386a7a5a161fb717e6b7d7df723aa9ad +AUX profile_pdftotext.local 132 BLAKE2B 2c98ecf386cdceae4cbaf4e3623187c66ff81540d86f978467a6a0106d57a0f41f7626f1049602fee8b7545fa413ed6ca8e21e1fb1448a374b8d80e6ae72451b SHA512 c0121f1ba4db0a737acdd250834ccd73fcd441b5d7f8d5740f75230edbb10bd6bb038dd09772ba21cb24cf4224a474749a2e0f3d0e9567b4e207f4adf67c19d0 +AUX profile_wget.local 128 BLAKE2B d2069517fce414faec2b23f8704fe15683a956af210e6e39321ca9f65bde939c71a7980506fdd3b01a6b15fb6733ebb013c684a63589839c60c53616a52ca5b6 SHA512 ef0b97b11fac742464b6520c6e6293017519b84c137c4aa60976b53b3d072bc9a69588267ac0a79c9647cee1e802fb0cd0d28e1647778e30473518415ce4d699 +DIST firejail-0.9.68.tar.xz 477332 BLAKE2B 4d995715caa81b69bb9a16f604a2463b2db48fad5ba869bb5f353973ce8ec273dbabe07ee340b40094d6fe15bcef7e356cd07e7e7dfd0491d2d1632f64878a0e SHA512 8c03c145bb91fe696407052968bd1069defc44d274bd74d33fccebb28324121d259973fccc1d1cdc38fb2902bb842e921adc9440596a92a4aa13c4e06963e354 +EBUILD firejail-0.9.68-r1.ebuild 3047 BLAKE2B e252a0c657c1e92a2420ed26bb67203a54ea08db7c1335cca477dbd745b04e627c7b8839f22b1c07e291fc0a369bdc660c9f4b9a079bb6224c713535a82e8d78 SHA512 736281c43fca7aa3ca757c2733e9062594b0c4994c569e28a4bbe56f0a0a072b9c146b0cb5d2b5bb8cb186f8d01b28f94b46e4660171fed09010fe0e4fa3aa0e +EBUILD firejail-0.9.68.ebuild 3044 BLAKE2B d7e26bce7d9cfffa594b6a72d121ce9efab1f384b25bcd1b00b0d1cccd58c9258756bdb983f2d44a9f02522c210662e7c646900f510dd4c5ce12c7973746cb6e SHA512 16ea37dd99bbfef8bdc6b5e82788a61bd0325615ccc7d5738dee24a0d6dc4c154aa14aebfd6786a75340ff199f695cfe12eb5a664d6111bc2102347996eec5b6 +EBUILD firejail-9999.ebuild 2618 BLAKE2B 4c9aaf9b58dd8983b9e6acd92ba33d44cb0b6cd41d034f3a22cf235c92b7b12bb53b1cbc73e83cf50571bf9e42e8da9ae86ed8da6739c49ac22222f3876b618b SHA512 dae3515ea76d029b93e4e0254ab8596a3eaaf6f745919fe8a81d0d84a27cc46d7001d26bed45a93c1c8fb0d0d6f5583a54d2e71d4039d1531df01e3de82a1135 MISC metadata.xml 1814 BLAKE2B f8216f60d54df8ced109e016f0e5cc58a59dde8e8ff79b50964274607d829245db281d342274fcf82e20750988db2f5a8dfc0c2d914e83d61ae3193c1bb5aa7b SHA512 44221d68c026110e2e457adb851c1269cc3095f1f35ac3185213f2692b2a0758b5adf5d7d5b9929b9bc63bafb5e47b3b1d836c65732a7061dd729ca62c45b956 diff --git a/sys-apps/firejail/files/firejail-0.9.68-envlimits.patch b/sys-apps/firejail/files/firejail-0.9.68-envlimits.patch new file mode 100644 index 000000000000..4b306342e532 --- /dev/null +++ b/sys-apps/firejail/files/firejail-0.9.68-envlimits.patch @@ -0,0 +1,12 @@ +diff -urP firejail-0.9.68.orig/src/firejail/firejail.h firejail-0.9.68/src/firejail/firejail.h +--- firejail-0.9.68.orig/src/firejail/firejail.h 2022-02-03 07:53:47.000000000 -0700 ++++ firejail-0.9.68/src/firejail/firejail.h 2022-02-06 21:09:35.279071101 -0700 +@@ -689,7 +689,7 @@ + int check_kernel_procs(void); + void run_no_sandbox(int argc, char **argv) __attribute__((noreturn)); + +-#define MAX_ENVS 256 // some sane maximum number of environment variables ++#define MAX_ENVS 2048 // some sane maximum number of environment variables + #define MAX_ENV_LEN (PATH_MAX + 32) // FOOBAR=SOME_PATH, only applied to Firejail's own sandboxed apps + // env.c + typedef enum { diff --git a/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch new file mode 100644 index 000000000000..eaec87a108d5 --- /dev/null +++ b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch @@ -0,0 +1,81 @@ +--- a/src/firecfg/firecfg.config 2022-02-03 07:53:47.000000000 -0700 ++++ b/src/firecfg/firecfg.config 2022-02-21 11:56:00.267419833 -0700 +@@ -213,7 +213,8 @@ + electron-mail + electrum + element-desktop +-elinks ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#elinks + empathy + enchant + enchant-2 +@@ -259,7 +260,8 @@ + flameshot + flashpeak-slimjet + flowblade +-fontforge ++# Breaks emerge/portage on Gentoo ++#fontforge + font-manager + fossamail + four-in-a-row +@@ -490,11 +492,16 @@ + luminance-hdr + lximage-qt + lxmusic +-lynx ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#lynx + lyx + macrofusion + magicor +-man ++# Breaks: $ man chromium-browser ++# WARNING: terminal is not fully functional ++# Press RETURN to continue ++# Manual page chromium-browser(1) byte 0/0 (END) (press h for help or q to quit) ++#man + manaplus + marker + masterpdfeditor +@@ -571,7 +578,8 @@ + musictube + musixmatch + mutool +-mutt ++# Breaks when configs are under ~/.mutt/ ++#mutt + mypaint + mypaint-ora-thumbnailer + natron +@@ -632,7 +640,8 @@ + palemoon + #pandoc + parole +-patch ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#patch + pavucontrol + pavucontrol-qt + pcsxr +@@ -758,7 +767,8 @@ + stellarium + strawberry + straw-viewer +-strings ++# Breaks emerge/portage on Gentoo ++#strings + studio.sh + subdownloader + supertux2 +@@ -877,7 +887,8 @@ + weechat + weechat-curses + wesnoth +-wget ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#wget + wget2 + whalebird + whois diff --git a/sys-apps/firejail/files/profile_display.local b/sys-apps/firejail/files/profile_display.local new file mode 100644 index 000000000000..edf025c4720d --- /dev/null +++ b/sys-apps/firejail/files/profile_display.local @@ -0,0 +1,2 @@ +private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libgomp.so.*,libMagickWand-*.so.*,libfreetype.so.*,libXext.so.*,libltdl.so.*,ImageMagick* +private-etc ImageMagick-7 diff --git a/sys-apps/firejail/files/profile_patch.local b/sys-apps/firejail/files/profile_patch.local new file mode 100644 index 000000000000..24fe0c43b516 --- /dev/null +++ b/sys-apps/firejail/files/profile_patch.local @@ -0,0 +1,8 @@ +private-bin /usr/bin/patch,red +ignore private-bin +# Needed so patch can write under /var/tmp/portage/ +writable-var +read-write /var/tmp/portage +whitelist /var/tmp/portage + +private-lib libsandbox.so* diff --git a/sys-apps/firejail/files/profile_pdftotext.local b/sys-apps/firejail/files/profile_pdftotext.local new file mode 100644 index 000000000000..449e4787d5a8 --- /dev/null +++ b/sys-apps/firejail/files/profile_pdftotext.local @@ -0,0 +1,2 @@ +private-etc alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload +private-lib gcc/*/*/libgcc_s.so.*,gcc/*/*/libstdc++.so.* diff --git a/sys-apps/firejail/files/profile_wget.local b/sys-apps/firejail/files/profile_wget.local new file mode 100644 index 000000000000..4b1d5b50a2b7 --- /dev/null +++ b/sys-apps/firejail/files/profile_wget.local @@ -0,0 +1,5 @@ +# Needed so that portage can wget into the distfile dir. +writable-var +whitelist /var/cache/distfiles + +private-bin /usr/bin/wget diff --git a/sys-apps/firejail/firejail-0.9.64.4.ebuild b/sys-apps/firejail/firejail-0.9.64.4.ebuild deleted file mode 100644 index 77f8fb130dd8..000000000000 --- a/sys-apps/firejail/firejail-0.9.64.4.ebuild +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{7..9} ) - -inherit toolchain-funcs python-single-r1 linux-info - -if [[ ${PV} != 9999 ]]; then - KEYWORDS="amd64 ~arm ~arm64 ~x86" - SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" -else - inherit git-r3 - EGIT_REPO_URI="https://github.com/netblue30/firejail.git" - EGIT_BRANCH="master" -fi - -DESCRIPTION="Security sandbox for any type of processes" -HOMEPAGE="https://firejail.wordpress.com/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="X apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist" -# Needs a lot of work to function within sandbox/portage -# bug #769731 -RESTRICT="test" - -RDEPEND="!sys-apps/firejail-lts - apparmor? ( sys-libs/libapparmor ) - contrib? ( ${PYTHON_DEPS} ) - dbusproxy? ( sys-apps/xdg-dbus-proxy )" - -DEPEND="${RDEPEND} - sys-libs/libseccomp - test? ( dev-tcltk/expect )" - -REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" - -pkg_setup() { - python-single-r1_pkg_setup -} - -src_prepare() { - default - - find -type f -name Makefile.in -exec sed -i -r -e '/^\tinstall .*COPYING /d; /CFLAGS/s: (-O2|-ggdb) : :g' {} + || die - - sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die - - # remove compression of man pages - sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die - - if use contrib; then - python_fix_shebang -f contrib/*.py - fi - - # some tests were missing from this release's tarball - if use test; then - sed -i -r -e 's/^(test:.*) test-private-lib (.*)/\1 \2/; s/^(test:.*) test-fnetfilter (.*)/\1 \2/' Makefile.in || die - fi -} - -src_configure() { - econf \ - --disable-firetunnel \ - $(use_enable apparmor) \ - $(use_enable chroot) \ - $(use_enable dbusproxy) \ - $(use_enable file-transfer) \ - $(use_enable globalcfg) \ - $(use_enable network) \ - $(use_enable private-home) \ - $(use_enable suid) \ - $(use_enable userns) \ - $(use_enable whitelist) \ - $(use_enable X x11) -} - -src_compile() { - emake CC="$(tc-getCC)" -} - -src_install() { - default - - if use contrib; then - python_scriptinto /usr/$(get_libdir)/firejail - python_doscript contrib/*.py - insinto /usr/$(get_libdir)/firejail - dobin contrib/*.sh - fi -} - -pkg_postinst() { - CONFIG_CHECK="~SQUASHFS" - local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" - check_extra_config -} diff --git a/sys-apps/firejail/firejail-0.9.66.ebuild b/sys-apps/firejail/firejail-0.9.66.ebuild deleted file mode 100644 index e3bf15c00bbd..000000000000 --- a/sys-apps/firejail/firejail-0.9.66.ebuild +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{8,9} ) - -inherit toolchain-funcs python-single-r1 linux-info - -if [[ ${PV} != 9999 ]]; then - SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" - KEYWORDS="~amd64 ~arm ~arm64 ~x86" -else - inherit git-r3 - EGIT_REPO_URI="https://github.com/netblue30/firejail.git" - EGIT_BRANCH="master" -fi - -DESCRIPTION="Security sandbox for any type of processes" -HOMEPAGE="https://firejail.wordpress.com/" - -LICENSE="GPL-2" -SLOT="0" -IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist X" -# Needs a lot of work to function within sandbox/portage -# bug #769731 -RESTRICT="test" - -RDEPEND="!sys-apps/firejail-lts - apparmor? ( sys-libs/libapparmor ) - contrib? ( ${PYTHON_DEPS} ) - dbusproxy? ( sys-apps/xdg-dbus-proxy )" - -DEPEND="${RDEPEND} - sys-libs/libseccomp - test? ( dev-tcltk/expect )" - -REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" - -pkg_setup() { - CONFIG_CHECK="~SQUASHFS" - local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" - check_extra_config - use contrib && python-single-r1_pkg_setup -} - -src_prepare() { - default - - find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die - - sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die - - # fix up hardcoded paths to templates and docs - local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) - for file in ${files[@]} ; do - sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die - done - - # remove compression of man pages - sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die - - if use contrib; then - python_fix_shebang -f contrib/*.py - fi -} - -src_configure() { - econf \ - --disable-firetunnel \ - $(use_enable apparmor) \ - $(use_enable chroot) \ - $(use_enable dbusproxy) \ - $(use_enable file-transfer) \ - $(use_enable globalcfg) \ - $(use_enable network) \ - $(use_enable private-home) \ - $(use_enable suid) \ - $(use_enable userns) \ - $(use_enable whitelist) \ - $(use_enable X x11) -} - -src_compile() { - emake CC="$(tc-getCC)" -} - -src_install() { - default - - rm "${ED}"/usr/share/doc/${PF}/COPYING || die - - if use contrib; then - python_scriptinto /usr/$(get_libdir)/firejail - python_doscript contrib/*.py - insinto /usr/$(get_libdir)/firejail - dobin contrib/*.sh - fi -} diff --git a/sys-apps/firejail/firejail-0.9.68-r1.ebuild b/sys-apps/firejail/firejail-0.9.68-r1.ebuild new file mode 100644 index 000000000000..5c5a610f1024 --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.68-r1.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) + +inherit toolchain-funcs python-single-r1 linux-info + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/netblue30/firejail.git" + EGIT_BRANCH="master" +fi + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns X" +# Needs a lot of work to function within sandbox/portage +# bug #769731 +RESTRICT="test" + +RDEPEND="!sys-apps/firejail-lts + apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy )" + +DEPEND="${RDEPEND} + sys-libs/libseccomp + test? ( dev-tcltk/expect )" + +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" + +PATCHES=( + "${FILESDIR}/${P}-envlimits.patch" + "${FILESDIR}/${P}-firecfg.config.patch" + ) + +pkg_setup() { + CONFIG_CHECK="~SQUASHFS" + local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" + check_extra_config + use contrib && python-single-r1_pkg_setup +} + +src_prepare() { + default + + find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die + + # fix up hardcoded paths to templates and docs + local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) + for file in ${files[@]} ; do + sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die + done + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + econf \ + --disable-firetunnel \ + --enable-suid \ + $(use_enable apparmor) \ + $(use_enable chroot) \ + $(use_enable dbusproxy) \ + $(use_enable file-transfer) \ + $(use_enable globalcfg) \ + $(use_enable network) \ + $(use_enable private-home) \ + $(use_enable userns) \ + $(use_enable X x11) + + cat > 99firejail <<-EOF || die + SANDBOX_WRITE="/run/firejail" + EOF +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_install() { + default + + # Gentoo-specific profile customizations + insinto /etc/${PN} + local profile_local + for profile_local in "${FILESDIR}"/profile_*local ; do + newins "${profile_local}" "${profile_local/\/*profile_/}" + done + + # Prevent sandbox violations when toolchain is firejailed + insinto /etc/sandbox.d + doins 99firejail + + rm "${ED}"/usr/share/doc/${PF}/COPYING || die + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +} diff --git a/sys-apps/firejail/firejail-0.9.68.ebuild b/sys-apps/firejail/firejail-0.9.68.ebuild new file mode 100644 index 000000000000..50077c0d2db7 --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.68.ebuild @@ -0,0 +1,118 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) + +inherit toolchain-funcs python-single-r1 linux-info + +if [[ ${PV} != 9999 ]]; then + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" + KEYWORDS="amd64 ~arm ~arm64 ~x86" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/netblue30/firejail.git" + EGIT_BRANCH="master" +fi + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns +whitelist X" +# Needs a lot of work to function within sandbox/portage +# bug #769731 +RESTRICT="test" + +RDEPEND="!sys-apps/firejail-lts + apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy )" + +DEPEND="${RDEPEND} + sys-libs/libseccomp + test? ( dev-tcltk/expect )" + +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" + +PATCHES=( + "${FILESDIR}/${P}-envlimits.patch" + ) + +pkg_setup() { + CONFIG_CHECK="~SQUASHFS" + local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" + check_extra_config + use contrib && python-single-r1_pkg_setup +} + +src_prepare() { + default + + find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die + + # fix up hardcoded paths to templates and docs + local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) + for file in ${files[@]} ; do + sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die + done + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + econf \ + --disable-firetunnel \ + --enable-suid \ + $(use_enable apparmor) \ + $(use_enable chroot) \ + $(use_enable dbusproxy) \ + $(use_enable file-transfer) \ + $(use_enable globalcfg) \ + $(use_enable network) \ + $(use_enable private-home) \ + $(use_enable userns) \ + $(use_enable whitelist) \ + $(use_enable X x11) + + cat > 99firejail <<-EOF || die + SANDBOX_WRITE="/run/firejail" + EOF +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_install() { + default + + # Gentoo-specific profile customizations + insinto /etc/${PN} + local profile_local + for profile_local in "${FILESDIR}"/profile_*local ; do + newins "${profile_local}" "${profile_local/\/*profile_/}" + done + + # Prevent sandbox violations when toolchain is firejailed + insinto /etc/sandbox.d + doins 99firejail + + rm "${ED}"/usr/share/doc/${PF}/COPYING || die + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +} diff --git a/sys-apps/firejail/firejail-9999.ebuild b/sys-apps/firejail/firejail-9999.ebuild index e3bf15c00bbd..440d20af51ec 100644 --- a/sys-apps/firejail/firejail-9999.ebuild +++ b/sys-apps/firejail/firejail-9999.ebuild @@ -1,9 +1,9 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 -PYTHON_COMPAT=( python3_{8,9} ) +PYTHON_COMPAT=( python3_{8..10} ) inherit toolchain-funcs python-single-r1 linux-info @@ -21,7 +21,7 @@ HOMEPAGE="https://firejail.wordpress.com/" LICENSE="GPL-2" SLOT="0" -IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home +suid test +userns +whitelist X" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns +whitelist X" # Needs a lot of work to function within sandbox/portage # bug #769731 RESTRICT="test" @@ -68,6 +68,7 @@ src_prepare() { src_configure() { econf \ --disable-firetunnel \ + --enable-suid \ $(use_enable apparmor) \ $(use_enable chroot) \ $(use_enable dbusproxy) \ @@ -75,7 +76,6 @@ src_configure() { $(use_enable globalcfg) \ $(use_enable network) \ $(use_enable private-home) \ - $(use_enable suid) \ $(use_enable userns) \ $(use_enable whitelist) \ $(use_enable X x11) -- cgit v1.2.3