[gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail-lts/

["Dennis Lamm" <expeditioneer@gentoo.org>]

commit:     6a15369244fc5afdb22f47caf5fe8b1c4eb47cdb
Author:     Dennis Lamm <expeditioneer <AT> gentoo <DOT> org>
AuthorDate: Sun Aug  4 15:57:54 2019 +0000
Commit:     Dennis Lamm <expeditioneer <AT> gentoo <DOT> org>
CommitDate: Sun Aug  4 15:59:30 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a153692

sys-apps/firejail-lts: bump 0.9.56.2

Signed-off-by: Dennis Lamm <expeditioneer <AT> gentoo.org>
Package-Manager: Portage-2.3.69, Repoman-2.3.16

 sys-apps/firejail-lts/Manifest                     |  1 +
 sys-apps/firejail-lts/firejail-lts-0.9.56.2.ebuild | 47 ++++++++++++++++++++++
 sys-apps/firejail-lts/metadata.xml                 | 27 ++++++++-----
 3 files changed, 65 insertions(+), 10 deletions(-)

diff --git a/sys-apps/firejail-lts/Manifest b/sys-apps/firejail-lts/Manifest
index 5988a4adce8..7ea98757796 100644
--- a/sys-apps/firejail-lts/Manifest
+++ b/sys-apps/firejail-lts/Manifest
@@ -1,2 +1,3 @@
 DIST firejail-0.9.38.10.tar.bz2 159476 BLAKE2B e0ae02cd2b3feaf5d9e3e799d720f5a635ed4e3b6fca7041d0795ea09a3563bfece1cc42c391df65f05cf55199b97ae354092c2c2bb48f108ed2e2be4513fb3b SHA512 61a41655a46031c34f44f7f24e3c5369e3187edc10cb091b0d429ead8d367e79acdaa4bb41573cdf733111ce353fc91efe51cb95e331ad7c2fdb639a60e194fb
 DIST firejail-0.9.38.12.tar.bz2 164962 BLAKE2B c89252548c70e347c6a841a8460501622fb6aa1f264e0458918bf903c94d84f6a9dc5eaaa2ea678e2754c277a3074cfdc3df7c9602ab0a4f4f867348a8c5cc92 SHA512 d0d6e81d9dbf404c653914bbbdad95caa3ce69ee6d5082cd30c60c0ddad02a2f0c2535bf15b6fcf68a0e4a5a738806fdd738407adbd5dd57eb289827f4cc487d
+DIST firejail-lts-0.9.56.2.tar.gz 934289 BLAKE2B ff8b27f57da90cd94d3ec9b83c8398b7c569b09008f61094bd9aca15e996cd7a4d559e87168228271ccba4c9fe8e1ce97fa5045596f950f3ac2d8593b9ea5838 SHA512 75edc0405fa3fd7f2f5d7831f7f4e838ed63bacadd7f9a869a1611908c716a333251b602ff0bd70e3f98627418e84541b26790d34e644f60d97e84e9c33f873a

diff --git a/sys-apps/firejail-lts/firejail-lts-0.9.56.2.ebuild b/sys-apps/firejail-lts/firejail-lts-0.9.56.2.ebuild
new file mode 100644
index 00000000000..58dc1df4e15
--- /dev/null
+++ b/sys-apps/firejail-lts/firejail-lts-0.9.56.2.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Security sandbox for any type of processes; LTS version"
+HOMEPAGE="https://firejail.wordpress.com/"
+
+MY_PN=firejail
+
+SRC_URI="https://github.com/netblue30/${MY_PN}/archive/${PV}-LTS.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="apparmor +globalcfg +network +seccomp +suid +userns test +whitelist"
+
+DEPEND="!sys-apps/firejail
+		apparmor? ( sys-libs/libapparmor )
+		test? ( dev-tcltk/expect )"
+
+RDEPEND="apparmor? ( sys-libs/libapparmor )"
+
+S="${WORKDIR}/${MY_PN}-${PV}-LTS"
+
+src_prepare() {
+	default
+
+	find -type f -name Makefile.in | xargs sed --in-place --regexp-extended \
+		--expression='/^\tinstall .*COPYING /d' \
+		--expression='/CFLAGS/s: (-O2|-ggdb) : :g' || die
+
+	sed --in-place --regexp-extended '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die
+}
+
+src_configure() {
+	econf \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		$(use_enable apparmor) \
+		$(use_enable globalcfg) \
+		$(use_enable network) \
+		$(use_enable seccomp) \
+		$(use_enable suid) \
+		$(use_enable userns) \
+		$(use_enable whitelist)
+
+}

diff --git a/sys-apps/firejail-lts/metadata.xml b/sys-apps/firejail-lts/metadata.xml
index b1d77ccb9cf..74406c73969 100644
--- a/sys-apps/firejail-lts/metadata.xml
+++ b/sys-apps/firejail-lts/metadata.xml
@@ -1,22 +1,29 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<!-- maintainer-needed -->
+	<maintainer type="person">
+		<email>expeditioneer@gentoo.org</email>
+		<name>Dennis Lamm</name>
+	</maintainer>
 	<longdescription lang="en">
-		Firejail is a SUID program that reduces the risk of security breaches
-		by restricting the running environment of untrusted applications using
-		Linux namespaces and seccomp-bpf. It allows a process and all its
-		descendants to have their own private view of the globally shared
-		kernel resources, such as the network stack, process table, mount
-		table.
+		Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of
+		untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to
+		have their own private view of the globally shared kernel resources, such as the network stack, process table,
+		mount table.
 
-		This is long term support branch of firejail. For bleeding edge version
-		see sys-apps/firejail.
+		This is long term support branch of firejail. For the regular version see sys-apps/firejail. 
+		The code base is approximately 40% smaller than the regular version,
+		providing a smaller attack surface for the SUID executable.
 	</longdescription>
 	<upstream>
-		<remote-id type="sourceforge">firejail</remote-id>
+		<remote-id type="github">netblue30/firejail</remote-id>
 	</upstream>
 	<use>
+		<flag name="apparmor">Enable support for custom AppArmor profiles</flag>
+		<flag name="globalcfg">Enable global config file</flag>
+		<flag name="network">Enable networking features</flag>
 		<flag name="seccomp">Enable system call filtering</flag>
+		<flag name="userns">Enable attaching a new user namespace to a sandbox (--noroot option)</flag>
+		<flag name="whitelist">Enable file and directory whitelisting</flag>
 	</use>
 </pkgmetadata>