From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/, sys-apps/firejail/files/
Date: Tue, 22 Feb 2022 09:43:52 +0000 (UTC) [thread overview]
Message-ID: <1645523025.0246df2ab9257ecb01fa6fc453a7c647cd1ca543.flow@gentoo> (raw)
commit: 0246df2ab9257ecb01fa6fc453a7c647cd1ca543
Author: Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Mon Feb 21 19:15:13 2022 +0000
Commit: Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Tue Feb 22 09:43:45 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0246df2a
sys-apps/firejail: apply firecfg patch; misc cleanups
Update firecfg patch from my testing tree and apply it. Also
remove an obsolete use/configure flag.
Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/833596
Closes: https://github.com/gentoo/gentoo/pull/24299
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Closes: https://github.com/gentoo/gentoo/pull/24305
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>
....patch => firejail-0.9.68-firecfg.config.patch} | 32 ++++--
sys-apps/firejail/firejail-0.9.68-r1.ebuild | 118 +++++++++++++++++++++
2 files changed, 139 insertions(+), 11 deletions(-)
diff --git a/sys-apps/firejail/files/firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
similarity index 69%
rename from sys-apps/firejail/files/firecfg.config.patch
rename to sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
index f4f5f34a196a..eaec87a108d5 100644
--- a/sys-apps/firejail/files/firecfg.config.patch
+++ b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
@@ -1,6 +1,6 @@
---- firecfg.config.orig 2021-11-05 20:30:20.451017470 -0600
-+++ firecfg.config 2022-02-06 20:53:53.948407229 -0700
-@@ -207,7 +207,8 @@
+--- a/src/firecfg/firecfg.config 2022-02-03 07:53:47.000000000 -0700
++++ b/src/firecfg/firecfg.config 2022-02-21 11:56:00.267419833 -0700
+@@ -213,7 +213,8 @@
electron-mail
electrum
element-desktop
@@ -10,17 +10,17 @@
empathy
enchant
enchant-2
-@@ -254,7 +255,8 @@
+@@ -259,7 +260,8 @@
+ flameshot
flashpeak-slimjet
flowblade
- font-manager
-fontforge
+# Breaks emerge/portage on Gentoo
+#fontforge
+ font-manager
fossamail
four-in-a-row
- fractal
-@@ -478,11 +480,16 @@
+@@ -490,11 +492,16 @@
luminance-hdr
lximage-qt
lxmusic
@@ -39,7 +39,7 @@
manaplus
marker
masterpdfeditor
-@@ -558,7 +565,8 @@
+@@ -571,7 +578,8 @@
musictube
musixmatch
mutool
@@ -49,17 +49,17 @@
mypaint
mypaint-ora-thumbnailer
natron
-@@ -616,7 +624,8 @@
+@@ -632,7 +640,8 @@
palemoon
#pandoc
parole
-patch
-+# Breaks emerge/portage on Gentoo: 'too many environment variables'
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
+#patch
pavucontrol
pavucontrol-qt
pcsxr
-@@ -736,7 +745,8 @@
+@@ -758,7 +767,8 @@
stellarium
strawberry
straw-viewer
@@ -69,3 +69,13 @@
studio.sh
subdownloader
supertux2
+@@ -877,7 +887,8 @@
+ weechat
+ weechat-curses
+ wesnoth
+-wget
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
++#wget
+ wget2
+ whalebird
+ whois
diff --git a/sys-apps/firejail/firejail-0.9.68-r1.ebuild b/sys-apps/firejail/firejail-0.9.68-r1.ebuild
new file mode 100644
index 000000000000..5c5a610f1024
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.68-r1.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit toolchain-funcs python-single-r1 linux-info
+
+if [[ ${PV} != 9999 ]]; then
+ SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
+ KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+else
+ inherit git-r3
+ EGIT_REPO_URI="https://github.com/netblue30/firejail.git"
+ EGIT_BRANCH="master"
+fi
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns X"
+# Needs a lot of work to function within sandbox/portage
+# bug #769731
+RESTRICT="test"
+
+RDEPEND="!sys-apps/firejail-lts
+ apparmor? ( sys-libs/libapparmor )
+ contrib? ( ${PYTHON_DEPS} )
+ dbusproxy? ( sys-apps/xdg-dbus-proxy )"
+
+DEPEND="${RDEPEND}
+ sys-libs/libseccomp
+ test? ( dev-tcltk/expect )"
+
+REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )"
+
+PATCHES=(
+ "${FILESDIR}/${P}-envlimits.patch"
+ "${FILESDIR}/${P}-firecfg.config.patch"
+ )
+
+pkg_setup() {
+ CONFIG_CHECK="~SQUASHFS"
+ local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode"
+ check_extra_config
+ use contrib && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die
+
+ sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die
+
+ # fix up hardcoded paths to templates and docs
+ local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die)
+ for file in ${files[@]} ; do
+ sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die
+ done
+
+ # remove compression of man pages
+ sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die
+
+ if use contrib; then
+ python_fix_shebang -f contrib/*.py
+ fi
+}
+
+src_configure() {
+ econf \
+ --disable-firetunnel \
+ --enable-suid \
+ $(use_enable apparmor) \
+ $(use_enable chroot) \
+ $(use_enable dbusproxy) \
+ $(use_enable file-transfer) \
+ $(use_enable globalcfg) \
+ $(use_enable network) \
+ $(use_enable private-home) \
+ $(use_enable userns) \
+ $(use_enable X x11)
+
+ cat > 99firejail <<-EOF || die
+ SANDBOX_WRITE="/run/firejail"
+ EOF
+}
+
+src_compile() {
+ emake CC="$(tc-getCC)"
+}
+
+src_install() {
+ default
+
+ # Gentoo-specific profile customizations
+ insinto /etc/${PN}
+ local profile_local
+ for profile_local in "${FILESDIR}"/profile_*local ; do
+ newins "${profile_local}" "${profile_local/\/*profile_/}"
+ done
+
+ # Prevent sandbox violations when toolchain is firejailed
+ insinto /etc/sandbox.d
+ doins 99firejail
+
+ rm "${ED}"/usr/share/doc/${PF}/COPYING || die
+
+ if use contrib; then
+ python_scriptinto /usr/$(get_libdir)/firejail
+ python_doscript contrib/*.py
+ insinto /usr/$(get_libdir)/firejail
+ dobin contrib/*.sh
+ fi
+}
next reply other threads:[~2022-02-22 9:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-22 9:43 Florian Schmaus [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-07-15 12:10 [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/, sys-apps/firejail/files/ Joonas Niilola
2022-06-15 5:47 Joonas Niilola
2019-08-07 4:58 Dennis Lamm
2019-08-05 19:22 Dennis Lamm
2018-10-10 20:40 Amadeusz Piotr Żołnowski
2018-03-06 23:20 Amadeusz Piotr Żołnowski
2017-09-30 15:41 Amadeusz Piotr Żołnowski
2017-05-29 14:37 Amadeusz Piotr Żołnowski
2017-01-11 19:50 Sebastian Pipping
2016-12-18 11:14 Amadeusz Piotr Żołnowski
2016-12-13 20:29 Amadeusz Piotr Żołnowski
2016-12-08 20:38 Amadeusz Piotr Żołnowski
2016-12-01 21:41 Amadeusz Piotr Żołnowski
2016-09-27 19:40 Amadeusz Piotr Żołnowski
2016-06-03 20:37 Amadeusz Piotr Żołnowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1645523025.0246df2ab9257ecb01fa6fc453a7c647cd1ca543.flow@gentoo \
--to=flow@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox