From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1370076-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id DE07B15808B
	for <garchives@archives.gentoo.org>; Tue, 22 Feb 2022 09:43:55 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3A027E0ADC;
	Tue, 22 Feb 2022 09:43:55 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 17F0FE0ADC
	for <gentoo-commits@lists.gentoo.org>; Tue, 22 Feb 2022 09:43:55 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 2DCBF343433
	for <gentoo-commits@lists.gentoo.org>; Tue, 22 Feb 2022 09:43:54 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id A15AB285
	for <gentoo-commits@lists.gentoo.org>; Tue, 22 Feb 2022 09:43:52 +0000 (UTC)
From: "Florian Schmaus" <flow@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Florian Schmaus" <flow@gentoo.org>
Message-ID: <1645523025.0246df2ab9257ecb01fa6fc453a7c647cd1ca543.flow@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/firejail/, sys-apps/firejail/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: sys-apps/firejail/files/firecfg.config.patch sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch sys-apps/firejail/firejail-0.9.68-r1.ebuild
X-VCS-Directories: sys-apps/firejail/ sys-apps/firejail/files/
X-VCS-Committer: flow
X-VCS-Committer-Name: Florian Schmaus
X-VCS-Revision: 0246df2ab9257ecb01fa6fc453a7c647cd1ca543
X-VCS-Branch: master
Date: Tue, 22 Feb 2022 09:43:52 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 8fc85856-025d-417b-a640-ab373eae3b28
X-Archives-Hash: d5d65a6bedcdb1ed21576067fb9a2f4e

commit:     0246df2ab9257ecb01fa6fc453a7c647cd1ca543
Author:     Hank Leininger <hlein <AT> korelogic <DOT> com>
AuthorDate: Mon Feb 21 19:15:13 2022 +0000
Commit:     Florian Schmaus <flow <AT> gentoo <DOT> org>
CommitDate: Tue Feb 22 09:43:45 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0246df2a

sys-apps/firejail: apply firecfg patch; misc cleanups

Update firecfg patch from my testing tree and apply it. Also
remove an obsolete use/configure flag.

Signed-off-by: Hank Leininger <hlein <AT> korelogic.com>
Closes: https://bugs.gentoo.org/833596
Closes: https://github.com/gentoo/gentoo/pull/24299
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Closes: https://github.com/gentoo/gentoo/pull/24305
Signed-off-by: Florian Schmaus <flow <AT> gentoo.org>

 ....patch => firejail-0.9.68-firecfg.config.patch} |  32 ++++--
 sys-apps/firejail/firejail-0.9.68-r1.ebuild        | 118 +++++++++++++++++++++
 2 files changed, 139 insertions(+), 11 deletions(-)

diff --git a/sys-apps/firejail/files/firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
similarity index 69%
rename from sys-apps/firejail/files/firecfg.config.patch
rename to sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
index f4f5f34a196a..eaec87a108d5 100644
--- a/sys-apps/firejail/files/firecfg.config.patch
+++ b/sys-apps/firejail/files/firejail-0.9.68-firecfg.config.patch
@@ -1,6 +1,6 @@
---- firecfg.config.orig	2021-11-05 20:30:20.451017470 -0600
-+++ firecfg.config	2022-02-06 20:53:53.948407229 -0700
-@@ -207,7 +207,8 @@
+--- a/src/firecfg/firecfg.config	2022-02-03 07:53:47.000000000 -0700
++++ b/src/firecfg/firecfg.config	2022-02-21 11:56:00.267419833 -0700
+@@ -213,7 +213,8 @@
  electron-mail
  electrum
  element-desktop
@@ -10,17 +10,17 @@
  empathy
  enchant
  enchant-2
-@@ -254,7 +255,8 @@
+@@ -259,7 +260,8 @@
+ flameshot
  flashpeak-slimjet
  flowblade
- font-manager
 -fontforge
 +# Breaks emerge/portage on Gentoo
 +#fontforge
+ font-manager
  fossamail
  four-in-a-row
- fractal
-@@ -478,11 +480,16 @@
+@@ -490,11 +492,16 @@
  luminance-hdr
  lximage-qt
  lxmusic
@@ -39,7 +39,7 @@
  manaplus
  marker
  masterpdfeditor
-@@ -558,7 +565,8 @@
+@@ -571,7 +578,8 @@
  musictube
  musixmatch
  mutool
@@ -49,17 +49,17 @@
  mypaint
  mypaint-ora-thumbnailer
  natron
-@@ -616,7 +624,8 @@
+@@ -632,7 +640,8 @@
  palemoon
  #pandoc
  parole
 -patch
-+# Breaks emerge/portage on Gentoo: 'too many environment variables'
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
 +#patch
  pavucontrol
  pavucontrol-qt
  pcsxr
-@@ -736,7 +745,8 @@
+@@ -758,7 +767,8 @@
  stellarium
  strawberry
  straw-viewer
@@ -69,3 +69,13 @@
  studio.sh
  subdownloader
  supertux2
+@@ -877,7 +887,8 @@
+ weechat
+ weechat-curses
+ wesnoth
+-wget
++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues
++#wget
+ wget2
+ whalebird
+ whois

diff --git a/sys-apps/firejail/firejail-0.9.68-r1.ebuild b/sys-apps/firejail/firejail-0.9.68-r1.ebuild
new file mode 100644
index 000000000000..5c5a610f1024
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.68-r1.ebuild
@@ -0,0 +1,118 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+
+inherit toolchain-funcs python-single-r1 linux-info
+
+if [[ ${PV} != 9999 ]]; then
+	SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+else
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/netblue30/firejail.git"
+	EGIT_BRANCH="master"
+fi
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns X"
+# Needs a lot of work to function within sandbox/portage
+# bug #769731
+RESTRICT="test"
+
+RDEPEND="!sys-apps/firejail-lts
+	apparmor? ( sys-libs/libapparmor )
+	contrib? ( ${PYTHON_DEPS} )
+	dbusproxy? ( sys-apps/xdg-dbus-proxy )"
+
+DEPEND="${RDEPEND}
+	sys-libs/libseccomp
+	test? ( dev-tcltk/expect )"
+
+REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )"
+
+PATCHES=(
+	"${FILESDIR}/${P}-envlimits.patch"
+	"${FILESDIR}/${P}-firecfg.config.patch"
+	)
+
+pkg_setup() {
+	CONFIG_CHECK="~SQUASHFS"
+	local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode"
+	check_extra_config
+	use contrib && python-single-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die
+
+	sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die
+
+	# fix up hardcoded paths to templates and docs
+	local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die)
+	for file in ${files[@]} ; do
+		sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die
+	done
+
+	# remove compression of man pages
+	sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die
+
+	if use contrib; then
+		python_fix_shebang -f contrib/*.py
+	fi
+}
+
+src_configure() {
+	econf \
+		--disable-firetunnel \
+		--enable-suid \
+		$(use_enable apparmor) \
+		$(use_enable chroot) \
+		$(use_enable dbusproxy) \
+		$(use_enable file-transfer) \
+		$(use_enable globalcfg) \
+		$(use_enable network) \
+		$(use_enable private-home) \
+		$(use_enable userns) \
+		$(use_enable X x11)
+
+	cat > 99firejail <<-EOF || die
+	SANDBOX_WRITE="/run/firejail"
+	EOF
+}
+
+src_compile() {
+	emake CC="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	# Gentoo-specific profile customizations
+	insinto /etc/${PN}
+	local profile_local
+	for profile_local in "${FILESDIR}"/profile_*local ; do
+		newins "${profile_local}" "${profile_local/\/*profile_/}"
+	done
+
+	# Prevent sandbox violations when toolchain is firejailed
+	insinto /etc/sandbox.d
+	doins 99firejail
+
+	rm "${ED}"/usr/share/doc/${PF}/COPYING || die
+
+	if use contrib; then
+		python_scriptinto /usr/$(get_libdir)/firejail
+		python_doscript contrib/*.py
+		insinto /usr/$(get_libdir)/firejail
+		dobin contrib/*.sh
+	fi
+}