blob: 5412aa187d6c0cd70a635137ee5e88172fbc93d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# Maintainer: Luke R. <g4jc@openmailbox.org> GPG: rsa4096/3EAE8697
# Contributor (Arch): ajs124 < aur AT ajs124 DOT de >
pkgname=firejail
pkgver=0.9.32
pkgrel=1
pkgdesc="Linux namespaces sandbox program"
arch=('i686' 'x86_64' 'armv7h')
license=(GPL2)
url=https://l3net.wordpress.com/projects/firejail/
source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2"
'PKGBUILD'
'PKGBUILD.sig'
'001-disable-secret.inc-more-security.patch'
'002-disable-common.inc-more-security.patch'
"$pkgname.install")
install=("$pkgname.install")
validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
sha512sums=('02beec4771a0bb3ae75890162e2f5bbee6dbbf51dc972e31a2e133251127f4c6666f53b5f5100ad6133a20ad4e8d128a42a8899d0079820aa76c97b830fe07c3'
'SKIP'
'SKIP'
'1321ffb099489c1b6748e6a27c196d36cdfb7f125114c8eed8ecf5c777b2ceba5b9bb205113d7dbdee5ca287f7277d0b5b20b9f3061cf8cf3e961c0831b83e48'
'ea248b9de6ae51e6e307d61cff44ac2b9298c66a7376268e65640e536e9e847e8a9b115d0855b8654334fba76a1673340829c8628128ec91e7ad09820a4863bf'
'f8fe99ddb8130419281ca387578c49473c7c91908e1f151a1bbc3d45663f0a4b7a6fa346aa5ec94617c05c16a82b1de439981c71261bc59bd05767f2d408c12f')
whirlpoolsums=('c87471107017d1b20dbaa97bcf4bdf9abc30cba4177d6db1738861cba38612d96b1cb4e9a0d3df0aaea869c745168de45332e0224a9c5e3b7453b457f7ad9b74'
'SKIP'
'SKIP'
'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052'
'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff'
'fb08f184d8d052aedf6145107388082d3ca2c6157308730df4c318fee46bbec294b801c3dd6bb07f39e924b617b1d643ad1736408b174e8f645eabf460c7b6f2')
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}"
sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in package" warning.
## Add additional blacklists to harden firejail ##
patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-secret.inc $srcdir/001-disable-secret.inc-more-security.patch
patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-common.inc $srcdir/002-disable-common.inc-more-security.patch
## Remove non-libre program profiles. ##
rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile
sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/opera.profile
sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/spotify.profile
sed -i 's|install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
}
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
# fix build
export CFLAGS=${CFLAGS/-fsanitize=undefined/}
./configure --prefix=/usr
make
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install
}
|