diff options
author | Gaming4JC <g4jc@openmailbox.org> | 2015-11-12 09:25:34 -0500 |
---|---|---|
committer | Gaming4JC <g4jc@openmailbox.org> | 2015-11-12 09:25:34 -0500 |
commit | ce92ecafe941fd562c1b0750131bb57b34c42301 (patch) | |
tree | 81361886bc56581e111f0d9702918539251128db | |
parent | af5a47aabeb455ed246c869adc886d2ac46bcc52 (diff) |
upgrade to firejail 0.9.34
-rw-r--r-- | pcr/firejail/001-disable-secret.inc-more-security.patch | 10 | ||||
-rw-r--r-- | pcr/firejail/002-disable-common.inc-more-security.patch | 33 | ||||
-rw-r--r-- | pcr/firejail/PKGBUILD | 34 | ||||
-rw-r--r-- | pcr/firejail/PKGBUILD.sig | bin | 543 -> 543 bytes | |||
-rw-r--r-- | pcr/firejail/firejail.install | 62 |
5 files changed, 50 insertions, 89 deletions
diff --git a/pcr/firejail/001-disable-secret.inc-more-security.patch b/pcr/firejail/001-disable-secret.inc-more-security.patch deleted file mode 100644 index da84ffb68..000000000 --- a/pcr/firejail/001-disable-secret.inc-more-security.patch +++ /dev/null @@ -1,10 +0,0 @@ -*** disable-secret.inc 2015-09-24 07:10:07.000000000 -0400 ---- disable-secret.inc.patched 2015-10-23 19:35:33.106100952 -0400 -*************** -*** 6,8 **** ---- 6,10 ---- - blacklist ${HOME}/kde/share/apps/kwallet - blacklist ${HOME}/.gnupg - blacklist ${HOME}/.local/share/recently-used.xbel -+ blacklist ${HOME}/*.kdb -+ blacklist ${HOME}/*.key diff --git a/pcr/firejail/002-disable-common.inc-more-security.patch b/pcr/firejail/002-disable-common.inc-more-security.patch deleted file mode 100644 index 91dd71dd0..000000000 --- a/pcr/firejail/002-disable-common.inc-more-security.patch +++ /dev/null @@ -1,33 +0,0 @@ -*** disable-common.inc 2015-09-27 13:04:49.000000000 -0400 ---- disable-common.inc.patched 2015-10-23 19:35:44.996798469 -0400 -*************** -*** 4,9 **** ---- 4,10 ---- - blacklist ${HOME}/.mozilla - blacklist ${HOME}/.icedove - blacklist ${HOME}/.thunderbird -+ blacklist ${HOME}/.sylpheed-2.0 - blacklist ${HOME}/.config/midori - blacklist ${HOME}/.config/opera - blacklist ${HOME}/.config/chromium -*************** -*** 13,20 **** ---- 14,31 ---- - blacklist ${HOME}/.local/share/systemd - - # Instant Messaging -+ blacklist ${HOME}/.config/hexchat -+ blacklist ${HOME}/.mcabber - blacklist ${HOME}/.purple - blacklist ${HOME}/.config/psi+ -+ blacklist ${HOME}/.retroshare -+ blacklist ${HOME}/.weechat -+ blacklist ${HOME}/.config/xchat -+ -+ # Cryptocoins -+ blacklist ${HOME}/.*coin -+ blacklist ${HOME}/.electrum* -+ blacklist ${HOME}/wallet.dat - - # VNC - blacklist ${HOME}/.remmina diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD index 5412aa187..23178c74a 100644 --- a/pcr/firejail/PKGBUILD +++ b/pcr/firejail/PKGBUILD @@ -2,7 +2,7 @@ # Contributor (Arch): ajs124 < aur AT ajs124 DOT de > pkgname=firejail -pkgver=0.9.32 +pkgver=0.9.34 pkgrel=1 pkgdesc="Linux namespaces sandbox program" arch=('i686' 'x86_64' 'armv7h') @@ -11,39 +11,27 @@ url=https://l3net.wordpress.com/projects/firejail/ source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2" 'PKGBUILD' 'PKGBUILD.sig' -'001-disable-secret.inc-more-security.patch' -'002-disable-common.inc-more-security.patch' "$pkgname.install") install=("$pkgname.install") validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key -sha512sums=('02beec4771a0bb3ae75890162e2f5bbee6dbbf51dc972e31a2e133251127f4c6666f53b5f5100ad6133a20ad4e8d128a42a8899d0079820aa76c97b830fe07c3' - 'SKIP' - 'SKIP' - '1321ffb099489c1b6748e6a27c196d36cdfb7f125114c8eed8ecf5c777b2ceba5b9bb205113d7dbdee5ca287f7277d0b5b20b9f3061cf8cf3e961c0831b83e48' - 'ea248b9de6ae51e6e307d61cff44ac2b9298c66a7376268e65640e536e9e847e8a9b115d0855b8654334fba76a1673340829c8628128ec91e7ad09820a4863bf' - 'f8fe99ddb8130419281ca387578c49473c7c91908e1f151a1bbc3d45663f0a4b7a6fa346aa5ec94617c05c16a82b1de439981c71261bc59bd05767f2d408c12f') -whirlpoolsums=('c87471107017d1b20dbaa97bcf4bdf9abc30cba4177d6db1738861cba38612d96b1cb4e9a0d3df0aaea869c745168de45332e0224a9c5e3b7453b457f7ad9b74' +sha512sums=('456751a987c89b020c7152ab9b3aabd69b573c64daff84ca8d36acd74ebe0d268bc2be879d02ab95842d8afb1b1e47b3917650593c24bf74cb287a821b67df00' 'SKIP' 'SKIP' -'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052' -'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff' -'fb08f184d8d052aedf6145107388082d3ca2c6157308730df4c318fee46bbec294b801c3dd6bb07f39e924b617b1d643ad1736408b174e8f645eabf460c7b6f2') +'6d855868069dffdb416f31376cc1069d330e792f34970524dc83d67b14416f57cef68955a980fe2ec102590ae91757fb45f45f4d18e5320a385a1bbca2f39192') prepare() { cd "${srcdir}/${pkgname}-${pkgver}" - sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in package" warning. - ## Add additional blacklists to harden firejail ## - patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-secret.inc $srcdir/001-disable-secret.inc-more-security.patch - patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-common.inc $srcdir/002-disable-common.inc-more-security.patch - - ## Remove non-libre program profiles. ## + ## Begin Removal of non-libre program profiles. ## rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + rm ${srcdir}/${pkgname}-${pkgver}/etc/google-chrome.profile + sed -i 's|install -c -m 0644 etc/google-chrome.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in @@ -52,6 +40,14 @@ prepare() { rm ${srcdir}/${pkgname}-${pkgver}/etc/spotify.profile sed -i 's|install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + + rm ${srcdir}/${pkgname}-${pkgver}/etc/steam.profile + sed -i 's|install -c -m 0644 etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + + rm ${srcdir}/${pkgname}-${pkgver}/etc/skype.profile + sed -i 's|install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + ### End Removing of non-free files ### + } build() { diff --git a/pcr/firejail/PKGBUILD.sig b/pcr/firejail/PKGBUILD.sig Binary files differindex 05403c598..970bf9e32 100644 --- a/pcr/firejail/PKGBUILD.sig +++ b/pcr/firejail/PKGBUILD.sig diff --git a/pcr/firejail/firejail.install b/pcr/firejail/firejail.install index f39164692..208f654a9 100644 --- a/pcr/firejail/firejail.install +++ b/pcr/firejail/firejail.install @@ -1,12 +1,13 @@ pre_upgrade() { -echo "Checking 26 firejail profiles for user modification, backing up as needed..." +echo "Checking 33 firejail profiles for user modification, backing up as needed..." FilesToCheck=( '/etc/firejail/audacious.profile' '/etc/firejail/clementine.profile' +'/etc/firejail/conkeror.profile' '/etc/firejail/deadbeef.profile' '/etc/firejail/deluge.profile' '/etc/firejail/disable-common.inc' -'/etc/firejail/disable-history.inc' +'/etc/firejail/disable-devel.inc' '/etc/firejail/disable-mgmt.inc' '/etc/firejail/disable-secret.inc' '/etc/firejail/empathy.profile' @@ -31,40 +32,43 @@ echo "Checking 26 firejail profiles for user modification, backing up as needed. '/etc/firejail/transmission-gtk.profile' '/etc/firejail/transmission-qt.profile' '/etc/firejail/vlc.profile' +'/etc/firejail/wine.profile' '/etc/firejail/xchat.profile') OriginalFileHashes=( -'fcd9b1c17f7c67e28c3d7d9baef5e04d1fa3c1e652cb7377ff955c56a7434a51b13d2ed86fdf1365eaed595cfa9a7ee5983d240f16f34db43e830ea976160f36' -'96217eab44531f9a4d5f062d0a3d5e55e413df5e55e7b617ff1b42b66830663b72a4356752cac0966bd38075891a7be518fe7b83fe8d2b6f309006112aed8684' -'b20818d85f450f367f8e97cf3fc62848aa9365fc73dc63098a0d671120149425889ab14ad938664a2ea18dfe0f836e182af2c1333eab352a0adfb93c94c09798' -'ebea3e357bd9c0174aaa8c0a52f2ef2458c96dd60072c654181425243ffcb929f81b1931bb2ab7896eb55fa90c28d1aacaf90f662c5b63a90509e2262631ec02' -'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff' -'2e412845bf7db285aef97b8c48b73a6fb59377ba21cbd5ac51650a5acb57eae6658ff149516c73e477012e89067fb81c5585ad4e7b430d424f020118cd5b6824' +'475365b623b1f879005476ca6ea5d6e6c17f1cfaeb81bade5d99256e86eb52592abb07fefd7b25dd02ac11fcc83f9b31ba7e5bb0124225b19f44d559d5aceb9e' +'7c57c690f0e38b2095cff19d7460c4f833efa979a303d579d16ee306184ff3c9ea94b4e2ec926958354c42cb5c47ee53674d81ae6f8adcd1279c9e905c622d1f' +'6bf30e18a4e6cf02fcb3021378a7e8fe7edc1afe4b2012fbc567003d2f2446f7c0a4fc15b4c2a04c038d65393a9add1fc1fbcdecd7011c8fc496e6af5eee155e' +'d1e95c53bc19da0e644b4ebe5bd20fa5e9cc7862f2e07110d7ce4f9a45ddb679b38edfb9ff26c1ad6b0e49d359d15334995475004b2c5a1e1aeac40278bb4b2d' +'953009d2f096c909fbb597d61981ab620d8214e538da57f172773fedaf1b1dba959fcd21104da1a4bfb2723d366a8e35699ba7166614888d8c33c757c23dc460' +'74a3cdca9da6ee82467b7c7e077d7aabd3440b4bef54cac8c9548724468e22b7cec11c4a50360d7e6db18a53f99be5bb39ca023722a4e266039ae491b68a9793' +'08a24b721f29a21aff677152079607b95cb523cb379a04c909c80bacd5cad12ebc1f7f8ce40bf84598d6d7df5cbe1638789534259dcac27ca956546365a2e18b' 'c36cb56d0ca440307fea86ed41d697603f48a0273dd313aad3ddc5886a31f43425c24546cda6227b55d11ab2f46352b3f2591239d08694f2442e4b30525ac3b9' -'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052' -'deb91a0f2a00209997e5bd66bd3a34bd77eb722ac3750fcc2c4779a0ae224a35e99800f9a7f0d31b41f01e7c797da8556e84404f6a7285606f336be21eb590d7' -'b8880a5c9ad0f608ba76587b72b56326a331f1bae5520b9b663ed2c6ba62a36bf122155520fd1018c8bb84618843a9a02ae8d14e2c9aa128b58685136fe53e31' -'52b7d856f826988f610524b9432252f36d4202fddab14476f06c2a0d6ce1c5109a66a329d6ae16bd00c9bbf81cd33c4c3dcd9c708a84adc5c986f5612d14a1b2' -'d09a25dab801bbde8aa5d3a5fc24586dddd460a687da49037cd14902dcd572eb7b1dec2c2cb6921047891294ff4bd0dc882de7aa64db10b15c7f44133e03e9f9' -'e0a5824a53d2464955d47760bedbebfd6ca93e3618ed9f2e2434dcefebd357a98362e600bf4507012b1e6ab343609bad52372c90b3162eb9d85637d433c19b83' -'84ba92338aa5ca8c01be84a274fcb71f8fa4bb950b938f6b9fd32297ded2739f6aef4733e6cb787dc366a9a7f04119767d48e56d86f0d2fcb10c28bf58faf86b' -'39a736617d8663a4cbd865ba5bb2c4f3896a2f969b637a62fb3f4da2a18c6d7611a93add84bc02174aaa96e7c2412d36a5485b2d444a0cc51e6320212ec4418d' +'8a07bb966834e91d8dacfb29399655a3e5e48b752fe04b30ba79125b60f82b40a25cf8047b2e7a2882d1c67494f5b42a0243377ae55ee7dbb66fb2dfe8b4d1e8' +'1aed5fd7a711f68e1d1522be8caee86c8f0df2799b3d5e59abea96fa4c3424d5df393b549c15eff3ffe849a9ba3a2a96f1eb41ea9a4ef003a2344df15e107f8f' +'93f40b47b08eee43e02db3915ac8e1275114f754dc6b24707ad07d2007c4c9abd8a09984e4ce78fda25100908f863a4cba5d6256d227816af717510145366ed5' +'c4810f982f370f480f116eefe33bccd5f91a60f615a809b8c5e66db6c6e557f42cea07e66ddd41badad39a4e0a39cafc4fee82ad8aa61fe4fb6c6b2a3d812491' +'d635adcc12bdc92e9fae2ab7084c4506aa4f4687881478820f2c979de7d822d7ccb45bb6eee19923e498c163ceb7bf62e73d5ab362aa9c96b5d1df94e57c2124' +'fb475c80095f4e5c2fda5d540af4c0499fb07fa080f0c76634458d611de202249789f7d5586ab8b7dede9c0fd8c8fe0c9dc26c3b7f537d696ff0c2f13230b188' +'fb6c319412a8f5c45361354508d08a020df1798cb00fa3295be0df9eebd0dd7efe59189106402a6b8761afd11dff8bc438f7ac1c7de981a5bcebd0027e428ccc' +'3b3e54a9fc1e60da4082660b2f179a7667f79da1094325eb6979bf08a3f5a7dc2e54c28041363e7555f5b2eb4590810c20ec9e5914a6c1c4323a86727a01f8c9' '81db63b03b1f950b1e7810fab38ce4fe5776f11e3036848da6298d9002b5c4683028d4fdd630db118d428fd91e5118872b5b2ccff9c82d02a966765efdb9dc17' '9a8c4d7ce893340da2d9cc8237cecf8bca2865e5552747c480a1f803072960b7aa571b2693600076ea8800b86e1d0945d8a535fffcdbe9569b3820a477b155d2' '8ded98eec8c11af8defef583227ea833beca534e5f2be48b52ec75152afddf14d78ba47442237e84eda8bb1b8361b1afecd63576f8ef6b18d50fb8c6559e8638' '672fa8b25ed28a07efb41fad6415c9fa96ce4bf4f4a1a6412595afb309ef6c1e67033ee256f997c32e9abe25bd6a100160ff12f2235c9be289c223547d03ca95' -'ccd607fc22ea583fcd2e69a9d3524bf6e3c7839464d17cac6d26be1917a5d1b2bbc7623930af4e3faa3ccf890caa86a4940271958f206e2f1b66a0af4b49b3ee' -'9e100bb2f51d5ef8d04325a83e80c54fbcd85a082c35d3f5aa7eabc79028cfd90d3a1537768e5b7f93468d2ddbbf15ca421784820ceb6d718915e5a5fe584c6c' -'9f5990e680f85343615fe26f032b8ffcff9cc34772fc546b66d728788a097c91751c91cf56c27c678226a1737c59d1da95970ca88ee58477bdb3d9263336ce28' -'96d1dd388e08ed702e4a7580dad5f759b9d969dc12cc9a1f50431d7a73302b4c1ce1cde5855ae045d3aaba81b733edd7120066ce298c12822706344e590f11e2' -'03393bb3fa555ee9d402770faaece0ec8c974631995d0ea08548a6d849d2c8f09d7df10b1350dae1449cfd6df37cf4013d715cdd2bca865878d8c135f73737d6' +'92d90375a560f3d6c94b3cf6c2d0de06d8e76d8d40eb80ebaf85de844b323c0ec283bc9bca753b2bf301587dda5237883ccd6062f9d5e3c2e8dc7dc33476ce6a' +'6a2869827fb38740ef81b93c88880f55a3fb186a82ff6e0dc4142d1fd620d3eb53f8fb36e95482afea6b7865a9cf9d2a7dea172a90792ca37a24f0af6ed39b69' +'e18d294d10a103f1da5d27a12ee867c84920dcd081f7c4daa4e46f6722962a993c3c62295daaed4c19b928d336dda56d4f2ae75dd1c3d5c5f35f878ce76060f0' +'2278e3d1ec06e20c2aa7bcced46a5c01bf55f94d6e286f6433bf44177c912709e8d5e0a4c553b2a3af67dfdca6061e95eadfb648f4c606f0bd819b5fef1af03f' +'b8d8a9620a28b67752788c2af2fc0a63f479ea7424dadd9047a000f7782ae4e268ab42861c4f26707236df0c061f1e768f7d6fb580e027af10b9679a1bfb8eec' '0fa8393eaa3c0e5514e44e42ed9f8085c2aa8ddfa799e4cdd19d1004c81692dc1baa8963aa75dfbb7e268c80636711a90110f365e2f3d0769d7fdf0b6aaac65e' -'ca60021399e8b1a0e7c3a121a3e77eaaa8063e52e152a32a9c4cb350019c24f1d14adabd6d69259dc8aa206e4ecae3a303237cf4ba02260a21419012f9b9d7eb' -'53902e78dd36bc7b106ee45c9937340651579976ae129882155df3714910f93ed04b76277fe1c777deabede779b41b3d5feb9f222c4109dfa611e3a11900a58d' -'660943c1f153e0cb81aa1c1f424f40c68662ae8123acb3592ab8fbd7003dbfa189352c972e78f33c23e8ae239a65a41cd4f6b46798b130860deab832fbe06247' -'446b8b45a66f0373ad333987f453b6fe02e6c78c9055eec525f17b6990940d645c6e69071836f3483afbb8d9ec00754ad05223a474c05d981a3334c940f2ae02' -'d6a8e3472a2c7f6877c2237745b4bda3aaa4af83b5d60a04d678bb06258ac318790a14140abd0ad4c8525dd15024b695f631fcb827cff1370f06335cbcd938de' -'2a473ef99793552a2f25cfe7acdac3af28575dd734a9d38699ca29cd68857b2121db1af1d582f03c10286c2e441708db7012db33fec84ef3a5c2936418665380') +'9a3a9f1c59810b82c3a331d3e360f77934712126b70184df5ba2aec52adb28f1ca7d6e5c61ffc6950435468cfb5d529b896462897497341c435068febad472b7' +'983f048d3627fbd22be0694f5a4dde1ff874e60206563addb0e2c52506229c36438e48ff8475fb27a388b33f3f93fc52a440e1b604e00610c799c8499cb55593' +'06c5591cd4e167f71e72f061ed1efaea0ab138acb562c6f5a7fb9340239e2465d22fd5ac992684444707f14c051d026cabd81f4408117d2d2f22bc089dcbfcb4' +'400bfb6f3ee38c73d584cb2e66e37464b6ce75f50a1edaec688405e46e943a62161ae63ba9e0a534887b4ce9ce25c95ca222d2f24111d9f40f455f3412694280' +'c84cc10ee40620846fc0e852e78277afcd96251857f955973036b416f57e6c2c72a8631e1377d4bcea6409129ba909895f1437a81b71a93523463686fc0daba8' +'597e7e5779766a4baf606c78218b9c0f9cd87a80ff9e00d5cb7506bc75a2ad79b0c6a65c12362c14afe113a7e6cda7f9808c809eaa601badc61a7aceb54ce16f' +'70eaadc12a480cce08ba46a393b3c158821eacc445806714e128f99f50a92aaae769e7cee73f4bf3451846fce0395936c71bcd110929a1ada8bd06f579e67ff6') ## Uses above arrays to check if file's original hash matches, if not the file was edited, so we save a backup and notify the user. @@ -130,6 +134,10 @@ OriginalFileHashes=( [[ "$(openssl dgst -r -whirlpool ${FilesToCheck[30]} | awk '{print $1}')" = ${OriginalFileHashes[30]} ]] || { cat "${FilesToCheck[30]}" > "${FilesToCheck[30]}.pacsave" ; echo "Backup saved: ${FilesToCheck[30]}.pacsave"; } +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[31]} | awk '{print $1}')" = ${OriginalFileHashes[31]} ]] || { cat "${FilesToCheck[31]}" > "${FilesToCheck[31]}.pacsave" ; echo "Backup saved: ${FilesToCheck[31]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[32]} | awk '{print $1}')" = ${OriginalFileHashes[32]} ]] || { cat "${FilesToCheck[32]}" > "${FilesToCheck[32]}.pacsave" ; echo "Backup saved: ${FilesToCheck[32]}.pacsave"; } + echo "Done!" }
\ No newline at end of file |