commit: f23fe664f064159ec4460c36c114ff5858c3033b Author: Hank Leininger <hlein <AT> korelogic <DOT> com> AuthorDate: Wed Oct 14 17:36:50 2020 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Wed Nov 11 07:50:10 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f23fe664
sys-apps/firejail: Version bump for CVEs, fixes, add proxy maintainer Version bump to address outstanding CVEs. Confirmed the current release includes the fixes for several open bugs, so closing those. Updated to address feedback in https://github.com/gentoo/gentoo/pull/17929 Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> Closes: https://bugs.gentoo.org/698062 Closes: https://bugs.gentoo.org/747859 Closes: https://bugs.gentoo.org/747613 Closes: https://bugs.gentoo.org/747859 Bug: https://bugs.gentoo.org/736816 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Closes: https://github.com/gentoo/gentoo/pull/17929 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> sys-apps/firejail/Manifest | 1 + sys-apps/firejail/firejail-0.9.64.ebuild | 83 ++++++++++++++++++++++++++++++++ sys-apps/firejail/metadata.xml | 10 +++- 3 files changed, 93 insertions(+), 1 deletion(-) diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest index ff7b7900af6..dcab03c7dff 100644 --- a/sys-apps/firejail/Manifest +++ b/sys-apps/firejail/Manifest @@ -1 +1,2 @@ DIST firejail-0.9.62.tar.gz 918477 BLAKE2B 8654539a6a115b6f69ea94a0b699c9129cfcecaf3d478409eaf288b953563768716eae9b9a83ddc538249322daa62a764bc2eb286eddaa14fc0e5fa887c0e319 SHA512 dfdbfbffdcb9a239e071983035d57350440eb58d79bb4375bc1fe585471a260c8b090bea59ac939739ac3daddf296c041ab4cc47ebbf718b0c9deae47f16af9f +DIST firejail-0.9.64.tar.xz 419464 BLAKE2B 9425910bd78739dc628a05247877f3e96065f9eab6be1fa87a70932ff04a53817e03cd67a81b35b0e5a69b5598fc5be9d6191f9c5c2bf511bc76c1edaf0eb22d SHA512 89bab9aee944ebde6221a96f0f028380f607cd49046cad5348d5974efcc92c50a172edf5e50c56606091d2060d1d8f0c50a41f05f63327672a3c3cb48eb93699 diff --git a/sys-apps/firejail/firejail-0.9.64.ebuild b/sys-apps/firejail/firejail-0.9.64.ebuild new file mode 100644 index 00000000000..6ea950467c5 --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.64.ebuild @@ -0,0 +1,83 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{6..9} ) + +inherit toolchain-funcs python-single-r1 + +if [[ ${PV} != 9999 ]]; then + KEYWORDS="~amd64 ~x86" + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz" +else + inherit git-r3 + EGIT_REPO_URI="https://github.com/netblue30/firejail.git" + EGIT_BRANCH="master" +fi + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +overlayfs +private-home +suid test +userns +whitelist x11" +RESTRICT="!test? ( test )" + +RDEPEND="apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy )" + +DEPEND="${RDEPEND} + !sys-apps/firejail-lts + sys-libs/libseccomp + test? ( dev-tcltk/expect )" + +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" + +src_prepare() { + default + + find -type f -name Makefile.in -exec sed -i -r -e '/^\tinstall .*COPYING /d; /CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + econf \ + --disable-firetunnel \ + $(use_enable apparmor) \ + $(use_enable chroot) \ + $(use_enable dbusproxy) \ + $(use_enable file-transfer) \ + $(use_enable globalcfg) \ + $(use_enable network) \ + $(use_enable overlayfs) \ + $(use_enable private-home) \ + $(use_enable suid) \ + $(use_enable userns) \ + $(use_enable whitelist) \ + $(use_enable x11) +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_install() { + default + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +} diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml index f435d71e199..4f451a1baec 100644 --- a/sys-apps/firejail/metadata.xml +++ b/sys-apps/firejail/metadata.xml @@ -1,7 +1,14 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <!-- maintainer-needed --> + <maintainer type="person"> + <email>hl...@korelogic.com</email> + <name>Hank Leininger</name> + </maintainer> + <maintainer type="project"> + <email>proxy-ma...@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> <longdescription lang="en"> Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to @@ -18,6 +25,7 @@ <flag name="apparmor">Enable support for custom AppArmor profiles</flag> <flag name="chroot">Enable chrooting to custom directory</flag> <flag name="contrib">Install contrib scripts</flag> + <flag name="dbusproxy">Enable DBus proxying to filter access in supporting profiles</flag> <flag name="file-transfer">Enable file transfers between sandboxes and the host system</flag> <flag name="globalcfg">Enable global config file</flag> <flag name="network">Enable networking features</flag>