| 1 |
1 |
# Copyright 1999-2023 Gentoo Authors
|
| 2 |
2 |
# Distributed under the terms of the GNU General Public License v2
|
| 3 |
3 |
|
| 4 |
|
EAPI=7
|
|
4 |
EAPI=8
|
| 5 |
5 |
|
| 6 |
|
PYTHON_COMPAT=( python3_{9..10} )
|
|
6 |
PYTHON_COMPAT=( python3_{9..11} )
|
| 7 |
7 |
|
| 8 |
8 |
inherit toolchain-funcs python-single-r1 linux-info
|
| 9 |
9 |
|
| 10 |
|
if [[ ${PV} != 9999 ]]; then
|
| 11 |
|
SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
|
| 12 |
|
KEYWORDS="amd64 ~arm ~arm64 ~x86"
|
| 13 |
|
else
|
| 14 |
|
inherit git-r3
|
|
10 |
DESCRIPTION="Security sandbox for any type of processes"
|
|
11 |
HOMEPAGE="https://firejail.wordpress.com/"
|
|
12 |
|
|
13 |
if [[ ${PV} == 9999 ]] ; then
|
| 15 |
14 |
EGIT_REPO_URI="https://github.com/netblue30/firejail.git"
|
| 16 |
15 |
EGIT_BRANCH="master"
|
|
16 |
inherit git-r3
|
|
17 |
else
|
|
18 |
SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"
|
|
19 |
KEYWORDS="amd64 ~arm ~arm64 ~x86"
|
| 17 |
20 |
fi
|
| 18 |
21 |
|
| 19 |
|
DESCRIPTION="Security sandbox for any type of processes"
|
| 20 |
|
HOMEPAGE="https://firejail.wordpress.com/"
|
| 21 |
|
|
| 22 |
22 |
LICENSE="GPL-2"
|
| 23 |
23 |
SLOT="0"
|
| 24 |
|
IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home test +userns X"
|
| 25 |
|
# Needs a lot of work to function within sandbox/portage
|
| 26 |
|
# bug #769731
|
|
24 |
IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home selinux test +userns X"
|
|
25 |
REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )"
|
|
26 |
# Needs a lot of work to function within sandbox/portage. Can look at the alternative
|
|
27 |
# test targets in Makefile too, bug #769731
|
| 27 |
28 |
RESTRICT="test"
|
| 28 |
29 |
|
| 29 |
|
RDEPEND="!sys-apps/firejail-lts
|
|
30 |
RDEPEND="
|
|
31 |
!sys-apps/firejail-lts
|
| 30 |
32 |
apparmor? ( sys-libs/libapparmor )
|
| 31 |
33 |
contrib? ( ${PYTHON_DEPS} )
|
| 32 |
|
dbusproxy? ( sys-apps/xdg-dbus-proxy )"
|
| 33 |
|
|
| 34 |
|
DEPEND="${RDEPEND}
|
|
34 |
dbusproxy? ( sys-apps/xdg-dbus-proxy )
|
|
35 |
selinux? ( sys-libs/libselinux )
|
|
36 |
"
|
|
37 |
DEPEND="
|
|
38 |
${RDEPEND}
|
| 35 |
39 |
sys-libs/libseccomp
|
| 36 |
|
test? ( dev-tcltk/expect )"
|
| 37 |
|
|
| 38 |
|
REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )"
|
|
40 |
test? ( dev-tcltk/expect )
|
|
41 |
"
|
| 39 |
42 |
|
| 40 |
43 |
PATCHES=(
|
| 41 |
|
"${FILESDIR}/${P}-envlimits.patch"
|
| 42 |
|
"${FILESDIR}/${P}-firecfg.config.patch"
|
| 43 |
|
)
|
|
44 |
"${FILESDIR}/${PN}-0.9.70-envlimits.patch"
|
|
45 |
"${FILESDIR}/${PN}-0.9.70-firecfg.config.patch"
|
|
46 |
)
|
| 44 |
47 |
|
| 45 |
48 |
pkg_setup() {
|
| 46 |
49 |
CONFIG_CHECK="~SQUASHFS"
|
| 47 |
50 |
local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode"
|
| 48 |
51 |
check_extra_config
|
|
52 |
|
| 49 |
53 |
use contrib && python-single-r1_pkg_setup
|
| 50 |
54 |
}
|
| 51 |
55 |
|
| 52 |
56 |
src_prepare() {
|
| 53 |
57 |
default
|
| 54 |
58 |
|
| 55 |
|
find -type f -name Makefile.in -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die
|
|
59 |
# Our toolchain already sets SSP by default but forcing it causes problems
|
|
60 |
# on arches which don't support it. As for F_S, we again set it by defualt
|
|
61 |
# in our toolchain, but forcing F_S=2 is actually a downgrade if 3 is set.
|
|
62 |
sed -i \
|
|
63 |
-e 's:-fstack-protector-all::' \
|
|
64 |
-e 's:-D_FORTIFY_SOURCE=2::' \
|
|
65 |
src/so.mk src/prog.mk || die
|
| 56 |
66 |
|
| 57 |
|
sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' ./src/common.mk.in || die
|
|
67 |
find -type f -name Makefile -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die
|
| 58 |
68 |
|
| 59 |
|
# fix up hardcoded paths to templates and docs
|
|
69 |
# Fix up hardcoded paths to templates and docs
|
| 60 |
70 |
local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die)
|
| 61 |
71 |
for file in ${files[@]} ; do
|
| 62 |
72 |
sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die
|
| 63 |
73 |
done
|
| 64 |
74 |
|
| 65 |
75 |
# remove compression of man pages
|
| 66 |
|
sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile.in || die
|
|
76 |
sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile || die
|
| 67 |
77 |
|
| 68 |
78 |
if use contrib; then
|
| 69 |
79 |
python_fix_shebang -f contrib/*.py
|
| ... | ... | |
| 71 |
81 |
}
|
| 72 |
82 |
|
| 73 |
83 |
src_configure() {
|
| 74 |
|
econf \
|
| 75 |
|
--disable-firetunnel \
|
| 76 |
|
--enable-suid \
|
| 77 |
|
$(use_enable apparmor) \
|
| 78 |
|
$(use_enable chroot) \
|
| 79 |
|
$(use_enable dbusproxy) \
|
| 80 |
|
$(use_enable file-transfer) \
|
| 81 |
|
$(use_enable globalcfg) \
|
| 82 |
|
$(use_enable network) \
|
| 83 |
|
$(use_enable private-home) \
|
| 84 |
|
$(use_enable userns) \
|
|
84 |
local myeconfargs=(
|
|
85 |
--disable-fatal-warnings
|
|
86 |
--disable-firetunnel
|
|
87 |
--disable-lts
|
|
88 |
--enable-suid
|
|
89 |
$(use_enable apparmor)
|
|
90 |
$(use_enable chroot)
|
|
91 |
$(use_enable dbusproxy)
|
|
92 |
$(use_enable file-transfer)
|
|
93 |
$(use_enable globalcfg)
|
|
94 |
$(use_enable network)
|
|
95 |
$(use_enable private-home)
|
|
96 |
$(use_enable selinux)
|
|
97 |
$(use_enable userns)
|
| 85 |
98 |
$(use_enable X x11)
|
|
99 |
)
|
|
100 |
|
|
101 |
econf "${myeconfargs[@]}"
|
| 86 |
102 |
|
| 87 |
103 |
cat > 99firejail <<-EOF || die
|
| 88 |
104 |
SANDBOX_WRITE="/run/firejail"
|
| ... | ... | |
| 93 |
109 |
emake CC="$(tc-getCC)"
|
| 94 |
110 |
}
|
| 95 |
111 |
|
|
112 |
src_test() {
|
|
113 |
emake test-utils test-sysutils
|
|
114 |
}
|
|
115 |
|
| 96 |
116 |
src_install() {
|
| 97 |
117 |
default
|
| 98 |
118 |
|
