diff options
| author | Gaming4JC <g4jc@openmailbox.org> | 2015-10-23 20:13:47 -0400 |
|---|---|---|
| committer | Gaming4JC <g4jc@openmailbox.org> | 2015-10-23 20:13:47 -0400 |
| commit | fccd220bbe044fbaf24e069fb4b8d8a877f5b00d (patch) | |
| tree | c744cbe73f0223c378d29b85319ee588271e333a /pcr/firejail/PKGBUILD | |
| parent | 8dec6c902c4e8ea373e8d7bd12b80afce71d7ef0 (diff) | |
| download | abslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.tar.gz abslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.tar.bz2 abslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.zip | |
update firejail with hardening patches
Diffstat (limited to 'pcr/firejail/PKGBUILD')
| -rw-r--r-- | pcr/firejail/PKGBUILD | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD index 7115796ad..a36ba0364 100644 --- a/pcr/firejail/PKGBUILD +++ b/pcr/firejail/PKGBUILD @@ -2,8 +2,8 @@ # Contributor (Arch): ajs124 < aur AT ajs124 DOT de > pkgname=firejail -pkgver=0.9.30 -pkgrel=2 +pkgver=0.9.32 +pkgrel=1 pkgdesc="Linux namespaces sandbox program" arch=('i686' 'x86_64' 'armv7h') license=(GPL2) @@ -11,38 +11,47 @@ url=https://l3net.wordpress.com/projects/firejail/ source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2" 'PKGBUILD' 'PKGBUILD.sig' -'001-addmoresecurity-firefox.patch' +'001-disable-secret.inc-more-security.patch' +'002-disable-common.inc-more-security.patch' "$pkgname.install") install=("$pkgname.install") validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key -sha512sums=('a7b4940da63d0001673a11e351a7ba7640e9eea2d8475789125ae96d881d7e11a98f437b44b08347a8ec5208c38f471e2d4cf84ed5d2314b763c1207ceceb56e' +sha512sums=('02beec4771a0bb3ae75890162e2f5bbee6dbbf51dc972e31a2e133251127f4c6666f53b5f5100ad6133a20ad4e8d128a42a8899d0079820aa76c97b830fe07c3' 'SKIP' 'SKIP' - 'b2121a15fff44ab093c7bce64fe052ef6b7a7e6c66541846b7a36ee303115b67f4f4b73fd2dc3bda75e118a511ec4d0acd94de49c0ee6047a9360748d4b11b6b' - 'f573592cc977cc739d2913f75ebe1ab2642d1d7d638706c56bca792dce6014d88c8789341ddeae59307aa94f72f3ab178299652b71a62804b1b674433a89ec21') -whirlpoolsums=('f030e182c8c742b8ead0aa5afe0cd6f3675bbeb806565616913b2deb4bb15b4dbc653e6eb4801567ce6ee816931db0b33b0fdd1c46e82742827af80c76599b3c' + '1321ffb099489c1b6748e6a27c196d36cdfb7f125114c8eed8ecf5c777b2ceba5b9bb205113d7dbdee5ca287f7277d0b5b20b9f3061cf8cf3e961c0831b83e48' + 'ea248b9de6ae51e6e307d61cff44ac2b9298c66a7376268e65640e536e9e847e8a9b115d0855b8654334fba76a1673340829c8628128ec91e7ad09820a4863bf' + '77907ac86db9eae3ff78d9013dbc27bc02bcc0bc2514e952af963955d421cb733a3f64c52b444e6918228d17f1fd8aa5a5f384918cbf32aa627794ce813482a7') +whirlpoolsums=('c87471107017d1b20dbaa97bcf4bdf9abc30cba4177d6db1738861cba38612d96b1cb4e9a0d3df0aaea869c745168de45332e0224a9c5e3b7453b457f7ad9b74' 'SKIP' 'SKIP' -'685427a6d986b5068a05ff784b52a47c43a8354c1fe0a370dbf9aac1f08bdd4287400114062e300285d574454f3cdeb95e26d0ec2a2579d44e55ca070a2001ff' -'8f6848ad73bb498cb6a4f754a55094629443e7f56d669990e8e3f33415ba723d7ba47eb65737dd3ed918299665bf9bd455c25b5005caa74bb8c8dbb5e02ab4dc') +'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052' +'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff' +'fb08f184d8d052aedf6145107388082d3ca2c6157308730df4c318fee46bbec294b801c3dd6bb07f39e924b617b1d643ad1736408b174e8f645eabf460c7b6f2') prepare() { cd "${srcdir}/${pkgname}-${pkgver}" - sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in packag" warning. - patch ${srcdir}/${pkgname}-${pkgver}/etc/firefox.profile $srcdir/001-addmoresecurity-firefox.patch ## Add additional blacklists to FireFox profile for more security + sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in package" warning. - ## Remove non-libre program profiles. - rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile - sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + ## Add additional blacklists to harden firejail ## + patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-secret.inc $srcdir/001-disable-secret.inc-more-security.patch + patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-common.inc $srcdir/002-disable-common.inc-more-security.patch + + ## Remove non-libre program profiles. ## + rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile + sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile - sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in - rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile - sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile + sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in rm ${srcdir}/${pkgname}-${pkgver}/etc/opera.profile - sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + + rm ${srcdir}/${pkgname}-${pkgver}/etc/spotify.profile + sed -i 's|install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in } build() { |