summaryrefslogtreecommitdiff
path: root/pcr/firejail/PKGBUILD
diff options
context:
space:
mode:
authorGaming4JC <g4jc@openmailbox.org>2015-10-23 20:13:47 -0400
committerGaming4JC <g4jc@openmailbox.org>2015-10-23 20:13:47 -0400
commitfccd220bbe044fbaf24e069fb4b8d8a877f5b00d (patch)
treec744cbe73f0223c378d29b85319ee588271e333a /pcr/firejail/PKGBUILD
parent8dec6c902c4e8ea373e8d7bd12b80afce71d7ef0 (diff)
downloadabslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.tar.gz
abslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.tar.bz2
abslibre-fccd220bbe044fbaf24e069fb4b8d8a877f5b00d.zip
update firejail with hardening patches
Diffstat (limited to 'pcr/firejail/PKGBUILD')
-rw-r--r--pcr/firejail/PKGBUILD45
1 files changed, 27 insertions, 18 deletions
diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD
index 7115796ad..a36ba0364 100644
--- a/pcr/firejail/PKGBUILD
+++ b/pcr/firejail/PKGBUILD
@@ -2,8 +2,8 @@
# Contributor (Arch): ajs124 < aur AT ajs124 DOT de >
pkgname=firejail
-pkgver=0.9.30
-pkgrel=2
+pkgver=0.9.32
+pkgrel=1
pkgdesc="Linux namespaces sandbox program"
arch=('i686' 'x86_64' 'armv7h')
license=(GPL2)
@@ -11,38 +11,47 @@ url=https://l3net.wordpress.com/projects/firejail/
source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2"
'PKGBUILD'
'PKGBUILD.sig'
-'001-addmoresecurity-firefox.patch'
+'001-disable-secret.inc-more-security.patch'
+'002-disable-common.inc-more-security.patch'
"$pkgname.install")
install=("$pkgname.install")
validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
-sha512sums=('a7b4940da63d0001673a11e351a7ba7640e9eea2d8475789125ae96d881d7e11a98f437b44b08347a8ec5208c38f471e2d4cf84ed5d2314b763c1207ceceb56e'
+sha512sums=('02beec4771a0bb3ae75890162e2f5bbee6dbbf51dc972e31a2e133251127f4c6666f53b5f5100ad6133a20ad4e8d128a42a8899d0079820aa76c97b830fe07c3'
'SKIP'
'SKIP'
- 'b2121a15fff44ab093c7bce64fe052ef6b7a7e6c66541846b7a36ee303115b67f4f4b73fd2dc3bda75e118a511ec4d0acd94de49c0ee6047a9360748d4b11b6b'
- 'f573592cc977cc739d2913f75ebe1ab2642d1d7d638706c56bca792dce6014d88c8789341ddeae59307aa94f72f3ab178299652b71a62804b1b674433a89ec21')
-whirlpoolsums=('f030e182c8c742b8ead0aa5afe0cd6f3675bbeb806565616913b2deb4bb15b4dbc653e6eb4801567ce6ee816931db0b33b0fdd1c46e82742827af80c76599b3c'
+ '1321ffb099489c1b6748e6a27c196d36cdfb7f125114c8eed8ecf5c777b2ceba5b9bb205113d7dbdee5ca287f7277d0b5b20b9f3061cf8cf3e961c0831b83e48'
+ 'ea248b9de6ae51e6e307d61cff44ac2b9298c66a7376268e65640e536e9e847e8a9b115d0855b8654334fba76a1673340829c8628128ec91e7ad09820a4863bf'
+ '77907ac86db9eae3ff78d9013dbc27bc02bcc0bc2514e952af963955d421cb733a3f64c52b444e6918228d17f1fd8aa5a5f384918cbf32aa627794ce813482a7')
+whirlpoolsums=('c87471107017d1b20dbaa97bcf4bdf9abc30cba4177d6db1738861cba38612d96b1cb4e9a0d3df0aaea869c745168de45332e0224a9c5e3b7453b457f7ad9b74'
'SKIP'
'SKIP'
-'685427a6d986b5068a05ff784b52a47c43a8354c1fe0a370dbf9aac1f08bdd4287400114062e300285d574454f3cdeb95e26d0ec2a2579d44e55ca070a2001ff'
-'8f6848ad73bb498cb6a4f754a55094629443e7f56d669990e8e3f33415ba723d7ba47eb65737dd3ed918299665bf9bd455c25b5005caa74bb8c8dbb5e02ab4dc')
+'422626df14c9669f5f36e7092467d0a9ca4b1bf90d7227416481c5f979283f038144acbae28cfb1c60b2c0887191771c9f9beb0d0663f8542e51061198aff052'
+'71ad60139c7a7f3b987c8d472cef293996126c13c04a358bad29ba4f8d02d60050862acf881bb8448943c1170001dd1dcc611006d38b9ec50e1e04ac98602aff'
+'fb08f184d8d052aedf6145107388082d3ca2c6157308730df4c318fee46bbec294b801c3dd6bb07f39e924b617b1d643ad1736408b174e8f645eabf460c7b6f2')
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}"
- sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in packag" warning.
- patch ${srcdir}/${pkgname}-${pkgver}/etc/firefox.profile $srcdir/001-addmoresecurity-firefox.patch ## Add additional blacklists to FireFox profile for more security
+ sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in package" warning.
- ## Remove non-libre program profiles.
- rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
- sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+ ## Add additional blacklists to harden firejail ##
+ patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-secret.inc $srcdir/001-disable-secret.inc-more-security.patch
+ patch ${srcdir}/${pkgname}-${pkgver}/etc/disable-common.inc $srcdir/002-disable-common.inc-more-security.patch
+
+ ## Remove non-libre program profiles. ##
+ rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
+ sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile
- sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+ sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
- rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
- sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+ rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
+ sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
rm ${srcdir}/${pkgname}-${pkgver}/etc/opera.profile
- sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+ sed -i 's|install -c -m 0644 etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+
+ rm ${srcdir}/${pkgname}-${pkgver}/etc/spotify.profile
+ sed -i 's|install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in
}
build() {