diff options
Diffstat (limited to 'pcr/firejail')
-rw-r--r-- | pcr/firejail/PKGBUILD | 26 | ||||
-rw-r--r-- | pcr/firejail/PKGBUILD.sig | bin | 543 -> 543 bytes | |||
-rw-r--r-- | pcr/firejail/firejail.install | 119 |
3 files changed, 140 insertions, 5 deletions
diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD index 1b566fc56..d0efc4613 100644 --- a/pcr/firejail/PKGBUILD +++ b/pcr/firejail/PKGBUILD @@ -5,28 +5,44 @@ pkgname=firejail pkgver=0.9.28 pkgrel=2 pkgdesc="Linux namespaces sandbox program" -arch=('i686' 'x86_64') +arch=('i686' 'x86_64' 'armv7h') license=(GPL2) url=https://l3net.wordpress.com/projects/firejail/ -backup=('etc/firejail/login.users' 'etc/firejail/*.profile') source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2" 'PKGBUILD' 'PKGBUILD.sig' -'001-addmoresecurity-firefox.patch') +'001-addmoresecurity-firefox.patch' +"$pkgname.install") +install=("$pkgname.install") validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key sha512sums=('a0c6715cbaf1043f2ea92b33da5884b6ed0993b3e5d03a3edd181b6663a696a2a60a44e0ad39fc9fcfd50d79eb5acb2f0f33452467bf50912f558ec23ebfc125' 'SKIP' 'SKIP' - 'b1ce36df78882e9e3a9b9a6b043ce0c11b4de71cf400abf19ee808d45081f9bfc6a56911bc5befae9ac374e88fb1a57326770781b3aedb2fdd54a95e8443a441') + 'b1ce36df78882e9e3a9b9a6b043ce0c11b4de71cf400abf19ee808d45081f9bfc6a56911bc5befae9ac374e88fb1a57326770781b3aedb2fdd54a95e8443a441' + 'f573592cc977cc739d2913f75ebe1ab2642d1d7d638706c56bca792dce6014d88c8789341ddeae59307aa94f72f3ab178299652b71a62804b1b674433a89ec21') whirlpoolsums=('84792b384d4e578347a859354d5639be24c3b370c3c6c07d245bbd35b7d6adcac8f5f382e92dec55a3a53cc68ea00fb7071be01aa390b37df5e0768f00efd90e' 'SKIP' 'SKIP' -'66ba5f7ca349c63170bd7ac83b7bc0c9472ad5bb18c243842f969f40475ebbb84c37bd3b837f21058294dc5da14674d07b74026dbcc324324fb94b6a8abfee4f') +'66ba5f7ca349c63170bd7ac83b7bc0c9472ad5bb18c243842f969f40475ebbb84c37bd3b837f21058294dc5da14674d07b74026dbcc324324fb94b6a8abfee4f' +'8f6848ad73bb498cb6a4f754a55094629443e7f56d669990e8e3f33415ba723d7ba47eb65737dd3ed918299665bf9bd455c25b5005caa74bb8c8dbb5e02ab4dc') prepare() { cd "${srcdir}/${pkgname}-${pkgver}" sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in packag" warning. patch ${srcdir}/${pkgname}-${pkgver}/etc/firefox.profile $srcdir/001-addmoresecurity-firefox.patch ## Add additional blacklists to FireFox profile for more security + + ## Remove non-libre program profiles. + rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile + sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile + sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + + rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile + sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile + sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in + + rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile + sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile + sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||' ${srcdir}/${pkgname}-${pkgver}/Makefile.in } build() { diff --git a/pcr/firejail/PKGBUILD.sig b/pcr/firejail/PKGBUILD.sig Binary files differindex dffe257a1..b245ce73e 100644 --- a/pcr/firejail/PKGBUILD.sig +++ b/pcr/firejail/PKGBUILD.sig diff --git a/pcr/firejail/firejail.install b/pcr/firejail/firejail.install new file mode 100644 index 000000000..e154e7dd7 --- /dev/null +++ b/pcr/firejail/firejail.install @@ -0,0 +1,119 @@ +pre_upgrade() { +echo "Checking 26 firejail profiles for user modification, backing up as needed..." + FilesToCheck=( +'/etc/firejail/audacious.profile' +'/etc/firejail/clementine.profile' +'/etc/firejail/deadbeef.profile' +'/etc/firejail/deluge.profile' +'/etc/firejail/disable-common.inc' +'/etc/firejail/disable-mgmt.inc' +'/etc/firejail/disable-secret.inc' +'/etc/firejail/empathy.profile' +'/etc/firejail/evince.profile' +'/etc/firejail/filezilla.profile' +'/etc/firejail/firefox.profile' +'/etc/firejail/generic.profile' +'/etc/firejail/gnome-mplayer.profile' +'/etc/firejail/login.users' +'/etc/firejail/midori.profile' +'/etc/firejail/opera.profile' +'/etc/firejail/pidgin.profile' +'/etc/firejail/qbittorrent.profile' +'/etc/firejail/quassel.profile' +'/etc/firejail/rhythmbox.profile' +'/etc/firejail/server.profile' +'/etc/firejail/thunderbird.profile' +'/etc/firejail/totem.profile' +'/etc/firejail/transmission-gtk.profile' +'/etc/firejail/transmission-qt.profile' +'/etc/firejail/vlc.profile' +'/etc/firejail/xchat.profile') + +OriginalFileHashes=( +'53d86924bad531072cf279faa63e0a6a6c6ccb22aeae2ba7ddfc7dcab8b09b7a563aeab758cbcbf13ec5f7319066bb0fec3ba2356177e3b8449c58ee5929a766' +'2c13c77de38d6a7c6513ee754e6cd3ca446019b0716b3db2fb90bb3befcc1bfa2de80a06255048e5f82571de076690ddd8c543ab12104f6843a520e7de042147' +'9572631ca9551866c2af91f0fed148e2be6d9ec34dff7773d6589c7245d61e6d17f7421176cbfdeadc08289b0a0c4d74453e2d79eb847355506657e98440b924' +'f730544fdc1a2db051cb73c02722c7f87f4d4536db6f853d1852ee19f527c17abb1ed91879a2b593d2704f8e63e99c4a46640187fe882d4aaced4f7c03c06c46' +'fa89a0ccaa3d3018273b2b66cb3b6e21f0b4582ecde7139a2db3523497a4da14af8ccb969707a32f7ce2f4083405a942ce9af4212948469bd1b0cd8b438e525a' +'d0808badde2e695b77900cf13f89503e23dc2a233e2489e8590551adef061390bdb77c815a7fb59a48a103340ea288832d00dd0a8ce78bd24595ca2f352c9f8f' +'52f550486c4baa03c1327d75765c0edcc3397113fab4190e7644c53112810e5bbcc89cfc8b2c1147a724366a5dffd69dce334daaf4f3ae8e754e35bc38daeedc' +'33251ba45f3f18397956ec28c6ba55e94c8638bf5b1c1de2c49d5383fc2d519f21b5e757e22f747811c1335e745607968aac1fdd93438276223c6b4c5b2bd954' +'8f7f282ada4b557b78b33dd788753daf46b10dbdd2f7f72c25fc787ca98cf99d8a45c0db54d60fa0b1bd912cbbda95bb845d373c865e9b1884b1d3e480ec2b85' +'1088d1921b3c335789fc38e05fe7a898c9615f8fb769d388b6c6d02280891dc64b8b648351b2d5edff62298b46ed21792c0ffc611858697ae02455c5ae8993a7' +'c7b3bca2f1f9fa0a2769754fc8c341a5e2a9e67613a3329e59797a93dcb5fc41c4c8d08196c41d236e4878bd48fcd44fd1737aa6971a4df2a192da522b96cac4' +'a60b88a35228f3f8b4a3acd3dce527f3b873b095f1cf28a701baa5b310ad8b85e36ad633c8ddf8c2378a1d40c634164ada63764da1f9750507e55717affe8f46' +'16777da4a6552b7a39909d7faae0aff13a7e82887409a548433a0575443cf45fa28ecfdd8d43e146a6afa5a5a7298c64aa878bc6d82d2a7b8a2ca666cdb8d2c4' +'672fa8b25ed28a07efb41fad6415c9fa96ce4bf4f4a1a6412595afb309ef6c1e67033ee256f997c32e9abe25bd6a100160ff12f2235c9be289c223547d03ca95' +'6aa7ee675b9607313056f9ab70085e9bac7c1cc3b88f3134da3bb7052100b39ed6553b261044be3f87c283543f1231eda1145392536f2a02cf97ba7d5657e969' +'1864b178483193f7a5360685573ce1c60f383924a2dd34dcd218f063b4ce6a12ca4a065a9881f685c11f7ce63cc75b822836491fcbe042c0825d432bc4fb58df' +'8be0eef7d351f68343ec3cb14dbafab0bcac604b216f5f18f3624be1270c2a223b5a4560197c0e565c40005f28a640743736d873bf3bc47dcb3df6e5746e9031' +'16ed951fafad9d07c294b80be98f694fdc47dd525c8373ac83317cb0f1665bfa70111a7eaeeda09eff3544b45507277c12c9d8618958ec38b17e1307daccca70' +'c89b5fcd02d17fcb65661bcd8ac7d230f11b8ed0c50db864bd70e4d077bac1a210526bfc4ced54dbd5e5fc62520b5b9d51c3ede841c1fc1a29afceece9062303' +'8eb8ed39164a8d2a50c06447da745be719eb02005dcdc483d5751a8e2f2390f7329845f3e9022c6fb71814f67b31aa7468fe958d2783c67276e3fc3120bef04b' +'bcc313205c260117e40fac28fc1a282b5f36a97bd7252780c628bfc48971ec2aadd99209442600d3b52b78e932982549baf0c9ba1e791f3ea7fe451e7e7a03a3' +'d739970917e87e89dc746e749f0c8bfe6cce22dd1864d2f115758627f934916aabe5d01c3c5cbe60866a1c0a1d6908df2cd1126d1d78301216678f9ab13f2a9a' +'8a65f7e84c2071869a64a493fe6ce74ef77b50f8f34c6b6cdd4e987740a3628cbf2dd02791ff89d53b7b01c1857ab4d8dba8fd5b30e82ccecb294d6bcf4e4bf3' +'25800523958101d249b96c994fb33bb1e2c646f6af4af6adcedf9aab993a5ae3d3a72dcc340cbabcb9bc0d07cb64155ae21ba6ce87a984594741b1bb806a0b75' +'a2ad0be0e77719ad5bea6167692629f5c8cc5cfaecbdf98ecf32ddd8877aac443ddd20a7201adab202b3497394c700c69de533eb493f8203ebb36b887f78d258' +'a28765a1d99dadcf4bf47774b18305167f81d136b8588420b675ee998f5d0077018d9142269968912b5e4a91559ab3a9e4fe9e8c4b0ed11cb4faa543042fb63d' +'f4ee69f5ef1487ae2b269e43c9bc61fefac168134611bcd10f3dfc2b259430815391a3e89724e8f4830d4a9effe8827ec49237453421f4ffb4f276c0362043ef') + +## Uses above arrays to check if file's original hash matches, if not the file was edited, so we save a backup and notify the user. + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[0]} | awk '{print $1}')" = ${OriginalFileHashes[0]} ]] || { cat "${FilesToCheck[0]}" > "${FilesToCheck[0]}.pacsave" ; echo "Backup saved: ${FilesToCheck[0]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[1]} | awk '{print $1}')" = ${OriginalFileHashes[1]} ]] || { cat "${FilesToCheck[1]}" > "${FilesToCheck[1]}.pacsave" ; echo "Backup saved: ${FilesToCheck[1]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[2]} | awk '{print $1}')" = ${OriginalFileHashes[2]} ]] || { cat "${FilesToCheck[2]}" > "${FilesToCheck[2]}.pacsave" ; echo "Backup saved: ${FilesToCheck[2]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[3]} | awk '{print $1}')" = ${OriginalFileHashes[3]} ]] || { cat "${FilesToCheck[3]}" > "${FilesToCheck[3]}.pacsave" ; echo "Backup saved: ${FilesToCheck[3]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[4]} | awk '{print $1}')" = ${OriginalFileHashes[4]} ]] || { cat "${FilesToCheck[4]}" > "${FilesToCheck[4]}.pacsave" ; echo "Backup saved: ${FilesToCheck[4]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[5]} | awk '{print $1}')" = ${OriginalFileHashes[5]} ]] || { cat "${FilesToCheck[5]}" > "${FilesToCheck[5]}.pacsave" ; echo "Backup saved: ${FilesToCheck[5]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[6]} | awk '{print $1}')" = ${OriginalFileHashes[6]} ]] || { cat "${FilesToCheck[6]}" > "${FilesToCheck[6]}.pacsave" ; echo "Backup saved: ${FilesToCheck[6]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[7]} | awk '{print $1}')" = ${OriginalFileHashes[7]} ]] || { cat "${FilesToCheck[7]}" > "${FilesToCheck[7]}.pacsave" ; echo "Backup saved: ${FilesToCheck[7]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[8]} | awk '{print $1}')" = ${OriginalFileHashes[8]} ]] || { cat "${FilesToCheck[8]}" > "${FilesToCheck[8]}.pacsave" ; echo "Backup saved: ${FilesToCheck[8]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[9]} | awk '{print $1}')" = ${OriginalFileHashes[9]} ]] || { cat "${FilesToCheck[9]}" > "${FilesToCheck[9]}.pacsave" ; echo "Backup saved: ${FilesToCheck[9]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[10]} | awk '{print $1}')" = ${OriginalFileHashes[10]} ]] || { cat "${FilesToCheck[10]}" > "${FilesToCheck[10]}.pacsave" ; echo "Backup saved: ${FilesToCheck[10]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[11]} | awk '{print $1}')" = ${OriginalFileHashes[11]} ]] || { cat "${FilesToCheck[11]}" > "${FilesToCheck[11]}.pacsave" ; echo "Backup saved: ${FilesToCheck[11]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[12]} | awk '{print $1}')" = ${OriginalFileHashes[12]} ]] || { cat "${FilesToCheck[12]}" > "${FilesToCheck[12]}.pacsave" ; echo "Backup saved: ${FilesToCheck[12]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[13]} | awk '{print $1}')" = ${OriginalFileHashes[13]} ]] || { cat "${FilesToCheck[13]}" > "${FilesToCheck[13]}.pacsave" ; echo "Backup saved: ${FilesToCheck[13]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[14]} | awk '{print $1}')" = ${OriginalFileHashes[14]} ]] || { cat "${FilesToCheck[14]}" > "${FilesToCheck[14]}.pacsave" ; echo "Backup saved: ${FilesToCheck[14]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[15]} | awk '{print $1}')" = ${OriginalFileHashes[15]} ]] || { cat "${FilesToCheck[15]}" > "${FilesToCheck[15]}.pacsave" ; echo "Backup saved: ${FilesToCheck[15]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[16]} | awk '{print $1}')" = ${OriginalFileHashes[16]} ]] || { cat "${FilesToCheck[16]}" > "${FilesToCheck[16]}.pacsave" ; echo "Backup saved: ${FilesToCheck[16]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[17]} | awk '{print $1}')" = ${OriginalFileHashes[17]} ]] || { cat "${FilesToCheck[17]}" > "${FilesToCheck[17]}.pacsave" ; echo "Backup saved: ${FilesToCheck[17]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[18]} | awk '{print $1}')" = ${OriginalFileHashes[18]} ]] || { cat "${FilesToCheck[18]}" > "${FilesToCheck[18]}.pacsave" ; echo "Backup saved: ${FilesToCheck[18]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[19]} | awk '{print $1}')" = ${OriginalFileHashes[19]} ]] || { cat "${FilesToCheck[19]}" > "${FilesToCheck[19]}.pacsave" ; echo "Backup saved: ${FilesToCheck[19]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[20]} | awk '{print $1}')" = ${OriginalFileHashes[20]} ]] || { cat "${FilesToCheck[20]}" > "${FilesToCheck[20]}.pacsave" ; echo "Backup saved: ${FilesToCheck[20]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[21]} | awk '{print $1}')" = ${OriginalFileHashes[21]} ]] || { cat "${FilesToCheck[21]}" > "${FilesToCheck[21]}.pacsave" ; echo "Backup saved: ${FilesToCheck[21]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[22]} | awk '{print $1}')" = ${OriginalFileHashes[22]} ]] || { cat "${FilesToCheck[22]}" > "${FilesToCheck[22]}.pacsave" ; echo "Backup saved: ${FilesToCheck[22]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[23]} | awk '{print $1}')" = ${OriginalFileHashes[23]} ]] || { cat "${FilesToCheck[23]}" > "${FilesToCheck[23]}.pacsave" ; echo "Backup saved: ${FilesToCheck[23]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[24]} | awk '{print $1}')" = ${OriginalFileHashes[24]} ]] || { cat "${FilesToCheck[24]}" > "${FilesToCheck[24]}.pacsave" ; echo "Backup saved: ${FilesToCheck[24]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[25]} | awk '{print $1}')" = ${OriginalFileHashes[25]} ]] || { cat "${FilesToCheck[25]}" > "${FilesToCheck[25]}.pacsave" ; echo "Backup saved: ${FilesToCheck[25]}.pacsave"; } + +[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[26]} | awk '{print $1}')" = ${OriginalFileHashes[26]} ]] || { cat "${FilesToCheck[26]}" > "${FilesToCheck[26]}.pacsave" ; echo "Backup saved: ${FilesToCheck[26]}.pacsave"; } + +echo "Done!" + +}
\ No newline at end of file |