| 1 |
commit: 2086a4648e20ea0c7ee8d24d82895303aaec2d11 |
| 2 |
Author: g3ngr33n <gengreen <AT> gmx <DOT> com> |
| 3 |
AuthorDate: Fri Apr 27 18:36:37 2018 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Apr 27 20:02:30 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=2086a464 |
| 7 |
|
| 8 |
Apparmor without libintl fix |
| 9 |
|
| 10 |
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> |
| 11 |
|
| 12 |
sys-apps/apparmor-utils/Manifest | 4 ++ |
| 13 |
.../apparmor-utils/apparmor-utils-2.12.0.ebuild | 79 ++++++++++++++++++++++ |
| 14 |
.../files/apparmor-utils-2.12-musl.patch | 11 +++ |
| 15 |
sys-apps/apparmor-utils/metadata.xml | 14 ++++ |
| 16 |
sys-apps/apparmor/Manifest | 8 +++ |
| 17 |
sys-apps/apparmor/apparmor-2.12.0.ebuild | 62 +++++++++++++++++ |
| 18 |
sys-apps/apparmor/files/apparmor-2.12-musl.patch | 44 ++++++++++++ |
| 19 |
sys-apps/apparmor/files/apparmor-init | 32 +++++++++ |
| 20 |
sys-apps/apparmor/files/apparmor.service | 14 ++++ |
| 21 |
sys-apps/apparmor/files/apparmor_load.sh | 2 + |
| 22 |
sys-apps/apparmor/files/apparmor_unload.sh | 2 + |
| 23 |
sys-apps/apparmor/metadata.xml | 14 ++++ |
| 24 |
sys-apps/firejail/Manifest | 5 ++ |
| 25 |
sys-apps/firejail/files/0.9.52-apparmor.patch | 10 +++ |
| 26 |
sys-apps/firejail/files/0.9.52-contrib-fix.patch | 36 ++++++++++ |
| 27 |
sys-apps/firejail/firejail-0.9.52.ebuild | 50 ++++++++++++++ |
| 28 |
sys-apps/firejail/metadata.xml | 39 +++++++++++ |
| 29 |
17 files changed, 426 insertions(+) |
| 30 |
|
| 31 |
diff --git a/sys-apps/apparmor-utils/Manifest b/sys-apps/apparmor-utils/Manifest |
| 32 |
new file mode 100644 |
| 33 |
index 0000000..58f9c61 |
| 34 |
--- /dev/null |
| 35 |
+++ b/sys-apps/apparmor-utils/Manifest |
| 36 |
@@ -0,0 +1,4 @@ |
| 37 |
+AUX apparmor-utils-2.12-musl.patch 319 BLAKE2B 1c4cc5251c63de189856927df82f48c1d00575ea9dc57b24b89a42f7c383de3deafb6c1e5c5f5c46a6f309b190d480bdbdd6d1b0c680f7b302e2af5b4f792f0a SHA512 fb23a97b6c21c6253739af419d4968897e55b7c276dfbb0514c78a5487d46df26a07b2a7a0f509edad2526b602031a144065757fbcf7bc475e895980b2d001d4 |
| 38 |
+DIST apparmor-2.12.tar.gz 7258450 BLAKE2B c1d4e01d836c5f567ddb7c5ecf36dde6efccf1e59ae219824129fd5c92162a3fed7ebdc492f181ae132b07db068660078a9631543d40fd20ab0b44cd4c646d4c SHA512 d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a |
| 39 |
+EBUILD apparmor-utils-2.12.0.ebuild 2041 BLAKE2B c6ff1621f855b00af4a0f0ce2c7ef342cc0dff80058e7e8da671c0e4dd10e5e8063770223e5ecda8fe9e233bcbf0b8fa171202c3f79ab98fcc5964c144683068 SHA512 0b71c72aae38dc13fb968383f49014a9e571f250bcd3235c836c82a50c4bb8cd619306a29e08d6b04699593796d80419269d6f2081fdb1262ba05ad16cc847cb |
| 40 |
+MISC metadata.xml 409 BLAKE2B 63cb1726a015cf118e8ffcc8cf9d49795a75d367e36b0332fbf23faad8b3eed41e2ae090cc92757e12248d831e0ea1782b6f275ef02b7d2d2022bf2b79f69042 SHA512 a66647c5e40f2593017942c12786dc30995e7980fdb58c1de0b9ae34069434cb5a4c70b2bd268a239df82edfcc1e7288e8033bf57609f757a321639afd5e78b8 |
| 41 |
|
| 42 |
diff --git a/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild b/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild |
| 43 |
new file mode 100644 |
| 44 |
index 0000000..b1a711e |
| 45 |
--- /dev/null |
| 46 |
+++ b/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild |
| 47 |
@@ -0,0 +1,79 @@ |
| 48 |
+# Copyright 1999-2018 Gentoo Foundation |
| 49 |
+# Distributed under the terms of the GNU General Public License v2 |
| 50 |
+ |
| 51 |
+EAPI=6 |
| 52 |
+ |
| 53 |
+PYTHON_COMPAT=( python3_{4,5,6} ) |
| 54 |
+inherit perl-module python-r1 toolchain-funcs versionator |
| 55 |
+ |
| 56 |
+MY_PV="$(get_version_component_range 1-2)" |
| 57 |
+ |
| 58 |
+DESCRIPTION="Additional userspace utils to assist with AppArmor profile management" |
| 59 |
+HOMEPAGE="http://apparmor.net/" |
| 60 |
+SRC_URI="https://launchpad.net/apparmor/${MY_PV}/${PV}/+download/apparmor-${MY_PV}.tar.gz" |
| 61 |
+ |
| 62 |
+LICENSE="GPL-2" |
| 63 |
+SLOT="0" |
| 64 |
+KEYWORDS="~amd64" |
| 65 |
+IUSE="" |
| 66 |
+REQUIRED_USE="${PYTHON_REQUIRED_USE}" |
| 67 |
+ |
| 68 |
+RESTRICT="test" |
| 69 |
+ |
| 70 |
+DEPEND="dev-lang/perl |
| 71 |
+ ${PYTHON_DEPS}" |
| 72 |
+RDEPEND="${DEPEND} |
| 73 |
+ ~sys-libs/libapparmor-${PV}[perl,python] |
| 74 |
+ ~sys-apps/apparmor-${PV} |
| 75 |
+ dev-perl/Locale-gettext |
| 76 |
+ dev-perl/RPC-XML |
| 77 |
+ dev-perl/TermReadKey |
| 78 |
+ virtual/perl-Data-Dumper |
| 79 |
+ virtual/perl-Getopt-Long" |
| 80 |
+ |
| 81 |
+S=${WORKDIR}/apparmor-${MY_PV} |
| 82 |
+ |
| 83 |
+PATCHES=( "${FILESDIR}/apparmor-utils-${MY_PV}-musl.patch" ) |
| 84 |
+ |
| 85 |
+src_prepare() { |
| 86 |
+ default |
| 87 |
+ |
| 88 |
+ sed -i binutils/Makefile \ |
| 89 |
+ -e 's/Bstatic/Bdynamic/g' || die |
| 90 |
+} |
| 91 |
+ |
| 92 |
+src_compile() { |
| 93 |
+ python_setup |
| 94 |
+ |
| 95 |
+ pushd utils > /dev/null || die |
| 96 |
+ # launches non-make subprocesses causing "make jobserver unavailable" |
| 97 |
+ # error messages to appear in generated code |
| 98 |
+ emake -j1 |
| 99 |
+ popd > /dev/null || die |
| 100 |
+ |
| 101 |
+ pushd binutils > /dev/null || die |
| 102 |
+ export EXTRA_CFLAGS="${CFLAGS}" |
| 103 |
+ emake CC="$(tc-getCC)" USE_SYSTEM=1 |
| 104 |
+ popd > /dev/null || die |
| 105 |
+} |
| 106 |
+ |
| 107 |
+src_install() { |
| 108 |
+ pushd utils > /dev/null || die |
| 109 |
+ perl_set_version |
| 110 |
+ emake DESTDIR="${D}" PERLDIR="${D}/${VENDOR_LIB}/Immunix" \ |
| 111 |
+ VIM_INSTALL_PATH="${D}/usr/share/vim/vimfiles/syntax" install |
| 112 |
+ |
| 113 |
+ install_python() { |
| 114 |
+ "${PYTHON}" "${S}"/utils/python-tools-setup.py install --prefix=/usr \ |
| 115 |
+ --root="${D}" --version="${PV}" |
| 116 |
+ } |
| 117 |
+ |
| 118 |
+ python_foreach_impl install_python |
| 119 |
+ python_replicate_script "${D}"/usr/bin/aa-easyprof "${D}"/usr/sbin/apparmor_status \ |
| 120 |
+ "${D}"/usr/sbin/aa-{audit,autodep,cleanprof,complain,disable,enforce,genprof,logprof,mergeprof,status,unconfined} |
| 121 |
+ popd > /dev/null || die |
| 122 |
+ |
| 123 |
+ pushd binutils > /dev/null || die |
| 124 |
+ emake install DESTDIR="${D}" USE_SYSTEM=1 |
| 125 |
+ popd > /dev/null || die |
| 126 |
+} |
| 127 |
\ No newline at end of file |
| 128 |
|
| 129 |
diff --git a/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch b/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch |
| 130 |
new file mode 100644 |
| 131 |
index 0000000..d8ff360 |
| 132 |
--- /dev/null |
| 133 |
+++ b/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch |
| 134 |
@@ -0,0 +1,11 @@ |
| 135 |
+--- a/binutils/Makefile |
| 136 |
++++ b/binutils/Makefile |
| 137 |
+@@ -52,7 +52,7 @@ SRCS = aa_enabled.c |
| 138 |
+ HDRS = |
| 139 |
+ TOOLS = aa-enabled aa-exec |
| 140 |
+ |
| 141 |
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread |
| 142 |
++AALIB = -Wl,-Bdynamic -lapparmor -lpthread |
| 143 |
+ |
| 144 |
+ ifdef USE_SYSTEM |
| 145 |
+ # Using the system libapparmor so Makefile dependencies can't be used |
| 146 |
|
| 147 |
diff --git a/sys-apps/apparmor-utils/metadata.xml b/sys-apps/apparmor-utils/metadata.xml |
| 148 |
new file mode 100644 |
| 149 |
index 0000000..42d1e8f |
| 150 |
--- /dev/null |
| 151 |
+++ b/sys-apps/apparmor-utils/metadata.xml |
| 152 |
@@ -0,0 +1,14 @@ |
| 153 |
+<?xml version="1.0" encoding="UTF-8"?> |
| 154 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
| 155 |
+<pkgmetadata> |
| 156 |
+ <maintainer type="person"> |
| 157 |
+ <email>kensington@g.o</email> |
| 158 |
+ </maintainer> |
| 159 |
+ <maintainer type="project"> |
| 160 |
+ <email>hardened@g.o</email> |
| 161 |
+ <name>Gentoo Hardened</name> |
| 162 |
+ </maintainer> |
| 163 |
+ <upstream> |
| 164 |
+ <remote-id type="launchpad">apparmor</remote-id> |
| 165 |
+ </upstream> |
| 166 |
+</pkgmetadata> |
| 167 |
|
| 168 |
diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest |
| 169 |
new file mode 100644 |
| 170 |
index 0000000..9b03d7c |
| 171 |
--- /dev/null |
| 172 |
+++ b/sys-apps/apparmor/Manifest |
| 173 |
@@ -0,0 +1,8 @@ |
| 174 |
+AUX apparmor-2.12-musl.patch 1005 BLAKE2B 34a0b2c816ff4b62b5dde0fbf7c87abde9a2abcb9cd07db9a387a81b351d717fc614324fe4a73ab5ca43f82a2fa2d633f40af642d5b6a14a29db5e15a7c6ae01 SHA512 b720e97453329a3c8d69ed76cddd7d735c3f83cbdd1083137e9ef697fd0436e2fcbca15dbb27ee5f643e4247da8c4cc298b89bb5fcd0219ed6acf23b867ee662 |
| 175 |
+AUX apparmor-init 636 BLAKE2B 5acebb5dbcf4ea280e0295530c0c5b085e4a87a0acdda943ed78f828b53e2e9d3834838f2db853c8724c941593a29cf1b655a84c120f69def03c46d041e9e21e SHA512 108b3d77607a61c58f2f5e5940726d6b0485ed1a7beb7d67965e167240defbbd77dab1d56c15c2ae322fee64f3d037f541a1f3679d110194085a641ccbef01c3 |
| 176 |
+AUX apparmor.service 281 BLAKE2B 3d1ecfdc96ee2491e75e92dc3aae7c2aeeeef3bf6a7ae86f354126fd044e2da316303b3ba63ad6dbc747d59d423ea8e4df0f131090d0d7b405e0d303b3c32a71 SHA512 f6ba92053a93db0654a4290eb358afae4d7669cb89a02242544576d951fe57437c3570d92ac89ce4e9fd96c04c121f44523dd6bb136d58fea11424064375df31 |
| 177 |
+AUX apparmor_load.sh 84 BLAKE2B 05195286287d5cdf56a7f67e18073f75625cbfb1c9283a22c72ff60aa4a3fe4129b81702801ddd4045629558a022f084906464f8bb5325f31d43680c626a5ede SHA512 72bd10fdd32879854ee044941636d530453488596bab7aa6785b109f6cd7e2f822e9ff04b43c7c4265b2f42de13ec7f6649f9a58fed3d93b51dd1a2b541be3d7 |
| 178 |
+AUX apparmor_unload.sh 85 BLAKE2B 1559999897e288f452850080166dcdf67d15bd3cfa57f30aeddeba29bce2e1896126e8e4c82b41dd403f94d3f8ae9128448b0c5431c418ff82fd65df370653b5 SHA512 18a46176d043511af33fc77917e85dce5cb5deb30d2d86ea5261313a72c385b96c87fcd1fece9e555b6c424305d420876430a0a8fb11a5ec5edfef30f80dfd8d |
| 179 |
+DIST apparmor-2.12.tar.gz 7258450 BLAKE2B c1d4e01d836c5f567ddb7c5ecf36dde6efccf1e59ae219824129fd5c92162a3fed7ebdc492f181ae132b07db068660078a9631543d40fd20ab0b44cd4c646d4c SHA512 d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a |
| 180 |
+EBUILD apparmor-2.12.0.ebuild 1255 BLAKE2B 0830f58fdb325c6ac941dd2ddda605f3b0fea5a2b193e9b6873081c27e36437e653d5a99d983e4d9642d7324990346c2c99ed260e383f5f29e7aa3aca8ea6220 SHA512 714270d9ca8e08c409915c48d1c246ee4b4134fa883c00a3a4884029f4c2699d5054827c245b4b89085dd0672503fa3122d404a8e28cb8b02bc52a78d95600a6 |
| 181 |
+MISC metadata.xml 409 BLAKE2B 63cb1726a015cf118e8ffcc8cf9d49795a75d367e36b0332fbf23faad8b3eed41e2ae090cc92757e12248d831e0ea1782b6f275ef02b7d2d2022bf2b79f69042 SHA512 a66647c5e40f2593017942c12786dc30995e7980fdb58c1de0b9ae34069434cb5a4c70b2bd268a239df82edfcc1e7288e8033bf57609f757a321639afd5e78b8 |
| 182 |
|
| 183 |
diff --git a/sys-apps/apparmor/apparmor-2.12.0.ebuild b/sys-apps/apparmor/apparmor-2.12.0.ebuild |
| 184 |
new file mode 100644 |
| 185 |
index 0000000..f4558d3 |
| 186 |
--- /dev/null |
| 187 |
+++ b/sys-apps/apparmor/apparmor-2.12.0.ebuild |
| 188 |
@@ -0,0 +1,62 @@ |
| 189 |
+# Copyright 1999-2018 Gentoo Foundation |
| 190 |
+# Distributed under the terms of the GNU General Public License v2 |
| 191 |
+ |
| 192 |
+EAPI=6 |
| 193 |
+ |
| 194 |
+inherit systemd toolchain-funcs versionator |
| 195 |
+ |
| 196 |
+MY_PV="$(get_version_component_range 1-2)" |
| 197 |
+ |
| 198 |
+DESCRIPTION="Userspace utils and init scripts for the AppArmor application security system" |
| 199 |
+HOMEPAGE="http://apparmor.net/" |
| 200 |
+SRC_URI="https://launchpad.net/${PN}/${MY_PV}/${PV}/+download/${PN}-${MY_PV}.tar.gz" |
| 201 |
+ |
| 202 |
+LICENSE="GPL-2" |
| 203 |
+SLOT="0" |
| 204 |
+KEYWORDS="~amd64" |
| 205 |
+IUSE="doc" |
| 206 |
+ |
| 207 |
+RDEPEND="~sys-libs/libapparmor-${PV}" |
| 208 |
+DEPEND="${RDEPEND} |
| 209 |
+ dev-lang/perl |
| 210 |
+ sys-devel/bison |
| 211 |
+ sys-devel/flex |
| 212 |
+ doc? ( dev-tex/latex2html ) |
| 213 |
+" |
| 214 |
+ |
| 215 |
+S=${WORKDIR}/apparmor-${MY_PV}/parser/ |
| 216 |
+ |
| 217 |
+PATCHES=( "${FILESDIR}/apparmor-${MY_PV}-musl.patch" ) |
| 218 |
+ |
| 219 |
+src_prepare() { |
| 220 |
+ |
| 221 |
+ default |
| 222 |
+} |
| 223 |
+ |
| 224 |
+src_compile() { |
| 225 |
+ |
| 226 |
+ emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages |
| 227 |
+} |
| 228 |
+ |
| 229 |
+src_test() { |
| 230 |
+ |
| 231 |
+ emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check |
| 232 |
+} |
| 233 |
+ |
| 234 |
+src_install() { |
| 235 |
+ |
| 236 |
+ cd parser/ |
| 237 |
+ emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install |
| 238 |
+ |
| 239 |
+ dodir /etc/apparmor.d/disable |
| 240 |
+ |
| 241 |
+ newinitd "${FILESDIR}/${PN}-init" ${PN} |
| 242 |
+ systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service |
| 243 |
+ |
| 244 |
+ use doc && dodoc techdoc.pdf |
| 245 |
+ |
| 246 |
+ exeinto /usr/share/apparmor |
| 247 |
+ doexe "${FILESDIR}/apparmor_load.sh" |
| 248 |
+ doexe "${FILESDIR}/apparmor_unload.sh" |
| 249 |
+ |
| 250 |
+} |
| 251 |
\ No newline at end of file |
| 252 |
|
| 253 |
diff --git a/sys-apps/apparmor/files/apparmor-2.12-musl.patch b/sys-apps/apparmor/files/apparmor-2.12-musl.patch |
| 254 |
new file mode 100644 |
| 255 |
index 0000000..2c7d095 |
| 256 |
--- /dev/null |
| 257 |
+++ b/sys-apps/apparmor/files/apparmor-2.12-musl.patch |
| 258 |
@@ -0,0 +1,44 @@ |
| 259 |
+--- /dev/null |
| 260 |
++++ b/missingdefs.h |
| 261 |
+@@ -0,0 +1,9 @@ |
| 262 |
++#ifndef PARSER_MISSINGDEFS_H |
| 263 |
++#define PARSER_MISSINGDEFS_H |
| 264 |
++ |
| 265 |
++typedef int (*__compar_fn_t) (const void *, const void *); |
| 266 |
++typedef __compar_fn_t comparison_fn_t; |
| 267 |
++typedef void (*__free_fn_t) (void *__nodep); |
| 268 |
++ |
| 269 |
++#endif |
| 270 |
++ |
| 271 |
+--- a/parser_alias.c |
| 272 |
++++ b/parser_alias.c |
| 273 |
+@@ -24,6 +24,7 @@ |
| 274 |
+ #include "immunix.h" |
| 275 |
+ #include "parser.h" |
| 276 |
+ #include "profile.h" |
| 277 |
++#include "missingdefs.h" |
| 278 |
+ |
| 279 |
+ struct alias_rule { |
| 280 |
+ char *from; |
| 281 |
+ |
| 282 |
+--- a/parser_symtab.c |
| 283 |
++++ b/parser_symtab.c |
| 284 |
+@@ -24,6 +24,7 @@ |
| 285 |
+ |
| 286 |
+ #include "immunix.h" |
| 287 |
+ #include "parser.h" |
| 288 |
++#include "missingdefs.h" |
| 289 |
+ |
| 290 |
+ enum var_type { |
| 291 |
+ sd_boolean, |
| 292 |
+--- a/Makefile |
| 293 |
++++ b/Makefile |
| 294 |
+@@ -87,7 +87,7 @@ |
| 295 |
+ AAREOBJECT = ${AAREDIR}/libapparmor_re.a |
| 296 |
+ AAREOBJECTS = $(AAREOBJECT) |
| 297 |
+ AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS) |
| 298 |
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread |
| 299 |
++AALIB = -Wl,-Bdynamic -lapparmor -lpthread |
| 300 |
+ |
| 301 |
+ ifdef USE_SYSTEM |
| 302 |
+ # Using the system libapparmor so Makefile dependencies can't be used |
| 303 |
|
| 304 |
diff --git a/sys-apps/apparmor/files/apparmor-init b/sys-apps/apparmor/files/apparmor-init |
| 305 |
new file mode 100644 |
| 306 |
index 0000000..ebba84f |
| 307 |
--- /dev/null |
| 308 |
+++ b/sys-apps/apparmor/files/apparmor-init |
| 309 |
@@ -0,0 +1,32 @@ |
| 310 |
+#!/sbin/openrc-run |
| 311 |
+# Copyright 1999-2013 Gentoo Foundation |
| 312 |
+# Distributed under the terms of the GNU General Public License v2 |
| 313 |
+ |
| 314 |
+description="Load all configured profiles for the AppArmor security module." |
| 315 |
+description_reload="Reload all profiles" |
| 316 |
+ |
| 317 |
+extra_started_commands="reload" |
| 318 |
+ |
| 319 |
+ |
| 320 |
+start() { |
| 321 |
+ ebegin "Starting AppArmor" |
| 322 |
+ eindent |
| 323 |
+ apparmor_load.sh |
| 324 |
+ |
| 325 |
+ eoutdent |
| 326 |
+} |
| 327 |
+ |
| 328 |
+stop() { |
| 329 |
+ ebegin "Stopping AppArmor" |
| 330 |
+ eindent |
| 331 |
+ apparmor_unload.sh |
| 332 |
+ |
| 333 |
+ eoutdent |
| 334 |
+} |
| 335 |
+ |
| 336 |
+reload() { |
| 337 |
+ # todo: split out clean_profiles into its own function upstream |
| 338 |
+ # so we can do parse_profiles reload && clean_profiles |
| 339 |
+ # and do a proper reload instead of restart |
| 340 |
+ apparmor_restart |
| 341 |
+} |
| 342 |
|
| 343 |
diff --git a/sys-apps/apparmor/files/apparmor.service b/sys-apps/apparmor/files/apparmor.service |
| 344 |
new file mode 100644 |
| 345 |
index 0000000..89f14fe |
| 346 |
--- /dev/null |
| 347 |
+++ b/sys-apps/apparmor/files/apparmor.service |
| 348 |
@@ -0,0 +1,14 @@ |
| 349 |
+[Unit] |
| 350 |
+Description=AppArmor profiles |
| 351 |
+DefaultDependencies=no |
| 352 |
+After=local-fs.target |
| 353 |
+Before=sysinit.target |
| 354 |
+ |
| 355 |
+[Service] |
| 356 |
+Type=oneshot |
| 357 |
+ExecStart=/usr/share/apparmor/apparmor_load.sh |
| 358 |
+ExecStop=/usr/share/apparmor/apparmor_unload.sh |
| 359 |
+RemainAfterExit=yes |
| 360 |
+ |
| 361 |
+[Install] |
| 362 |
+WantedBy=multi-user.target |
| 363 |
|
| 364 |
diff --git a/sys-apps/apparmor/files/apparmor_load.sh b/sys-apps/apparmor/files/apparmor_load.sh |
| 365 |
new file mode 100755 |
| 366 |
index 0000000..e6fe6b6 |
| 367 |
--- /dev/null |
| 368 |
+++ b/sys-apps/apparmor/files/apparmor_load.sh |
| 369 |
@@ -0,0 +1,2 @@ |
| 370 |
+#!/bin/sh |
| 371 |
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} + |
| 372 |
|
| 373 |
diff --git a/sys-apps/apparmor/files/apparmor_unload.sh b/sys-apps/apparmor/files/apparmor_unload.sh |
| 374 |
new file mode 100755 |
| 375 |
index 0000000..19e598b |
| 376 |
--- /dev/null |
| 377 |
+++ b/sys-apps/apparmor/files/apparmor_unload.sh |
| 378 |
@@ -0,0 +1,2 @@ |
| 379 |
+#!/bin/sh |
| 380 |
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \; |
| 381 |
|
| 382 |
diff --git a/sys-apps/apparmor/metadata.xml b/sys-apps/apparmor/metadata.xml |
| 383 |
new file mode 100644 |
| 384 |
index 0000000..42d1e8f |
| 385 |
--- /dev/null |
| 386 |
+++ b/sys-apps/apparmor/metadata.xml |
| 387 |
@@ -0,0 +1,14 @@ |
| 388 |
+<?xml version="1.0" encoding="UTF-8"?> |
| 389 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
| 390 |
+<pkgmetadata> |
| 391 |
+ <maintainer type="person"> |
| 392 |
+ <email>kensington@g.o</email> |
| 393 |
+ </maintainer> |
| 394 |
+ <maintainer type="project"> |
| 395 |
+ <email>hardened@g.o</email> |
| 396 |
+ <name>Gentoo Hardened</name> |
| 397 |
+ </maintainer> |
| 398 |
+ <upstream> |
| 399 |
+ <remote-id type="launchpad">apparmor</remote-id> |
| 400 |
+ </upstream> |
| 401 |
+</pkgmetadata> |
| 402 |
|
| 403 |
diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest |
| 404 |
new file mode 100644 |
| 405 |
index 0000000..01b3078 |
| 406 |
--- /dev/null |
| 407 |
+++ b/sys-apps/firejail/Manifest |
| 408 |
@@ -0,0 +1,5 @@ |
| 409 |
+AUX 0.9.52-apparmor.patch 274 BLAKE2B 96ce95ff88aca51a275f3f91ad2ab2836a12edc0780b617836dcb08d0998d40ad1f324cc69481cd6cdf060326791bf2854a7b65fafe1b074c2eab571d6638d87 SHA512 ba63ab8c94c09c67116c23200bdf0ef2b25ae64dffdb1d90f946b6617c8081765052960bee5f245f39dd92cdfedc717a60ab7efcfd0e7a72d38143450fb7bc04 |
| 410 |
+AUX 0.9.52-contrib-fix.patch 1446 BLAKE2B 934a1d2cfcdb070317bb47b6b451fe979279f5a4600a49ce2d79642479e5b649f5103d732aaa40ab2dbb8dcd563c75a5b0f048ae805134eef6d4afe52174b972 SHA512 04c88fbaa37c677efef1805c6b0bca6d87742acf5c80b047844e776e51c02c8803d2588a5dde74817b0cbbf6ce9d239ca39a823df1928ef36f232b403fb41889 |
| 411 |
+DIST firejail-0.9.52.tar.xz 299396 BLAKE2B 62b7798e46b69f1ae12ac85f219cc7414652e64d3bf9e1b206f8956febdc53c78151f08052fe694c691b787356b6821e8ff0df71a4277a238a4dc7d724165969 SHA512 f7318bcbd68f6d8c709cdc1f5065cb1019c1c64fdbd47c0fd698975412c4e075c7209bd275056daf61558b79d79127c88f1580cb8e4e034cc0551c7d34e11d06 |
| 412 |
+EBUILD firejail-0.9.52.ebuild 1219 BLAKE2B b5e4f6c471bb3459aa0547db1c4cb13355026e34729f830b26416c022caa99db040bee3b690e2dcf790a9ecadb502dfe17e655fca34374fbafc40862a8432d58 SHA512 9902ad0969156b381cfc70b631a27af93ed325abc0ed7ef08b3499165be662c354456b8d1d4c7a06a55c99d6fdf31d1b6f8927bd85914d9ef23c014e812e03fe |
| 413 |
+MISC metadata.xml 1627 BLAKE2B 1029e5cce7af2355b66b4c600e96273669a0876ebc1c85dd1c169eaf6419e48d4173db1a99851963ace27f90b7965d7032a00309f124ffe3545d3325b450fcbf SHA512 081d4f02dafd4c82aca839117c52b744ba50d3816b2ee01916c8f5fe60ae914717c7d3a36cdd0d064f3bc2ae1d4a7fa75e946536fce509c6aac37c84832ef946 |
| 414 |
|
| 415 |
diff --git a/sys-apps/firejail/files/0.9.52-apparmor.patch b/sys-apps/firejail/files/0.9.52-apparmor.patch |
| 416 |
new file mode 100644 |
| 417 |
index 0000000..6dac4d2 |
| 418 |
--- /dev/null |
| 419 |
+++ b/sys-apps/firejail/files/0.9.52-apparmor.patch |
| 420 |
@@ -0,0 +1,10 @@ |
| 421 |
+--- a/src/libtrace/libtrace.c |
| 422 |
++++ b/src/libtrace/libtrace.c |
| 423 |
+@@ -30,6 +30,7 @@ |
| 424 |
+ #include <sys/un.h> |
| 425 |
+ #include <sys/stat.h> |
| 426 |
+ #include <dirent.h> |
| 427 |
++#include <limits.h> |
| 428 |
+ |
| 429 |
+ // break recursivity on fopen call |
| 430 |
+ typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); |
| 431 |
|
| 432 |
diff --git a/sys-apps/firejail/files/0.9.52-contrib-fix.patch b/sys-apps/firejail/files/0.9.52-contrib-fix.patch |
| 433 |
new file mode 100644 |
| 434 |
index 0000000..7192bba |
| 435 |
--- /dev/null |
| 436 |
+++ b/sys-apps/firejail/files/0.9.52-contrib-fix.patch |
| 437 |
@@ -0,0 +1,36 @@ |
| 438 |
+diff -Naur firejail-0.9.48/contrib/fix_private-bin.py firejail-0.9.48.new/contrib/fix_private-bin.py |
| 439 |
+--- firejail-0.9.48/contrib/fix_private-bin.py 2017-05-24 23:01:32.000000000 +0100 |
| 440 |
++++ firejail-0.9.48.new/contrib/fix_private-bin.py 2017-08-27 23:19:52.868481040 +0100 |
| 441 |
+@@ -1,4 +1,4 @@ |
| 442 |
+-#!/usr/bin/python3 |
| 443 |
++#!/usr/bin/env python3 |
| 444 |
+ |
| 445 |
+ __author__ = "KOLANICH" |
| 446 |
+ __copyright__ = """This is free and unencumbered software released into the public domain. |
| 447 |
+diff -Naur firejail-0.9.48/contrib/fjclip.py firejail-0.9.48.new/contrib/fjclip.py |
| 448 |
+--- firejail-0.9.48/contrib/fjclip.py 2017-05-24 23:01:32.000000000 +0100 |
| 449 |
++++ firejail-0.9.48.new/contrib/fjclip.py 2017-08-27 23:19:58.476562539 +0100 |
| 450 |
+@@ -1,4 +1,4 @@ |
| 451 |
+-#!/usr/bin/env python |
| 452 |
++#!/usr/bin/env python2 |
| 453 |
+ |
| 454 |
+ import re |
| 455 |
+ import sys |
| 456 |
+diff -Naur firejail-0.9.48/contrib/fjdisplay.py firejail-0.9.48.new/contrib/fjdisplay.py |
| 457 |
+--- firejail-0.9.48/contrib/fjdisplay.py 2017-05-24 23:01:32.000000000 +0100 |
| 458 |
++++ firejail-0.9.48.new/contrib/fjdisplay.py 2017-08-27 23:20:01.932612762 +0100 |
| 459 |
+@@ -1,4 +1,4 @@ |
| 460 |
+-#!/usr/bin/env python |
| 461 |
++#!/usr/bin/env python2 |
| 462 |
+ |
| 463 |
+ import re |
| 464 |
+ import sys |
| 465 |
+diff -Naur firejail-0.9.48/contrib/fjresize.py firejail-0.9.48.new/contrib/fjresize.py |
| 466 |
+--- firejail-0.9.48/contrib/fjresize.py 2017-05-24 23:01:32.000000000 +0100 |
| 467 |
++++ firejail-0.9.48.new/contrib/fjresize.py 2017-08-27 23:20:06.932685422 +0100 |
| 468 |
+@@ -1,4 +1,4 @@ |
| 469 |
+-#!/usr/bin/env python |
| 470 |
++#!/usr/bin/env python2 |
| 471 |
+ |
| 472 |
+ import sys |
| 473 |
+ import fjdisplay |
| 474 |
|
| 475 |
diff --git a/sys-apps/firejail/firejail-0.9.52.ebuild b/sys-apps/firejail/firejail-0.9.52.ebuild |
| 476 |
new file mode 100644 |
| 477 |
index 0000000..d08a33e |
| 478 |
--- /dev/null |
| 479 |
+++ b/sys-apps/firejail/firejail-0.9.52.ebuild |
| 480 |
@@ -0,0 +1,50 @@ |
| 481 |
+# Copyright 1999-2018 Gentoo Foundation |
| 482 |
+# Distributed under the terms of the GNU General Public License v2 |
| 483 |
+ |
| 484 |
+EAPI=6 |
| 485 |
+ |
| 486 |
+inherit eutils |
| 487 |
+ |
| 488 |
+DESCRIPTION="Security sandbox for any type of processes" |
| 489 |
+HOMEPAGE="https://firejail.wordpress.com/" |
| 490 |
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" |
| 491 |
+ |
| 492 |
+LICENSE="GPL-2" |
| 493 |
+SLOT="0" |
| 494 |
+KEYWORDS="~amd64 ~x86" |
| 495 |
+IUSE="apparmor +bind +chroot contrib +file-transfer +network |
| 496 |
+ network-restricted +seccomp +userns x11" |
| 497 |
+ |
| 498 |
+DEPEND="!sys-apps/firejail-lts |
| 499 |
+ apparmor? ( sys-libs/libapparmor )" |
| 500 |
+RDEPEND="${DEPEND} |
| 501 |
+ x11? ( x11-wm/xpra[client,server] )" |
| 502 |
+ |
| 503 |
+PATCHES=( "${FILESDIR}/${PV}-contrib-fix.patch" ) |
| 504 |
+PATCHES=( "${FILESDIR}/${PV}-apparmor.patch" ) |
| 505 |
+ |
| 506 |
+RESTRICT=test |
| 507 |
+ |
| 508 |
+src_prepare() { |
| 509 |
+ default |
| 510 |
+ find -name Makefile.in -exec sed -i -r \ |
| 511 |
+ -e '/^\tinstall .*COPYING /d' \ |
| 512 |
+ -e '/CFLAGS/s: (-O2|-ggdb) : :g' \ |
| 513 |
+ -e '1iCC=@CC@' {} + || die |
| 514 |
+} |
| 515 |
+ |
| 516 |
+src_configure() { |
| 517 |
+ local myeconfargs=( |
| 518 |
+ $(use_enable apparmor) |
| 519 |
+ $(use_enable bind) |
| 520 |
+ $(use_enable chroot) |
| 521 |
+ $(use_enable contrib contrib-install) |
| 522 |
+ $(use_enable file-transfer) |
| 523 |
+ $(use_enable network) |
| 524 |
+ $(use_enable seccomp) |
| 525 |
+ $(use_enable userns) |
| 526 |
+ $(use_enable x11) |
| 527 |
+ ) |
| 528 |
+ use network-restricted && myeconfargs+=( --enable-network=restricted ) |
| 529 |
+ econf "${myeconfargs[@]}" |
| 530 |
+} |
| 531 |
|
| 532 |
diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml |
| 533 |
new file mode 100644 |
| 534 |
index 0000000..395160f |
| 535 |
--- /dev/null |
| 536 |
+++ b/sys-apps/firejail/metadata.xml |
| 537 |
@@ -0,0 +1,39 @@ |
| 538 |
+<?xml version="1.0" encoding="UTF-8"?> |
| 539 |
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> |
| 540 |
+<pkgmetadata> |
| 541 |
+ <maintainer type="person"> |
| 542 |
+ <email>aidecoe@g.o</email> |
| 543 |
+ <name>Amadeusz Żołnowski</name> |
| 544 |
+ </maintainer> |
| 545 |
+ <longdescription lang="en"> |
| 546 |
+ Firejail is a SUID program that reduces the risk of security breaches |
| 547 |
+ by restricting the running environment of untrusted applications using |
| 548 |
+ Linux namespaces and seccomp-bpf. It allows a process and all its |
| 549 |
+ descendants to have their own private view of the globally shared |
| 550 |
+ kernel resources, such as the network stack, process table, mount |
| 551 |
+ table. |
| 552 |
+ |
| 553 |
+ This is bleeding edge branch. For long term support version see |
| 554 |
+ sys-apps/firejail-lts. |
| 555 |
+ </longdescription> |
| 556 |
+ <upstream> |
| 557 |
+ <remote-id type="sourceforge">firejail</remote-id> |
| 558 |
+ </upstream> |
| 559 |
+ <use> |
| 560 |
+ <flag name="apparmor">Enable support for custom AppArmor |
| 561 |
+ profiles</flag> |
| 562 |
+ <flag name="bind">Enable custom bind mounts</flag> |
| 563 |
+ <flag name="chroot">Enable chrooting to custom directory</flag> |
| 564 |
+ <flag name="contrib">Install contrib scripts</flag> |
| 565 |
+ <flag name="file-transfer">Enable file transfers between sandboxes and |
| 566 |
+ the host system</flag> |
| 567 |
+ <flag name="network">Enable networking features</flag> |
| 568 |
+ <flag name="network-restricted">Grant access to --interface, |
| 569 |
+ --net=ethXXX and --netfilter only to root user; regular users are |
| 570 |
+ only allowed --net=none</flag> |
| 571 |
+ <flag name="seccomp">Enable system call filtering</flag> |
| 572 |
+ <flag name="userns">Enable attaching a new user namespace to a |
| 573 |
+ sandbox (--noroot option)</flag> |
| 574 |
+ <flag name="x11">Enable X11 sandboxing</flag> |
| 575 |
+ </use> |
| 576 |
+</pkgmetadata> |
Archives