commit: 0c2809390f246ae501758c1008e1ce3dbae24524 Author: Hank Leininger <hlein <AT> korelogic <DOT> com> AuthorDate: Thu Apr 24 22:46:12 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu May 1 21:48:04 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c280939
sys-apps/firejail: add 0.9.74, bump py compat Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> Closes: https://bugs.gentoo.org/953951 Closes: https://bugs.gentoo.org/952713 Part-of: https://github.com/gentoo/gentoo/pull/41736 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-apps/firejail/Manifest | 1 + .../files/firejail-0.9.74-firecfg.config.patch | 73 +++++++++++ sys-apps/firejail/firejail-0.9.74.ebuild | 138 +++++++++++++++++++++ 3 files changed, 212 insertions(+) diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest index 93387adafa9d..7fcd9e9db685 100644 --- a/sys-apps/firejail/Manifest +++ b/sys-apps/firejail/Manifest @@ -1 +1,2 @@ DIST firejail-0.9.72.tar.xz 503192 BLAKE2B 3d57b345476cb62399859622c88f5d6c22842da5894045c09bc7d84229ec2a01c494e4e9393b6fba6c668f73c6b7046f9a014a315baa5bc56d1479b9cad178a7 SHA512 846fa5caf6e68c669f76a07d6321ed365bf3c45f7992e8be3784ed99ef508ea8dffc5d6cc5da75eeb37964ad358d61b7959e8590051950951de8ca904d8a49de +DIST firejail-0.9.74.tar.xz 527640 BLAKE2B c71c4b9c6e4cc66ccd0884d98599709f59353f0d270ce7c7e056815a9025ae6b558e210a70a2f8fd4f1c0c5cad72cc3c372bb2af8ffef673c0f5cb3819375191 SHA512 abc79c7d76d6da2c93e9cc5b4529f2950a0de8f292bede5b0e38179551c8ec65adf8d61326c7dbbad0d488234211df2266ce6d59eea06b792c0b7e163d83e69f diff --git a/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch b/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch new file mode 100644 index 000000000000..e41fcc650856 --- /dev/null +++ b/sys-apps/firejail/files/firejail-0.9.74-firecfg.config.patch @@ -0,0 +1,73 @@ +diff '--color=auto' -urP firejail-0.9.74.orig/src/firecfg/firecfg.config firejail-0.9.74/src/firecfg/firecfg.config +--- firejail-0.9.74.orig/src/firecfg/firecfg.config 2025-03-19 05:33:03.000000000 -0600 ++++ firejail-0.9.74/src/firecfg/firecfg.config 2025-04-24 15:52:18.691898643 -0600 +@@ -243,7 +243,8 @@ + electron-mail + electrum + element-desktop +-elinks ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#elinks + empathy + enchant + enchant-2 +@@ -295,7 +296,8 @@ + fluffychat + foliate + font-manager +-fontforge ++# Breaks emerge/portage on Gentoo ++#fontforge + fossamail + four-in-a-row + fractal +@@ -548,7 +550,8 @@ + luminance-hdr + lximage-qt + lxmusic +-lynx ++# Breaks emerge/portage on Gentoo: 'too many environment variables' ++#lynx + lyriek + lyx + #lz4 # disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) +@@ -638,7 +641,8 @@ + musictube + musixmatch + mutool +-mutt ++# Breaks when configs are under ~/.mutt/ ++#mutt + mypaint + mypaint-ora-thumbnailer + natron +@@ -705,7 +709,8 @@ + palemoon + #pandoc + parole +-patch ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#patch + pavucontrol + pavucontrol-qt + pcsxr +@@ -853,7 +858,8 @@ + stellarium + straw-viewer + strawberry +-strings ++# Breaks emerge/portage on Gentoo ++#strings + studio.sh + subdownloader + sum +@@ -988,7 +994,8 @@ + weechat + weechat-curses + wesnoth +-wget ++# Breaks emerge/portage on Gentoo: 'too many environment variables', path issues ++#wget + wget2 + whalebird + whois diff --git a/sys-apps/firejail/firejail-0.9.74.ebuild b/sys-apps/firejail/firejail-0.9.74.ebuild new file mode 100644 index 000000000000..e808af1b7c86 --- /dev/null +++ b/sys-apps/firejail/firejail-0.9.74.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{11..13} ) + +inherit toolchain-funcs python-single-r1 linux-info + +DESCRIPTION="Security sandbox for any type of processes" +HOMEPAGE="https://firejail.wordpress.com/"; + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/netblue30/firejail.git"; + EGIT_BRANCH="master" + inherit git-r3 +else + SRC_URI="https://github.com/netblue30/${PN}/releases/download/${PV}/${P}.tar.xz"; + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="apparmor +chroot contrib +dbusproxy +file-transfer +globalcfg +network +private-home selinux test +userns X" +REQUIRED_USE="contrib? ( ${PYTHON_REQUIRED_USE} )" +# Needs a lot of work to function within sandbox/portage. Can look at the alternative +# test targets in Makefile too, bug #769731 +RESTRICT="test" + +RDEPEND=" + !sys-apps/firejail-lts + apparmor? ( sys-libs/libapparmor ) + contrib? ( ${PYTHON_DEPS} ) + dbusproxy? ( sys-apps/xdg-dbus-proxy ) + selinux? ( sys-libs/libselinux ) +" +DEPEND=" + ${RDEPEND} + sys-libs/libseccomp + test? ( dev-tcltk/expect ) +" + +PATCHES=( + "${FILESDIR}/${PN}-0.9.70-envlimits.patch" + "${FILESDIR}/${PN}-0.9.74-firecfg.config.patch" +) + +pkg_setup() { + CONFIG_CHECK="~SQUASHFS" + local ERROR_SQUASHFS="CONFIG_SQUASHFS: required for firejail --appimage mode" + check_extra_config + + use contrib && python-single-r1_pkg_setup +} + +src_prepare() { + default + + # Our toolchain already sets SSP by default but forcing it causes problems + # on arches which don't support it. As for F_S, we again set it by defualt + # in our toolchain, but forcing F_S=2 is actually a downgrade if 3 is set. + sed -i \ + -e 's:-fstack-protector-all::' \ + -e 's:-D_FORTIFY_SOURCE=2::' \ + src/so.mk src/prog.mk || die + + find -type f -name Makefile -exec sed -i -r -e '/CFLAGS/s: (-O2|-ggdb) : :g' {} + || die + + # Fix up hardcoded paths to templates and docs + local files=$(grep -E -l -r '/usr/share/doc/firejail([^-]|$)' ./RELNOTES ./src/man/ ./etc/profile*/ ./test/ || die) + for file in ${files[@]} ; do + sed -i -r -e "s:/usr/share/doc/firejail([^-]|\$):/usr/share/doc/${PF}\1:" "${file}" || die + done + + # remove compression of man pages + sed -i -r -e '/rm -f \$\$man.gz; \\/d; /gzip -9n \$\$man; \\/d; s|\*\.([[:digit:]])\) install -m 0644 \$\$man\.gz|\*\.\1\) install -m 0644 \$\$man|g' Makefile || die + + if use contrib; then + python_fix_shebang -f contrib/*.py + fi +} + +src_configure() { + local myeconfargs=( + --disable-fatal-warnings + --disable-firetunnel + --disable-lts + --enable-suid + $(use_enable apparmor) + $(use_enable chroot) + $(use_enable dbusproxy) + $(use_enable file-transfer) + $(use_enable globalcfg) + $(use_enable network) + $(use_enable private-home) + $(use_enable selinux) + $(use_enable userns) + $(use_enable X x11) + ) + + econf "${myeconfargs[@]}" + + cat > 99firejail <<-EOF || die + SANDBOX_WRITE="/run/firejail" + EOF +} + +src_compile() { + emake CC="$(tc-getCC)" +} + +src_test() { + emake test-utils test-sysutils +} + +src_install() { + default + + # Gentoo-specific profile customizations + insinto /etc/${PN} + local profile_local + for profile_local in "${FILESDIR}"/profile_*local ; do + newins "${profile_local}" "${profile_local/\/*profile_/}" + done + + # Prevent sandbox violations when toolchain is firejailed + insinto /etc/sandbox.d + doins 99firejail + + rm "${ED}"/usr/share/doc/${PF}/COPYING || die + + if use contrib; then + python_scriptinto /usr/$(get_libdir)/firejail + python_doscript contrib/*.py + insinto /usr/$(get_libdir)/firejail + dobin contrib/*.sh + fi +}
