diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-05-13 13:07:07 +0300 |
---|---|---|
committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2020-05-14 13:10:14 +0000 |
commit | 87e7b313997b1d2be6553cfb22fef71b74c84ea6 (patch) | |
tree | cf1fc8d97a0f414a589043a0664d427b0009d997 | |
parent | add new profile: plv (#3410) (diff) | |
download | firejail-87e7b313997b1d2be6553cfb22fef71b74c84ea6.tar.gz firejail-87e7b313997b1d2be6553cfb22fef71b74c84ea6.tar.zst firejail-87e7b313997b1d2be6553cfb22fef71b74c84ea6.zip |
Configure Debian package with AA and SELinux options
Configure Debian package with AA and SELinux options if they are
enabled.
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile.in | 6 | ||||
-rwxr-xr-x | configure | 8 | ||||
-rw-r--r-- | configure.ac | 1 | ||||
-rwxr-xr-x | mkdeb.sh | 56 | ||||
-rwxr-xr-x | mkdeb.sh.in (renamed from mkdeb-apparmor.sh) | 24 |
6 files changed, 32 insertions, 64 deletions
diff --git a/.gitignore b/.gitignore index 39380446b..70ced1a99 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -19,6 +19,7 @@ firejail-users.5 | |||
19 | firejail.1 | 19 | firejail.1 |
20 | firemon.1 | 20 | firemon.1 |
21 | firecfg.1 | 21 | firecfg.1 |
22 | mkdeb.sh | ||
22 | src/firejail/firejail | 23 | src/firejail/firejail |
23 | src/firemon/firemon | 24 | src/firemon/firemon |
24 | src/firecfg/firecfg | 25 | src/firecfg/firecfg |
diff --git a/Makefile.in b/Makefile.in index 0da33544c..e811758e6 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -183,7 +183,7 @@ uninstall: | |||
183 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg | 183 | rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg |
184 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)/$(sysconfdir)/firejail', see #2038." | 184 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)/$(sysconfdir)/firejail', see #2038." |
185 | 185 | ||
186 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkdeb-apparmor.sh COPYING README RELNOTES" | 186 | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" |
187 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" | 187 | DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot" |
188 | 188 | ||
189 | dist: | 189 | dist: |
@@ -202,10 +202,10 @@ dist: | |||
202 | asc:; ./mkasc.sh $(VERSION) | 202 | asc:; ./mkasc.sh $(VERSION) |
203 | 203 | ||
204 | deb: dist | 204 | deb: dist |
205 | ./mkdeb.sh $(NAME) $(VERSION) | 205 | ./mkdeb.sh |
206 | 206 | ||
207 | deb-apparmor: dist | 207 | deb-apparmor: dist |
208 | ./mkdeb-apparmor.sh $(NAME) $(VERSION) | 208 | ./mkdeb.sh -apparmor |
209 | 209 | ||
210 | test-compile: dist | 210 | test-compile: dist |
211 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) | 211 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) |
@@ -4186,6 +4186,8 @@ if test "$prefix" = /usr; then | |||
4186 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" | 4186 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" |
4187 | fi | 4187 | fi |
4188 | 4188 | ||
4189 | ac_config_files="$ac_config_files mkdeb.sh" | ||
4190 | |||
4189 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile" | 4191 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile src/profstats/Makefile" |
4190 | 4192 | ||
4191 | cat >confcache <<\_ACEOF | 4193 | cat >confcache <<\_ACEOF |
@@ -4895,6 +4897,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4895 | for ac_config_target in $ac_config_targets | 4897 | for ac_config_target in $ac_config_targets |
4896 | do | 4898 | do |
4897 | case $ac_config_target in | 4899 | case $ac_config_target in |
4900 | "mkdeb.sh") CONFIG_FILES="$CONFIG_FILES mkdeb.sh" ;; | ||
4898 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; | 4901 | "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; |
4899 | "src/common.mk") CONFIG_FILES="$CONFIG_FILES src/common.mk" ;; | 4902 | "src/common.mk") CONFIG_FILES="$CONFIG_FILES src/common.mk" ;; |
4900 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; | 4903 | "src/lib/Makefile") CONFIG_FILES="$CONFIG_FILES src/lib/Makefile" ;; |
@@ -5333,6 +5336,11 @@ which seems to be undefined. Please make sure it is defined" >&2;} | |||
5333 | 5336 | ||
5334 | esac | 5337 | esac |
5335 | 5338 | ||
5339 | |||
5340 | case $ac_file$ac_mode in | ||
5341 | "mkdeb.sh":F) chmod +x mkdeb.sh ;; | ||
5342 | |||
5343 | esac | ||
5336 | done # for ac_tag | 5344 | done # for ac_tag |
5337 | 5345 | ||
5338 | 5346 | ||
diff --git a/configure.ac b/configure.ac index 8cf170c80..feb0b38a6 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -204,6 +204,7 @@ if test "$prefix" = /usr; then | |||
204 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" | 204 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" |
205 | fi | 205 | fi |
206 | 206 | ||
207 | AC_CONFIG_FILES([mkdeb.sh], [chmod +x mkdeb.sh]) | ||
207 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ | 208 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ |
208 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ | 209 | src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile \ |
209 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ | 210 | src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile \ |
diff --git a/mkdeb.sh b/mkdeb.sh deleted file mode 100755 index dd784eb8a..000000000 --- a/mkdeb.sh +++ /dev/null | |||
@@ -1,56 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2020 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | # based on http://tldp.org/HOWTO/html_single/Debian-Binary-Package-Building-HOWTO/ | ||
7 | # a code archive should already be available | ||
8 | |||
9 | set -e | ||
10 | |||
11 | TOP=`pwd` | ||
12 | CODE_ARCHIVE="$1-$2.tar.xz" | ||
13 | CODE_DIR="$1-$2" | ||
14 | INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" | ||
15 | DEBIAN_CTRL_DIR="${DEBIAN_CTRL_DIR}${CODE_DIR}/debian/DEBIAN" | ||
16 | |||
17 | echo "*****************************************" | ||
18 | echo "code archive: $CODE_ARCHIVE" | ||
19 | echo "code directory: $CODE_DIR" | ||
20 | echo "install directory: $INSTALL_DIR" | ||
21 | echo "debian control directory: $DEBIAN_CTRL_DIR" | ||
22 | echo "*****************************************" | ||
23 | |||
24 | tar -xJvf $CODE_ARCHIVE | ||
25 | #mkdir -p $INSTALL_DIR | ||
26 | cd $CODE_DIR | ||
27 | ./configure --prefix=/usr | ||
28 | make -j2 | ||
29 | mkdir debian | ||
30 | DESTDIR=debian make install-strip | ||
31 | |||
32 | cd .. | ||
33 | echo "*****************************************" | ||
34 | SIZE=`du -s $INSTALL_DIR` | ||
35 | echo "install size $SIZE" | ||
36 | echo "*****************************************" | ||
37 | |||
38 | mv $INSTALL_DIR/usr/share/doc/firejail/RELNOTES $INSTALL_DIR/usr/share/doc/firejail/changelog.Debian | ||
39 | gzip -9 -n $INSTALL_DIR/usr/share/doc/firejail/changelog.Debian | ||
40 | rm $INSTALL_DIR/usr/share/doc/firejail/COPYING | ||
41 | install -m644 platform/debian/copyright $INSTALL_DIR/usr/share/doc/firejail/. | ||
42 | mkdir -p $DEBIAN_CTRL_DIR | ||
43 | sed "s/FIREJAILVER/$2/g" platform/debian/control.$(dpkg-architecture -qDEB_HOST_ARCH) > $DEBIAN_CTRL_DIR/control | ||
44 | |||
45 | mkdir -p $INSTALL_DIR/usr/share/lintian/overrides/ | ||
46 | install -m644 platform/debian/firejail.lintian-overrides $INSTALL_DIR/usr/share/lintian/overrides/firejail | ||
47 | |||
48 | find $INSTALL_DIR/etc -type f | sed "s,^$INSTALL_DIR,," | LC_ALL=C sort > $DEBIAN_CTRL_DIR/conffiles | ||
49 | chmod 644 $DEBIAN_CTRL_DIR/conffiles | ||
50 | find $INSTALL_DIR -type d | xargs chmod 755 | ||
51 | cd $CODE_DIR | ||
52 | fakeroot dpkg-deb --build debian | ||
53 | lintian debian.deb | ||
54 | mv debian.deb ../firejail_$2_1_$(dpkg-architecture -qDEB_HOST_ARCH).deb | ||
55 | cd .. | ||
56 | rm -fr $CODE_DIR | ||
diff --git a/mkdeb-apparmor.sh b/mkdeb.sh.in index 3c560179c..efb477920 100755 --- a/mkdeb-apparmor.sh +++ b/mkdeb.sh.in | |||
@@ -7,10 +7,24 @@ | |||
7 | # a code archive should already be available | 7 | # a code archive should already be available |
8 | 8 | ||
9 | set -e | 9 | set -e |
10 | NAME=@PACKAGE_NAME@ | ||
11 | VERSION=@PACKAGE_VERSION@ | ||
12 | PACKAGE_TARNAME=@PACKAGE_TARNAME@ | ||
13 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
14 | HAVE_SELINUX=@HAVE_SELINUX@ | ||
15 | EXTRA_VERSION=$1 | ||
16 | |||
17 | CONFIG_ARGS="--prefix=/usr" | ||
18 | if [ -n "$HAVE_APPARMOR" ]; then | ||
19 | CONFIG_ARGS="$CONFIG_ARGS --enable-apparmor" | ||
20 | fi | ||
21 | if [ -n "$HAVE_SELINUX" ]; then | ||
22 | CONFIG_ARGS="$CONFIG_ARGS --enable-selinux" | ||
23 | fi | ||
10 | 24 | ||
11 | TOP=`pwd` | 25 | TOP=`pwd` |
12 | CODE_ARCHIVE="$1-$2.tar.xz" | 26 | CODE_ARCHIVE="$NAME-$VERSION.tar.xz" |
13 | CODE_DIR="$1-$2" | 27 | CODE_DIR="$NAME-$VERSION" |
14 | INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" | 28 | INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" |
15 | DEBIAN_CTRL_DIR="${DEBIAN_CTRL_DIR}${CODE_DIR}/debian/DEBIAN" | 29 | DEBIAN_CTRL_DIR="${DEBIAN_CTRL_DIR}${CODE_DIR}/debian/DEBIAN" |
16 | 30 | ||
@@ -24,7 +38,7 @@ echo "*****************************************" | |||
24 | tar -xJvf $CODE_ARCHIVE | 38 | tar -xJvf $CODE_ARCHIVE |
25 | #mkdir -p $INSTALL_DIR | 39 | #mkdir -p $INSTALL_DIR |
26 | cd $CODE_DIR | 40 | cd $CODE_DIR |
27 | ./configure --prefix=/usr --enable-apparmor | 41 | ./configure $CONFIG_ARGS |
28 | make -j2 | 42 | make -j2 |
29 | mkdir debian | 43 | mkdir debian |
30 | DESTDIR=debian make install-strip | 44 | DESTDIR=debian make install-strip |
@@ -40,7 +54,7 @@ gzip -9 -n $INSTALL_DIR/usr/share/doc/firejail/changelog.Debian | |||
40 | rm $INSTALL_DIR/usr/share/doc/firejail/COPYING | 54 | rm $INSTALL_DIR/usr/share/doc/firejail/COPYING |
41 | install -m644 platform/debian/copyright $INSTALL_DIR/usr/share/doc/firejail/. | 55 | install -m644 platform/debian/copyright $INSTALL_DIR/usr/share/doc/firejail/. |
42 | mkdir -p $DEBIAN_CTRL_DIR | 56 | mkdir -p $DEBIAN_CTRL_DIR |
43 | sed "s/FIREJAILVER/$2/g" platform/debian/control.$(dpkg-architecture -qDEB_HOST_ARCH) > $DEBIAN_CTRL_DIR/control | 57 | sed "s/FIREJAILVER/$VERSION/g" platform/debian/control.$(dpkg-architecture -qDEB_HOST_ARCH) > $DEBIAN_CTRL_DIR/control |
44 | 58 | ||
45 | mkdir -p $INSTALL_DIR/usr/share/lintian/overrides/ | 59 | mkdir -p $INSTALL_DIR/usr/share/lintian/overrides/ |
46 | install -m644 platform/debian/firejail.lintian-overrides $INSTALL_DIR/usr/share/lintian/overrides/firejail | 60 | install -m644 platform/debian/firejail.lintian-overrides $INSTALL_DIR/usr/share/lintian/overrides/firejail |
@@ -51,6 +65,6 @@ find $INSTALL_DIR -type d | xargs chmod 755 | |||
51 | cd $CODE_DIR | 65 | cd $CODE_DIR |
52 | fakeroot dpkg-deb --build debian | 66 | fakeroot dpkg-deb --build debian |
53 | lintian debian.deb | 67 | lintian debian.deb |
54 | mv debian.deb ../firejail-apparmor_$2_1_$(dpkg-architecture -qDEB_HOST_ARCH).deb | 68 | mv debian.deb ../firejail_${VERSION}${EXTRA_VERSION}_1_$(dpkg-architecture -qDEB_HOST_ARCH).deb |
55 | cd .. | 69 | cd .. |
56 | rm -fr $CODE_DIR | 70 | rm -fr $CODE_DIR |