diff options
author | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-08-08 19:12:30 -0400 |
commit | 1379851360349d6617ad32944a25ee5e2bb74fc2 (patch) | |
tree | f69b48e90708bfa3c2723d5a27ed3e024c827b43 /platform/rpm/mkrpm.sh | |
parent | delete files (diff) | |
download | firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.gz firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.tar.zst firejail-1379851360349d6617ad32944a25ee5e2bb74fc2.zip |
Baseline firejail 0.9.28
Diffstat (limited to 'platform/rpm/mkrpm.sh')
-rwxr-xr-x | platform/rpm/mkrpm.sh | 256 |
1 files changed, 256 insertions, 0 deletions
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh new file mode 100755 index 000000000..adac1de46 --- /dev/null +++ b/platform/rpm/mkrpm.sh | |||
@@ -0,0 +1,256 @@ | |||
1 | #!/bin/bash | ||
2 | VERSION="0.9.26" | ||
3 | rm -fr ~/rpmbuild | ||
4 | rm -f firejail-$VERSION-1.x86_64.rpm | ||
5 | |||
6 | mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp} | ||
7 | cat <<EOF >~/.rpmmacros | ||
8 | %_topdir %(echo $HOME)/rpmbuild | ||
9 | %_tmppath %{_topdir}/tmp | ||
10 | EOF | ||
11 | |||
12 | cd ~/rpmbuild | ||
13 | echo "building directory tree" | ||
14 | |||
15 | mkdir -p firejail-$VERSION/usr/bin | ||
16 | install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/. | ||
17 | install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/. | ||
18 | |||
19 | mkdir -p firejail-$VERSION/usr/lib/firejail | ||
20 | install -m 644 /usr/lib/firejail/libtrace.so firejail-$VERSION/usr/lib/firejail/. | ||
21 | install -m 755 /usr/lib/firejail/ftee firejail-$VERSION/usr/lib/firejail/. | ||
22 | |||
23 | mkdir -p firejail-$VERSION/usr/share/man/man1 | ||
24 | install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/. | ||
25 | install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/. | ||
26 | |||
27 | mkdir -p firejail-$VERSION/usr/share/man/man5 | ||
28 | install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/. | ||
29 | |||
30 | mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail | ||
31 | install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/. | ||
32 | install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/. | ||
33 | install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/. | ||
34 | |||
35 | mkdir -p firejail-$VERSION/etc/firejail | ||
36 | install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile | ||
37 | install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile | ||
38 | install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile | ||
39 | install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc | ||
40 | install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc | ||
41 | install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile | ||
42 | install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile | ||
43 | install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile | ||
44 | install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile | ||
45 | install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile | ||
46 | install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile | ||
47 | install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile | ||
48 | install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile | ||
49 | install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile | ||
50 | install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile | ||
51 | install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile | ||
52 | install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile | ||
53 | install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile | ||
54 | install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile | ||
55 | install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile | ||
56 | install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile | ||
57 | install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile | ||
58 | install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile | ||
59 | install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users | ||
60 | |||
61 | mkdir -p firejail-$VERSION/usr/share/bash-completion/completions | ||
62 | install -m 644 /usr/share/bash-completion/completions/firejail firejail-$VERSION/usr/share/bash-completion/completions/. | ||
63 | |||
64 | echo "building tar.gz archive" | ||
65 | tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION | ||
66 | |||
67 | cp firejail-$VERSION.tar.gz SOURCES/. | ||
68 | |||
69 | echo "building config spec" | ||
70 | cat <<EOF > SPECS/firejail.spec | ||
71 | %define __spec_install_post %{nil} | ||
72 | %define debug_package %{nil} | ||
73 | %define __os_install_post %{_dbpath}/brp-compress | ||
74 | |||
75 | Summary: Linux namepaces sandbox program | ||
76 | Name: firejail | ||
77 | Version: $VERSION | ||
78 | Release: 1 | ||
79 | License: GPL+ | ||
80 | Group: Development/Tools | ||
81 | SOURCE0 : %{name}-%{version}.tar.gz | ||
82 | URL: http://firejail.sourceforege.net | ||
83 | |||
84 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root | ||
85 | |||
86 | %description | ||
87 | Firejail is a SUID sandbox program that reduces the risk of security | ||
88 | breaches by restricting the running environment of untrusted applications | ||
89 | using Linux namespaces. It includes a sandbox profile for Mozilla Firefox. | ||
90 | |||
91 | %prep | ||
92 | %setup -q | ||
93 | |||
94 | %build | ||
95 | |||
96 | %install | ||
97 | rm -rf %{buildroot} | ||
98 | mkdir -p %{buildroot} | ||
99 | |||
100 | cp -a * %{buildroot} | ||
101 | |||
102 | |||
103 | %clean | ||
104 | rm -rf %{buildroot} | ||
105 | |||
106 | |||
107 | %files | ||
108 | %defattr(-,root,root,-) | ||
109 | %config(noreplace) %{_sysconfdir}/%{name}/chromium-browser.profile | ||
110 | %config(noreplace) %{_sysconfdir}/%{name}/chromium.profile | ||
111 | %config(noreplace) %{_sysconfdir}/%{name}/disable-mgmt.inc | ||
112 | %config(noreplace) %{_sysconfdir}/%{name}/disable-secret.inc | ||
113 | %config(noreplace) %{_sysconfdir}/%{name}/dropbox.profile | ||
114 | %config(noreplace) %{_sysconfdir}/%{name}/evince.profile | ||
115 | %config(noreplace) %{_sysconfdir}/%{name}/firefox.profile | ||
116 | %config(noreplace) %{_sysconfdir}/%{name}/icedove.profile | ||
117 | %config(noreplace) %{_sysconfdir}/%{name}/iceweasel.profile | ||
118 | %config(noreplace) %{_sysconfdir}/%{name}/login.users | ||
119 | %config(noreplace) %{_sysconfdir}/%{name}/midori.profile | ||
120 | %config(noreplace) %{_sysconfdir}/%{name}/opera.profile | ||
121 | %config(noreplace) %{_sysconfdir}/%{name}/thunderbird.profile | ||
122 | %config(noreplace) %{_sysconfdir}/%{name}/transmission-gtk.profile | ||
123 | %config(noreplace) %{_sysconfdir}/%{name}/transmission-qt.profile | ||
124 | %config(noreplace) %{_sysconfdir}/%{name}/vlc.profile | ||
125 | %config(noreplace) %{_sysconfdir}/%{name}/audacious.profile | ||
126 | %config(noreplace) %{_sysconfdir}/%{name}/clementine.profile | ||
127 | %config(noreplace) %{_sysconfdir}/%{name}/gnome-mplayer.profile | ||
128 | %config(noreplace) %{_sysconfdir}/%{name}/rhythmbox.profile | ||
129 | %config(noreplace) %{_sysconfdir}/%{name}/totem.profile | ||
130 | %config(noreplace) %{_sysconfdir}/%{name}/deluge.profile | ||
131 | %config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile | ||
132 | %config(noreplace) %{_sysconfdir}/%{name}/generic.profile | ||
133 | |||
134 | /usr/bin/firejail | ||
135 | /usr/bin/firemon | ||
136 | /usr/lib/firejail/libtrace.so | ||
137 | /usr/lib/firejail/ftee | ||
138 | /usr/share/doc/packages/firejail/COPYING | ||
139 | /usr/share/doc/packages/firejail/README | ||
140 | /usr/share/doc/packages/firejail/RELNOTES | ||
141 | /usr/share/man/man1/firejail.1.gz | ||
142 | /usr/share/man/man1/firemon.1.gz | ||
143 | /usr/share/man/man5/firejail-profile.5.gz | ||
144 | /usr/share/bash-completion/completions/firejail | ||
145 | |||
146 | %post | ||
147 | chmod u+s /usr/bin/firejail | ||
148 | |||
149 | %changelog | ||
150 | * Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1 | ||
151 | - private dev directory | ||
152 | - private.keep option for whitelisting home files in a new private directory | ||
153 | - user namespaces support, noroot option | ||
154 | - added Deluge and qBittorent profiles | ||
155 | - bugfixes | ||
156 | |||
157 | * Sun Apr 5 2015 netblue30 <netblue30@yahoo.com> 0.9.24-1 | ||
158 | - whitelist and blacklist seccomp filters | ||
159 | - doubledash option | ||
160 | - --shell=none support | ||
161 | - netfilter file support in profile files | ||
162 | - dns server support in profile files | ||
163 | - added --dns.print option | ||
164 | - added default profiles for Audoacious, Clementine, Rhythmbox and Totem. | ||
165 | - added --caps.drop=all in default profiles | ||
166 | - new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp | ||
167 | - clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init | ||
168 | - Bugfix: using /proc/sys/kernel/pid_max for the max number of pids | ||
169 | - two build patches from Reiner Herman (tickets 11, 12) | ||
170 | - man page patch from Reiner Herman (ticket 13) | ||
171 | - output patch (ticket 15) from sshirokov | ||
172 | |||
173 | * Mon Mar 9 2015 netblue30 <netblue30@yahoo.com> 0.9.22-1 | ||
174 | - Replaced --noip option with --ip=none | ||
175 | - Container stdout logging and log rotation | ||
176 | - Added process_vm_readv, process_vm_writev and mknod to | ||
177 | default seccomp blacklist | ||
178 | - Added CAP_MKNOD to default caps blacklist | ||
179 | - Blacklist and whitelist custom Linux capabilities filters | ||
180 | - macvlan device driver support for --net option | ||
181 | - DNS server support, --dns option | ||
182 | - Netfilter support | ||
183 | - Monitor network statistics, --netstats option | ||
184 | - Added profile for Mozilla Thunderbird/Icedove | ||
185 | - --overlay support for Linux kernels 3.18+ | ||
186 | - Bugfix: preserve .Xauthority file in private mode (test with ssh -X) | ||
187 | - Bugfix: check uid/gid for cgroup | ||
188 | |||
189 | * Fri Feb 6 2015 netblue30 <netblue30@yahoo.com> 0.9.20-1 | ||
190 | - utmp, btmp and wtmp enhancements | ||
191 | - create empty /var/log/wtmp and /var/log/btmp files in sandbox | ||
192 | - generate a new /var/run/utmp file in sandbox | ||
193 | - CPU affinity, --cpu option | ||
194 | - Linux control groups support, --cgroup option | ||
195 | - Opera web browser support | ||
196 | - VLC support | ||
197 | - Added "empty" attribute to seccomp command to remove the default | ||
198 | - syscall list form seccomp blacklist | ||
199 | - Added --nogroups option to disable supplementary groups for regular | ||
200 | - users. root user always runs without supplementary groups. | ||
201 | - firemon enhancements | ||
202 | - display the command that started the sandbox | ||
203 | - added --caps option to display capabilities for all sandboxes | ||
204 | - added --cgroup option to display the control groups for all sandboxes | ||
205 | - added --cpu option to display CPU affinity for all sandboxes | ||
206 | - added --seccomp option to display seccomp setting for all sandboxes | ||
207 | - New compile time options: --disable-chroot, --disable-bind | ||
208 | - bugfixes | ||
209 | |||
210 | * Sat Dec 27 2014 netblue30 <netblue30@yahoo.com> 0.9.18-1 | ||
211 | - Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls | ||
212 | - Support for tracing setreuid, setregid, setresuid, setresguid syscalls | ||
213 | - Added profiles for transmission-gtk and transmission-qt | ||
214 | - bugfixes | ||
215 | |||
216 | * Tue Nov 4 2014 netblue30 <netblue30@yahoo.com> 0.9.16-1 | ||
217 | - Configurable private home directory | ||
218 | - Configurable default user shell | ||
219 | - Software configuration support for --docdir and DESTDIR | ||
220 | - Profile file support for include, caps, seccomp and private keywords | ||
221 | - Dropbox profile file | ||
222 | - Linux capabilities and seccomp filters enabled by default for Firefox, | ||
223 | Midori, Evince and Dropbox | ||
224 | - bugfixes | ||
225 | |||
226 | * Wed Oct 8 2014 netblue30 <netblue30@yahoo.com> 0.9.14-1 | ||
227 | - Linux capabilities and seccomp filters are automatically enabled in | ||
228 | chroot mode (--chroot option) if the sandbox is started as regular | ||
229 | user | ||
230 | - Added support for user defined seccomp blacklists | ||
231 | - Added syscall trace support | ||
232 | - Added --tmpfs option | ||
233 | - Added --balcklist option | ||
234 | - Added --read-only option | ||
235 | - Added --bind option | ||
236 | - Logging enhancements | ||
237 | - --overlay option was reactivated | ||
238 | - Added firemon support to print the ARP table for each sandbox | ||
239 | - Added firemon support to print the route table for each sandbox | ||
240 | - Added firemon support to print interface information for each sandbox | ||
241 | - bugfixes | ||
242 | |||
243 | * Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1 | ||
244 | - Added capabilities support | ||
245 | - Added support for CentOS 7 | ||
246 | - bugfixes | ||
247 | |||
248 | EOF | ||
249 | |||
250 | echo "building rpm" | ||
251 | rpmbuild -ba SPECS/firejail.spec | ||
252 | rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm | ||
253 | cd .. | ||
254 | rm -f firejail-$VERSION-1.x86_64.rpm | ||
255 | cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm . | ||
256 | |||