merget #78 - standalone rpm spec

author: netblue30 <netblue30@yahoo.com> 2015-10-11 08:27:22 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-11 08:27:22 -0400
commit: a84e62e9b9517a91c88cedf74051f039758a2b30 (patch)
tree: 34b3e471d978fe02a55a751e092ffe2859d47f1b /platform/rpm
parent: Merge pull request #77 from pyther/master (diff)
download: firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.tar.gz
firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.tar.zst
firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.zip
2 files changed, 237 insertions, 76 deletions
diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec
new file mode 100644
index 000000000..d50ab7eca
--- /dev/null
+++ b/platform/rpm/firejail.spec
@@ -0,0 +1,184 @@
+Name: firejail
+Version: 0.9.30
+Release: 1
+Summary: Linux namepaces sandbox program
+License: GPL+
+Group: Development/Tools
+Source0: https://github.com/netblue30/firejail/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+URL: http://firejail.sourceforege.net
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+%description
+Firejail  is  a  SUID sandbox program that reduces the risk of security
+breaches by restricting the running environment of untrusted applications
+using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
+%prep
+%setup -q
+%build
+%configure
+make %{?_smp_mflags}
+%install
+rm -rf %{buildroot}
+%make_install
+%clean
+rm -rf %{buildroot}
+%files
+%doc
+%defattr(-, root, root, -)
+%attr(4755, -, -) %{_bindir}/firejail
+%{_bindir}/firemon
+%{_libdir}/firejail/ftee
+%{_libdir}/firejail/fshaper.sh
+%{_libdir}/firejail/libtrace.so
+%{_datarootdir}/bash-completion/completions/firejail
+%{_datarootdir}/bash-completion/completions/firemon
+%{_docdir}/firejail
+%{_mandir}/man1/firejail.1.gz
+%{_mandir}/man1/firemon.1.gz
+%{_mandir}/man5/firejail-login.5.gz
+%{_mandir}/man5/firejail-profile.5.gz
+%config %{_sysconfdir}/firejail
+%changelog
+* Mon Sep 14 2015 netblue30 <netblue30@yahoo.com> 0.9.30-1
+ - added a disable-history.inc profile as a result of Firefox PDF.js exploit;
+   disable-history.inc included in all default profiles
+ - Firefox PDF.js exploit (CVE-2015-4495) fixes
+ - added --private-etc option
+ - added --env option
+ - added --whitelist option
+ - support ${HOME} token in include directive in profile files
+ - --private.keep is transitioned to --private-home
+ - support ~ and blanks in blacklist option
+ - support "net none" command in profile files
+ - using /etc/firejail/generic.profile by default for user sessions
+ - using /etc/firejail/server.profile by default for root sessions
+ - added build --enable-fatal-warnings configure option
+ - added persistence to --overlay option
+ - added --overlay-tmpfs option
+ - make install-strip implemented, make install renamed
+ - bugfixes
+* Sat Aug 1 2015 netblue30 <netblue30@yahoo.com> 0.9.28-1
+ - network scanning, --scan option
+ - interface MAC address support, --mac option
+ - IP address range, --iprange option
+ - traffic shaping, --bandwidth option
+ - reworked printing of network status at startup
+ - man pages rework
+ - added firejail-login man page
+ - added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
+   profiles
+ - added an /etc/firejail/disable-common.inc file to hold common directory
+   blacklists
+ - blacklist Opera and Chrome/Chromium config directories in profile files
+ - support noroot option for profile files
+ - enabled noroot in default profile files
+ - bugfixes
+* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
+ - private dev directory
+ - private.keep option for whitelisting home files in a new private directory
+ - user namespaces support, noroot option
+ - added Deluge and qBittorent profiles
+ - bugfixes
+* Sun Apr 5 2015  netblue30 <netblue30@yahoo.com> 0.9.24-1
+ - whitelist and blacklist seccomp filters
+ - doubledash option
+ - --shell=none support
+ - netfilter file support in profile files
+ - dns server support in profile files
+ - added --dns.print option
+ - added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
+ - added --caps.drop=all in default profiles
+ - new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
+ -        clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
+ - Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
+ - two build patches from Reiner Herman (tickets 11, 12)
+ - man page patch from Reiner Herman (ticket 13)
+ - output patch (ticket 15) from sshirokov
+* Mon Mar 9 2015  netblue30 <netblue30@yahoo.com> 0.9.22-1
+ - Replaced --noip option with --ip=none
+ - Container stdout logging and log rotation
+ - Added process_vm_readv, process_vm_writev and mknod to
+     default seccomp blacklist
+ - Added CAP_MKNOD to default caps blacklist
+ - Blacklist and whitelist custom Linux capabilities filters
+ - macvlan device driver support for --net option
+ - DNS server support, --dns option
+ - Netfilter support
+ - Monitor network statistics, --netstats option
+ - Added profile for Mozilla Thunderbird/Icedove
+ - --overlay support for Linux kernels 3.18+
+ - Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
+ - Bugfix: check uid/gid for cgroup
+* Fri Feb 6 2015   netblue30 <netblue30@yahoo.com> 0.9.20-1
+ - utmp, btmp and wtmp enhancements
+ -    create empty /var/log/wtmp and /var/log/btmp files in sandbox
+ -    generate a new /var/run/utmp file in sandbox
+ - CPU affinity, --cpu option
+ - Linux control groups support, --cgroup option
+ - Opera web browser support
+ - VLC support
+ - Added "empty" attribute to seccomp command to remove the default
+ -    syscall list form seccomp blacklist
+ - Added --nogroups option to disable supplementary groups for regular
+ -   users. root user always runs without supplementary groups.
+ - firemon enhancements
+ -   display the command that started the sandbox
+ -   added --caps option to display capabilities for all sandboxes
+ -   added --cgroup option to display the control groups for all sandboxes
+ -   added --cpu option to display CPU affinity for all sandboxes
+ -   added --seccomp option to display seccomp setting for all sandboxes
+ - New compile time options: --disable-chroot, --disable-bind
+ - bugfixes
+* Sat Dec 27 2014  netblue30 <netblue30@yahoo.com> 0.9.18-1
+ - Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
+ - Support for tracing setreuid, setregid, setresuid, setresguid syscalls
+ - Added profiles for transmission-gtk and transmission-qt
+ - bugfixes
+* Tue Nov 4 2014  netblue30 <netblue30@yahoo.com> 0.9.16-1
+ - Configurable private home directory
+ - Configurable default user shell
+ - Software configuration support for --docdir and DESTDIR
+ - Profile file support for include, caps, seccomp and private keywords
+ - Dropbox profile file
+ - Linux capabilities and seccomp filters enabled by default for Firefox,
+  Midori, Evince and Dropbox
+ - bugfixes
+* Wed Oct 8 2014  netblue30 <netblue30@yahoo.com> 0.9.14-1
+ - Linux capabilities and seccomp filters are automatically enabled in 
+   chroot mode (--chroot option) if the sandbox is started as regular
+   user
+ - Added support for user defined seccomp blacklists
+ - Added syscall trace support
+ - Added --tmpfs option
+ - Added --balcklist option
+ - Added --read-only option
+ - Added --bind option
+ - Logging enhancements
+ - --overlay option was reactivated
+ - Added firemon support to print the ARP table for each sandbox
+ - Added firemon support to print the route table for each sandbox
+ - Added firemon support to print interface information for each sandbox
+ - bugfixes
+* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
+ - Added capabilities support
+ - Added support for CentOS 7
+ - bugfixes
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh
index 2e17fdfc1..3daede84c 100755
--- a/platform/rpm/mkrpm.sh
+++ b/platform/rpm/mkrpm.sh
@@ -1,80 +1,52 @@
 #!/bin/bash
-VERSION="0.9.30"
+#
-rm -fr ~/rpmbuild
+# Usage: ./mkrpm.sh
-rm -f firejail-$VERSION-1.x86_64.rpm
+#        ./mkrpm.sh /path/to/firejail-0.9.30.tar.gz
+#
-mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}
+# Script builds rpm in a temporary directory and places the built rpm in the
-cat <<EOF >~/.rpmmacros
+# current working directory.
-%_topdir   %(echo $HOME)/rpmbuild
-%_tmppath  %{_topdir}/tmp
-EOF
+source=$1
-cd ~/rpmbuild
+create_tmp_dir() {
-echo "building directory tree"
+    tmpdir=$(mktemp -d)
+    mkdir -p ${tmpdir}/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
-mkdir -p firejail-$VERSION/usr/bin
+}
-install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.
-install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
+# copy or download source
-mkdir -p  firejail-$VERSION/usr/lib/firejail
+if [[ $source ]]; then
-install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
-install -m 755 /usr/lib/firejail/ftee  firejail-$VERSION/usr/lib/firejail/.
+    # check file exists
-install -m 755 /usr/lib/firejail/fshaper.sh  firejail-$VERSION/usr/lib/firejail/.
+    if [[ ! -f $source ]]; then
+        echo "$source does not exist!"
-mkdir -p firejail-$VERSION/usr/share/man/man1
+        exit 1
-install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
+    fi
-install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.
+    name=$(awk '/Name:/ {print $2}' firejail.spec)
-mkdir -p firejail-$VERSION/usr/share/man/man5
+    version=$(awk '/Version:/ {print $2}' firejail.spec)
-install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
+    expected_filename="${name}-${version}.tar.gz"
-install -m 644 /usr/share/man/man5/firejail-login.5.gz firejail-$VERSION/usr/share/man/man5/.
+    # ensure file name matches spec file expets
-mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
+    if [[ $(basename $source) != $expected_filename ]]; then
-install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
+        echo "source ($source) does not match expected filename ($(basename $expected_filename))"
-install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.
+        exit 1
-install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
+    fi
-mkdir -p firejail-$VERSION/etc/firejail
+    create_tmp_dir
-install -m 644 /etc/firejail/xchat.profile firejail-$VERSION/etc/firejail/xchat.profile
+    cp ${source} ${tmpdir}/SOURCES
-install -m 644 /etc/firejail/server.profile firejail-$VERSION/etc/firejail/server.profile
+else
-install -m 644 /etc/firejail/quassel.profile firejail-$VERSION/etc/firejail/quassel.profile
+  create_tmp_dir
-install -m 644 /etc/firejail/pidgin.profile firejail-$VERSION/etc/firejail/pidgin.profile
+  if ! spectool -C ${tmpdir}/SOURCES -g firejail.spec; then
-install -m 644 /etc/firejail/icecat.profile firejail-$VERSION/etc/firejail/icecat.profile
+    echo "Failed to fetch firejail source code"
-install -m 644 /etc/firejail/filezilla.profile firejail-$VERSION/etc/firejail/filezilla.profile
+    exit 1
-install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
+  fi
-install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
+fi
-install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
-install -m 644 /etc/firejail/disable-common.inc firejail-$VERSION/etc/firejail/disable-common.inc
+cp ./firejail.spec "${tmpdir}/SPECS/firejail.spec"
-install -m 644 /etc/firejail/disable-history.inc firejail-$VERSION/etc/firejail/disable-history.inc
-install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
+<<<<<<< HEAD
-install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
-install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
-install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
-install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
-install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
-install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
-install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
-install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
-install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
-install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
-install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
-install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
-install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
-install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
-install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
-install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
-install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
-install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
-install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
-install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
-install -m 644 /etc/firejail/deadbeef.profile firejail-$VERSION/etc/firejail/deadbeef.profile
-install -m 644 /etc/firejail/empathy.profile firejail-$VERSION/etc/firejail/empathy.profile
-mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
-install -m 644 /usr/share/bash-completion/completions/firejail  firejail-$VERSION/usr/share/bash-completion/completions/.
-install -m 644 /usr/share/bash-completion/completions/firemon  firejail-$VERSION/usr/share/bash-completion/completions/.
 echo "building tar.gz archive"
 tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
@@ -316,4 +288,9 @@ rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
 cd ..
 rm -f firejail-$VERSION-1.x86_64.rpm
 cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .
+=======
+rpmbuild --define "_topdir ${tmpdir}" -ba "${tmpdir}/SPECS/firejail.spec"
+>>>>>>> d69c2f8a62fca967460265dedd5afa62592264dd
+cp ${tmpdir}/RPMS/x86_64/firejail-*-1.x86_64.rpm .
+rm -rf "${tmpdir}"
author	netblue30 <netblue30@yahoo.com>	2015-10-11 08:27:22 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-11 08:27:22 -0400
commit	a84e62e9b9517a91c88cedf74051f039758a2b30 (patch)
tree	34b3e471d978fe02a55a751e092ffe2859d47f1b /platform/rpm
parent	Merge pull request #77 from pyther/master (diff)
download	firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.tar.gz firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.tar.zst firejail-a84e62e9b9517a91c88cedf74051f039758a2b30.zip

diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec new file mode 100644 index 000000000..d50ab7eca --- /dev/null +++ b/platform/rpm/firejail.spec
@@ -0,0 +1,184 @@
		1	Name: firejail
		2	Version: 0.9.30
		3	Release: 1
		4	Summary: Linux namepaces sandbox program
		5
		6	License: GPL+
		7	Group: Development/Tools
		8	Source0: https://github.com/netblue30/firejail/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
		9	URL: http://firejail.sourceforege.net
		10
		11	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
		12
		13	%description
		14	Firejail is a SUID sandbox program that reduces the risk of security
		15	breaches by restricting the running environment of untrusted applications
		16	using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
		17
		18	%prep
		19	%setup -q
		20
		21	%build
		22	%configure
		23	make %{?_smp_mflags}
		24
		25	%install
		26	rm -rf %{buildroot}
		27	%make_install
		28
		29	%clean
		30	rm -rf %{buildroot}
		31
		32
		33	%files
		34	%doc
		35	%defattr(-, root, root, -)
		36	%attr(4755, -, -) %{_bindir}/firejail
		37	%{_bindir}/firemon
		38	%{_libdir}/firejail/ftee
		39	%{_libdir}/firejail/fshaper.sh
		40	%{_libdir}/firejail/libtrace.so
		41	%{_datarootdir}/bash-completion/completions/firejail
		42	%{_datarootdir}/bash-completion/completions/firemon
		43	%{_docdir}/firejail
		44	%{_mandir}/man1/firejail.1.gz
		45	%{_mandir}/man1/firemon.1.gz
		46	%{_mandir}/man5/firejail-login.5.gz
		47	%{_mandir}/man5/firejail-profile.5.gz
		48	%config %{_sysconfdir}/firejail
		49
		50	%changelog
		51	* Mon Sep 14 2015 netblue30 <netblue30@yahoo.com> 0.9.30-1
		52	- added a disable-history.inc profile as a result of Firefox PDF.js exploit;
		53	disable-history.inc included in all default profiles
		54	- Firefox PDF.js exploit (CVE-2015-4495) fixes
		55	- added --private-etc option
		56	- added --env option
		57	- added --whitelist option
		58	- support ${HOME} token in include directive in profile files
		59	- --private.keep is transitioned to --private-home
		60	- support ~ and blanks in blacklist option
		61	- support "net none" command in profile files
		62	- using /etc/firejail/generic.profile by default for user sessions
		63	- using /etc/firejail/server.profile by default for root sessions
		64	- added build --enable-fatal-warnings configure option
		65	- added persistence to --overlay option
		66	- added --overlay-tmpfs option
		67	- make install-strip implemented, make install renamed
		68	- bugfixes
		69
		70	* Sat Aug 1 2015 netblue30 <netblue30@yahoo.com> 0.9.28-1
		71	- network scanning, --scan option
		72	- interface MAC address support, --mac option
		73	- IP address range, --iprange option
		74	- traffic shaping, --bandwidth option
		75	- reworked printing of network status at startup
		76	- man pages rework
		77	- added firejail-login man page
		78	- added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
		79	profiles
		80	- added an /etc/firejail/disable-common.inc file to hold common directory
		81	blacklists
		82	- blacklist Opera and Chrome/Chromium config directories in profile files
		83	- support noroot option for profile files
		84	- enabled noroot in default profile files
		85	- bugfixes
		86
		87	* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
		88	- private dev directory
		89	- private.keep option for whitelisting home files in a new private directory
		90	- user namespaces support, noroot option
		91	- added Deluge and qBittorent profiles
		92	- bugfixes
		93
		94	* Sun Apr 5 2015 netblue30 <netblue30@yahoo.com> 0.9.24-1
		95	- whitelist and blacklist seccomp filters
		96	- doubledash option
		97	- --shell=none support
		98	- netfilter file support in profile files
		99	- dns server support in profile files
		100	- added --dns.print option
		101	- added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
		102	- added --caps.drop=all in default profiles
		103	- new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
		104	- clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
		105	- Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
		106	- two build patches from Reiner Herman (tickets 11, 12)
		107	- man page patch from Reiner Herman (ticket 13)
		108	- output patch (ticket 15) from sshirokov
		109
		110	* Mon Mar 9 2015 netblue30 <netblue30@yahoo.com> 0.9.22-1
		111	- Replaced --noip option with --ip=none
		112	- Container stdout logging and log rotation
		113	- Added process_vm_readv, process_vm_writev and mknod to
		114	default seccomp blacklist
		115	- Added CAP_MKNOD to default caps blacklist
		116	- Blacklist and whitelist custom Linux capabilities filters
		117	- macvlan device driver support for --net option
		118	- DNS server support, --dns option
		119	- Netfilter support
		120	- Monitor network statistics, --netstats option
		121	- Added profile for Mozilla Thunderbird/Icedove
		122	- --overlay support for Linux kernels 3.18+
		123	- Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
		124	- Bugfix: check uid/gid for cgroup
		125
		126	* Fri Feb 6 2015 netblue30 <netblue30@yahoo.com> 0.9.20-1
		127	- utmp, btmp and wtmp enhancements
		128	- create empty /var/log/wtmp and /var/log/btmp files in sandbox
		129	- generate a new /var/run/utmp file in sandbox
		130	- CPU affinity, --cpu option
		131	- Linux control groups support, --cgroup option
		132	- Opera web browser support
		133	- VLC support
		134	- Added "empty" attribute to seccomp command to remove the default
		135	- syscall list form seccomp blacklist
		136	- Added --nogroups option to disable supplementary groups for regular
		137	- users. root user always runs without supplementary groups.
		138	- firemon enhancements
		139	- display the command that started the sandbox
		140	- added --caps option to display capabilities for all sandboxes
		141	- added --cgroup option to display the control groups for all sandboxes
		142	- added --cpu option to display CPU affinity for all sandboxes
		143	- added --seccomp option to display seccomp setting for all sandboxes
		144	- New compile time options: --disable-chroot, --disable-bind
		145	- bugfixes
		146
		147	* Sat Dec 27 2014 netblue30 <netblue30@yahoo.com> 0.9.18-1
		148	- Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
		149	- Support for tracing setreuid, setregid, setresuid, setresguid syscalls
		150	- Added profiles for transmission-gtk and transmission-qt
		151	- bugfixes
		152
		153	* Tue Nov 4 2014 netblue30 <netblue30@yahoo.com> 0.9.16-1
		154	- Configurable private home directory
		155	- Configurable default user shell
		156	- Software configuration support for --docdir and DESTDIR
		157	- Profile file support for include, caps, seccomp and private keywords
		158	- Dropbox profile file
		159	- Linux capabilities and seccomp filters enabled by default for Firefox,
		160	Midori, Evince and Dropbox
		161	- bugfixes
		162
		163	* Wed Oct 8 2014 netblue30 <netblue30@yahoo.com> 0.9.14-1
		164	- Linux capabilities and seccomp filters are automatically enabled in
		165	chroot mode (--chroot option) if the sandbox is started as regular
		166	user
		167	- Added support for user defined seccomp blacklists
		168	- Added syscall trace support
		169	- Added --tmpfs option
		170	- Added --balcklist option
		171	- Added --read-only option
		172	- Added --bind option
		173	- Logging enhancements
		174	- --overlay option was reactivated
		175	- Added firemon support to print the ARP table for each sandbox
		176	- Added firemon support to print the route table for each sandbox
		177	- Added firemon support to print interface information for each sandbox
		178	- bugfixes
		179
		180	* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
		181	- Added capabilities support
		182	- Added support for CentOS 7
		183	- bugfixes
		184


diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh index 2e17fdfc1..3daede84c 100755 --- a/platform/rpm/mkrpm.sh +++ b/platform/rpm/mkrpm.sh
@@ -1,80 +1,52 @@
1	#!/bin/bash	1	#!/bin/bash
2	VERSION="0.9.30"	2	#
3	rm -fr ~/rpmbuild	3	# Usage: ./mkrpm.sh
4	rm -f firejail-$VERSION-1.x86_64.rpm	4	# ./mkrpm.sh /path/to/firejail-0.9.30.tar.gz
5		5	#
6	mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}	6	# Script builds rpm in a temporary directory and places the built rpm in the
7	cat <<EOF >~/.rpmmacros	7	# current working directory.
8	%_topdir %(echo $HOME)/rpmbuild	8
9	%_tmppath %{_topdir}/tmp	9
10	EOF	10	source=$1
11		11
12	cd ~/rpmbuild	12	create_tmp_dir() {
13	echo "building directory tree"	13	tmpdir=$(mktemp -d)
14		14	mkdir -p ${tmpdir}/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
15	mkdir -p firejail-$VERSION/usr/bin	15	}
16	install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.	16
17	install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.	17
18		18	# copy or download source
19	mkdir -p firejail-$VERSION/usr/lib/firejail	19	if [[ $source ]]; then
20	install -m 644 /usr/lib/firejail/libtrace.so firejail-$VERSION/usr/lib/firejail/.	20
21	install -m 755 /usr/lib/firejail/ftee firejail-$VERSION/usr/lib/firejail/.	21	# check file exists
22	install -m 755 /usr/lib/firejail/fshaper.sh firejail-$VERSION/usr/lib/firejail/.	22	if [[ ! -f $source ]]; then
23		23	echo "$source does not exist!"
24	mkdir -p firejail-$VERSION/usr/share/man/man1	24	exit 1
25	install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.	25	fi
26	install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.	26
27		27	name=$(awk '/Name:/ {print $2}' firejail.spec)
28	mkdir -p firejail-$VERSION/usr/share/man/man5	28	version=$(awk '/Version:/ {print $2}' firejail.spec)
29	install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.	29	expected_filename="${name}-${version}.tar.gz"
30	install -m 644 /usr/share/man/man5/firejail-login.5.gz firejail-$VERSION/usr/share/man/man5/.	30
31		31	# ensure file name matches spec file expets
32	mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail	32	if [[ $(basename $source) != $expected_filename ]]; then
33	install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.	33	echo "source ($source) does not match expected filename ($(basename $expected_filename))"
34	install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.	34	exit 1
35	install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.	35	fi
36		36
37	mkdir -p firejail-$VERSION/etc/firejail	37	create_tmp_dir
38	install -m 644 /etc/firejail/xchat.profile firejail-$VERSION/etc/firejail/xchat.profile	38	cp ${source} ${tmpdir}/SOURCES
39	install -m 644 /etc/firejail/server.profile firejail-$VERSION/etc/firejail/server.profile	39	else
40	install -m 644 /etc/firejail/quassel.profile firejail-$VERSION/etc/firejail/quassel.profile	40	create_tmp_dir
41	install -m 644 /etc/firejail/pidgin.profile firejail-$VERSION/etc/firejail/pidgin.profile	41	if ! spectool -C ${tmpdir}/SOURCES -g firejail.spec; then
42	install -m 644 /etc/firejail/icecat.profile firejail-$VERSION/etc/firejail/icecat.profile	42	echo "Failed to fetch firejail source code"
43	install -m 644 /etc/firejail/filezilla.profile firejail-$VERSION/etc/firejail/filezilla.profile	43	exit 1
44	install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile	44	fi
45	install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile	45	fi
46	install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile	46
47	install -m 644 /etc/firejail/disable-common.inc firejail-$VERSION/etc/firejail/disable-common.inc	47	cp ./firejail.spec "${tmpdir}/SPECS/firejail.spec"
48	install -m 644 /etc/firejail/disable-history.inc firejail-$VERSION/etc/firejail/disable-history.inc	48
49	install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc	49	<<<<<<< HEAD
50	install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
51	install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
52	install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
53	install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
54	install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
55	install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
56	install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
57	install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
58	install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
59	install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
60	install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
61	install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
62	install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
63	install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
64	install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
65	install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
66	install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
67	install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
68	install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
69	install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
70	install -m 644 /etc/firejail/deadbeef.profile firejail-$VERSION/etc/firejail/deadbeef.profile
71	install -m 644 /etc/firejail/empathy.profile firejail-$VERSION/etc/firejail/empathy.profile
72
73
74	mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
75	install -m 644 /usr/share/bash-completion/completions/firejail firejail-$VERSION/usr/share/bash-completion/completions/.
76	install -m 644 /usr/share/bash-completion/completions/firemon firejail-$VERSION/usr/share/bash-completion/completions/.
77
78	echo "building tar.gz archive"	50	echo "building tar.gz archive"
79	tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION	51	tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
80		52
@@ -316,4 +288,9 @@ rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
316	cd ..	288	cd ..
317	rm -f firejail-$VERSION-1.x86_64.rpm	289	rm -f firejail-$VERSION-1.x86_64.rpm
318	cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .	290	cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .
		291	=======
		292	rpmbuild --define "_topdir ${tmpdir}" -ba "${tmpdir}/SPECS/firejail.spec"
		293	>>>>>>> d69c2f8a62fca967460265dedd5afa62592264dd
319		294
		295	cp ${tmpdir}/RPMS/x86_64/firejail-*-1.x86_64.rpm .
		296	rm -rf "${tmpdir}"