commit: 2086a4648e20ea0c7ee8d24d82895303aaec2d11
Author: g3ngr33n <gengreen <AT> gmx <DOT> com>
AuthorDate: Fri Apr 27 18:36:37 2018 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Apr 27 20:02:30 2018 +0000
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=2086a464
Apparmor without libintl fix
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
sys-apps/apparmor-utils/Manifest | 4 ++
.../apparmor-utils/apparmor-utils-2.12.0.ebuild | 79 ++++++++++++++++++++++
.../files/apparmor-utils-2.12-musl.patch | 11 +++
sys-apps/apparmor-utils/metadata.xml | 14 ++++
sys-apps/apparmor/Manifest | 8 +++
sys-apps/apparmor/apparmor-2.12.0.ebuild | 62 +++++++++++++++++
sys-apps/apparmor/files/apparmor-2.12-musl.patch | 44 ++++++++++++
sys-apps/apparmor/files/apparmor-init | 32 +++++++++
sys-apps/apparmor/files/apparmor.service | 14 ++++
sys-apps/apparmor/files/apparmor_load.sh | 2 +
sys-apps/apparmor/files/apparmor_unload.sh | 2 +
sys-apps/apparmor/metadata.xml | 14 ++++
sys-apps/firejail/Manifest | 5 ++
sys-apps/firejail/files/0.9.52-apparmor.patch | 10 +++
sys-apps/firejail/files/0.9.52-contrib-fix.patch | 36 ++++++++++
sys-apps/firejail/firejail-0.9.52.ebuild | 50 ++++++++++++++
sys-apps/firejail/metadata.xml | 39 +++++++++++
17 files changed, 426 insertions(+)
diff --git a/sys-apps/apparmor-utils/Manifest b/sys-apps/apparmor-utils/Manifest
new file mode 100644
index 0000000..58f9c61
--- /dev/null
+++ b/sys-apps/apparmor-utils/Manifest
@@ -0,0 +1,4 @@
+AUX apparmor-utils-2.12-musl.patch 319 BLAKE2B
1c4cc5251c63de189856927df82f48c1d00575ea9dc57b24b89a42f7c383de3deafb6c1e5c5f5c46a6f309b190d480bdbdd6d1b0c680f7b302e2af5b4f792f0a
SHA512
fb23a97b6c21c6253739af419d4968897e55b7c276dfbb0514c78a5487d46df26a07b2a7a0f509edad2526b602031a144065757fbcf7bc475e895980b2d001d4
+DIST apparmor-2.12.tar.gz 7258450 BLAKE2B
c1d4e01d836c5f567ddb7c5ecf36dde6efccf1e59ae219824129fd5c92162a3fed7ebdc492f181ae132b07db068660078a9631543d40fd20ab0b44cd4c646d4c
SHA512
d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a
+EBUILD apparmor-utils-2.12.0.ebuild 2041 BLAKE2B
c6ff1621f855b00af4a0f0ce2c7ef342cc0dff80058e7e8da671c0e4dd10e5e8063770223e5ecda8fe9e233bcbf0b8fa171202c3f79ab98fcc5964c144683068
SHA512
0b71c72aae38dc13fb968383f49014a9e571f250bcd3235c836c82a50c4bb8cd619306a29e08d6b04699593796d80419269d6f2081fdb1262ba05ad16cc847cb
+MISC metadata.xml 409 BLAKE2B
63cb1726a015cf118e8ffcc8cf9d49795a75d367e36b0332fbf23faad8b3eed41e2ae090cc92757e12248d831e0ea1782b6f275ef02b7d2d2022bf2b79f69042
SHA512
a66647c5e40f2593017942c12786dc30995e7980fdb58c1de0b9ae34069434cb5a4c70b2bd268a239df82edfcc1e7288e8033bf57609f757a321639afd5e78b8
diff --git a/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild
b/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild
new file mode 100644
index 0000000..b1a711e
--- /dev/null
+++ b/sys-apps/apparmor-utils/apparmor-utils-2.12.0.ebuild
@@ -0,0 +1,79 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python3_{4,5,6} )
+inherit perl-module python-r1 toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-2)"
+
+DESCRIPTION="Additional userspace utils to assist with AppArmor profile
management"
+HOMEPAGE="http://apparmor.net/";
+SRC_URI="https://launchpad.net/apparmor/${MY_PV}/${PV}/+download/apparmor-${MY_PV}.tar.gz";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE=""
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+RESTRICT="test"
+
+DEPEND="dev-lang/perl
+ ${PYTHON_DEPS}"
+RDEPEND="${DEPEND}
+ ~sys-libs/libapparmor-${PV}[perl,python]
+ ~sys-apps/apparmor-${PV}
+ dev-perl/Locale-gettext
+ dev-perl/RPC-XML
+ dev-perl/TermReadKey
+ virtual/perl-Data-Dumper
+ virtual/perl-Getopt-Long"
+
+S=${WORKDIR}/apparmor-${MY_PV}
+
+PATCHES=( "${FILESDIR}/apparmor-utils-${MY_PV}-musl.patch" )
+
+src_prepare() {
+ default
+
+ sed -i binutils/Makefile \
+ -e 's/Bstatic/Bdynamic/g' || die
+}
+
+src_compile() {
+ python_setup
+
+ pushd utils > /dev/null || die
+ # launches non-make subprocesses causing "make jobserver unavailable"
+ # error messages to appear in generated code
+ emake -j1
+ popd > /dev/null || die
+
+ pushd binutils > /dev/null || die
+ export EXTRA_CFLAGS="${CFLAGS}"
+ emake CC="$(tc-getCC)" USE_SYSTEM=1
+ popd > /dev/null || die
+}
+
+src_install() {
+ pushd utils > /dev/null || die
+ perl_set_version
+ emake DESTDIR="${D}" PERLDIR="${D}/${VENDOR_LIB}/Immunix" \
+ VIM_INSTALL_PATH="${D}/usr/share/vim/vimfiles/syntax" install
+
+ install_python() {
+ "${PYTHON}" "${S}"/utils/python-tools-setup.py install
--prefix=/usr \
+ --root="${D}" --version="${PV}"
+ }
+
+ python_foreach_impl install_python
+ python_replicate_script "${D}"/usr/bin/aa-easyprof
"${D}"/usr/sbin/apparmor_status \
+
"${D}"/usr/sbin/aa-{audit,autodep,cleanprof,complain,disable,enforce,genprof,logprof,mergeprof,status,unconfined}
+ popd > /dev/null || die
+
+ pushd binutils > /dev/null || die
+ emake install DESTDIR="${D}" USE_SYSTEM=1
+ popd > /dev/null || die
+}
\ No newline at end of file
diff --git a/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch
b/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch
new file mode 100644
index 0000000..d8ff360
--- /dev/null
+++ b/sys-apps/apparmor-utils/files/apparmor-utils-2.12-musl.patch
@@ -0,0 +1,11 @@
+--- a/binutils/Makefile
++++ b/binutils/Makefile
+@@ -52,7 +52,7 @@ SRCS = aa_enabled.c
+ HDRS =
+ TOOLS = aa-enabled aa-exec
+
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bdynamic -lapparmor -lpthread
+
+ ifdef USE_SYSTEM
+ # Using the system libapparmor so Makefile dependencies can't be used
diff --git a/sys-apps/apparmor-utils/metadata.xml
b/sys-apps/apparmor-utils/metadata.xml
new file mode 100644
index 0000000..42d1e8f
--- /dev/null
+++ b/sys-apps/apparmor-utils/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>kensing...@gentoo.org</email>
+ </maintainer>
+ <maintainer type="project">
+ <email>harde...@gentoo.org</email>
+ <name>Gentoo Hardened</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="launchpad">apparmor</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-apps/apparmor/Manifest b/sys-apps/apparmor/Manifest
new file mode 100644
index 0000000..9b03d7c
--- /dev/null
+++ b/sys-apps/apparmor/Manifest
@@ -0,0 +1,8 @@
+AUX apparmor-2.12-musl.patch 1005 BLAKE2B
34a0b2c816ff4b62b5dde0fbf7c87abde9a2abcb9cd07db9a387a81b351d717fc614324fe4a73ab5ca43f82a2fa2d633f40af642d5b6a14a29db5e15a7c6ae01
SHA512
b720e97453329a3c8d69ed76cddd7d735c3f83cbdd1083137e9ef697fd0436e2fcbca15dbb27ee5f643e4247da8c4cc298b89bb5fcd0219ed6acf23b867ee662
+AUX apparmor-init 636 BLAKE2B
5acebb5dbcf4ea280e0295530c0c5b085e4a87a0acdda943ed78f828b53e2e9d3834838f2db853c8724c941593a29cf1b655a84c120f69def03c46d041e9e21e
SHA512
108b3d77607a61c58f2f5e5940726d6b0485ed1a7beb7d67965e167240defbbd77dab1d56c15c2ae322fee64f3d037f541a1f3679d110194085a641ccbef01c3
+AUX apparmor.service 281 BLAKE2B
3d1ecfdc96ee2491e75e92dc3aae7c2aeeeef3bf6a7ae86f354126fd044e2da316303b3ba63ad6dbc747d59d423ea8e4df0f131090d0d7b405e0d303b3c32a71
SHA512
f6ba92053a93db0654a4290eb358afae4d7669cb89a02242544576d951fe57437c3570d92ac89ce4e9fd96c04c121f44523dd6bb136d58fea11424064375df31
+AUX apparmor_load.sh 84 BLAKE2B
05195286287d5cdf56a7f67e18073f75625cbfb1c9283a22c72ff60aa4a3fe4129b81702801ddd4045629558a022f084906464f8bb5325f31d43680c626a5ede
SHA512
72bd10fdd32879854ee044941636d530453488596bab7aa6785b109f6cd7e2f822e9ff04b43c7c4265b2f42de13ec7f6649f9a58fed3d93b51dd1a2b541be3d7
+AUX apparmor_unload.sh 85 BLAKE2B
1559999897e288f452850080166dcdf67d15bd3cfa57f30aeddeba29bce2e1896126e8e4c82b41dd403f94d3f8ae9128448b0c5431c418ff82fd65df370653b5
SHA512
18a46176d043511af33fc77917e85dce5cb5deb30d2d86ea5261313a72c385b96c87fcd1fece9e555b6c424305d420876430a0a8fb11a5ec5edfef30f80dfd8d
+DIST apparmor-2.12.tar.gz 7258450 BLAKE2B
c1d4e01d836c5f567ddb7c5ecf36dde6efccf1e59ae219824129fd5c92162a3fed7ebdc492f181ae132b07db068660078a9631543d40fd20ab0b44cd4c646d4c
SHA512
d85fd47c66333fe5658ee5e977b32142697f6e36c575550712ee2ace2ad0fbf2aa59c8fd3b82ad8821c0190adf8cc150cf623ea09a84d5b32bde050a03dd6e9a
+EBUILD apparmor-2.12.0.ebuild 1255 BLAKE2B
0830f58fdb325c6ac941dd2ddda605f3b0fea5a2b193e9b6873081c27e36437e653d5a99d983e4d9642d7324990346c2c99ed260e383f5f29e7aa3aca8ea6220
SHA512
714270d9ca8e08c409915c48d1c246ee4b4134fa883c00a3a4884029f4c2699d5054827c245b4b89085dd0672503fa3122d404a8e28cb8b02bc52a78d95600a6
+MISC metadata.xml 409 BLAKE2B
63cb1726a015cf118e8ffcc8cf9d49795a75d367e36b0332fbf23faad8b3eed41e2ae090cc92757e12248d831e0ea1782b6f275ef02b7d2d2022bf2b79f69042
SHA512
a66647c5e40f2593017942c12786dc30995e7980fdb58c1de0b9ae34069434cb5a4c70b2bd268a239df82edfcc1e7288e8033bf57609f757a321639afd5e78b8
diff --git a/sys-apps/apparmor/apparmor-2.12.0.ebuild
b/sys-apps/apparmor/apparmor-2.12.0.ebuild
new file mode 100644
index 0000000..f4558d3
--- /dev/null
+++ b/sys-apps/apparmor/apparmor-2.12.0.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit systemd toolchain-funcs versionator
+
+MY_PV="$(get_version_component_range 1-2)"
+
+DESCRIPTION="Userspace utils and init scripts for the AppArmor application
security system"
+HOMEPAGE="http://apparmor.net/";
+SRC_URI="https://launchpad.net/${PN}/${MY_PV}/${PV}/+download/${PN}-${MY_PV}.tar.gz";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="doc"
+
+RDEPEND="~sys-libs/libapparmor-${PV}"
+DEPEND="${RDEPEND}
+ dev-lang/perl
+ sys-devel/bison
+ sys-devel/flex
+ doc? ( dev-tex/latex2html )
+"
+
+S=${WORKDIR}/apparmor-${MY_PV}/parser/
+
+PATCHES=( "${FILESDIR}/apparmor-${MY_PV}-musl.patch" )
+
+src_prepare() {
+
+ default
+}
+
+src_compile() {
+
+ emake CC="$(tc-getCC)" CXX="$(tc-getCXX)" USE_SYSTEM=1 arch manpages
+}
+
+src_test() {
+
+ emake CXX="$(tc-getCXX)" USE_SYSTEM=1 check
+}
+
+src_install() {
+
+ cd parser/
+ emake DESTDIR="${D}" DISTRO="unknown" USE_SYSTEM=1 install
+
+ dodir /etc/apparmor.d/disable
+
+ newinitd "${FILESDIR}/${PN}-init" ${PN}
+ systemd_newunit "${FILESDIR}/apparmor.service" apparmor.service
+
+ use doc && dodoc techdoc.pdf
+
+ exeinto /usr/share/apparmor
+ doexe "${FILESDIR}/apparmor_load.sh"
+ doexe "${FILESDIR}/apparmor_unload.sh"
+
+}
\ No newline at end of file
diff --git a/sys-apps/apparmor/files/apparmor-2.12-musl.patch
b/sys-apps/apparmor/files/apparmor-2.12-musl.patch
new file mode 100644
index 0000000..2c7d095
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-2.12-musl.patch
@@ -0,0 +1,44 @@
+--- /dev/null
++++ b/missingdefs.h
+@@ -0,0 +1,9 @@
++#ifndef PARSER_MISSINGDEFS_H
++#define PARSER_MISSINGDEFS_H
++
++typedef int (*__compar_fn_t) (const void *, const void *);
++typedef __compar_fn_t comparison_fn_t;
++typedef void (*__free_fn_t) (void *__nodep);
++
++#endif
++
+--- a/parser_alias.c
++++ b/parser_alias.c
+@@ -24,6 +24,7 @@
+ #include "immunix.h"
+ #include "parser.h"
+ #include "profile.h"
++#include "missingdefs.h"
+
+ struct alias_rule {
+ char *from;
+
+--- a/parser_symtab.c
++++ b/parser_symtab.c
+@@ -24,6 +24,7 @@
+
+ #include "immunix.h"
+ #include "parser.h"
++#include "missingdefs.h"
+
+ enum var_type {
+ sd_boolean,
+--- a/Makefile
++++ b/Makefile
+@@ -87,7 +87,7 @@
+ AAREOBJECT = ${AAREDIR}/libapparmor_re.a
+ AAREOBJECTS = $(AAREOBJECT)
+ AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L. $(LDFLAGS)
+-AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
++AALIB = -Wl,-Bdynamic -lapparmor -lpthread
+
+ ifdef USE_SYSTEM
+ # Using the system libapparmor so Makefile dependencies can't be used
diff --git a/sys-apps/apparmor/files/apparmor-init
b/sys-apps/apparmor/files/apparmor-init
new file mode 100644
index 0000000..ebba84f
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor-init
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Load all configured profiles for the AppArmor security module."
+description_reload="Reload all profiles"
+
+extra_started_commands="reload"
+
+
+start() {
+ ebegin "Starting AppArmor"
+ eindent
+ apparmor_load.sh
+
+ eoutdent
+}
+
+stop() {
+ ebegin "Stopping AppArmor"
+ eindent
+ apparmor_unload.sh
+
+ eoutdent
+}
+
+reload() {
+ # todo: split out clean_profiles into its own function upstream
+ # so we can do parse_profiles reload && clean_profiles
+ # and do a proper reload instead of restart
+ apparmor_restart
+}
diff --git a/sys-apps/apparmor/files/apparmor.service
b/sys-apps/apparmor/files/apparmor.service
new file mode 100644
index 0000000..89f14fe
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=AppArmor profiles
+DefaultDependencies=no
+After=local-fs.target
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/apparmor/apparmor_load.sh
+ExecStop=/usr/share/apparmor/apparmor_unload.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-apps/apparmor/files/apparmor_load.sh
b/sys-apps/apparmor/files/apparmor_load.sh
new file mode 100755
index 0000000..e6fe6b6
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_load.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -r {} +
diff --git a/sys-apps/apparmor/files/apparmor_unload.sh
b/sys-apps/apparmor/files/apparmor_unload.sh
new file mode 100755
index 0000000..19e598b
--- /dev/null
+++ b/sys-apps/apparmor/files/apparmor_unload.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+find "/etc/apparmor.d/" -maxdepth 1 -type f -exec apparmor_parser -R {} \;
diff --git a/sys-apps/apparmor/metadata.xml b/sys-apps/apparmor/metadata.xml
new file mode 100644
index 0000000..42d1e8f
--- /dev/null
+++ b/sys-apps/apparmor/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>kensing...@gentoo.org</email>
+ </maintainer>
+ <maintainer type="project">
+ <email>harde...@gentoo.org</email>
+ <name>Gentoo Hardened</name>
+ </maintainer>
+ <upstream>
+ <remote-id type="launchpad">apparmor</remote-id>
+ </upstream>
+</pkgmetadata>
diff --git a/sys-apps/firejail/Manifest b/sys-apps/firejail/Manifest
new file mode 100644
index 0000000..01b3078
--- /dev/null
+++ b/sys-apps/firejail/Manifest
@@ -0,0 +1,5 @@
+AUX 0.9.52-apparmor.patch 274 BLAKE2B
96ce95ff88aca51a275f3f91ad2ab2836a12edc0780b617836dcb08d0998d40ad1f324cc69481cd6cdf060326791bf2854a7b65fafe1b074c2eab571d6638d87
SHA512
ba63ab8c94c09c67116c23200bdf0ef2b25ae64dffdb1d90f946b6617c8081765052960bee5f245f39dd92cdfedc717a60ab7efcfd0e7a72d38143450fb7bc04
+AUX 0.9.52-contrib-fix.patch 1446 BLAKE2B
934a1d2cfcdb070317bb47b6b451fe979279f5a4600a49ce2d79642479e5b649f5103d732aaa40ab2dbb8dcd563c75a5b0f048ae805134eef6d4afe52174b972
SHA512
04c88fbaa37c677efef1805c6b0bca6d87742acf5c80b047844e776e51c02c8803d2588a5dde74817b0cbbf6ce9d239ca39a823df1928ef36f232b403fb41889
+DIST firejail-0.9.52.tar.xz 299396 BLAKE2B
62b7798e46b69f1ae12ac85f219cc7414652e64d3bf9e1b206f8956febdc53c78151f08052fe694c691b787356b6821e8ff0df71a4277a238a4dc7d724165969
SHA512
f7318bcbd68f6d8c709cdc1f5065cb1019c1c64fdbd47c0fd698975412c4e075c7209bd275056daf61558b79d79127c88f1580cb8e4e034cc0551c7d34e11d06
+EBUILD firejail-0.9.52.ebuild 1219 BLAKE2B
b5e4f6c471bb3459aa0547db1c4cb13355026e34729f830b26416c022caa99db040bee3b690e2dcf790a9ecadb502dfe17e655fca34374fbafc40862a8432d58
SHA512
9902ad0969156b381cfc70b631a27af93ed325abc0ed7ef08b3499165be662c354456b8d1d4c7a06a55c99d6fdf31d1b6f8927bd85914d9ef23c014e812e03fe
+MISC metadata.xml 1627 BLAKE2B
1029e5cce7af2355b66b4c600e96273669a0876ebc1c85dd1c169eaf6419e48d4173db1a99851963ace27f90b7965d7032a00309f124ffe3545d3325b450fcbf
SHA512
081d4f02dafd4c82aca839117c52b744ba50d3816b2ee01916c8f5fe60ae914717c7d3a36cdd0d064f3bc2ae1d4a7fa75e946536fce509c6aac37c84832ef946
diff --git a/sys-apps/firejail/files/0.9.52-apparmor.patch
b/sys-apps/firejail/files/0.9.52-apparmor.patch
new file mode 100644
index 0000000..6dac4d2
--- /dev/null
+++ b/sys-apps/firejail/files/0.9.52-apparmor.patch
@@ -0,0 +1,10 @@
+--- a/src/libtrace/libtrace.c
++++ b/src/libtrace/libtrace.c
+@@ -30,6 +30,7 @@
+ #include <sys/un.h>
+ #include <sys/stat.h>
+ #include <dirent.h>
++#include <limits.h>
+
+ // break recursivity on fopen call
+ typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode);
diff --git a/sys-apps/firejail/files/0.9.52-contrib-fix.patch
b/sys-apps/firejail/files/0.9.52-contrib-fix.patch
new file mode 100644
index 0000000..7192bba
--- /dev/null
+++ b/sys-apps/firejail/files/0.9.52-contrib-fix.patch
@@ -0,0 +1,36 @@
+diff -Naur firejail-0.9.48/contrib/fix_private-bin.py
firejail-0.9.48.new/contrib/fix_private-bin.py
+--- firejail-0.9.48/contrib/fix_private-bin.py 2017-05-24 23:01:32.000000000
+0100
++++ firejail-0.9.48.new/contrib/fix_private-bin.py 2017-08-27
23:19:52.868481040 +0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
++#!/usr/bin/env python3
+
+ __author__ = "KOLANICH"
+ __copyright__ = """This is free and unencumbered software released into the
public domain.
+diff -Naur firejail-0.9.48/contrib/fjclip.py
firejail-0.9.48.new/contrib/fjclip.py
+--- firejail-0.9.48/contrib/fjclip.py 2017-05-24 23:01:32.000000000 +0100
++++ firejail-0.9.48.new/contrib/fjclip.py 2017-08-27 23:19:58.476562539
+0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python2
+
+ import re
+ import sys
+diff -Naur firejail-0.9.48/contrib/fjdisplay.py
firejail-0.9.48.new/contrib/fjdisplay.py
+--- firejail-0.9.48/contrib/fjdisplay.py 2017-05-24 23:01:32.000000000
+0100
++++ firejail-0.9.48.new/contrib/fjdisplay.py 2017-08-27 23:20:01.932612762
+0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python2
+
+ import re
+ import sys
+diff -Naur firejail-0.9.48/contrib/fjresize.py
firejail-0.9.48.new/contrib/fjresize.py
+--- firejail-0.9.48/contrib/fjresize.py 2017-05-24 23:01:32.000000000
+0100
++++ firejail-0.9.48.new/contrib/fjresize.py 2017-08-27 23:20:06.932685422
+0100
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python2
+
+ import sys
+ import fjdisplay
diff --git a/sys-apps/firejail/firejail-0.9.52.ebuild
b/sys-apps/firejail/firejail-0.9.52.ebuild
new file mode 100644
index 0000000..d08a33e
--- /dev/null
+++ b/sys-apps/firejail/firejail-0.9.52.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils
+
+DESCRIPTION="Security sandbox for any type of processes"
+HOMEPAGE="https://firejail.wordpress.com/";
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="apparmor +bind +chroot contrib +file-transfer +network
+ network-restricted +seccomp +userns x11"
+
+DEPEND="!sys-apps/firejail-lts
+ apparmor? ( sys-libs/libapparmor )"
+RDEPEND="${DEPEND}
+ x11? ( x11-wm/xpra[client,server] )"
+
+PATCHES=( "${FILESDIR}/${PV}-contrib-fix.patch" )
+PATCHES=( "${FILESDIR}/${PV}-apparmor.patch" )
+
+RESTRICT=test
+
+src_prepare() {
+ default
+ find -name Makefile.in -exec sed -i -r \
+ -e '/^\tinstall .*COPYING /d' \
+ -e '/CFLAGS/s: (-O2|-ggdb) : :g' \
+ -e '1iCC=@CC@' {} + || die
+}
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable apparmor)
+ $(use_enable bind)
+ $(use_enable chroot)
+ $(use_enable contrib contrib-install)
+ $(use_enable file-transfer)
+ $(use_enable network)
+ $(use_enable seccomp)
+ $(use_enable userns)
+ $(use_enable x11)
+ )
+ use network-restricted && myeconfargs+=( --enable-network=restricted )
+ econf "${myeconfargs[@]}"
+}
diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml
new file mode 100644
index 0000000..395160f
--- /dev/null
+++ b/sys-apps/firejail/metadata.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+ <maintainer type="person">
+ <email>aide...@gentoo.org</email>
+ <name>Amadeusz Żołnowski</name>
+ </maintainer>
+ <longdescription lang="en">
+ Firejail is a SUID program that reduces the risk of security
breaches
+ by restricting the running environment of untrusted
applications using
+ Linux namespaces and seccomp-bpf. It allows a process and all
its
+ descendants to have their own private view of the globally
shared
+ kernel resources, such as the network stack, process table,
mount
+ table.
+
+ This is bleeding edge branch. For long term support version see
+ sys-apps/firejail-lts.
+ </longdescription>
+ <upstream>
+ <remote-id type="sourceforge">firejail</remote-id>
+ </upstream>
+ <use>
+ <flag name="apparmor">Enable support for custom AppArmor
+ profiles</flag>
+ <flag name="bind">Enable custom bind mounts</flag>
+ <flag name="chroot">Enable chrooting to custom directory</flag>
+ <flag name="contrib">Install contrib scripts</flag>
+ <flag name="file-transfer">Enable file transfers between
sandboxes and
+ the host system</flag>
+ <flag name="network">Enable networking features</flag>
+ <flag name="network-restricted">Grant access to --interface,
+ --net=ethXXX and --netfilter only to root user; regular
users are
+ only allowed --net=none</flag>
+ <flag name="seccomp">Enable system call filtering</flag>
+ <flag name="userns">Enable attaching a new user namespace to a
+ sandbox (--noroot option)</flag>
+ <flag name="x11">Enable X11 sandboxing</flag>
+ </use>
+</pkgmetadata>
