Merge isolate and isolate-git AUR packages

3 files changed, 62 insertions, 15 deletions

diff --git a/.SRCINFO b/.SRCINFO
index c921859b9a35..7caf481a7d6d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,14 +1,21 @@
+# Generated by mksrcinfo v8
+# Fri Jan 22 19:29:09 UTC 2016
 pkgbase = isolate-git
-	pkgdesc = Isolate is a sandbox built to safely run untrusted executables.
-	pkgver = 1
+	pkgdesc = Sandbox for securely executing untrusted programs
+	pkgver = r68.a3a2c4d
 	pkgrel = 1
 	url = https://github.com/ioi/isolate
+	install = isolate-git.install
 	arch = i686
 	arch = x86_64
-	license = AGPL3
+	license = GPL2
+	makedepends = git
+	makedepends = gcc
 	makedepends = asciidoc
+	depends = libcgroup
 	provides = isolate
-	source = git+https://github.com/ioi/isolate
+	conflicts = isolate
+	source = git://github.com/ioi/isolate.git
 	sha512sums = SKIP
 
 pkgname = isolate-git
diff --git a/PKGBUILD b/PKGBUILD
index 61adc0481ac3..9b9da8b01c9b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,24 +1,37 @@
 # Maintainer: Antoine Pietri <antoine.pietri@lrde.epita.fr>
+# Maintainer: William Di Luigi <williamdiluigi@gmail.com>
 
 pkgname=isolate-git
+pkgver=r68.a3a2c4d
 pkgrel=1
-pkgver=1
-pkgdesc="Isolate is a sandbox built to safely run untrusted executables."
+pkgdesc="Sandbox for securely executing untrusted programs"
 arch=('i686' 'x86_64')
 url="https://github.com/ioi/isolate"
-license=('AGPL3')
+license=('GPL2')
+depends=('libcgroup')
+makedepends=('git' 'gcc' 'asciidoc')
 provides=('isolate')
-depends=()
-makedepends=('asciidoc')
-source=("git+https://github.com/ioi/isolate")
-sha512sums=(SKIP)
+conflicts=('isolate')
+install=$pkgname.install
+
+source=('git://github.com/ioi/isolate.git')
+sha512sums=('SKIP')
+
+pkgver() {
+  cd isolate
+  printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
+}
 
 build() {
-    cd isolate
-    make isolate isolate.1
+  cd isolate
+  make isolate isolate.1
 }
 
 package() {
-    cd isolate
-    make PREFIX="$pkgdir/usr" install install-doc
+  cd isolate
+  make PREFIX="$pkgdir/usr" install install-doc
+
+  # The isolate binary has the suid bit set (to run as root without using sudo)
+  # however we should let only the owner and the group be able to run it:
+  chmod o-r-x $pkgdir/usr/bin/isolate
 }
diff --git a/isolate-git.install b/isolate-git.install
new file mode 100644
index 000000000000..47c3b2e5df4c
--- /dev/null
+++ b/isolate-git.install
@@ -0,0 +1,27 @@
+post_install() {
+  # Check if the isolate group exists (if not, create it)
+  if ! getent group isolate >/dev/null; then
+    groupadd isolate
+
+    echo
+    echo ">>> If you want to run the isolate command without sudo, you should add"
+    echo ">>> yourself to the isolate group, like this:"
+    echo ">>>   # sudo usermod -a -G isolate <your user>"
+    echo ">>> However, keep in mind that:"
+    echo ">>>   1. You will need to logout, in order to make the change effective"
+    echo ">>>   2. No untrusted user should ever be allowed in the isolate group,"
+    echo ">>>      as they may exploit the isolate command to gain root access"
+    echo
+  fi
+
+  # Allow only users in the "isolate" group to run this without sudo
+  chown root:isolate $pkgdir/usr/bin/isolate
+}
+
+post_upgrade() {
+  post_install $1
+}
+
+post_remove() {
+  groupdel isolate
+}