diff options
author | William Di Luigi | 2016-01-23 03:14:06 +0100 |
---|---|---|
committer | William Di Luigi | 2016-01-23 03:14:06 +0100 |
commit | 9a5e47f7bae5355bf471a11a003a43149b4ecebc (patch) | |
tree | 0eb543e2b608d5625fd1ba1ced1b6e4e35a168bc | |
parent | 5809edb54d40f64549a17a491855d17cb2c64c4b (diff) | |
download | aur-9a5e47f7bae5355bf471a11a003a43149b4ecebc.tar.gz |
Merge isolate and isolate-git AUR packages
-rw-r--r-- | .SRCINFO | 15 | ||||
-rw-r--r-- | PKGBUILD | 35 | ||||
-rw-r--r-- | isolate-git.install | 27 |
3 files changed, 62 insertions, 15 deletions
@@ -1,14 +1,21 @@ +# Generated by mksrcinfo v8 +# Fri Jan 22 19:29:09 UTC 2016 pkgbase = isolate-git - pkgdesc = Isolate is a sandbox built to safely run untrusted executables. - pkgver = 1 + pkgdesc = Sandbox for securely executing untrusted programs + pkgver = r68.a3a2c4d pkgrel = 1 url = https://github.com/ioi/isolate + install = isolate-git.install arch = i686 arch = x86_64 - license = AGPL3 + license = GPL2 + makedepends = git + makedepends = gcc makedepends = asciidoc + depends = libcgroup provides = isolate - source = git+https://github.com/ioi/isolate + conflicts = isolate + source = git://github.com/ioi/isolate.git sha512sums = SKIP pkgname = isolate-git @@ -1,24 +1,37 @@ # Maintainer: Antoine Pietri <antoine.pietri@lrde.epita.fr> +# Maintainer: William Di Luigi <williamdiluigi@gmail.com> pkgname=isolate-git +pkgver=r68.a3a2c4d pkgrel=1 -pkgver=1 -pkgdesc="Isolate is a sandbox built to safely run untrusted executables." +pkgdesc="Sandbox for securely executing untrusted programs" arch=('i686' 'x86_64') url="https://github.com/ioi/isolate" -license=('AGPL3') +license=('GPL2') +depends=('libcgroup') +makedepends=('git' 'gcc' 'asciidoc') provides=('isolate') -depends=() -makedepends=('asciidoc') -source=("git+https://github.com/ioi/isolate") -sha512sums=(SKIP) +conflicts=('isolate') +install=$pkgname.install + +source=('git://github.com/ioi/isolate.git') +sha512sums=('SKIP') + +pkgver() { + cd isolate + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" +} build() { - cd isolate - make isolate isolate.1 + cd isolate + make isolate isolate.1 } package() { - cd isolate - make PREFIX="$pkgdir/usr" install install-doc + cd isolate + make PREFIX="$pkgdir/usr" install install-doc + + # The isolate binary has the suid bit set (to run as root without using sudo) + # however we should let only the owner and the group be able to run it: + chmod o-r-x $pkgdir/usr/bin/isolate } diff --git a/isolate-git.install b/isolate-git.install new file mode 100644 index 000000000000..47c3b2e5df4c --- /dev/null +++ b/isolate-git.install @@ -0,0 +1,27 @@ +post_install() { + # Check if the isolate group exists (if not, create it) + if ! getent group isolate >/dev/null; then + groupadd isolate + + echo + echo ">>> If you want to run the isolate command without sudo, you should add" + echo ">>> yourself to the isolate group, like this:" + echo ">>> # sudo usermod -a -G isolate <your user>" + echo ">>> However, keep in mind that:" + echo ">>> 1. You will need to logout, in order to make the change effective" + echo ">>> 2. No untrusted user should ever be allowed in the isolate group," + echo ">>> as they may exploit the isolate command to gain root access" + echo + fi + + # Allow only users in the "isolate" group to run this without sudo + chown root:isolate $pkgdir/usr/bin/isolate +} + +post_upgrade() { + post_install $1 +} + +post_remove() { + groupdel isolate +} |