Package Details: firejail-apparmor 0.9.50-2

Git Clone URL: https://aur.archlinux.org/firejail-apparmor.git (read-only)
Package Base: firejail-apparmor
Description: Apparmor support for Firejail
Upstream URL: https://firejail.wordpress.com/
Keywords: Apparmor Firejail
Licenses: GPL2
Conflicts: firejail
Provides: firejail
Submitter: IrvineHimself
Maintainer: IrvineHimself
Last Packager: IrvineHimself
Votes: 3
Popularity: 0.172984
First Submitted: 2016-10-04 02:34
Last Updated: 2017-09-30 14:09

Dependencies (1)

Required by (23)

Sources (2)

Latest Comments

IrvineHimself commented on 2017-08-29 13:13

No problem: Added 'etc/apparmor.d/local/firejail-local' to backup, as requested.

Irvine

egrupled commented on 2017-08-29 11:58

It looks good, thanks!

One note: in firejail 0.9.50 there is support for local apparmor config in /etc/apparmor.d/local/firejail-local file (https://github.com/netblue30/firejail/blob/master/etc/firejail-local) so you can add it to backup section (otherwise changes in this file will be lost after upgrade):

backup=('etc/firejail/login.users'
'etc/firejail/firejail.config'
'etc/apparmor.d/local/firejail-local')

IrvineHimself commented on 2017-08-28 16:58

Okay, I have modified the PCKGBUILD as per the suggestion by "egrupled". There was a slight complication with the source directory name being different from the custom pckg name, (firejail-apparmor,) but nothing serious.

I have tested the new PCKGBUILD on my machine without any errors, and had no problems with the new gpg keys. Also, since the official pckg has not yet been updated, I had to calculate the sh256sum myself. Again no problems when doing a test download/install.

Let me know if there are any problems or other ways I could improve the PCKGBUILD.

All the best
Irvine

IrvineHimself commented on 2017-08-04 15:47

On reflection, I realised your comment about using the Arch PKGBUILD was a really good idea, and was intending to do just that at the next update of Firejail.:)

I apologise for my confusion about what you were getting at. Hopefully, when I modify the Arch PKGBUILD, there will be no more problems.

Thanks for your constructive, (and helpful,) comments.

Irvine




egrupled commented on 2017-08-04 15:21

You misunderstood me. In firejail.config there are lines like:

# Enable or disable bind support, default enabled.
# bind yes

Which means they are enabled by default. '#' before line shows only what is defaut option, so adjusting it by:

sed -i 's/# bind yes/bind yes/g' etc/firejail.config

in your PKGBUILD is redundant. Even more than redundant since you don't backup this file so it's overwriting every local user changes when it's updated.

shasum isn't encryption, it's hash function. When upstream doesn't provide it's own hashes you are supposed to generate hash yourself. Arch is slowly migrating to SHA256/512 so it's advisable to reflect that.

The package is gpg signed. You need to add .asc key to sources and add public gpg key fingerprint to validpgpkeys.

Anyway all of above doesn't matter as you can just copy Archlinux offcial PKGBUILD which has everything already set for you and add --enable-apparmor to relevant line.

I hope my point is clear now.

IrvineHimself commented on 2017-08-04 14:11

I beg to differ about editing "${srcdir}/etc/firejail.config". I just double checked, and they are definitely **NOT** enabled by default, nor were they enabled during the compilation/install when I migrated from firejail to firejail-apparmor.

Changing to SHA256 seems perfectly reasonable, however, Sourceforge only offers SHA1 encryption. Additionally, there is no gpg signed package at the upstream url.

I am not sure what you mean by syncing the PKGBUILD with the one used by Arch, but will look it, along with the other things you mentioned.

Thanks for your constructive feedback
Irvine

egrupled commented on 2017-08-04 11:52

Please sync PKGBUILD to the one used by Arch:
- add backup section
- add gpg verification
- change hash to 256
- add -fsanitize=undefined to CFLAGS
- get rid of 'sed' commands which are useless as all that config sections are enabled by default, the '#' doesn't means anything unless you want to change them which isn't and shouldn't be the case here.

It would be easiest to copy verbatim https://git.archlinux.org/svntogit/community.git/plain/trunk/PKGBUILD?h=packages/firejail and add --enable-apparmor in build section.