adding backup script for firejail profiles

author: Gaming4JC <g4jc@openmailbox.org> 2015-08-28 23:03:11 -0400
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-09-22 16:14:58 -0300
commit: e0cbe4fbf5c8a5e14b94b776f2e74195c4006fe8 (patch)
tree: daccdeda33610c6d23e3d340cb2adc8eaf50359b /pcr/firejail
parent: 90cdef590d9a809d8aaa379d7b7af0a7be21669a (diff)
3 files changed, 140 insertions, 5 deletions
diff --git a/pcr/firejail/PKGBUILD b/pcr/firejail/PKGBUILD
index 1b566fc56..d0efc4613 100644
--- a/pcr/firejail/PKGBUILD
+++ b/pcr/firejail/PKGBUILD
@@ -5,28 +5,44 @@ pkgname=firejail
 pkgver=0.9.28
 pkgrel=2
 pkgdesc="Linux namespaces sandbox program"
-arch=('i686' 'x86_64')
+arch=('i686' 'x86_64' 'armv7h')
 license=(GPL2)
 url=https://l3net.wordpress.com/projects/firejail/
-backup=('etc/firejail/login.users' 'etc/firejail/*.profile')
 source=("https://downloads.sourceforge.net/project/$pkgname/$pkgname/$pkgname-$pkgver.tar.bz2"
 'PKGBUILD'
 'PKGBUILD.sig'
-'001-addmoresecurity-firefox.patch')
+'001-addmoresecurity-firefox.patch'
+"$pkgname.install")
+install=("$pkgname.install")
 validpgpkeys=('CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697') # PKGBUILD Maintainer's key
 sha512sums=('a0c6715cbaf1043f2ea92b33da5884b6ed0993b3e5d03a3edd181b6663a696a2a60a44e0ad39fc9fcfd50d79eb5acb2f0f33452467bf50912f558ec23ebfc125'
             'SKIP'
             'SKIP'
-            'b1ce36df78882e9e3a9b9a6b043ce0c11b4de71cf400abf19ee808d45081f9bfc6a56911bc5befae9ac374e88fb1a57326770781b3aedb2fdd54a95e8443a441')
+            'b1ce36df78882e9e3a9b9a6b043ce0c11b4de71cf400abf19ee808d45081f9bfc6a56911bc5befae9ac374e88fb1a57326770781b3aedb2fdd54a95e8443a441'
+            'f573592cc977cc739d2913f75ebe1ab2642d1d7d638706c56bca792dce6014d88c8789341ddeae59307aa94f72f3ab178299652b71a62804b1b674433a89ec21')
 whirlpoolsums=('84792b384d4e578347a859354d5639be24c3b370c3c6c07d245bbd35b7d6adcac8f5f382e92dec55a3a53cc68ea00fb7071be01aa390b37df5e0768f00efd90e'
 'SKIP'
 'SKIP'
-'66ba5f7ca349c63170bd7ac83b7bc0c9472ad5bb18c243842f969f40475ebbb84c37bd3b837f21058294dc5da14674d07b74026dbcc324324fb94b6a8abfee4f')
+'66ba5f7ca349c63170bd7ac83b7bc0c9472ad5bb18c243842f969f40475ebbb84c37bd3b837f21058294dc5da14674d07b74026dbcc324324fb94b6a8abfee4f'
+'8f6848ad73bb498cb6a4f754a55094629443e7f56d669990e8e3f33415ba723d7ba47eb65737dd3ed918299665bf9bd455c25b5005caa74bb8c8dbb5e02ab4dc')
 
 prepare() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
 	sed -i '\|bash -c "if \[ ! -f /etc/firejail/login\.users | s|bash -c ".*"$|install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/\.|' Makefile.in ## Fix "backup entry file not in packag" warning.
 	patch ${srcdir}/${pkgname}-${pkgver}/etc/firefox.profile $srcdir/001-addmoresecurity-firefox.patch ## Add additional blacklists to FireFox profile for more security
+
+	## Remove non-libre program profiles.
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/dropbox.profile
+	sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile
+	sed -i 's|install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium.profile
+	sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile
+	sed -i 's|install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
+
+	rm ${srcdir}/${pkgname}-${pkgver}/etc/chromium-browser.profile
+	sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile
+	sed -i 's|install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.||'  ${srcdir}/${pkgname}-${pkgver}/Makefile.in
 }
 
 build() {
diff --git a/pcr/firejail/PKGBUILD.sig b/pcr/firejail/PKGBUILD.sig
index dffe257a1..b245ce73e 100644
--- a/pcr/firejail/PKGBUILD.sig
+++ b/pcr/firejail/PKGBUILD.sig
diff --git a/pcr/firejail/firejail.install b/pcr/firejail/firejail.install
new file mode 100644
index 000000000..e154e7dd7
--- /dev/null
+++ b/pcr/firejail/firejail.install
@@ -0,0 +1,119 @@
+pre_upgrade() {
+echo "Checking 26 firejail profiles for user modification, backing up as needed..."
+	FilesToCheck=(
+'/etc/firejail/audacious.profile'
+'/etc/firejail/clementine.profile'
+'/etc/firejail/deadbeef.profile'
+'/etc/firejail/deluge.profile'
+'/etc/firejail/disable-common.inc'
+'/etc/firejail/disable-mgmt.inc'
+'/etc/firejail/disable-secret.inc'
+'/etc/firejail/empathy.profile'
+'/etc/firejail/evince.profile'
+'/etc/firejail/filezilla.profile'
+'/etc/firejail/firefox.profile'
+'/etc/firejail/generic.profile'
+'/etc/firejail/gnome-mplayer.profile'
+'/etc/firejail/login.users'
+'/etc/firejail/midori.profile'
+'/etc/firejail/opera.profile'
+'/etc/firejail/pidgin.profile'
+'/etc/firejail/qbittorrent.profile'
+'/etc/firejail/quassel.profile'
+'/etc/firejail/rhythmbox.profile'
+'/etc/firejail/server.profile'
+'/etc/firejail/thunderbird.profile'
+'/etc/firejail/totem.profile'
+'/etc/firejail/transmission-gtk.profile'
+'/etc/firejail/transmission-qt.profile'
+'/etc/firejail/vlc.profile'
+'/etc/firejail/xchat.profile')
+
+OriginalFileHashes=(
+'53d86924bad531072cf279faa63e0a6a6c6ccb22aeae2ba7ddfc7dcab8b09b7a563aeab758cbcbf13ec5f7319066bb0fec3ba2356177e3b8449c58ee5929a766'
+'2c13c77de38d6a7c6513ee754e6cd3ca446019b0716b3db2fb90bb3befcc1bfa2de80a06255048e5f82571de076690ddd8c543ab12104f6843a520e7de042147'
+'9572631ca9551866c2af91f0fed148e2be6d9ec34dff7773d6589c7245d61e6d17f7421176cbfdeadc08289b0a0c4d74453e2d79eb847355506657e98440b924'
+'f730544fdc1a2db051cb73c02722c7f87f4d4536db6f853d1852ee19f527c17abb1ed91879a2b593d2704f8e63e99c4a46640187fe882d4aaced4f7c03c06c46'
+'fa89a0ccaa3d3018273b2b66cb3b6e21f0b4582ecde7139a2db3523497a4da14af8ccb969707a32f7ce2f4083405a942ce9af4212948469bd1b0cd8b438e525a'
+'d0808badde2e695b77900cf13f89503e23dc2a233e2489e8590551adef061390bdb77c815a7fb59a48a103340ea288832d00dd0a8ce78bd24595ca2f352c9f8f'
+'52f550486c4baa03c1327d75765c0edcc3397113fab4190e7644c53112810e5bbcc89cfc8b2c1147a724366a5dffd69dce334daaf4f3ae8e754e35bc38daeedc'
+'33251ba45f3f18397956ec28c6ba55e94c8638bf5b1c1de2c49d5383fc2d519f21b5e757e22f747811c1335e745607968aac1fdd93438276223c6b4c5b2bd954'
+'8f7f282ada4b557b78b33dd788753daf46b10dbdd2f7f72c25fc787ca98cf99d8a45c0db54d60fa0b1bd912cbbda95bb845d373c865e9b1884b1d3e480ec2b85'
+'1088d1921b3c335789fc38e05fe7a898c9615f8fb769d388b6c6d02280891dc64b8b648351b2d5edff62298b46ed21792c0ffc611858697ae02455c5ae8993a7'
+'c7b3bca2f1f9fa0a2769754fc8c341a5e2a9e67613a3329e59797a93dcb5fc41c4c8d08196c41d236e4878bd48fcd44fd1737aa6971a4df2a192da522b96cac4'
+'a60b88a35228f3f8b4a3acd3dce527f3b873b095f1cf28a701baa5b310ad8b85e36ad633c8ddf8c2378a1d40c634164ada63764da1f9750507e55717affe8f46'
+'16777da4a6552b7a39909d7faae0aff13a7e82887409a548433a0575443cf45fa28ecfdd8d43e146a6afa5a5a7298c64aa878bc6d82d2a7b8a2ca666cdb8d2c4'
+'672fa8b25ed28a07efb41fad6415c9fa96ce4bf4f4a1a6412595afb309ef6c1e67033ee256f997c32e9abe25bd6a100160ff12f2235c9be289c223547d03ca95'
+'6aa7ee675b9607313056f9ab70085e9bac7c1cc3b88f3134da3bb7052100b39ed6553b261044be3f87c283543f1231eda1145392536f2a02cf97ba7d5657e969'
+'1864b178483193f7a5360685573ce1c60f383924a2dd34dcd218f063b4ce6a12ca4a065a9881f685c11f7ce63cc75b822836491fcbe042c0825d432bc4fb58df'
+'8be0eef7d351f68343ec3cb14dbafab0bcac604b216f5f18f3624be1270c2a223b5a4560197c0e565c40005f28a640743736d873bf3bc47dcb3df6e5746e9031'
+'16ed951fafad9d07c294b80be98f694fdc47dd525c8373ac83317cb0f1665bfa70111a7eaeeda09eff3544b45507277c12c9d8618958ec38b17e1307daccca70'
+'c89b5fcd02d17fcb65661bcd8ac7d230f11b8ed0c50db864bd70e4d077bac1a210526bfc4ced54dbd5e5fc62520b5b9d51c3ede841c1fc1a29afceece9062303'
+'8eb8ed39164a8d2a50c06447da745be719eb02005dcdc483d5751a8e2f2390f7329845f3e9022c6fb71814f67b31aa7468fe958d2783c67276e3fc3120bef04b'
+'bcc313205c260117e40fac28fc1a282b5f36a97bd7252780c628bfc48971ec2aadd99209442600d3b52b78e932982549baf0c9ba1e791f3ea7fe451e7e7a03a3'
+'d739970917e87e89dc746e749f0c8bfe6cce22dd1864d2f115758627f934916aabe5d01c3c5cbe60866a1c0a1d6908df2cd1126d1d78301216678f9ab13f2a9a'
+'8a65f7e84c2071869a64a493fe6ce74ef77b50f8f34c6b6cdd4e987740a3628cbf2dd02791ff89d53b7b01c1857ab4d8dba8fd5b30e82ccecb294d6bcf4e4bf3'
+'25800523958101d249b96c994fb33bb1e2c646f6af4af6adcedf9aab993a5ae3d3a72dcc340cbabcb9bc0d07cb64155ae21ba6ce87a984594741b1bb806a0b75'
+'a2ad0be0e77719ad5bea6167692629f5c8cc5cfaecbdf98ecf32ddd8877aac443ddd20a7201adab202b3497394c700c69de533eb493f8203ebb36b887f78d258'
+'a28765a1d99dadcf4bf47774b18305167f81d136b8588420b675ee998f5d0077018d9142269968912b5e4a91559ab3a9e4fe9e8c4b0ed11cb4faa543042fb63d'
+'f4ee69f5ef1487ae2b269e43c9bc61fefac168134611bcd10f3dfc2b259430815391a3e89724e8f4830d4a9effe8827ec49237453421f4ffb4f276c0362043ef')
+
+## Uses above arrays to check if file's original hash matches, if not the file was edited, so we save a backup and notify the user.
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[0]} | awk '{print $1}')" = ${OriginalFileHashes[0]} ]] || { cat "${FilesToCheck[0]}" > "${FilesToCheck[0]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[0]}.pacsave"; } 
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[1]} | awk '{print $1}')" = ${OriginalFileHashes[1]} ]] || { cat "${FilesToCheck[1]}" > "${FilesToCheck[1]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[1]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[2]} | awk '{print $1}')" = ${OriginalFileHashes[2]} ]] || { cat "${FilesToCheck[2]}" > "${FilesToCheck[2]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[2]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[3]} | awk '{print $1}')" = ${OriginalFileHashes[3]} ]] || { cat "${FilesToCheck[3]}" > "${FilesToCheck[3]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[3]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[4]} | awk '{print $1}')" = ${OriginalFileHashes[4]} ]] || { cat "${FilesToCheck[4]}" > "${FilesToCheck[4]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[4]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[5]} | awk '{print $1}')" = ${OriginalFileHashes[5]} ]] || { cat "${FilesToCheck[5]}" > "${FilesToCheck[5]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[5]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[6]} | awk '{print $1}')" = ${OriginalFileHashes[6]} ]] || { cat "${FilesToCheck[6]}" > "${FilesToCheck[6]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[6]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[7]} | awk '{print $1}')" = ${OriginalFileHashes[7]} ]] || { cat "${FilesToCheck[7]}" > "${FilesToCheck[7]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[7]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[8]} | awk '{print $1}')" = ${OriginalFileHashes[8]} ]] || { cat "${FilesToCheck[8]}" > "${FilesToCheck[8]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[8]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[9]} | awk '{print $1}')" = ${OriginalFileHashes[9]} ]] || { cat "${FilesToCheck[9]}" > "${FilesToCheck[9]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[9]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[10]} | awk '{print $1}')" = ${OriginalFileHashes[10]} ]] || { cat "${FilesToCheck[10]}" > "${FilesToCheck[10]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[10]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[11]} | awk '{print $1}')" = ${OriginalFileHashes[11]} ]] || { cat "${FilesToCheck[11]}" > "${FilesToCheck[11]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[11]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[12]} | awk '{print $1}')" = ${OriginalFileHashes[12]} ]] || { cat "${FilesToCheck[12]}" > "${FilesToCheck[12]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[12]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[13]} | awk '{print $1}')" = ${OriginalFileHashes[13]} ]] || { cat "${FilesToCheck[13]}" > "${FilesToCheck[13]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[13]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[14]} | awk '{print $1}')" = ${OriginalFileHashes[14]} ]] || { cat "${FilesToCheck[14]}" > "${FilesToCheck[14]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[14]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[15]} | awk '{print $1}')" = ${OriginalFileHashes[15]} ]] || { cat "${FilesToCheck[15]}" > "${FilesToCheck[15]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[15]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[16]} | awk '{print $1}')" = ${OriginalFileHashes[16]} ]] || { cat "${FilesToCheck[16]}" > "${FilesToCheck[16]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[16]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[17]} | awk '{print $1}')" = ${OriginalFileHashes[17]} ]] || { cat "${FilesToCheck[17]}" > "${FilesToCheck[17]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[17]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[18]} | awk '{print $1}')" = ${OriginalFileHashes[18]} ]] || { cat "${FilesToCheck[18]}" > "${FilesToCheck[18]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[18]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[19]} | awk '{print $1}')" = ${OriginalFileHashes[19]} ]] || { cat "${FilesToCheck[19]}" > "${FilesToCheck[19]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[19]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[20]} | awk '{print $1}')" = ${OriginalFileHashes[20]} ]] || { cat "${FilesToCheck[20]}" > "${FilesToCheck[20]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[20]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[21]} | awk '{print $1}')" = ${OriginalFileHashes[21]} ]] || { cat "${FilesToCheck[21]}" > "${FilesToCheck[21]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[21]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[22]} | awk '{print $1}')" = ${OriginalFileHashes[22]} ]] || { cat "${FilesToCheck[22]}" > "${FilesToCheck[22]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[22]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[23]} | awk '{print $1}')" = ${OriginalFileHashes[23]} ]] || { cat "${FilesToCheck[23]}" > "${FilesToCheck[23]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[23]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[24]} | awk '{print $1}')" = ${OriginalFileHashes[24]} ]] || { cat "${FilesToCheck[24]}" > "${FilesToCheck[24]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[24]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[25]} | awk '{print $1}')" = ${OriginalFileHashes[25]} ]] || { cat "${FilesToCheck[25]}" > "${FilesToCheck[25]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[25]}.pacsave"; }
+
+[[ "$(openssl dgst -r -whirlpool ${FilesToCheck[26]} | awk '{print $1}')" = ${OriginalFileHashes[26]} ]] || { cat "${FilesToCheck[26]}" > "${FilesToCheck[26]}.pacsave" ;  echo "Backup saved: ${FilesToCheck[26]}.pacsave"; }
+
+echo "Done!"
+
+}
+\ No newline at end of file
author	Gaming4JC <g4jc@openmailbox.org>	2015-08-28 23:03:11 -0400
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-09-22 16:14:58 -0300
commit	e0cbe4fbf5c8a5e14b94b776f2e74195c4006fe8 (patch)
tree	daccdeda33610c6d23e3d340cb2adc8eaf50359b /pcr/firejail
parent	90cdef590d9a809d8aaa379d7b7af0a7be21669a (diff)