Last active
June 10, 2017 01:21
-
-
Save glitsj16/b4ebddfdc4af93d4aeef9fd6bfcc2ca3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
## build & install firejail from git via checkinstall | |
#+ assumptions: | |
#+ expects presence of $HOME/Downloads/deb.control.firejail | |
#+ which offers a template for creating a nice .deb | |
#+ content is in comment attched to this gist | |
### vars | |
package="firejail" | |
repo_url="https://github.com/netblue30/firejail.git" | |
### logic | |
cd "$HOME" | |
# compile in tmpfs | |
bz_tmpfs="/tmp/bz-${package}" | |
[ ! -d ${bz_tmpfs} ] && mkdir -p ${bz_tmpfs} | |
cd "$bz_tmpfs" | |
git clone "$repo_url" | |
if [ ! $? -eq 0 ]; then | |
echo "O.o --> repo cloning failed - aborting" | |
exit 1 | |
fi | |
cd "$package" | |
# patches go here | |
# helpers | |
thisRelease="$(printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" | sed 's/^v//;s/-/./g')" | |
thisVersion="$(grep -m 1 firejail ./RELNOTES | awk '{split($0,a," "); print a[2]}' | sed 's/(//' | sed 's/)//')" | |
thisDebVersion="$thisVersion-$thisRelease" | |
# configure & compile | |
./configure --prefix=/usr --enable-apparmor | |
make || exit 1 | |
# initial deb | |
sudo checkinstall -y --pkgname "$package" --pkgversion "$thisVersion" --pkgrelease "$thisRelease" --install=no | |
### deb re-assembling magic | |
dpkg-deb --extract ./*.deb ./tbotnik | |
dpkg-deb --control ./*.deb ./tbotnik/DEBIAN | |
# move our template control file into place & modify the version # | |
cat "${HOME}/Downloads/deb.control.${package}" | sed "s/<version>/${thisDebVersion}/g" > ./tbotnik/DEBIAN/control | |
# add firejail profiles to DEBIAN/conffiles | |
ls -1 ./tbotnik/etc/firejail/ > ./tbotnik/DEBIAN/conffiles | |
sed -i -e 's/^/\/etc\/firejail\//' ./tbotnik/DEBIAN/conffiles | |
# correct the doc files | |
rm ./tbotnik/usr/share/doc/firejail/COPYING ./tbotnik/usr/share/doc/firejail/*.md | |
# gzip the changelog | |
gzip -c ./tbotnik/usr/share/doc/firejail/RELNOTES > ./tbotnik/usr/share/doc/firejail/changelog.Debian.gz | |
rm ./tbotnik/usr/share/doc/firejail/RELNOTES | |
# strip binaries & libs | |
strip ./tbotnik/usr/bin/firejail | |
strip ./tbotnik/usr/lib/firejail/libtrace.so | |
# set correct file ownership inside the deb | |
sudo chown -R root:root ./tbotnik | |
# the above drops the setuid root on firejail's binary! | |
#+ make sure to correct that | |
sudo chmod 4755 ./tbotnik/usr/bin/firejail | |
# re-assemble the deb in our Downloads folder | |
dpkg-deb -b ./tbotnik $HOME/Downloads | |
### install & notification | |
if [ $? -eq 0 ]; then | |
echo "installing.." | |
sudo dpkg -i ${HOME}/Downloads/${package}_*.deb | |
if [ $? -eq 0 ]; then | |
echo "" | |
echo "${package} upgraded" | |
rm -f ${HOME}/Downloads/${package}_*.deb > /dev/null 2>&1 & | |
else | |
echo "" | |
echo "${package} ready for manual install via dpkg in ~/Downloads" | |
fi | |
else | |
echo "" | |
echo "${package} build error" | |
exit 1 | |
fi | |
### post-install commands | |
cd "$HOME" | |
# remove tmpfs buildzone | |
sudo rm -fr "$bz_tmpfs" & | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@TBotNik You'll need to chmod +x the script (rename it to whatever you want) and put the content of the above comment into
$HOME/Downloads/deb.control.firejail
or edit path of where you put that inside the script.Regards