blob: bdcd93e698bb569797633ede6d8b7a8fd47eff88 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Maintainer: German IOI Coaches <coaches@informatik-olympiade.de>
# Maintainer: Alexandre Macabies <web+oss@zopieux.com>
# Maintainer: Antoine Pietri <antoine.pietri@lrde.epita.fr>
# Maintainer: William Di Luigi <williamdiluigi@gmail.com>
pkgname=isolate-git
pkgver=r236.303b958
pkgrel=1
pkgdesc="Sandbox for securely executing untrusted programs"
arch=('i686' 'x86_64')
url="https://github.com/ioi/isolate"
license=('GPL-2.0-or-later')
depends=('systemd-libs' 'libcap' 'glibc')
makedepends=('git' 'gcc' 'asciidoc')
provides=('isolate')
conflicts=('isolate')
install=$pkgname.install
source=('git+https://github.com/ioi/isolate.git' 'servicefile-path.patch')
sha512sums=('SKIP'
'125b4d1dac18e17d84e9fdede28a450f21b96bb9c4a0ca4c07ff1d49862c04a5579735edc2e5f3309ddc0a7076c7ffe9af772aa454e9f5a3562efa7e8ecec5cd')
pkgver() {
cd isolate
printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)"
}
build() {
cd isolate
make PREFIX="/usr" VARPREFIX="/var" CONFIGDIR="/etc" isolate isolate.1
}
package() {
cd isolate
make PREFIX="$pkgdir/usr" VARPREFIX="$pkgdir/var" CONFIGDIR="$pkgdir/etc" SBINDIR="$pkgdir/usr/bin" install install-doc
patch systemd/isolate.service < ../servicefile-path.patch
install -D -t "$pkgdir/usr/lib/systemd/system/" systemd/isolate.service systemd/isolate.slice
# Patch the configuration file so that it uses a standard directory
sed -i "s|/var/local/lib/isolate|/var/lib/isolate|" "$pkgdir/etc/isolate"
# The isolate binary has the setuid bit set (to run as root without sudo)
# however we should let only the owner and the group be able to run it:
chmod o-x "$pkgdir/usr/bin/isolate"
}
|