diff options
| author |   B. Watson | 2024-02-21 22:49:33 +0100 |
|---|---|---|
| committer |   Willy Sudiarto Raharjo | 2024-03-02 03:19:48 +0100 |
| commit | 342321e5e93b858bbf5887bdda6578b661f565ab (patch) | |
| tree | 5dd8879da8317256978966486f892e5882a04fe9 /system | |
| parent | 618371be5a6a812a019452fbe45a0a703e0f82ba (diff) | |
| download | slackbuilds-342321e5e93b858bbf5887bdda6578b661f565ab.tar.gz | |
system/pledge: New maintainer, minor fixes.
Signed-off-by: B. Watson <urchlay@slackware.uk>
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system')
| -rw-r--r-- | system/pledge/README | 16 | ||||
| -rw-r--r-- | system/pledge/pledge.SlackBuild | 60 | ||||
| -rw-r--r-- | system/pledge/pledge.info | 4 | ||||
| -rw-r--r-- | system/pledge/slack-desc | 10 |
4 files changed, 39 insertions, 51 deletions
diff --git a/system/pledge/README b/system/pledge/README index 9a2f7852af..03786d47c8 100644 --- a/system/pledge/README +++ b/system/pledge/README @@ -1,10 +1,16 @@ +pledge (OpenBSD command and syscall implementation for Linux) + pledge is a port of OpenBSD's syscall to Linux by Justine Tunney. -This script builds a shared library (used to be injected via LD_PRELOAD) -and a command line utility to restrict program exection privileges and -limit parameters as maximum niceness, cpu time, virtual memory, file -descriptors, child proccess and individual file sizes. +This script builds a shared library (to be injected via LD_PRELOAD) +and a command line utility to restrict program execution privileges +and limit parameters such as maximum niceness, cpu time, virtual +memory, file descriptors, child processes, and individual file sizes. + +For more info, see: https://justine.lol/pledge/ + https://github.com/jart/pledge -NOTE: +NOTES: +* pledge doesn't support 32-bit x86 * pledge help is available via the -h option * to run pledge at glibc executable load time: strace -vff bash -c \ diff --git a/system/pledge/pledge.SlackBuild b/system/pledge/pledge.SlackBuild index 984030c4d9..d7b4ea6c9f 100644 --- a/system/pledge/pledge.SlackBuild +++ b/system/pledge/pledge.SlackBuild @@ -2,36 +2,25 @@ # Slackware build script for pledge -# Copyright 2023 Juan M. Lasca <juanmlasca@gmail.com> -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# Original author 2023 Juan M. Lasca <email removed> +# Modified and now maintained by B. Watson <urchlay@slackware.uk> + +# Licensed under the WTFPL. See http://www.wtfpl.net/txt/copying/ for details. + +# 20240221 bkw: BUILD=2 +# - Take over maintenance +# - Relicense as WTFPL (per mailing list) +# - Fix minor grammar/spelling issues in README and slack-desc cd $(dirname $0) ; CWD=$(pwd) PRGNAM=pledge VERSION=${VERSION:-20230908_8693ebe} COMMIT=8693ebe15a30bd4235165ad72a469da29ca067cf -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} - if [ -z "$ARCH" ]; then case "$( uname -m )" in i?86) ARCH=i586 ;; @@ -75,27 +64,20 @@ rm -rf $PRGNAM-$COMMIT tar xvf $CWD/$PRGNAM-$COMMIT.tar.gz cd $PRGNAM-$COMMIT chown -R root:root . -find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ - -o -perm 511 \) -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; - - -make CFLAGS="$SLKCFLAGS" CXXFLAGS="$SLKCFLAGS" +find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} + -o \ + \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} + -mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/$PRGNAM $PKG/usr/bin; -mv o/pledge o/sandbox.so $PKG/usr/lib${LIBDIRSUFFIX}/$PRGNAM; -$(cd $PKG/usr/bin; ln -s ../lib${LIBDIRSUFFIX}/$PRGNAM/pledge . ); +make CFLAGS="$SLKCFLAGS" -find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true +LIB=$PKG/usr/lib$LIBDIRSUFFIX/$PRGNAM +mkdir -p $LIB $PKG/usr/bin +install -s -m0755 o/pledge o/sandbox.so $LIB +ln -s ../lib$LIBDIRSUFFIX/$PRGNAM/pledge $PKG/usr/bin -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a \ - README.md LICENSE \ - $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +PKGDOC=$PKG/usr/doc/$PRGNAM-$VERSION +mkdir -p $PKGDOC +cp -a README.md LICENSE $PKGDOC +cat $CWD/$PRGNAM.SlackBuild > $PKGDOC/$PRGNAM.SlackBuild mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc diff --git a/system/pledge/pledge.info b/system/pledge/pledge.info index 0a39aba6b1..0ff564b850 100644 --- a/system/pledge/pledge.info +++ b/system/pledge/pledge.info @@ -6,5 +6,5 @@ MD5SUM="" DOWNLOAD_x86_64="https://github.com/jart/pledge/archive/8693ebe/pledge-8693ebe15a30bd4235165ad72a469da29ca067cf.tar.gz" MD5SUM_x86_64="f0414cbb1c6553c891afb8bae61595a3" REQUIRES="" -MAINTAINER="Juan M. Lasca" -EMAIL="juanmlasca@gmail.com" +MAINTAINER="B. Watson" +EMAIL="urchlay@slackware.uk" diff --git a/system/pledge/slack-desc b/system/pledge/slack-desc index 82f672b9d1..2cb8b45ddf 100644 --- a/system/pledge/slack-desc +++ b/system/pledge/slack-desc @@ -8,12 +8,12 @@ |-----handy-ruler------------------------------------------------------| pledge: pledge (OpenBSD command and syscall implementation for Linux) pledge: -pledge: SECCOMP based library command line program to limit app execution -pledge: privileges by Justine Tunney. +pledge: pledge is a port of OpenBSD's syscall to Linux by Justine Tunney. +pledge: This script builds a shared library (to be injected via LD_PRELOAD) +pledge: and a command line utility to restrict program execution privileges +pledge: and limit parameters such as maximum niceness, cpu time, virtual +pledge: memory, file descriptors, child processes, and individual file sizes. pledge: pledge: For more info, see: https://justine.lol/pledge/ pledge: https://github.com/jart/pledge pledge: -pledge: -pledge: -pledge: |