isolate/isolate.spec at master · ReCodEx/isolate · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
%define name isolate
%define version 1.8.3
%define unmangled_version 8d62c0e84ead86d0103790d57d2a4922158db856
%define release 4
# %define boxdir %{_sharedstatedir}/%{name}
%define boxdir /var/local/lib/%{name}
%define confdir %{_sysconfdir}/%{name}
%define conffile %{confdir}/default.cf

Summary: Isolate sandbox built for safely running untrusted executables
Name: %{name}
Version: %{version}
Release: %{release}
Source0: https://github.com/ReCodEx/%{name}/archive/%{unmangled_version}.tar.gz#/%{name}-%{unmangled_version}.tar.gz
# Patch0: https://raw.githubusercontent.com/ReCodEx/utils/master/isolate-fix-rlimit-nofile.patch
License: GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Prefix: %{_prefix}
Url: https://github.com/ReCodEx/isolate
BuildRequires: gcc asciidoc libcap-devel
Requires: libcap

%global debug_package %{nil}

%description
Isolate is a sandbox built to safely run untrusted executables, offering them a
limited-access environment and preventing them from affecting the host system.
It takes advantage of features specific to the Linux kernel, like namespaces
and control groups.

%prep
%autosetup -n %{name}-%{unmangled_version}

%build
%make_build BINDIR=%{_bindir} CONFIG=%{conffile}

%install
mkdir -p %{buildroot}%{confdir} %{buildroot}%{boxdir}
%make_install BINDIR=%{buildroot}%{_bindir} CONFIG=%{buildroot}%{conffile} BOXDIR=%{buildroot}%{boxdir}
make install-doc MANDIR=%{buildroot}/%{_mandir}

%clean
make clean

%post

%postun

%pre

%preun

%files
%defattr(-,root,root)
%dir %{confdir}
%dir %{boxdir}

%{_bindir}/%{name}
%{_bindir}/isolate-check-environment
%config(noreplace) %{conffile}
%{_mandir}/man1/%{name}.1.gz

%changelog