Sandbox methods with seccomp-BPF; except cdrom, gpgv, rsh

This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
author: Julian Andres Klode <jak@debian.org> 2017-10-22 23:34:03 +0200
committer: Julian Andres Klode <jak@debian.org> 2017-10-22 23:38:31 +0200
commit: 32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree: 3234d16c59f85a84a02371e6ef2f0bc79af42738 /prepare-release
parent: 9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/prepare-release b/prepare-release
index e12ca2dc9..e9e9362da 100755
--- a/prepare-release
+++ b/prepare-release
@@ -40,6 +40,7 @@ test_deb_control() {
 	  | sed -r -e 's#<[^,<>()@]*>##g' \
 	           -e 's#@[^,<>()@]*@##g' \
 	           -e 's#\[linux-any\]*##g' \
+	           -e 's#\[[^][]*\]*##g' \
 	           -e 's#dpkg-dev \([^)]*\)#dpkg-dev#g' \
 	           -e 's#debhelper \([^)]*\)#debhelper#g' \
 	           -e 's#g\+\+ \([^)]*\)#g++#g' \
author	Julian Andres Klode <jak@debian.org>	2017-10-22 23:34:03 +0200
committer	Julian Andres Klode <jak@debian.org>	2017-10-22 23:38:31 +0200
commit	32bcbd73e0988d2d2237690ffae33b4f5cc5ff81 (patch)
tree	3234d16c59f85a84a02371e6ef2f0bc79af42738 /prepare-release
parent	9130b5f9304b7f58273a826ff9acf04e10c6f98e (diff)