diff options
author | netblue30 <netblue30@protonmail.com> | 2022-05-30 11:45:24 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-05-30 11:45:24 -0400 |
commit | 74876f2b4e35ae341f5031df43fb65c66cbdad7f (patch) | |
tree | 1d89979af7c8f91f48f6946552580669456531f6 | |
parent | merges (diff) | |
parent | Merge pull request #5154 from kmk3/build-clean-up-dist (diff) | |
download | firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.gz firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.zst firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.zip |
Merge branch 'master' of ssh://github.com/netblue30/firejail
-rw-r--r-- | .gitlab-ci.yml | 2 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rwxr-xr-x | contrib/fj-mkdeb.py | 38 | ||||
-rw-r--r-- | etc/profile-a-l/kate.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/seamonkey.profile | 4 | ||||
-rwxr-xr-x | mkdeb.sh.in | 14 |
6 files changed, 28 insertions, 37 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4871ef031..af590e2e1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml | |||
@@ -54,7 +54,7 @@ build_apparmor: | |||
54 | script: | 54 | script: |
55 | - apt-get update -qq | 55 | - apt-get update -qq |
56 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk | 56 | - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk |
57 | - ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb | 57 | - ./configure && make deb-apparmor && dpkg -i firejail*.deb |
58 | - command -V firejail && firejail --version | 58 | - command -V firejail && firejail --version |
59 | - firejail --version | grep -F 'AppArmor support is enabled' | 59 | - firejail --version | grep -F 'AppArmor support is enabled' |
60 | 60 | ||
diff --git a/Makefile.in b/Makefile.in index 0e80fb43a..7d961213a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -222,7 +222,7 @@ deb: dist | |||
222 | ./mkdeb.sh | 222 | ./mkdeb.sh |
223 | 223 | ||
224 | deb-apparmor: dist | 224 | deb-apparmor: dist |
225 | ./mkdeb.sh -apparmor | 225 | ./mkdeb.sh -apparmor --enable-apparmor |
226 | 226 | ||
227 | test-compile: dist | 227 | test-compile: dist |
228 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) | 228 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) |
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 60e25fd14..f6611bee8 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py | |||
@@ -3,9 +3,10 @@ | |||
3 | # Copyright (C) 2014-2022 Firejail Authors | 3 | # Copyright (C) 2014-2022 Firejail Authors |
4 | # License GPL v2 | 4 | # License GPL v2 |
5 | 5 | ||
6 | # This script automates the workaround for https://github.com/netblue30/firejail/issues/772 | 6 | # This script automates the creation of a .deb package. It was originally |
7 | # created to work around https://github.com/netblue30/firejail/issues/772 | ||
7 | 8 | ||
8 | import os, shlex, subprocess, sys | 9 | import os, subprocess, sys |
9 | 10 | ||
10 | 11 | ||
11 | def run(srcdir, args): | 12 | def run(srcdir, args): |
@@ -15,35 +16,29 @@ def run(srcdir, args): | |||
15 | print('Error: Not a firejail source tree? Exiting.') | 16 | print('Error: Not a firejail source tree? Exiting.') |
16 | return 1 | 17 | return 1 |
17 | 18 | ||
18 | dry_run = False | 19 | # Ignore unsupported arguments. |
19 | escaped_args = [] | ||
20 | # We need to modify the list as we go. So be sure to copy the list to be iterated! | ||
21 | for a in args[:]: | 20 | for a in args[:]: |
22 | if a.startswith('--prefix'): | 21 | if a.startswith('--prefix'): |
23 | # prefix should ALWAYS be /usr here. Discard user-set values | 22 | # prefix should ALWAYS be /usr here. Discard user-set values |
24 | args.remove(a) | 23 | args.remove(a) |
25 | elif a == '--only-fix-mkdeb': | 24 | |
26 | # for us, not configure | 25 | # Remove generated files. |
27 | dry_run = True | 26 | distclean = subprocess.call(['make', 'distclean']) |
28 | args.remove(a) | 27 | if distclean != 0: |
29 | else: | 28 | return distclean |
30 | escaped_args.append(shlex.quote(a)) | ||
31 | 29 | ||
32 | # Run configure to generate mkdeb.sh. | 30 | # Run configure to generate mkdeb.sh. |
33 | first_config = subprocess.call(['./configure', '--prefix=/usr'] + args) | 31 | first_config = subprocess.call(['./configure', '--prefix=/usr'] + args) |
34 | if first_config != 0: | 32 | if first_config != 0: |
35 | return first_config | 33 | return first_config |
36 | 34 | ||
37 | # Fix up dynamically-generated mkdeb.sh to include custom configure options. | 35 | # Create the dist file used by mkdeb.sh. |
38 | with open('mkdeb.sh', 'rb') as f: | 36 | make_dist = subprocess.call(['make', 'dist']) |
39 | sh = str(f.read(), 'utf_8') | 37 | if make_dist != 0: |
40 | with open('mkdeb.sh', 'wb') as f: | 38 | return make_dist |
41 | f.write(bytes(sh.replace('./configure $CONFIG_ARGS', | ||
42 | './configure $CONFIG_ARGS ' + (' '.join(escaped_args))), 'utf_8')) | ||
43 | |||
44 | if dry_run: return 0 | ||
45 | 39 | ||
46 | return subprocess.call(['make', 'deb']) | 40 | # Run mkdeb.sh with the custom configure options. |
41 | return subprocess.call(['./mkdeb.sh'] + args) | ||
47 | 42 | ||
48 | 43 | ||
49 | if __name__ == '__main__': | 44 | if __name__ == '__main__': |
@@ -51,13 +46,12 @@ if __name__ == '__main__': | |||
51 | print('''Build a .deb of firejail with custom configure options | 46 | print('''Build a .deb of firejail with custom configure options |
52 | 47 | ||
53 | usage: | 48 | usage: |
54 | {script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]] | 49 | {script} [--fj-src=SRCDIR] [CONFIGURE_OPTIONS [...]] |
55 | 50 | ||
56 | --fj-src=SRCDIR: manually specify the location of firejail source tree | 51 | --fj-src=SRCDIR: manually specify the location of firejail source tree |
57 | as SRCDIR. If not specified, looks in the parent directory | 52 | as SRCDIR. If not specified, looks in the parent directory |
58 | of the directory where this script is located, and then the | 53 | of the directory where this script is located, and then the |
59 | current working directory, in that order. | 54 | current working directory, in that order. |
60 | --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh | ||
61 | CONFIGURE_OPTIONS: arguments for configure | 55 | CONFIGURE_OPTIONS: arguments for configure |
62 | '''.format(script=sys.argv[0])) | 56 | '''.format(script=sys.argv[0])) |
63 | sys.exit(0) | 57 | sys.exit(0) |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 8c340d536..9eadaec12 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/katerc | |||
14 | noblacklist ${HOME}/.config/kateschemarc | 14 | noblacklist ${HOME}/.config/kateschemarc |
15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
16 | noblacklist ${HOME}/.config/katevirc | 16 | noblacklist ${HOME}/.config/katevirc |
17 | noblacklist ${HOME}/.config/kwinrc | ||
17 | noblacklist ${HOME}/.local/share/kate | 18 | noblacklist ${HOME}/.local/share/kate |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate | 19 | noblacklist ${HOME}/.local/share/kxmlgui5/kate |
19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree | 20 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree |
@@ -22,6 +23,9 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | |||
22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart | 23 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart |
23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject | 24 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject |
24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch | 25 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch |
26 | noblacklist /etc/profile.d | ||
27 | |||
28 | include allow-common-devel.inc | ||
25 | 29 | ||
26 | include disable-common.inc | 30 | include disable-common.inc |
27 | # include disable-devel.inc | 31 | # include disable-devel.inc |
@@ -48,7 +52,6 @@ novideo | |||
48 | protocol unix | 52 | protocol unix |
49 | seccomp | 53 | seccomp |
50 | shell none | 54 | shell none |
51 | tracelog | ||
52 | 55 | ||
53 | # private-bin kate,kbuildsycoca4,kdeinit4 | 56 | # private-bin kate,kbuildsycoca4,kdeinit4 |
54 | private-dev | 57 | private-dev |
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index e67e51620..5210a594c 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile | |||
@@ -7,6 +7,7 @@ include seamonkey.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.gnupg | ||
10 | noblacklist ${HOME}/.mozilla | 11 | noblacklist ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.local/share/pki | 12 | noblacklist ${HOME}/.local/share/pki |
12 | noblacklist ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
@@ -17,6 +18,7 @@ include disable-interpreters.inc | |||
17 | include disable-programs.inc | 18 | include disable-programs.inc |
18 | 19 | ||
19 | mkdir ${HOME}/.cache/mozilla | 20 | mkdir ${HOME}/.cache/mozilla |
21 | mkdir ${HOME}/.gnupg | ||
20 | mkdir ${HOME}/.mozilla | 22 | mkdir ${HOME}/.mozilla |
21 | mkdir ${HOME}/.local/share/pki | 23 | mkdir ${HOME}/.local/share/pki |
22 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
@@ -26,6 +28,7 @@ whitelist ${HOME}/.cache/mozilla | |||
26 | whitelist ${HOME}/.config/gnome-mplayer | 28 | whitelist ${HOME}/.config/gnome-mplayer |
27 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 29 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
28 | whitelist ${HOME}/.config/pipelight-widevine | 30 | whitelist ${HOME}/.config/pipelight-widevine |
31 | whitelist ${HOME}/.gnupg | ||
29 | whitelist ${HOME}/.keysnail.js | 32 | whitelist ${HOME}/.keysnail.js |
30 | whitelist ${HOME}/.lastpass | 33 | whitelist ${HOME}/.lastpass |
31 | whitelist ${HOME}/.local/share/pki | 34 | whitelist ${HOME}/.local/share/pki |
@@ -53,3 +56,4 @@ tracelog | |||
53 | 56 | ||
54 | disable-mnt | 57 | disable-mnt |
55 | # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl | 58 | # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl |
59 | writable-run-user | ||
diff --git a/mkdeb.sh.in b/mkdeb.sh.in index 6d6981417..79f8d748c 100755 --- a/mkdeb.sh.in +++ b/mkdeb.sh.in | |||
@@ -9,20 +9,10 @@ | |||
9 | set -e | 9 | set -e |
10 | NAME=@PACKAGE_NAME@ | 10 | NAME=@PACKAGE_NAME@ |
11 | VERSION=@PACKAGE_VERSION@ | 11 | VERSION=@PACKAGE_VERSION@ |
12 | PACKAGE_TARNAME=@PACKAGE_TARNAME@ | ||
13 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
14 | HAVE_SELINUX=@HAVE_SELINUX@ | ||
15 | EXTRA_VERSION=$1 | 12 | EXTRA_VERSION=$1 |
16 | 13 | ||
17 | CONFIG_ARGS="--prefix=/usr" | 14 | test "$#" -gt 0 && shift |
18 | if [ -n "$HAVE_APPARMOR" ]; then | ||
19 | CONFIG_ARGS="$CONFIG_ARGS --enable-apparmor" | ||
20 | fi | ||
21 | if [ -n "$HAVE_SELINUX" ]; then | ||
22 | CONFIG_ARGS="$CONFIG_ARGS --enable-selinux" | ||
23 | fi | ||
24 | 15 | ||
25 | TOP="$PWD" | ||
26 | CODE_ARCHIVE="$NAME-$VERSION.tar.xz" | 16 | CODE_ARCHIVE="$NAME-$VERSION.tar.xz" |
27 | CODE_DIR="$NAME-$VERSION" | 17 | CODE_DIR="$NAME-$VERSION" |
28 | INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" | 18 | INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" |
@@ -38,7 +28,7 @@ echo "*****************************************" | |||
38 | tar -xJvf "$CODE_ARCHIVE" | 28 | tar -xJvf "$CODE_ARCHIVE" |
39 | #mkdir -p "$INSTALL_DIR" | 29 | #mkdir -p "$INSTALL_DIR" |
40 | cd "$CODE_DIR" | 30 | cd "$CODE_DIR" |
41 | ./configure $CONFIG_ARGS | 31 | ./configure --prefix=/usr "$@" |
42 | make -j2 | 32 | make -j2 |
43 | mkdir debian | 33 | mkdir debian |
44 | DESTDIR=debian make install-strip | 34 | DESTDIR=debian make install-strip |