Merge branch 'master' of ssh://github.com/netblue30/firejail

author: netblue30 <netblue30@protonmail.com> 2022-05-30 11:45:24 -0400
committer: netblue30 <netblue30@protonmail.com> 2022-05-30 11:45:24 -0400
commit: 74876f2b4e35ae341f5031df43fb65c66cbdad7f (patch)
tree: 1d89979af7c8f91f48f6946552580669456531f6
parent: merges (diff)
parent: Merge pull request #5154 from kmk3/build-clean-up-dist (diff)
download: firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.gz
firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.zst
firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.zip
6 files changed, 28 insertions, 37 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4871ef031..af590e2e1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -54,7 +54,7 @@ build_apparmor:
    script:
        - apt-get update -qq
        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
-        - ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb
+        - ./configure && make deb-apparmor && dpkg -i firejail*.deb
        - command -V firejail && firejail --version
        - firejail --version | grep -F 'AppArmor support is enabled'
diff --git a/Makefile.in b/Makefile.in
index 0e80fb43a..7d961213a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -222,7 +222,7 @@ deb: dist
        ./mkdeb.sh
 deb-apparmor: dist
-        ./mkdeb.sh -apparmor
+        ./mkdeb.sh -apparmor --enable-apparmor
 test-compile: dist
        cd test/compile; ./compile.sh $(NAME)-$(VERSION)
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
index 60e25fd14..f6611bee8 100755
--- a/contrib/fj-mkdeb.py
+++ b/contrib/fj-mkdeb.py
@@ -3,9 +3,10 @@
 # Copyright (C) 2014-2022 Firejail Authors
 # License GPL v2
-# This script automates the workaround for https://github.com/netblue30/firejail/issues/772
+# This script automates the creation of a .deb package.  It was originally
+# created to work around https://github.com/netblue30/firejail/issues/772
-import os, shlex, subprocess, sys
+import os, subprocess, sys
 def run(srcdir, args):
@@ -15,35 +16,29 @@ def run(srcdir, args):
        print('Error: Not a firejail source tree?  Exiting.')
        return 1
-    dry_run = False
+    # Ignore unsupported arguments.
-    escaped_args = []
-    # We need to modify the list as we go.  So be sure to copy the list to be iterated!
    for a in args[:]:
        if a.startswith('--prefix'):
            # prefix should ALWAYS be /usr here.  Discard user-set values
            args.remove(a)
-        elif a == '--only-fix-mkdeb':
-            # for us, not configure
+    # Remove generated files.
-            dry_run = True
+    distclean = subprocess.call(['make', 'distclean'])
-            args.remove(a)
+    if distclean != 0:
-        else:
+        return distclean
-            escaped_args.append(shlex.quote(a))
    # Run configure to generate mkdeb.sh.
    first_config = subprocess.call(['./configure', '--prefix=/usr'] + args)
    if first_config != 0:
        return first_config
-    # Fix up dynamically-generated mkdeb.sh to include custom configure options.
+    # Create the dist file used by mkdeb.sh.
-    with open('mkdeb.sh', 'rb') as f:
+    make_dist = subprocess.call(['make', 'dist'])
-        sh = str(f.read(), 'utf_8')
+    if make_dist != 0:
-    with open('mkdeb.sh', 'wb') as f:
+        return make_dist
-        f.write(bytes(sh.replace('./configure $CONFIG_ARGS',
-                                 './configure $CONFIG_ARGS ' + (' '.join(escaped_args))), 'utf_8'))
-    if dry_run: return 0
-    return subprocess.call(['make', 'deb'])
+    # Run mkdeb.sh with the custom configure options.
+    return subprocess.call(['./mkdeb.sh'] + args)
 if __name__ == '__main__':
@@ -51,13 +46,12 @@ if __name__ == '__main__':
        print('''Build a .deb of firejail with custom configure options
 usage:
-{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
+{script} [--fj-src=SRCDIR] [CONFIGURE_OPTIONS [...]]
 --fj-src=SRCDIR: manually specify the location of firejail source tree
                  as SRCDIR.  If not specified, looks in the parent directory
                  of the directory where this script is located, and then the
                  current working directory, in that order.
- --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
 CONFIGURE_OPTIONS: arguments for configure
 '''.format(script=sys.argv[0]))
        sys.exit(0)
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile
index 8c340d536..9eadaec12 100644
--- a/etc/profile-a-l/kate.profile
+++ b/etc/profile-a-l/kate.profile
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/katerc
 noblacklist ${HOME}/.config/kateschemarc
 noblacklist ${HOME}/.config/katesyntaxhighlightingrc
 noblacklist ${HOME}/.config/katevirc
+noblacklist ${HOME}/.config/kwinrc
 noblacklist ${HOME}/.local/share/kate
 noblacklist ${HOME}/.local/share/kxmlgui5/kate
 noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
@@ -22,6 +23,9 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
 noblacklist ${HOME}/.local/share/kxmlgui5/katepart
 noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
 noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
+noblacklist /etc/profile.d
+include allow-common-devel.inc
 include disable-common.inc
 # include disable-devel.inc
@@ -48,7 +52,6 @@ novideo
 protocol unix
 seccomp
 shell none
-tracelog
 # private-bin kate,kbuildsycoca4,kdeinit4
 private-dev
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile
index e67e51620..5210a594c 100644
--- a/etc/profile-m-z/seamonkey.profile
+++ b/etc/profile-m-z/seamonkey.profile
@@ -7,6 +7,7 @@ include seamonkey.local
 include globals.local
 noblacklist ${HOME}/.cache/mozilla
+noblacklist ${HOME}/.gnupg
 noblacklist ${HOME}/.mozilla
 noblacklist ${HOME}/.local/share/pki
 noblacklist ${HOME}/.pki
@@ -17,6 +18,7 @@ include disable-interpreters.inc
 include disable-programs.inc
 mkdir ${HOME}/.cache/mozilla
+mkdir ${HOME}/.gnupg
 mkdir ${HOME}/.mozilla
 mkdir ${HOME}/.local/share/pki
 mkdir ${HOME}/.pki
@@ -26,6 +28,7 @@ whitelist ${HOME}/.cache/mozilla
 whitelist ${HOME}/.config/gnome-mplayer
 whitelist ${HOME}/.config/pipelight-silverlight5.1
 whitelist ${HOME}/.config/pipelight-widevine
+whitelist ${HOME}/.gnupg
 whitelist ${HOME}/.keysnail.js
 whitelist ${HOME}/.lastpass
 whitelist ${HOME}/.local/share/pki
@@ -53,3 +56,4 @@ tracelog
 disable-mnt
 # private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl
+writable-run-user
diff --git a/mkdeb.sh.in b/mkdeb.sh.in
index 6d6981417..79f8d748c 100755
--- a/mkdeb.sh.in
+++ b/mkdeb.sh.in
@@ -9,20 +9,10 @@
 set -e
 NAME=@PACKAGE_NAME@
 VERSION=@PACKAGE_VERSION@
-PACKAGE_TARNAME=@PACKAGE_TARNAME@
-HAVE_APPARMOR=@HAVE_APPARMOR@
-HAVE_SELINUX=@HAVE_SELINUX@
 EXTRA_VERSION=$1
-CONFIG_ARGS="--prefix=/usr"
+test "$#" -gt 0 && shift
-if [ -n "$HAVE_APPARMOR" ]; then
-    CONFIG_ARGS="$CONFIG_ARGS --enable-apparmor"
-fi
-if [ -n "$HAVE_SELINUX" ]; then
-    CONFIG_ARGS="$CONFIG_ARGS --enable-selinux"
-fi
-TOP="$PWD"
 CODE_ARCHIVE="$NAME-$VERSION.tar.xz"
 CODE_DIR="$NAME-$VERSION"
 INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian"
@@ -38,7 +28,7 @@ echo "*****************************************"
 tar -xJvf "$CODE_ARCHIVE"
 #mkdir -p "$INSTALL_DIR"
 cd "$CODE_DIR"
-./configure $CONFIG_ARGS
+./configure --prefix=/usr "$@"
 make -j2
 mkdir debian
 DESTDIR=debian make install-strip
author	netblue30 <netblue30@protonmail.com>	2022-05-30 11:45:24 -0400
committer	netblue30 <netblue30@protonmail.com>	2022-05-30 11:45:24 -0400
commit	74876f2b4e35ae341f5031df43fb65c66cbdad7f (patch)
tree	1d89979af7c8f91f48f6946552580669456531f6
parent	merges (diff)
parent	Merge pull request #5154 from kmk3/build-clean-up-dist (diff)
download	firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.gz firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.tar.zst firejail-74876f2b4e35ae341f5031df43fb65c66cbdad7f.zip

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4871ef031..af590e2e1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml
@@ -54,7 +54,7 @@ build_apparmor:
54	script:	54	script:
55	- apt-get update -qq	55	- apt-get update -qq
56	- DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk	56	- DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
57	- ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb	57	- ./configure && make deb-apparmor && dpkg -i firejail*.deb
58	- command -V firejail && firejail --version	58	- command -V firejail && firejail --version
59	- firejail --version \| grep -F 'AppArmor support is enabled'	59	- firejail --version \| grep -F 'AppArmor support is enabled'
60		60


diff --git a/Makefile.in b/Makefile.in index 0e80fb43a..7d961213a 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -222,7 +222,7 @@ deb: dist
222	./mkdeb.sh	222	./mkdeb.sh
223		223
224	deb-apparmor: dist	224	deb-apparmor: dist
225	./mkdeb.sh -apparmor	225	./mkdeb.sh -apparmor --enable-apparmor
226		226
227	test-compile: dist	227	test-compile: dist
228	cd test/compile; ./compile.sh $(NAME)-$(VERSION)	228	cd test/compile; ./compile.sh $(NAME)-$(VERSION)


diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 60e25fd14..f6611bee8 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py
@@ -3,9 +3,10 @@
3	# Copyright (C) 2014-2022 Firejail Authors	3	# Copyright (C) 2014-2022 Firejail Authors
4	# License GPL v2	4	# License GPL v2
5		5
6	# This script automates the workaround for https://github.com/netblue30/firejail/issues/772	6	# This script automates the creation of a .deb package. It was originally
		7	# created to work around https://github.com/netblue30/firejail/issues/772
7		8
8	import os, shlex, subprocess, sys	9	import os, subprocess, sys
9		10
10		11
11	def run(srcdir, args):	12	def run(srcdir, args):
@@ -15,35 +16,29 @@ def run(srcdir, args):
15	print('Error: Not a firejail source tree? Exiting.')	16	print('Error: Not a firejail source tree? Exiting.')
16	return 1	17	return 1
17		18
18	dry_run = False	19	# Ignore unsupported arguments.
19	escaped_args = []
20	# We need to modify the list as we go. So be sure to copy the list to be iterated!
21	for a in args[:]:	20	for a in args[:]:
22	if a.startswith('--prefix'):	21	if a.startswith('--prefix'):
23	# prefix should ALWAYS be /usr here. Discard user-set values	22	# prefix should ALWAYS be /usr here. Discard user-set values
24	args.remove(a)	23	args.remove(a)
25	elif a == '--only-fix-mkdeb':	24
26	# for us, not configure	25	# Remove generated files.
27	dry_run = True	26	distclean = subprocess.call(['make', 'distclean'])
28	args.remove(a)	27	if distclean != 0:
29	else:	28	return distclean
30	escaped_args.append(shlex.quote(a))
31		29
32	# Run configure to generate mkdeb.sh.	30	# Run configure to generate mkdeb.sh.
33	first_config = subprocess.call(['./configure', '--prefix=/usr'] + args)	31	first_config = subprocess.call(['./configure', '--prefix=/usr'] + args)
34	if first_config != 0:	32	if first_config != 0:
35	return first_config	33	return first_config
36		34
37	# Fix up dynamically-generated mkdeb.sh to include custom configure options.	35	# Create the dist file used by mkdeb.sh.
38	with open('mkdeb.sh', 'rb') as f:	36	make_dist = subprocess.call(['make', 'dist'])
39	sh = str(f.read(), 'utf_8')	37	if make_dist != 0:
40	with open('mkdeb.sh', 'wb') as f:	38	return make_dist
41	f.write(bytes(sh.replace('./configure $CONFIG_ARGS',
42	'./configure $CONFIG_ARGS ' + (' '.join(escaped_args))), 'utf_8'))
43
44	if dry_run: return 0
45		39
46	return subprocess.call(['make', 'deb'])	40	# Run mkdeb.sh with the custom configure options.
		41	return subprocess.call(['./mkdeb.sh'] + args)
47		42
48		43
49	if __name__ == '__main__':	44	if __name__ == '__main__':
@@ -51,13 +46,12 @@ if __name__ == '__main__':
51	print('''Build a .deb of firejail with custom configure options	46	print('''Build a .deb of firejail with custom configure options
52		47
53	usage:	48	usage:
54	{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]	49	{script} [--fj-src=SRCDIR] [CONFIGURE_OPTIONS [...]]
55		50
56	--fj-src=SRCDIR: manually specify the location of firejail source tree	51	--fj-src=SRCDIR: manually specify the location of firejail source tree
57	as SRCDIR. If not specified, looks in the parent directory	52	as SRCDIR. If not specified, looks in the parent directory
58	of the directory where this script is located, and then the	53	of the directory where this script is located, and then the
59	current working directory, in that order.	54	current working directory, in that order.
60	--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
61	CONFIGURE_OPTIONS: arguments for configure	55	CONFIGURE_OPTIONS: arguments for configure
62	'''.format(script=sys.argv[0]))	56	'''.format(script=sys.argv[0]))
63	sys.exit(0)	57	sys.exit(0)


diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 8c340d536..9eadaec12 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/katerc
14	noblacklist ${HOME}/.config/kateschemarc	14	noblacklist ${HOME}/.config/kateschemarc
15	noblacklist ${HOME}/.config/katesyntaxhighlightingrc	15	noblacklist ${HOME}/.config/katesyntaxhighlightingrc
16	noblacklist ${HOME}/.config/katevirc	16	noblacklist ${HOME}/.config/katevirc
		17	noblacklist ${HOME}/.config/kwinrc
17	noblacklist ${HOME}/.local/share/kate	18	noblacklist ${HOME}/.local/share/kate
18	noblacklist ${HOME}/.local/share/kxmlgui5/kate	19	noblacklist ${HOME}/.local/share/kxmlgui5/kate
19	noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree	20	noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree
@@ -22,6 +23,9 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin
22	noblacklist ${HOME}/.local/share/kxmlgui5/katepart	23	noblacklist ${HOME}/.local/share/kxmlgui5/katepart
23	noblacklist ${HOME}/.local/share/kxmlgui5/kateproject	24	noblacklist ${HOME}/.local/share/kxmlgui5/kateproject
24	noblacklist ${HOME}/.local/share/kxmlgui5/katesearch	25	noblacklist ${HOME}/.local/share/kxmlgui5/katesearch
		26	noblacklist /etc/profile.d
		27
		28	include allow-common-devel.inc
25		29
26	include disable-common.inc	30	include disable-common.inc
27	# include disable-devel.inc	31	# include disable-devel.inc
@@ -48,7 +52,6 @@ novideo
48	protocol unix	52	protocol unix
49	seccomp	53	seccomp
50	shell none	54	shell none
51	tracelog
52		55
53	# private-bin kate,kbuildsycoca4,kdeinit4	56	# private-bin kate,kbuildsycoca4,kdeinit4
54	private-dev	57	private-dev


diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index e67e51620..5210a594c 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile
@@ -7,6 +7,7 @@ include seamonkey.local
7	include globals.local	7	include globals.local
8		8
9	noblacklist ${HOME}/.cache/mozilla	9	noblacklist ${HOME}/.cache/mozilla
		10	noblacklist ${HOME}/.gnupg
10	noblacklist ${HOME}/.mozilla	11	noblacklist ${HOME}/.mozilla
11	noblacklist ${HOME}/.local/share/pki	12	noblacklist ${HOME}/.local/share/pki
12	noblacklist ${HOME}/.pki	13	noblacklist ${HOME}/.pki
@@ -17,6 +18,7 @@ include disable-interpreters.inc
17	include disable-programs.inc	18	include disable-programs.inc
18		19
19	mkdir ${HOME}/.cache/mozilla	20	mkdir ${HOME}/.cache/mozilla
		21	mkdir ${HOME}/.gnupg
20	mkdir ${HOME}/.mozilla	22	mkdir ${HOME}/.mozilla
21	mkdir ${HOME}/.local/share/pki	23	mkdir ${HOME}/.local/share/pki
22	mkdir ${HOME}/.pki	24	mkdir ${HOME}/.pki
@@ -26,6 +28,7 @@ whitelist ${HOME}/.cache/mozilla
26	whitelist ${HOME}/.config/gnome-mplayer	28	whitelist ${HOME}/.config/gnome-mplayer
27	whitelist ${HOME}/.config/pipelight-silverlight5.1	29	whitelist ${HOME}/.config/pipelight-silverlight5.1
28	whitelist ${HOME}/.config/pipelight-widevine	30	whitelist ${HOME}/.config/pipelight-widevine
		31	whitelist ${HOME}/.gnupg
29	whitelist ${HOME}/.keysnail.js	32	whitelist ${HOME}/.keysnail.js
30	whitelist ${HOME}/.lastpass	33	whitelist ${HOME}/.lastpass
31	whitelist ${HOME}/.local/share/pki	34	whitelist ${HOME}/.local/share/pki
@@ -53,3 +56,4 @@ tracelog
53		56
54	disable-mnt	57	disable-mnt
55	# private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl	58	# private-etc adobe,alternatives,asound.conf,ca-certificates,crypto-policies,firefox,fonts,group,gtk-2.0,hostname,hosts,iceweasel,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,ssl
		59	writable-run-user


diff --git a/mkdeb.sh.in b/mkdeb.sh.in index 6d6981417..79f8d748c 100755 --- a/mkdeb.sh.in +++ b/mkdeb.sh.in
@@ -9,20 +9,10 @@
9	set -e	9	set -e
10	NAME=@PACKAGE_NAME@	10	NAME=@PACKAGE_NAME@
11	VERSION=@PACKAGE_VERSION@	11	VERSION=@PACKAGE_VERSION@
12	PACKAGE_TARNAME=@PACKAGE_TARNAME@
13	HAVE_APPARMOR=@HAVE_APPARMOR@
14	HAVE_SELINUX=@HAVE_SELINUX@
15	EXTRA_VERSION=$1	12	EXTRA_VERSION=$1
16		13
17	CONFIG_ARGS="--prefix=/usr"	14	test "$#" -gt 0 && shift
18	if [ -n "$HAVE_APPARMOR" ]; then
19	CONFIG_ARGS="$CONFIG_ARGS --enable-apparmor"
20	fi
21	if [ -n "$HAVE_SELINUX" ]; then
22	CONFIG_ARGS="$CONFIG_ARGS --enable-selinux"
23	fi
24		15
25	TOP="$PWD"
26	CODE_ARCHIVE="$NAME-$VERSION.tar.xz"	16	CODE_ARCHIVE="$NAME-$VERSION.tar.xz"
27	CODE_DIR="$NAME-$VERSION"	17	CODE_DIR="$NAME-$VERSION"
28	INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian"	18	INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian"
@@ -38,7 +28,7 @@ echo "*****************************************"
38	tar -xJvf "$CODE_ARCHIVE"	28	tar -xJvf "$CODE_ARCHIVE"
39	#mkdir -p "$INSTALL_DIR"	29	#mkdir -p "$INSTALL_DIR"
40	cd "$CODE_DIR"	30	cd "$CODE_DIR"
41	./configure $CONFIG_ARGS	31	./configure --prefix=/usr "$@"
42	make -j2	32	make -j2
43	mkdir debian	33	mkdir debian
44	DESTDIR=debian make install-strip	34	DESTDIR=debian make install-strip