diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-07-27 12:56:41 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-07-27 12:56:41 -0400 |
commit | 3cf75fe9a34c0bb579502b106649a1fc58d39f35 (patch) | |
tree | 3c696691a48205e6c73987f562bcc7a80aac69e4 /contrib | |
parent | compile time marker for LTS code (diff) | |
download | firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.tar.gz firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.tar.zst firejail-3cf75fe9a34c0bb579502b106649a1fc58d39f35.zip |
phase 1
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/fix_private-bin.py | 157 | ||||
-rwxr-xr-x | contrib/fj-mkdeb.py | 74 | ||||
-rwxr-xr-x | contrib/fjclip.py | 35 | ||||
-rwxr-xr-x | contrib/fjdisplay.py | 43 | ||||
-rwxr-xr-x | contrib/fjresize.py | 25 | ||||
-rwxr-xr-x | contrib/update_deb.sh | 12 |
6 files changed, 0 insertions, 346 deletions
diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py deleted file mode 100755 index 86fd3d16b..000000000 --- a/contrib/fix_private-bin.py +++ /dev/null | |||
@@ -1,157 +0,0 @@ | |||
1 | #!/usr/bin/python3 | ||
2 | |||
3 | __author__ = "KOLANICH" | ||
4 | __copyright__ = """This is free and unencumbered software released into the public domain. | ||
5 | |||
6 | Anyone is free to copy, modify, publish, use, compile, sell, or | ||
7 | distribute this software, either in source code form or as a compiled | ||
8 | binary, for any purpose, commercial or non-commercial, and by any | ||
9 | means. | ||
10 | |||
11 | In jurisdictions that recognize copyright laws, the author or authors | ||
12 | of this software dedicate any and all copyright interest in the | ||
13 | software to the public domain. We make this dedication for the benefit | ||
14 | of the public at large and to the detriment of our heirs and | ||
15 | successors. We intend this dedication to be an overt act of | ||
16 | relinquishment in perpetuity of all present and future rights to this | ||
17 | software under copyright law. | ||
18 | |||
19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
22 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
23 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
24 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
25 | OTHER DEALINGS IN THE SOFTWARE. | ||
26 | |||
27 | For more information, please refer to <http://unlicense.org/>""" | ||
28 | __license__ = "Unlicense" | ||
29 | |||
30 | import sys, os, glob, re | ||
31 | |||
32 | privRx=re.compile("^(?:#\s*)?private-bin") | ||
33 | |||
34 | def fixSymlinkedBins(files, replMap): | ||
35 | """ | ||
36 | Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap | ||
37 | replMap is a dict where key is the marker filename and value is the filename to add | ||
38 | """ | ||
39 | |||
40 | rxs=dict() | ||
41 | for (old,new) in replMap.items(): | ||
42 | rxs[old]=re.compile("\\b"+old+"\\b") | ||
43 | rxs[new]=re.compile("\\b"+new+"\\b") | ||
44 | #print(rxs) | ||
45 | |||
46 | for filename in files: | ||
47 | lines=None | ||
48 | with open(filename,"r") as file: | ||
49 | lines=file.readlines() | ||
50 | |||
51 | shouldUpdate=False | ||
52 | for (i,line) in enumerate(lines): | ||
53 | if privRx.search(line): | ||
54 | for (old,new) in replMap.items(): | ||
55 | if rxs[old].search(line) and not rxs[new].search(line): | ||
56 | lines[i]=rxs[old].sub(old+","+new, line) | ||
57 | shouldUpdate=True | ||
58 | print(lines[i]) | ||
59 | |||
60 | if shouldUpdate: | ||
61 | with open(filename,"w") as file: | ||
62 | file.writelines(lines) | ||
63 | pass | ||
64 | |||
65 | def createSetOfBinaries(files): | ||
66 | """ | ||
67 | Creates a set of binaries mentioned in private-bin directives of files. | ||
68 | """ | ||
69 | s=set() | ||
70 | for filename in files: | ||
71 | lines=None | ||
72 | with open(filename,"r") as file: | ||
73 | for line in file: | ||
74 | if privRx.search(line): | ||
75 | bins=line.split(",") | ||
76 | bins[0]=bins[0].split(" ")[-1] | ||
77 | bins = [n.strip() for n in bins] | ||
78 | s=s|set(bins) | ||
79 | return s | ||
80 | |||
81 | def createSymlinkTable(binDirs, binariesSet): | ||
82 | """ | ||
83 | creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary. | ||
84 | binDirs are folders to look into for binaries symlinks | ||
85 | binariesSet is a set of binaries to be checked if they are actually a symlinks | ||
86 | """ | ||
87 | m=dict() | ||
88 | toProcess=binariesSet | ||
89 | while len(toProcess)!=0: | ||
90 | additional=set() | ||
91 | for sh in toProcess: | ||
92 | for bD in binDirs: | ||
93 | p=bD+os.path.sep+sh | ||
94 | if os.path.exists(p): | ||
95 | if os.path.islink(p): | ||
96 | m[sh]=os.readlink(p) | ||
97 | additional.add(m[sh].split(" ")[0]) | ||
98 | else: | ||
99 | pass | ||
100 | break | ||
101 | toProcess=additional | ||
102 | return m | ||
103 | |||
104 | def doTheFixes(profilesPath, binDirs): | ||
105 | """ | ||
106 | Fixes private-bin in .profiles for firejail. The pipeline is as follows: | ||
107 | discover files -> discover mentioned binaries -> | ||
108 | discover the ones which are symlinks -> | ||
109 | make a look-up table for fix -> | ||
110 | filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) -> | ||
111 | apply fix | ||
112 | """ | ||
113 | files=glob.glob(profilesPath+os.path.sep+"*.profile") | ||
114 | bins=createSetOfBinaries(files) | ||
115 | #print("The binaries used are:") | ||
116 | #print(bins) | ||
117 | stbl=createSymlinkTable(binDirs,bins) | ||
118 | print("The replacement table is:") | ||
119 | print(stbl) | ||
120 | stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0} | ||
121 | print("Filtered replacement table is:") | ||
122 | print(stbl) | ||
123 | fixSymlinkedBins(files,stbl) | ||
124 | |||
125 | def printHelp(): | ||
126 | print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__) | ||
127 | |||
128 | def main(): | ||
129 | """The main function. Parses the commandline args, shows messages and calles the function actually doing the work.""" | ||
130 | print(repr(sys.argv)) | ||
131 | defaultProfilesPath="../etc" | ||
132 | if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ): | ||
133 | printHelp() | ||
134 | exit(1) | ||
135 | |||
136 | profilesPath=None | ||
137 | if len(sys.argv)==2: | ||
138 | if os.path.isdir(sys.argv[1]): | ||
139 | profilesPath=os.path.abspath(sys.argv[1]) | ||
140 | else: | ||
141 | if os.path.exists(sys.argv[1]): | ||
142 | print(sys.argv[1]+" is not a dir") | ||
143 | else: | ||
144 | print(sys.argv[1]+" does not exist") | ||
145 | printHelp() | ||
146 | exit(1) | ||
147 | else: | ||
148 | print("Using default profiles dir: " + defaultProfilesPath) | ||
149 | profilesPath=defaultProfilesPath | ||
150 | |||
151 | binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"] | ||
152 | print("Binaries dirs are:") | ||
153 | print(binDirs) | ||
154 | doTheFixes(profilesPath, binDirs) | ||
155 | |||
156 | if __name__ == "__main__": | ||
157 | main() | ||
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py deleted file mode 100755 index 3cc13b758..000000000 --- a/contrib/fj-mkdeb.py +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | #!/usr/bin/env python3 | ||
2 | |||
3 | # This script is automate the workaround for https://github.com/netblue30/firejail/issues/772 | ||
4 | |||
5 | import os, re, shlex, subprocess, sys | ||
6 | |||
7 | def run(srcdir, args): | ||
8 | if srcdir: os.chdir(srcdir) | ||
9 | |||
10 | dry_run=False | ||
11 | escaped_args=[] | ||
12 | # We need to modify the list as we go. So be sure to copy the list to be iterated! | ||
13 | for a in args[:]: | ||
14 | if a.startswith('--prefix'): | ||
15 | # prefix should ALWAYS be /usr here. Discard user-set values | ||
16 | args.remove(a) | ||
17 | elif a == '--only-fix-mkdeb': | ||
18 | # for us, not configure | ||
19 | dry_run=True | ||
20 | args.remove(a) | ||
21 | else: | ||
22 | escaped_args.append(shlex.quote(a)) | ||
23 | |||
24 | # Fix up mkdeb.sh to include custom configure options. | ||
25 | with open('mkdeb.sh', 'rb') as f: | ||
26 | sh=str(f.read(), 'utf_8') | ||
27 | rx=re.compile(r'^\./configure\s.*$', re.M) | ||
28 | with open('mkdeb.sh', 'wb') as f: | ||
29 | f.write(bytes(rx.sub('./configure --prefix=/usr '+(' '.join(escaped_args)), sh), 'utf_8')) | ||
30 | |||
31 | if dry_run: return 0 | ||
32 | |||
33 | # now run configure && make | ||
34 | if subprocess.call(['./configure', '--prefix=/usr']+args) == 0: | ||
35 | subprocess.call(['make', 'deb']) | ||
36 | |||
37 | return 0 | ||
38 | |||
39 | |||
40 | if __name__ == '__main__': | ||
41 | if len(sys.argv) == 2 and sys.argv[1] == '--help': | ||
42 | print('''Build a .deb of firejail with custom configure options | ||
43 | |||
44 | usage: | ||
45 | {script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]] | ||
46 | |||
47 | --fj-src=SRCDIR: manually specify the location of firejail source tree | ||
48 | as SRCDIR. If not specified, looks in the parent directory | ||
49 | of the directory where this script is located, and then the | ||
50 | current working directory, in that order. | ||
51 | --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh | ||
52 | CONFIGURE_OPTIONS: arguments for configure | ||
53 | '''.format(script=sys.argv[0])) | ||
54 | sys.exit(0) | ||
55 | else: | ||
56 | # Find the source directory | ||
57 | srcdir=None | ||
58 | args=sys.argv[1:] | ||
59 | for a in args: | ||
60 | if a.startswith('--fj-src='): | ||
61 | args.remove(a) | ||
62 | srcdir=a[9:] | ||
63 | break | ||
64 | if not(srcdir): | ||
65 | # srcdir not manually specified, try to auto-detect | ||
66 | srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..')) | ||
67 | if not(os.path.isfile(srcdir+'/mkdeb.sh')): | ||
68 | # Script is probably installed. Check the cwd. | ||
69 | if os.path.isfile('./mkdeb.sh'): | ||
70 | srcdir=None | ||
71 | else: | ||
72 | print('Error: Could not find the firejail source tree. Exiting.') | ||
73 | sys.exit(1) | ||
74 | sys.exit(run(srcdir, args)) | ||
diff --git a/contrib/fjclip.py b/contrib/fjclip.py deleted file mode 100755 index b45959841..000000000 --- a/contrib/fjclip.py +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import re | ||
4 | import sys | ||
5 | import subprocess | ||
6 | import fjdisplay | ||
7 | |||
8 | usage = """fjclip.py src dest. src or dest can be named firejails or - for stdin or stdout. | ||
9 | firemon --x11 to see available running x11 firejails. firejail names can be shortened | ||
10 | to least ambiguous. for example 'work-libreoffice' can be shortened to 'work' if no | ||
11 | other firejails name starts with 'work'. | ||
12 | warning: browsers are dangerous. clipboards from browsers are dangerous. see | ||
13 | https://github.com/dxa4481/Pastejacking | ||
14 | fjclip.py strips whitespace from both | ||
15 | ends, but does nothing else to protect you. use a simple gui text editor like | ||
16 | gedit if you want to see what your pasting.""" | ||
17 | |||
18 | if len(sys.argv) != 3 or sys.argv == '-h' or sys.argv == '--help': | ||
19 | print(usage) | ||
20 | exit(1) | ||
21 | |||
22 | if sys.argv[1] == '-': | ||
23 | clipin_raw = sys.stdin.read() | ||
24 | else: | ||
25 | display = fjdisplay.getdisplay(sys.argv[1]) | ||
26 | clipin_raw = subprocess.check_output(['xsel','-b','--display',display]) | ||
27 | |||
28 | clipin = clipin_raw.strip() | ||
29 | |||
30 | if sys.argv[2] == '-': | ||
31 | print(clipin) | ||
32 | else: | ||
33 | display = fjdisplay.getdisplay(sys.argv[2]) | ||
34 | clipout = subprocess.Popen(['xsel','-b','-i','--display',display],stdin=subprocess.PIPE) | ||
35 | clipout.communicate(clipin) | ||
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py deleted file mode 100755 index 3f409545f..000000000 --- a/contrib/fjdisplay.py +++ /dev/null | |||
@@ -1,43 +0,0 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import re | ||
4 | import sys | ||
5 | import subprocess | ||
6 | |||
7 | usage = """fjdisplay.py name-of-firejail | ||
8 | returns the display in the form of ':NNN' | ||
9 | """ | ||
10 | |||
11 | def getfirejails(): | ||
12 | output = subprocess.check_output(['firemon','--x11']) | ||
13 | firejails = {} | ||
14 | name = '' | ||
15 | for line in output.split('\n'): | ||
16 | namematch = re.search('--name=(\w+\S*)',line) | ||
17 | if namematch: | ||
18 | name = namematch.group(1) | ||
19 | displaymatch = re.search('DISPLAY (:\d+)',line) | ||
20 | if displaymatch: | ||
21 | firejails[name] = displaymatch.group(1) | ||
22 | return firejails | ||
23 | |||
24 | def getdisplay(name): | ||
25 | firejails = getfirejails() | ||
26 | fjlist = '\n'.join(firejails.keys()) | ||
27 | namere = re.compile('^'+name+'.*', re.MULTILINE) | ||
28 | matchingjails = namere.findall(fjlist) | ||
29 | if len(matchingjails) == 1: | ||
30 | return firejails[matchingjails[0]] | ||
31 | if len(matchingjails) == 0: | ||
32 | raise NameError("firejail {} does not exist".format(name)) | ||
33 | else: | ||
34 | raise NameError("ambiguous firejail name") | ||
35 | |||
36 | if __name__ == '__main__': | ||
37 | if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2: | ||
38 | print(usage) | ||
39 | exit() | ||
40 | if len(sys.argv) == 1: | ||
41 | print(getfirejails()) | ||
42 | if len(sys.argv) == 2: | ||
43 | print (getdisplay(sys.argv[1])) | ||
diff --git a/contrib/fjresize.py b/contrib/fjresize.py deleted file mode 100755 index 3997cf280..000000000 --- a/contrib/fjresize.py +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import sys | ||
4 | import fjdisplay | ||
5 | import subprocess | ||
6 | |||
7 | usage = """usage: fjresize.py firejail-name displaysize | ||
8 | resize firejail xephyr windows. | ||
9 | fjdisplay.py with no other arguments will list running named firejails with displays. | ||
10 | fjresize.py with only a firejail name will list valid resolutions. | ||
11 | names can be shortend as long its unambiguous. | ||
12 | note: you may need to move the xephyr window for the resize to take effect | ||
13 | example: | ||
14 | fjresize.py browser 1280x800 | ||
15 | """ | ||
16 | |||
17 | |||
18 | if len(sys.argv) == 2: | ||
19 | out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1])]) | ||
20 | print(out) | ||
21 | elif len(sys.argv) == 3: | ||
22 | out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1]),'--output','default','--mode',sys.argv[2]]) | ||
23 | print(out) | ||
24 | else: | ||
25 | print(usage) | ||
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh deleted file mode 100755 index fa1b2d692..000000000 --- a/contrib/update_deb.sh +++ /dev/null | |||
@@ -1,12 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | # Purpose: Fetch, compile, and install firejail from GitHub source. For | ||
3 | # Debian-based distros only (Ubuntu, Mint, etc). | ||
4 | set -e | ||
5 | git clone --depth=1 https://github.com/netblue30/firejail.git | ||
6 | cd firejail | ||
7 | ./configure --prefix=/usr | ||
8 | make deb | ||
9 | sudo dpkg -i firejail*.deb | ||
10 | echo "Firejail was updated!" | ||
11 | cd .. | ||
12 | rm -rf firejail | ||