profiles: fix commented code and eol comments

Main changes:

* Remove the space after `#` for commented code lines to distinguish
  them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
  commented code lines work after being uncommented

Commands used to search and replace:

    arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
      sh -c "printf '%s\n' \"\$(sed -E \
        -e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
        -e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
        -e 's/^# (whitelist \\$)/#\\1/' \
        -e 's/^(#[^ ].+) --? /\\1 # /' \
        '{}')\" >'{}'"

Commands used to check for leftover entries:

    arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
      LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
    git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*

See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.

1 files changed, 32 insertions, 32 deletions

diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile
index 377c4e2e3..c071da4b7 100644
--- a/etc/profile-a-l/default.profile
+++ b/etc/profile-a-l/default.profile
@@ -9,54 +9,54 @@ include globals.local
 # depending on your usage, you can enable some of the commands below:
 
 include disable-common.inc
-# include disable-devel.inc
-# include disable-exec.inc
-# include disable-interpreters.inc
+#include disable-devel.inc
+#include disable-exec.inc
+#include disable-interpreters.inc
 include disable-programs.inc
-# include disable-shell.inc
-# include disable-write-mnt.inc
-# include disable-xdg.inc
+#include disable-shell.inc
+#include disable-write-mnt.inc
+#include disable-xdg.inc
 
-# include whitelist-common.inc
-# include whitelist-runuser-common.inc
-# include whitelist-usr-share-common.inc
-# include whitelist-var-common.inc
+#include whitelist-common.inc
+#include whitelist-runuser-common.inc
+#include whitelist-usr-share-common.inc
+#include whitelist-var-common.inc
 
-# apparmor
+#apparmor
 caps.drop all
-# ipc-namespace
-# machine-id
-# net none
+#ipc-namespace
+#machine-id
+#net none
 netfilter
-# no3d
-# nodvd
-# nogroups
+#no3d
+#nodvd
+#nogroups
 noinput
 nonewprivs
 noroot
-# nosound
+#nosound
 notv
-# nou2f
+#nou2f
 novideo
 protocol unix,inet,inet6
 seccomp
-# tracelog
+#tracelog
 
-# disable-mnt
-# private
-# private-bin program
-# private-cache
+#disable-mnt
+#private
+#private-bin program
+#private-cache
 private-dev
 # see /usr/share/doc/firejail/profile.template for more common private-etc paths.
-# private-etc alternatives,fonts,machine-id
-# private-lib
-# private-opt none
+#private-etc alternatives,fonts,machine-id
+#private-lib
+#private-opt none
 private-tmp
 
-# dbus-user none
-# dbus-system none
+#dbus-user none
+#dbus-system none
 
-# deterministic-shutdown
-# memory-deny-write-execute
-# read-only ${HOME}
+#deterministic-shutdown
+#memory-deny-write-execute
+#read-only ${HOME}
 restrict-namespaces