diff options
-rw-r--r-- | .github/dependabot.yml | 4 | ||||
-rw-r--r-- | .github/workflows/build-extra.yml | 2 | ||||
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/check-c.yml | 12 | ||||
-rw-r--r-- | .github/workflows/check-profiles.yml | 2 | ||||
-rw-r--r-- | .github/workflows/check-python.yml | 6 | ||||
-rw-r--r-- | .github/workflows/codespell.yml | 2 | ||||
-rw-r--r-- | .github/workflows/test.yml | 10 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/hexchat.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/nhex.profile | 62 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
12 files changed, 86 insertions, 20 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 30242923d..7335f1eb2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml | |||
@@ -3,5 +3,5 @@ updates: | |||
3 | - package-ecosystem: "github-actions" | 3 | - package-ecosystem: "github-actions" |
4 | directory: "/" | 4 | directory: "/" |
5 | schedule: | 5 | schedule: |
6 | interval: "weekly" | 6 | interval: "monthly" |
7 | open-pull-requests-limit: 2 | 7 | open-pull-requests-limit: 4 |
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 5042a5b24..f390e87d1 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -52,7 +52,7 @@ jobs: | |||
52 | github.com:443 | 52 | github.com:443 |
53 | packages.microsoft.com:443 | 53 | packages.microsoft.com:443 |
54 | ppa.launchpadcontent.net:443 | 54 | ppa.launchpadcontent.net:443 |
55 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 55 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
56 | - name: update package information | 56 | - name: update package information |
57 | run: sudo apt-get update -qy | 57 | run: sudo apt-get update -qy |
58 | - name: install dependencies | 58 | - name: install dependencies |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 470546b97..d53044cad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -68,7 +68,7 @@ jobs: | |||
68 | github.com:443 | 68 | github.com:443 |
69 | packages.microsoft.com:443 | 69 | packages.microsoft.com:443 |
70 | ppa.launchpadcontent.net:443 | 70 | ppa.launchpadcontent.net:443 |
71 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 71 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
72 | - name: update package information | 72 | - name: update package information |
73 | run: sudo apt-get update -qy | 73 | run: sudo apt-get update -qy |
74 | - name: install dependencies | 74 | - name: install dependencies |
diff --git a/.github/workflows/check-c.yml b/.github/workflows/check-c.yml index d559115c6..2a479c546 100644 --- a/.github/workflows/check-c.yml +++ b/.github/workflows/check-c.yml | |||
@@ -56,7 +56,7 @@ jobs: | |||
56 | packages.microsoft.com:443 | 56 | packages.microsoft.com:443 |
57 | ppa.launchpadcontent.net:443 | 57 | ppa.launchpadcontent.net:443 |
58 | security.ubuntu.com:80 | 58 | security.ubuntu.com:80 |
59 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 59 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
60 | - name: update package information | 60 | - name: update package information |
61 | run: sudo apt-get update -qy | 61 | run: sudo apt-get update -qy |
62 | - name: install clang-tools-14 and dependencies | 62 | - name: install clang-tools-14 and dependencies |
@@ -89,7 +89,7 @@ jobs: | |||
89 | packages.microsoft.com:443 | 89 | packages.microsoft.com:443 |
90 | ppa.launchpadcontent.net:443 | 90 | ppa.launchpadcontent.net:443 |
91 | security.ubuntu.com:80 | 91 | security.ubuntu.com:80 |
92 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 92 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
93 | - name: update package information | 93 | - name: update package information |
94 | run: sudo apt-get update -qy | 94 | run: sudo apt-get update -qy |
95 | - name: install cppcheck | 95 | - name: install cppcheck |
@@ -120,7 +120,7 @@ jobs: | |||
120 | ppa.launchpad.net:80 | 120 | ppa.launchpad.net:80 |
121 | ppa.launchpadcontent.net:443 | 121 | ppa.launchpadcontent.net:443 |
122 | security.ubuntu.com:80 | 122 | security.ubuntu.com:80 |
123 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 123 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
124 | - name: update package information | 124 | - name: update package information |
125 | run: sudo apt-get update -qy | 125 | run: sudo apt-get update -qy |
126 | - name: install cppcheck | 126 | - name: install cppcheck |
@@ -154,14 +154,14 @@ jobs: | |||
154 | uploads.github.com:443 | 154 | uploads.github.com:443 |
155 | 155 | ||
156 | - name: Checkout repository | 156 | - name: Checkout repository |
157 | uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 157 | uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
158 | 158 | ||
159 | - name: print env | 159 | - name: print env |
160 | run: ./ci/printenv.sh | 160 | run: ./ci/printenv.sh |
161 | 161 | ||
162 | # Initializes the CodeQL tools for scanning. | 162 | # Initializes the CodeQL tools for scanning. |
163 | - name: Initialize CodeQL | 163 | - name: Initialize CodeQL |
164 | uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 | 164 | uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 |
165 | with: | 165 | with: |
166 | languages: cpp | 166 | languages: cpp |
167 | 167 | ||
@@ -172,4 +172,4 @@ jobs: | |||
172 | run: make -j "$(nproc)" | 172 | run: make -j "$(nproc)" |
173 | 173 | ||
174 | - name: Perform CodeQL Analysis | 174 | - name: Perform CodeQL Analysis |
175 | uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 | 175 | uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 |
diff --git a/.github/workflows/check-profiles.yml b/.github/workflows/check-profiles.yml index 82f5d5c15..5bff9328e 100644 --- a/.github/workflows/check-profiles.yml +++ b/.github/workflows/check-profiles.yml | |||
@@ -40,7 +40,7 @@ jobs: | |||
40 | allowed-endpoints: > | 40 | allowed-endpoints: > |
41 | github.com:443 | 41 | github.com:443 |
42 | 42 | ||
43 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 43 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
44 | - name: print env | 44 | - name: print env |
45 | run: ./ci/printenv.sh | 45 | run: ./ci/printenv.sh |
46 | - run: python3 --version | 46 | - run: python3 --version |
diff --git a/.github/workflows/check-python.yml b/.github/workflows/check-python.yml index 09b2abd0b..73b7d9c67 100644 --- a/.github/workflows/check-python.yml +++ b/.github/workflows/check-python.yml | |||
@@ -44,16 +44,16 @@ jobs: | |||
44 | uploads.github.com:443 | 44 | uploads.github.com:443 |
45 | 45 | ||
46 | - name: Checkout repository | 46 | - name: Checkout repository |
47 | uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 47 | uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
48 | 48 | ||
49 | - name: print env | 49 | - name: print env |
50 | run: ./ci/printenv.sh | 50 | run: ./ci/printenv.sh |
51 | 51 | ||
52 | # Initializes the CodeQL tools for scanning. | 52 | # Initializes the CodeQL tools for scanning. |
53 | - name: Initialize CodeQL | 53 | - name: Initialize CodeQL |
54 | uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 | 54 | uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 |
55 | with: | 55 | with: |
56 | languages: python | 56 | languages: python |
57 | 57 | ||
58 | - name: Perform CodeQL Analysis | 58 | - name: Perform CodeQL Analysis |
59 | uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 | 59 | uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 |
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index a6827508a..fe88dc5a9 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml | |||
@@ -34,7 +34,7 @@ jobs: | |||
34 | packages.microsoft.com:443 | 34 | packages.microsoft.com:443 |
35 | ppa.launchpadcontent.net:443 | 35 | ppa.launchpadcontent.net:443 |
36 | security.ubuntu.com:80 | 36 | security.ubuntu.com:80 |
37 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 37 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
38 | - name: update package information | 38 | - name: update package information |
39 | run: sudo apt-get update -qy | 39 | run: sudo apt-get update -qy |
40 | - name: install dependencies | 40 | - name: install dependencies |
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7c8866972..12e8d2dac 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml | |||
@@ -62,7 +62,7 @@ jobs: | |||
62 | github.com:443 | 62 | github.com:443 |
63 | packages.microsoft.com:443 | 63 | packages.microsoft.com:443 |
64 | ppa.launchpadcontent.net:443 | 64 | ppa.launchpadcontent.net:443 |
65 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 65 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
66 | - name: update package information | 66 | - name: update package information |
67 | run: sudo apt-get update -qy | 67 | run: sudo apt-get update -qy |
68 | - name: install dependencies | 68 | - name: install dependencies |
@@ -111,7 +111,7 @@ jobs: | |||
111 | github.com:443 | 111 | github.com:443 |
112 | packages.microsoft.com:443 | 112 | packages.microsoft.com:443 |
113 | ppa.launchpadcontent.net:443 | 113 | ppa.launchpadcontent.net:443 |
114 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 114 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
115 | - name: update package information | 115 | - name: update package information |
116 | run: sudo apt-get update -qy | 116 | run: sudo apt-get update -qy |
117 | - name: install dependencies | 117 | - name: install dependencies |
@@ -151,7 +151,7 @@ jobs: | |||
151 | github.com:443 | 151 | github.com:443 |
152 | packages.microsoft.com:443 | 152 | packages.microsoft.com:443 |
153 | ppa.launchpadcontent.net:443 | 153 | ppa.launchpadcontent.net:443 |
154 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 154 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
155 | - name: update package information | 155 | - name: update package information |
156 | run: sudo apt-get update -qy | 156 | run: sudo apt-get update -qy |
157 | - name: install dependencies | 157 | - name: install dependencies |
@@ -194,7 +194,7 @@ jobs: | |||
194 | ppa.launchpadcontent.net:443 | 194 | ppa.launchpadcontent.net:443 |
195 | www.debian.org:443 | 195 | www.debian.org:443 |
196 | www.debian.org:80 | 196 | www.debian.org:80 |
197 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 197 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
198 | - name: update package information | 198 | - name: update package information |
199 | run: sudo apt-get update -qy | 199 | run: sudo apt-get update -qy |
200 | - name: install dependencies | 200 | - name: install dependencies |
@@ -240,7 +240,7 @@ jobs: | |||
240 | www.debian.org:443 | 240 | www.debian.org:443 |
241 | www.debian.org:80 | 241 | www.debian.org:80 |
242 | yahoo.com:1025 | 242 | yahoo.com:1025 |
243 | - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | 243 | - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 |
244 | - name: update package information | 244 | - name: update package information |
245 | run: sudo apt-get update -qy | 245 | run: sudo apt-get update -qy |
246 | - name: install dependencies | 246 | - name: install dependencies |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 1f373279c..f638e1d97 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -189,6 +189,7 @@ blacklist ${HOME}/.cache/mutt | |||
189 | blacklist ${HOME}/.cache/mypaint | 189 | blacklist ${HOME}/.cache/mypaint |
190 | blacklist ${HOME}/.cache/netsurf | 190 | blacklist ${HOME}/.cache/netsurf |
191 | blacklist ${HOME}/.cache/nheko | 191 | blacklist ${HOME}/.cache/nheko |
192 | blacklist ${HOME}/.cache/nhex | ||
192 | blacklist ${HOME}/.cache/nvim | 193 | blacklist ${HOME}/.cache/nvim |
193 | blacklist ${HOME}/.cache/ocenaudio | 194 | blacklist ${HOME}/.cache/ocenaudio |
194 | blacklist ${HOME}/.cache/okular | 195 | blacklist ${HOME}/.cache/okular |
@@ -936,6 +937,7 @@ blacklist ${HOME}/.local/share/data/MusE | |||
936 | blacklist ${HOME}/.local/share/data/MuseScore | 937 | blacklist ${HOME}/.local/share/data/MuseScore |
937 | blacklist ${HOME}/.local/share/data/nomacs | 938 | blacklist ${HOME}/.local/share/data/nomacs |
938 | blacklist ${HOME}/.local/share/data/qBittorrent | 939 | blacklist ${HOME}/.local/share/data/qBittorrent |
940 | blacklist ${HOME}/.local/share/dev.nhex | ||
939 | blacklist ${HOME}/.local/share/dino | 941 | blacklist ${HOME}/.local/share/dino |
940 | blacklist ${HOME}/.local/share/dolphin | 942 | blacklist ${HOME}/.local/share/dolphin |
941 | blacklist ${HOME}/.local/share/dolphin-emu | 943 | blacklist ${HOME}/.local/share/dolphin-emu |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index ba5a5fbac..82c83f970 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -49,6 +49,7 @@ nodvd | |||
49 | nogroups | 49 | nogroups |
50 | noinput | 50 | noinput |
51 | nonewprivs | 51 | nonewprivs |
52 | noprinters | ||
52 | noroot | 53 | noroot |
53 | notv | 54 | notv |
54 | nou2f | 55 | nou2f |
diff --git a/etc/profile-m-z/nhex.profile b/etc/profile-m-z/nhex.profile new file mode 100644 index 000000000..184e41a9a --- /dev/null +++ b/etc/profile-m-z/nhex.profile | |||
@@ -0,0 +1,62 @@ | |||
1 | # Firejail profile for nhex | ||
2 | # Description: Tauri-based IRC client inspired by HexChat | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include nhex.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/nhex | ||
10 | noblacklist ${HOME}/.local/share/dev.nhex | ||
11 | |||
12 | blacklist /usr/libexec | ||
13 | |||
14 | include disable-common.inc | ||
15 | include disable-devel.inc | ||
16 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | ||
18 | include disable-proc.inc | ||
19 | include disable-programs.inc | ||
20 | include disable-shell.inc | ||
21 | include disable-xdg.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/nhex | ||
24 | mkdir ${HOME}/.local/share/dev.nhex | ||
25 | whitelist ${DOWNLOADS} | ||
26 | whitelist ${HOME}/.cache/nhex | ||
27 | whitelist ${HOME}/.local/share/dev.nhex | ||
28 | include whitelist-common.inc | ||
29 | include whitelist-run-common.inc | ||
30 | include whitelist-runuser-common.inc | ||
31 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | ||
33 | |||
34 | caps.drop all | ||
35 | machine-id | ||
36 | netfilter | ||
37 | no3d | ||
38 | nodvd | ||
39 | nogroups | ||
40 | noinput | ||
41 | nonewprivs | ||
42 | noprinters | ||
43 | noroot | ||
44 | nosound | ||
45 | notv | ||
46 | nou2f | ||
47 | novideo | ||
48 | protocol unix,inet,inet6 | ||
49 | seccomp | ||
50 | seccomp.block-secondary | ||
51 | tracelog | ||
52 | |||
53 | disable-mnt | ||
54 | private-bin nhex | ||
55 | private-cache | ||
56 | private-dev | ||
57 | private-tmp | ||
58 | |||
59 | dbus-user none | ||
60 | dbus-system none | ||
61 | |||
62 | restrict-namespaces | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 8a20d939f..b6eb06d65 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -647,6 +647,7 @@ newsflash | |||
647 | nextcloud | 647 | nextcloud |
648 | nextcloud-desktop | 648 | nextcloud-desktop |
649 | nheko | 649 | nheko |
650 | nhex | ||
650 | nicotine | 651 | nicotine |
651 | nitroshare | 652 | nitroshare |
652 | nitroshare-cli | 653 | nitroshare-cli |