| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
| |
|
|
|
|
|
|
| |
Just like the other nearby error messages for `chdir`.
Relates to #5510.
Suggested-by: @gitsteff
|
| |\
| |
| | |
spotify.profile: allow spotify-adblock paths
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @glitsj16[1].
Project homepage: https://github.com/abba23/spotify-adblock
Configuration paths:
* /etc/spotify-adblock/config.toml
* ~/.config/spotify-adblock/config.toml
Fixes #5494.
[1] https://github.com/netblue30/firejail/discussions/5494#discussioncomment-4280887
Reported-by: @Rewig95
|
| |\ \
| | |
| | | |
kcalc.profile: fix mkfile without mkdir & comment legacy paths
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.31 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898...b2a92eb56d8cb930006a1c6ed86b0782dd8a4297)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |/
|/|
| |
| |
| |
| |
| | |
Tested with org.gnome.TextEditor.
The gtksourceview language-spec hasn't changed between gtksourceview 3,
4 and 5 AFAIK so it should also work on older systems if you copy/link
the file in the right places.
|
| |\ \
| | |
| | | |
build: fix formatting and misc in configure
|
| | | |
| | |
| | |
| | |
| | | |
Misc: I missed this one on commit 221c10177 ("configure*: Add missing
quotes to arguments", 2021-06-03) / PR #4712.
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of binding them together with conditionals in a single line,
split shell commands into multiple lines to make them more readable.
Note that for the macro arguments in question, the content inside []
quotes is output literally into ./configure, so the commands can be
written as if they were in a shell script directly (save for any special
characters/tokens in Autoconf).
Misc: Relates to commit 2c64d1fdd ("use AX_CHECK_COMPILE_FLAG to check
for spectre flags", 2019-06-21).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
Note: Do not print a preceding blank line because one is already printed
right before the warning message, right after the items on "Features:".
Example of the resulting warning message:
$ autoconf && ./configure
[...]
configure: creating ./config.status
config.status: creating config.mk
config.status: creating config.sh
Compile options:
[...]
prefix: /usr/local
sysconfdir: ${prefix}/etc
Spectre compiler patch: yes
Features:
[...]
SELinux labeling support:
user namespace: -DHAVE_USERNS
X11 sandboxing support: -DHAVE_X11
*********************************************************
* Warning: Long-term support (LTS) was enabled! *
* Most compile-time options have been rewritten! *
*********************************************************
$
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Consider the current code:
AS_IF([test "x$enable_lts" = "xyes"], [
# ...
HAVE_CONTRIB_INSTALL="no",
Result of testing the value:
$ HAVE_CONTRIB_INSTALL="no",
$ printf '%s\n' "$HAVE_CONTRIB_INSTALL"
no,
$ test "x$HAVE_CONTRIB_INSTALL" = "xno" &&
echo equal || echo 'not equal'
not equal
This means that whenever HAVE_LTS is enabled, HAVE_CONTRIB_INSTALL is
always considered enabled when testing against "no".
But luckily, in the current code the latter variable is only tested
against "yes", so nothing should be affected:
$ git grep HAVE_CONTRIB_INSTALL |
grep -v -e '^configure:' -e '^configure.ac:'
Makefile:ifeq ($(HAVE_CONTRIB_INSTALL),yes)
config.mk.in:HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
|
| | | |
| | |
| | |
| | |
| | |
| | | |
s/bean/been
Added on commit d1acb31c9 ("compile time: enable LTS", 2021-02-28).
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* fix whitelisting in ${RUNUSER}
See discussions https://github.com/netblue30/firejail/discussions/5495 for context.
* Prevent whitelisting ${RUNUSER} comment
|
| | |/
|/|
| |
| |
| | |
* AppArmor: add more examples to firejail-local
* comments fixes
|
| | |
| |
| |
| | |
Relates to #5189 #5349 #5439 #5485.
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
| |
To avoid running CI unnecessarily.
Misc: I noticed this on commit a42c1de0b ("profile-checks.yml: sort
paths-ignore", 2022-11-27). See also commit 768410cf5 ("Run
profile-ckeck on workflow edits", 2022-11-27).
Relates to #5481.
|
| |
|
|
|
| |
See commit 9bf5e453c ("ci: sort items on paths-ignore lists",
2022-07-12) / PR #5481 for details.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Relates to #5429 #5478 #5481.
|
| |\
| |
| | |
ktorrent.profile: fix mkfile without mkdir & comment legacy paths
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Package-provided binaries:
$ pacman -Q ktorrent
ktorrent 22.08.3-1.2
$ pacman -Qlq ktorrent | grep bin/.
/usr/bin/ktmagnetdownloader
/usr/bin/ktorrent
/usr/bin/ktupnptest
Environment: Artix Linux
|
| | |
| |
| |
| | |
Leave them commented.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
firejail fails to create the following files:
* ~/.kde/share/config/ktorrentrc
* ~/.kde4/share/config/ktorrentrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
Relates to #5414.
|
| |\ \
| | |
| | | |
fix: PyCharm profiles
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
|
| |\ \ \
| | | |
| | | | |
build: deduplicate makefiles
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Line-wrap them and make the order of the flags more similar across
src/prog.mk and src/so.mk.
This should make it easier to see the differences in CFLAGS between both
files.
|
| | | | |
| | | |
| | | |
| | | | |
On src/prog.mk and src/so.mk.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So that includers of src/prog.mk or src/so.mk can just define anything
extra that needs to be cleaned without having to override the "clean"
target (or having to declare a "distclean" target).
Example usage:
TOCLEAN += foo
TODISTCLEAN += bar
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For clarity, as it is included by the Makefiles that create programs and
non-shared-objects, but not by the ones that create shared objects (see
src/so.mk).
Commands used to move and search and replace:
$ git mv src/common.mk src/prog.mk
$ git grep -IFlz 'common.mk' -- src | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed 's/common.mk/prog.mk/' '{}')\" >'{}'"
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The following makefiles are nearly identical, except for the main target
name and for any extra headers that they might use:
* src/libpostexecseccomp/Makefile
* src/libtrace/Makefile
* src/libtracelog/Makefile
So move all of their (duplicated) code into a new src/so.mk file, and
add an include of src/so.mk, which leaves only variables, and the
includes of config.mk and src/so.mk in place.
With this commit, CFLAGS and LDFLAGS are only defined/changed in the
following files:
* config.mk.in
* src/common.mk
* src/so.mk
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Put the main target name into a new SO variable, put SO into a new
TARGET variable, make "all" depend on `$(TARGET)` and replace every
other occurrence of the main target name with `$(SO)`.
On the makefiles that build shared objects, to make them more similar.
With this commit, all of their targets are identical.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The makefiles that both build C programs and include src/common.mk are
nearly identical, save for the main target name and for any extra
headers and objects that they might use.
So move all of their (duplicated) code into src/common.mk, which (other
than the "lib" target on src/lib/Makefile) leaves only variables and the
includes of config.mk and src/common.mk in place.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Put the main target name into a new PROG variable, put PROG into a new
TARGET variable, make "all" depend on `$(TARGET)` and replace every
other occurrence of the main target name with `$(PROG)`.
On the makefiles that build non-shared objects, to make them more
similar. With this commit, all of their targets are identical (except
for the extra "lib" target on src/lib/Makefile).
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
For increased readability, list one item per line on lines that are
currently longer than 80 characters.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To make the makefiles more similar.
That is, add the following new variables:
* MOD_HDRS
* MOD_SRCS
* MOD_OBJS
And move existing module-specific header and object dependencies into
`MOD_HDRS` and `MOD_OBJS`, respectively. `MOD_SRCS` is added mostly for
symmetry/consistency.
Note: Use `MOD_` as a prefix instead of `EXTRA_` to avoid confusion, as
the latter is currently used for global variables (such as
`EXTRA_CFLAGS`), as opposed to module-specific variables.
Note2: Add them directly into the HDRS/SRCS/OBJS variables to avoid
cluttering the existing recipes with an extra variables unnecessarily.
This also allows, for example, referencing all of the object
dependencies with `$<` if `$(OBJS)` is the first dependency (at least in
GNU make).
Note3: Since HDRS/SRCS/OBJS use simple assignment (through `:=`), the
MOD variables should appear before including src/common.mk (or
src/so.mk).
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Use immediate expansion of the right-hand side (with `:=`) to set the
variables to the output of the commands rather than to the (text of the)
commands themselves.
This should prevent deferred/lazy evaluation, which is something that
might potentially result in the relevant files being looked up each time
that HDRS and SRCS are evaluated.
Commands used to search and replace:
git grep -Ilz '^SRCS' -- src | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed \
-e 's/^HDRS =/HDRS :=/' \
-e 's/^SRCS =/SRCS :=/' \
-e 's/^OBJS =/OBJS :=/' '{}')\" >'{}'"
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To HDRS and SRCS, respectively.
To be more consistent with the OBJS variable.
Misc: These names also appear to be more common from the makefiles that
I've seen.
Commands used to search and replace:
git grep -IFlz -e H_FILE_LIST -e C_FILE_LIST -- src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/^H_FILE_LIST *=/HDRS =/' \
-e 's/\$(H_FILE_LIST)/\$(HDRS)/g' \
-e 's/^C_FILE_LIST *=/SRCS =/' \
-e 's/\$(C_FILE_LIST:/\$(SRCS:/g' \
'{}')\" >'{}'"
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Compared to the objects that are actually used in a given recipe, some
program targets are missing object dependencies, while others appear to
have unused object dependencies.
Make each of those targets depend on the objects that are actually used
when linking.
Note: No check was done for extraneous/missing objects when linking;
this commit only makes the object dependencies equal to the objects
that are linked.
|
glitsj16
Kelvin M. Klann
dependabot[bot]
rusty-snake
Reiner Herrmann
netblue30
Bogdan Ruslanovich Drozd