| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0225834cc549ee0ca93cb085b92954821a145866...83f0fe6c4988d98a455712a27f0255212bba9bd4)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|\
| |
| | |
build: enable compiler warnings by default
|
| |
| |
| |
| | |
Enable -Wall by default and add -Wextra.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...0225834cc549ee0ca93cb085b92954821a145866)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Relates to #5829.
|
| |
|
|\
| |
| | |
email-common.profile: allow clamav plugin for claws-mail
|
| |\
| |/
|/| |
|
|\ \
| | |
| | | |
qutebrowser: update MPRIS name for qutebrowser-qt6
|
| | |
| | |
| | |
| | | |
see https://github.com/qutebrowser/qutebrowser/issues/7431
|
|\ \ \
| | | |
| | | | |
modif: Improve --version/--help & print version on startup
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It is not too uncommon for the firejail version to be missing when
issues are reported; this commit makes it more likely that any posted
logs will contain the program version.
Do so just for firejail and firecfg for now because they are the most
common user-facing programs.
Print the version after argument parsing, in order to avoid printing the
program version more than once and to avoid interfering with commands
that generate machine-readable output (like `firejail --list` and
`firecfg --list`). Also, only print it after all profiles have been
loaded, because a profile may contain `quiet`.
Note: This does not cover the case where the program exits before the
end of argument/profile parsing (such as when an error occurs).
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
For consistency and readability.
Note: This also makes exactly one extra blank line be printed at the end
of every usage text, which is currently only done in the following
files:
* src/fcopy/main.c
* src/fnettrace-dns/main.c
* src/fnettrace-icmp/main.c
* src/fnettrace-sni/main.c
* src/fnettrace/main.c
* src/profstats/main.c
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes:
* Name them all "usage_str"
* Make them const
For the latter item, see commit eb20f52ef ("Make list of paths const to
fix a false positive of gcc analyzer", 2022-07-27) / PR #5275.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes:
* Only print the version line in the print_version function
* Add a print_version function where missing (put it in usage.c if the
file exists)
* Always a blank line after the version
|
| | | |
| | | |
| | | |
| | | | |
Build the entire string at once and print it only once.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Split print_version into two functions:
* print_version: only prints the version line
* print_version_full: also prints compile-time support
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, --version doesn't print a dash while --help does. Example:
$ firejail --version | grep 'version 0'
firejail version 0.9.73
$ firejail --help | grep 'version 0'
firejail - version 0.9.73
For consistency, always print the version without a dash.
Commands used to search and replace:
$ git grep -IFlz ' - version' -- src | xargs -0 -I '{}' sh -c
"printf '%s\n' \"\$(sed 's/ - version/ version/' '{}')\" >'{}'"
|
|/ / /
| | |
| | |
| | |
| | | |
Added on commit 42e2db127 ("jaitest - simple sandbox testing utility
program", 2021-02-20).
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is causing main.o to be built using an implicit rule (rather than
the rule from src/prog.mk), which does not use PROG_CFLAGS. Example
(using src/fldd as a working example for comparison):
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup | grep -Ev '(Entering|Leaving) directory'
gcc -g -O2 -c -o main.o main.c
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o etc-cleanup main.o
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup -r | grep -Ev '(Entering|Leaving) directory'
make: *** No rule to make target 'main.o', needed by 'etc-cleanup'. Stop.
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd -r | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
Environment: GNU make 4.4.1-2 on Artix Linux.
This amends commit e889db095 ("build fix", 2023-02-06).
See also commit 02d37680c ("private-etc rework: file groups moved to
src/include/etc_groups.h, new groups added", 2023-01-25).
Relates to #5610.
|
| | |
| | |
| | | |
Co-authored-by: pirate486743186 <>
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/6b3083af2869dc3314a0257a42f4af696cc79ba3...128a63446a954579617e875aaab7d2978154e969)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
| | | |
|
| | |
| | |
| | |
| | | |
Relates to #5806 #5812 #5815.
|
|\ \ \
| | | |
| | | | |
docs: add uninstall instructions to README.md
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clarify how to remove the symlinks created by firecfg.
Reported by @MikeNavy in #5098.
|
|\ \ \ \
| | | | |
| | | | | |
ci: run for every branch instead of just master
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Having CI always run on WIP branches without having to open a PR
beforehand makes it easier to debug CI issues.
GitHub currently does not have any apparent limit for CI runs and there
are no project-specific secrets as far as I know, so it should be safe
to remove these restrictions.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Relevant lines from build_and_test[1]:
endpoint called ip address:port 1.1.1.1:1025, domain:
endpoint called ip address:port 54.185.253.63:43, domain: whois.pir.org.
##[error]StepSecurity Harden Runner: DNS resolution for domain dns.quad9.net. was blocked. This domain is not in the list of allowed-endpoints.
##[error]StepSecurity Harden Runner: DNS resolution for domain whois.pir.org. was blocked. This domain is not in the list of allowed-endpoints.
The relevant tests were added in the following commits:
* ef4409e7b ("added whois and dig profiles", 2018-08-30)
* 171898233 ("more profile fixes/testing", 2023-01-19)
Relates to #5439 #5485.
[1] https://github.com/netblue30/firejail/actions/runs/4854586882/jobs/8652141329
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Sometimes ping just works normally.
Log from build_and_test[1]:
TESTING: chroot (test/chroot/fs_chroot.exp)
spawn /bin/bash
firejail --chroot=/tmp/chroot
runner@fv-az615-403:~/work/firejail/firejail/test/chroot$
[...]
bash-5.1$ /bin/ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
TESTING ERROR 9
[1] https://github.com/kmk3/firejail/actions/runs/4875037540/jobs/8696877757
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Log from build_and_test[1]:
TESTING: network scan (net_scan.exp)
[...]
firejail /bin/bash
Child process initialized in 1704.83 ms
spawn /bin/bash
firejail --net=br0 --ip=10.10.20.60
runner@fv-az576-472:~/work/firejail/firejail/test/network$
<l/test/network$ firejail --net=br0 --ip=10.10.20.60
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
Error select: arp.c:202 arp_check: Invalid argument
runner@fv-az576-472:~/work/firejail/firejail/test/network$ TESTING ERROR 4
This "Invalid argument" error does not always happen, so I assume that
it may be due to a negative integer value in `ts` when calling select.
Misc: Found in #5805.
[1] https://github.com/netblue30/firejail/actions/runs/4806275219/jobs/8553597462
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...f3feb00acb00f31a6f60280e6ace9ca31d91c76a)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | |
|
| | |
| | |
| | |
| | | |
Relates to #5795 #5802.
|
|\ \ \
| |/ /
|/| | |
ci: formatting and misc improvements
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To make debugging easier.
Use a separate shell script instead of just a make target to ensure that
it can safely run before ./configure and without having make installed.
|
| | |
| | |
| | |
| | | |
To make debugging easier.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Add quotes around variables
* Use single quotes where applicable
|
| | |
| | |
| | |
| | |
| | |
| | | |
To turn each step in question into a normal multi-line shell script.
Note that each step already runs with `set -e` by default.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For increased readability.
Note: `>` basically turns each newline into a space while `|` keeps
newlines as is. Both remove leading indentation.
Note2: On jobs using `apt-get install`, this commit moves package names
to their own line, to make it easier to compare which packages are being
installed across such jobs.
|
| | |
| | |
| | |
| | |
| | | |
Kind of relates to commit 6d0c7514e ("split make test-github into
different actions", 2023-01-31).
|
| | |
| | |
| | |
| | |
| | |
| | | |
This makes each workflow ignore every other workflow.
Relates to #5481.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This amends the following commits:
* 370b9db39 ("gitlab pipeline fixes", 2020-04-21)
* 42fdea77f ("gitlab", 2020-04-21)
Added on commit 2e14c1a1d ("Adding sort.py to GitLab CI (#2973)",
2019-09-21).
|
|/ /
| |
| |
| |
| | |
I assume most people want this on, since it is a messenger application,
and you can control whether you turn it on or off in the app.
|