| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently Tor Browser 13.0.11 (based on Mozilla Firefox 115.8.0esr)
changed a few things. The former versions installed under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser`
and now under
`${HOME}/.local/share/torbrowser/tbb/x86_64/tor-browser/Browser`.
All of our tor-browser-foo.profile profiles redirect to
torbrowser-launcher.profile and are covered by the fixes.
torbrowser.profile was not tested. It redirects to
firefox-common.profile and seems to be Gentoo-specific.
Fixes #6269.
|
|\
| |
| | |
build: sort.py: filter empty and duplicate items
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Note: This seems to already be done for `protocol` lines.
Before:
$ ./contrib/sort.py test.profile
sort.py: checking 1 profile(s)...
test.profile:1:-private-etc ,,bar,,foo,,bar,,,
test.profile:1:+private-etc ,,,,,,,bar,bar,foo
test.profile:2:-protocol ,,unix,,bluetooth,,unix,,inet,,,
test.profile:2:+protocol unix,inet,bluetooth
[ Fixed ] test.profile
After:
$ ./contrib/sort.py test.profile
sort.py: checking 1 profile(s)...
test.profile:1:-private-etc ,,bar,,foo,,bar,,,
test.profile:1:+private-etc bar,foo
test.profile:2:-protocol ,,unix,,bluetooth,,unix,,inet,,,
test.profile:2:+protocol unix,inet,bluetooth
[ Fixed ] test.profile
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To reduce duplication.
Support for it was added on commit bf5a99360 ("landlock: add support for
PATH macro", 2023-12-22).
See also commit 19e108248 ("landlock: expand simple macros in commands",
2023-11-11) / PR #6125.
Relates to #6078.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Blacklisting qt5ct/qt6ct configuration and data paths breaks styling in all
apps that use them.
This was working as expected before #6249 and #6250, so remove the
blacklisting.
|
| |
| |
| |
| |
| |
| |
| | |
Simple screen recorder for Linux desktop, supports Wayland & Xorg.
https://github.com/dvershinin/green-recorder
https://aur.archlinux.org/packages/green-recorder
https://aur.archlinux.org/packages/green-recorder-git
|
| |
| |
| |
| |
| |
| |
| | |
Fix `noblacklist` entry without an equivalent `blacklist` entry.
Added on commit 1a2e8ab85 ("multimc: instances not running, because of
missing permissions", 2024-02-19) / PR #6216.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since gnome-keyring 1.46, the ssh-agent functionality has been removed
and gcr-ssh-agent is the recommended alternative.
Source:
- https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67
- https://wiki.archlinux.org/title/GNOME/Keyring#SSH_keys
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
mkinitcpio (used to generate initramfs images) supports several
compression formats:
https://gitlab.archlinux.org/archlinux/mkinitcpio/mkinitcpio/-/blob/master/mkinitcpio.conf#L54-L64.
On Arch Linux (based distributions) at least this implies the supported
archivers to have access to mkinitcpio-related files under /etc.
This was no problem before 29da82d added `private-etc` to
`archivers-common.profile`.
This adds the now needed extra private-etc items to
archiver-common.profile, for mkinitcpio's supported compressors (which
seem to be at least cpio, gzip and zstd).
Relates to #5610.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Commit 29da82d added `private-etc` to `archiver-common.profile`.
To avoid doubled options this PR removes it from archiver profiles which
already had it.
Relates to #5610.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/47b3d888fe66b639e431abf22ebca059152f1eea...8a470fddafa5cbb6266ee11b37ef4d8aae19c571)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|/ |
|
|
|
|
| |
Relates to #6217 #6222 #6228 #6230.
|
| |
|
|\
| |
| | |
build: reduce hardcoding and inconsistencies
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For consistency and to make it clearer where jobs differ (for example,
to see where `--enable-analyzer` is used).
Changes:
* Always use --prefix=/usr and --enable-fatal-warnings (except in the
Alpine job due to current warnings; see #6224)
* Use the same argument order
Note: mkdeb.sh and platform/rpm/mkrpm.sh already pass `--prefix=/usr` to
./configure.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently the number of make jobs used for the default build target are
hardcoded and the value used varies across files.
For consistency (and potentially better performance), use
`make -j "$(nproc)"` everywhere that `make -j` is currently used.
Kind of relates to commit 500d8f2d6 ("ci: run make in parallel where
applicable", 2023-08-14) / PR #5960.
|
| |
| |
| |
| | |
Line-wrap the file and sort ./configure arguments.
|
| |
| |
| |
| |
| | |
Format it for readability and update the descriptions to match the
current jobs.
|
| |
| |
| |
| |
| | |
To make it easier to compare and edit the main apt-based jobs in
.gitlab-ci.yml.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
test/ also contains source code and cppcheck checks it:
$ make cppcheck | grep 'Checking test/'
Checking test/appimage/main.c ...
Checking test/chroot/unchroot.c ...
Checking test/filters/namespaces.c ...
Checking test/seccomp-extra/memwrexe.c ...
So make sure that it is included in the CI trigger paths.
|
| |
| |
| |
| | |
Sync the build and build-clang jobs.
|
| |
| |
| |
| |
| |
| |
| | |
To reduce hardcoding.
Note that this reduces duplication but the value is still hardcoded in
the job; it is not sourced from TARNAME in config.mk.
|
| |
| |
| |
| |
| |
| |
| | |
To reduce TARNAME hardcoding.
Added on commit 6a89ab023 ("ci: run firejail --version after
build/install", 2022-05-16) / PR #5148.
|
| |
| |
| |
| | |
To reduce TARNAME hardcoding.
|
|\ \
| | |
| | | |
Profile for Ledger Live desktop app
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
/opt/ledger-live installation currently sits at 345 MiB, so I decided to
whitelist it instead of using private-opt ledger-live, in case future
installations grow in size.
Not using private-dev was the only way I managed to get my USB wallet to
work.
|
|\ \
| | |
| | | |
landlock: use "landlock.fs." prefix in filesystem commands
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
|
| |/
| |
| |
| | |
Relates to #6078.
|
|\ \
| | |
| | | |
New profile: virt-manager
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
New profile: gnome-boxes
|
| |/ / |
|
|\ \ \
| |_|/
|/| | |
multimc: instances not running, because of missing permissions
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When starting an instance, in the logs, a failed attempt to load the lwjgl
library is shown and the game doesn't run.
The library is in the /tmp directory. The reason for this appears to
be, in the lwjgl source code, the shared library loading function,
extracts in the temporary directory and continues from there.
This is fixed by whitelisting.
The reason for adding "ignore noexec /tmp" as well, is that without it, the game
can't run, even if the directory is whitelisted. It seems the library needs
to be loaded from /tmp.
A second error for a failed attempt to access /home/user/.cache/JNA is also
shown in the logs. This is also fixed by whitelisting.
|
|\ \ \
| |_|/
|/| | |
build: allow overriding certain tools & sync targets with CI
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Use --status-bugs in the scan-build target to exit with an error if
bugs are found
* Call the make target in the CI job
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Use the same command from the cppcheck CI job in the cppcheck target
* Add cppcheck-old target based on the cppcheck_old CI job
* Call the make targets in CI to avoid duplicating the commands
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow overriding the following tools at configure-time and build-time:
* codespell
* cppcheck
* gawk
* scan-build
For example, instead of hardcoding `gawk`, enable overriding it at
configure-time with:
./configure GAWK=/path/to/gawk
To override it for a single `make` invocation:
make GAWK=/path/to/gawk
Also, add default values for the programs that are not found (rather
than leaving the variables empty), to make error messages clearer when
trying to run them:
$ make CPPCHECK= cppcheck-old
[...]
force --error-exitcode=1 --enable=warning,performance .
make: force: No such file or directory
$ make CPPCHECK=cppcheck cppcheck-old
[...]
cppcheck --force --error-exitcode=1 --enable=warning,performance .
make: cppcheck: No such file or directory
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/379614612a29c9e28f31f39a59013eb8012a51f0...47b3d888fe66b639e431abf22ebca059152f1eea)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|