| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
Added on commit 42e2db127 ("jaitest - simple sandbox testing utility
program", 2021-02-20).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is causing main.o to be built using an implicit rule (rather than
the rule from src/prog.mk), which does not use PROG_CFLAGS. Example
(using src/fldd as a working example for comparison):
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup | grep -Ev '(Entering|Leaving) directory'
gcc -g -O2 -c -o main.o main.c
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o etc-cleanup main.o
$ make -C src/etc-cleanup clean >/dev/null &&
make -C src/etc-cleanup -r | grep -Ev '(Entering|Leaving) directory'
make: *** No rule to make target 'main.o', needed by 'etc-cleanup'. Stop.
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
$ make -C src/fldd clean >/dev/null &&
make -C src/fldd -r | grep -Ev '(Entering|Leaving) directory'
gcc -ggdb -O2 -DVERSION='"0.9.73"' -fstack-protector-all [...]
gcc -pie -fPIE -Wl,-z,relro -Wl,-z,now -o fldd main.o ../lib/common.o ../lib/ldd_utils.o
Environment: GNU make 4.4.1-2 on Artix Linux.
This amends commit e889db095 ("build fix", 2023-02-06).
See also commit 02d37680c ("private-etc rework: file groups moved to
src/include/etc_groups.h, new groups added", 2023-01-25).
Relates to #5610.
|
|
|
| |
Co-authored-by: pirate486743186 <>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/6b3083af2869dc3314a0257a42f4af696cc79ba3...128a63446a954579617e875aaab7d2978154e969)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
| |
|
|
|
|
| |
Relates to #5806 #5812 #5815.
|
|\
| |
| | |
docs: add uninstall instructions to README.md
|
| |
| |
| |
| |
| |
| | |
Clarify how to remove the symlinks created by firecfg.
Reported by @MikeNavy in #5098.
|
|\ \
| | |
| | | |
ci: run for every branch instead of just master
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Having CI always run on WIP branches without having to open a PR
beforehand makes it easier to debug CI issues.
GitHub currently does not have any apparent limit for CI runs and there
are no project-specific secrets as far as I know, so it should be safe
to remove these restrictions.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Relevant lines from build_and_test[1]:
endpoint called ip address:port 1.1.1.1:1025, domain:
endpoint called ip address:port 54.185.253.63:43, domain: whois.pir.org.
##[error]StepSecurity Harden Runner: DNS resolution for domain dns.quad9.net. was blocked. This domain is not in the list of allowed-endpoints.
##[error]StepSecurity Harden Runner: DNS resolution for domain whois.pir.org. was blocked. This domain is not in the list of allowed-endpoints.
The relevant tests were added in the following commits:
* ef4409e7b ("added whois and dig profiles", 2018-08-30)
* 171898233 ("more profile fixes/testing", 2023-01-19)
Relates to #5439 #5485.
[1] https://github.com/netblue30/firejail/actions/runs/4854586882/jobs/8652141329
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sometimes ping just works normally.
Log from build_and_test[1]:
TESTING: chroot (test/chroot/fs_chroot.exp)
spawn /bin/bash
firejail --chroot=/tmp/chroot
runner@fv-az615-403:~/work/firejail/firejail/test/chroot$
[...]
bash-5.1$ /bin/ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
TESTING ERROR 9
[1] https://github.com/kmk3/firejail/actions/runs/4875037540/jobs/8696877757
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Log from build_and_test[1]:
TESTING: network scan (net_scan.exp)
[...]
firejail /bin/bash
Child process initialized in 1704.83 ms
spawn /bin/bash
firejail --net=br0 --ip=10.10.20.60
runner@fv-az576-472:~/work/firejail/firejail/test/network$
<l/test/network$ firejail --net=br0 --ip=10.10.20.60
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
Error select: arp.c:202 arp_check: Invalid argument
runner@fv-az576-472:~/work/firejail/firejail/test/network$ TESTING ERROR 4
This "Invalid argument" error does not always happen, so I assume that
it may be due to a negative integer value in `ts` when calling select.
Misc: Found in #5805.
[1] https://github.com/netblue30/firejail/actions/runs/4806275219/jobs/8553597462
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...f3feb00acb00f31a6f60280e6ace9ca31d91c76a)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
| |
Relates to #5795 #5802.
|
|\
| |
| | |
ci: formatting and misc improvements
|
| |
| |
| |
| |
| |
| |
| | |
To make debugging easier.
Use a separate shell script instead of just a make target to ensure that
it can safely run before ./configure and without having make installed.
|
| |
| |
| |
| | |
To make debugging easier.
|
| |
| |
| |
| |
| |
| |
| | |
Changes:
* Add quotes around variables
* Use single quotes where applicable
|
| |
| |
| |
| |
| |
| | |
To turn each step in question into a normal multi-line shell script.
Note that each step already runs with `set -e` by default.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For increased readability.
Note: `>` basically turns each newline into a space while `|` keeps
newlines as is. Both remove leading indentation.
Note2: On jobs using `apt-get install`, this commit moves package names
to their own line, to make it easier to compare which packages are being
installed across such jobs.
|
| |
| |
| |
| |
| | |
Kind of relates to commit 6d0c7514e ("split make test-github into
different actions", 2023-01-31).
|
| |
| |
| |
| |
| |
| | |
This makes each workflow ignore every other workflow.
Relates to #5481.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This amends the following commits:
* 370b9db39 ("gitlab pipeline fixes", 2020-04-21)
* 42fdea77f ("gitlab", 2020-04-21)
Added on commit 2e14c1a1d ("Adding sort.py to GitLab CI (#2973)",
2019-09-21).
|
|/
|
|
|
| |
I assume most people want this on, since it is a messenger application,
and you can control whether you turn it on or off in the app.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/03bee3930647ebbf994244c21ddbc0d4933aab4f...6b3083af2869dc3314a0257a42f4af696cc79ba3)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the author name is used as the author email in git and vice
versa.
Changes:
* Split the commands to make them easier to read
* Put the name command first to match the usual git usage
* Fix swapped name/email arguments
* Use the DEBFULLNAME / DEBEMAIL environment variables instead of
GitLab-specific ones
Added on commit 4cf51b591 ("extend gitlab-ci configuration to run Debian
CI tests", 2019-06-21).
|
|\
| |
| | |
profiles: standardize on just "GTK" on comments
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For consistency and to reduce confusion.
The toolkit has been renamed from "GTK+" to just "GTK" in 2019[1].
Note: This also fixes some adjacent typos.
Commands used to search and replace:
$ git grep -lz 'G[Tt][Kk]' -- etc | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
-e 's/G[Tt][Kk]\+?/GTK/g' \
-e 's/GTK-.\.0/GTK/g' \
-e 's/GTK base/GTK-base/g' \
-e 's/GTK-base /GTK-based /g' \
-e 's/Light weight/Lightweight/g' \
-e 's/client with GTK/client made with GTK/g' '{}')\" >'{}'"
Misc: I noticed this on #5722.
[1] https://mail.gnome.org/archives/gtk-devel-list/2019-February/msg00000.html
|
| |
|
|\
| |
| | |
youtube-viewers: refactor and add gtk-youtube-viewers-common
|
| | |
|
| |
| |
| |
| |
| | |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...8e5e7e5ab8b370d6c329ec480221332ada57f0ab)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/d186a2a36cc67bfa1b860e6170d37fb9634742c7...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| | |
Relates to #5784.
|
|\ \
| |/
|/| |
ci: split configure/build/install commands on gitlab
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Split them into separate steps to make it clearer in the logs which
command causes a job to fail when it does.
Note that they are already spli in the GitHub workflows:
* .github/workflows/build.yml
* .github/workflows/build-extra.yml
|
|\ \
| |/
|/| |
softmaker-common.profile: add fstab to private-etc
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When using `private-etc`, the app "forgets" its product key and
asks for license activation, even though it had already been done.
Allow access to "/etc/fstab" to avoid it & the related GUI error:
The application cannot create a unique identifier.
Please make sure the application has sufficient permissions.
Fixes #5773.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Log from a recent run of build_ubuntu_package[1]:
$ ./configure && make deb && dpkg -i firejail*.deb
[...]
dpkg-deb: building package 'firejail' in 'debian.deb'.
A future release will drop --no-tag-display-limit; please use '--tag-display-limit 0' instead.
running with root privileges is not recommended!
E: firejail: latest-changelog-entry-without-new-date [usr/share/doc/firejail/changelog.Debian.gz:1]
[...]
make: *** [Makefile:341: deb] Error 2
$ command -V firejail && firejail --version
/usr/bin/bash: line 139: command: firejail: not found
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832916003
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is currently causing the following jobs to fail on GitLab[1]:
* build_ubuntu_package
* build_fedora_package
See commit df6ea884f ("merges, disable sort.py in profile checks
temporarely, two more private-etc profiles", 2023-02-14).
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832588068
|
| |
| |
| |
| | |
Relates to #5757.
|
| |
| |
| |
| |
| |
| |
| | |
Licensing-related changes are not quite the same as documentation
changes.
Relates to #5667.
|