| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|\
| |
| | |
nvim: add XDG_STATE_HOME path
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Default paths as of neovim 0.7.0:
* backupdir: $XDG_DATA_HOME/nvim/backup//
* directory: $XDG_DATA_HOME/nvim/swap//
* undodir: $XDG_DATA_HOME/nvim/undo//
* viewdir: $XDG_DATA_HOME/nvim/view//
* shada file: $XDG_DATA_HOME/nvim/shada/main.shada
* log dir: $XDG_CACHE_HOME/nvim/log
Default paths as of [1]:
* backupdir: $XDG_STATE_HOME/nvim/backup//
* directory: $XDG_STATE_HOME/nvim/swap//
* undodir: $XDG_STATE_HOME/nvim/undo//
* viewdir: $XDG_STATE_HOME/nvim/view//
* shada file: $XDG_STATE_HOME/nvim/shada/main.shada
* log dir: $XDG_STATE_HOME/nvim/log
[1] https://github.com/neovim/neovim/pull/15583
|
| |
| |
| |
| |
| |
| |
| | |
It's already blacklisted on disable-common.inc.
Added on commit ec966d4c0 ("fix: neovim profile", 2022-01-10) /
PR #4841.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | | |
* update for wget2
* allow ${HOME}/.local/share/wget
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
Fails to start without this, eg:
FileNotFoundError: [Errno 2] No such file or directory: '/usr/share/onionshare/images/favicon.ico'
Signed-off-by: Tad <tad@spotco.us>
|
|\ \
| | |
| | | |
Makefile.in: stop running distclean on dist
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
distclean erases user-made modifications to the files generated by the
configure script; it is not obvious that a non-"clean" target would ever
run it.
That is, instead of:
./configure --enable-foo && make distclean && make dist
It would probably be safer (and more maintainable) to do:
make distclean && ./configure --enable-foo && make dist
So drop the distclean call and the file-moving hacks around it.
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08).
Relates to commit 684919100 ("bug: preserve config.status during make
dist", 2016-09-19) and commit 31dc1218a ("fixups", 2020-07-19).
|
|\ \
| | |
| | | |
ci: print version after install & fix apparmor support on build_apparmor
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "build_apparmor" job was added on commit 342e71cd8 ("Add
deb-apparmor build to Gitlab CI", 2019-01-26). It would call
`./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor`
directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to
the linker.
Later, commit 87e7b3139 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR #3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass `--enable-apparmor` to
./configure directly. Instead, it adds `--enable-apparmor` depending on
whether the `$HAVE_APPARMOR` environment variable is set, which would be
done by a previous run of ./configure with `--enable-apparmor`. Since
on "build_apparmor" ./configure is not run the first time with
`--enable-apparmor`, neither is it on the second time and thus
`-lapparmor` is never passed to the linker. This commit adds
`--enable-apparmor` to the first ./configure run on the ci job, so that
it gets passed to the one being executed on mkdeb.sh as well.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To ensure that firejail was actually built with support for it.
Note: This commit intentionally fails on GitLab CI to demonstrate that
the above is currently not the case.
|
|/ /
| |
| |
| |
| | |
To ensure that the resulting program actually runs and also to show
which compile-time features it supports.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, when running on CI, `firejail --version` only prints the
following line:
firejail version 0.9.69
Add a new print_version() function that always prints both the above and
the compile-time options (like it is done outside of CI) and call it in
both of the places that handle --version on main.c.
Misc: The printing of compile-time features was added on commit
48dd1fbec ("apparmor", 2016-08-02).
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7502d6e991ca767d2db617bfd823a1ed925a0d59...2f58583a1b24a7d3c7034f6bf9fa506d23b1183b)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
| |
After a3f00edb32aca7516d690db046dd1ed3eb186bdd
Signed-off-by: Tad <tad@spotco.us>
|
|
|
|
|
|
|
|
|
|
|
| |
Without whitelist-usr-share-common, /usr/share becomes empty.
Adding whitelist-runuser-common didn't break google chrome.
Whitelisting /usr/share/mozilla/extensions and
/usr/share/webext shouldn't break google chrome, either.
I tested google-chrome.profile only, but
I think later versions should not be different.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As caught by the Clang Static Analyzer:
$ make clean && NO_EXTRA_CFLAGS="yes" scan-build --status-bugs make -C src/fzenity
[...]
main.c:77:10: warning: Value stored to 'ptr' is never read [deadcode.DeadStores]
return ptr++;
^~~~~
1 warning generated.
[...]
scan-build: Analysis run complete.
scan-build: 1 bug found.
The above increment is a no-op, as it is equivalent to
`return ptr; ptr++;`.
For it to make any difference, the prefix increment operator would have
to be used in place of the postfix one:
return ++ptr;
Which would be equivalent to `++ptr; return ptr;`.
But in order to fix the warning (and CI) while avoiding to change the
current behavior, just remove the operator instead.
Added on commit 1cdfa6f95 ("more on firecfg --guide: fzenity",
2022-04-25).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the manual of GNU Autoconf (version 2.69):
> -- Macro: AC_PROG_INSTALL
> Set output variable 'INSTALL' to the name of a BSD-compatible
> 'install' program, if one is found in the current 'PATH'.
> Otherwise, set 'INSTALL' to 'DIR/install-sh -c', checking the
> directories specified to 'AC_CONFIG_AUX_DIR' (or its default
> directories) to determine DIR (*note Output::). Also set the
> variables 'INSTALL_PROGRAM' and 'INSTALL_SCRIPT' to '${INSTALL}'
> and 'INSTALL_DATA' to '${INSTALL} -m 644'.
> -- Macro: AC_PROG_RANLIB
> Set output variable 'RANLIB' to 'ranlib' if 'ranlib' is found,
> and otherwise to ':' (do nothing).
None of the aforementioned variables are used:
$ git grep -F -e '${INSTALL}' -e INSTALL_PROGRAM -e INSTALL_SCRIPT \
-e INSTALL_DATA -e RANLIB
$
So remove the macros that define them.
Misc: The macros in question have been present on configure.ac since it
was created, on commit 137985136 ("Baseline firejail 0.9.28",
2015-08-08). And while the install command is called multiple times,
ranlib is not used anywhere (and it seems that it was never used):
$ git grep -E '^[[:blank:]]+install ' -- '*Makefile*' '*.mk*' |
wc -l
32
$ git grep -F ranlib | wc -l
0
$ git log --pretty= --name-only -G'RANLIB|ranlib' \
137985136..master | sort -u
README.md
Kind of relates to #4695.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1ed1437484560351c5be56cf73a48a279d116b78...7502d6e991ca767d2db617bfd823a1ed925a0d59)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Partial error log when building firejail-git (afee8603f) with
--enable-fatal-warnings:
hostnames.c: In function ‘retrieve_hostname’:
hostnames.c:53:17: error: ‘fclose’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-dealloc]
53 | fclose(fp);
| ^~~~~~~~~~
hostnames.c:38:20: note: returned from ‘popen’
38 | FILE *fp = popen(cmd, "r");
| ^~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [Makefile:7: hostnames.o] Error 1
Environment: gcc 11.2.0-4 on Artix Linux.
Added on commit 500a56efd ("more on nettrace", 2022-01-07).
|
| | |
|
|/
|
|
| |
/etc/alternatives on Debian
|
|\ |
|
| |\
| | |
| | | |
Whitelist electron-flags.conf for all versions of electron
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Add electron-flags.conf for all versions of electron
|
| |\ \
| | | |
| | | | |
Stop warning on safe supplementary group clean
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When nogroups is used, the following warning may be issued (potentially
multiple times, as drop_privs may be called more than once):
Warning: cleaning all supplementary groups
But the warning is being shown even when it seems that all supplementary
groups can be safely dropped (and are thus dropped), which is likely a
common scenario. This commit prevents the warning from being printed in
that case, making it so that it is only shown in the non-happy paths (as
was the case on firejail 0.9.66).
Misc: The added code was copied from drop_privs.
This amends commit 7abce0b4c ("Fix keeping certain groups with
nogroups", 2021-11-30) / PR #4732.
Kind of relates to #4930.
|
|/ / / |
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/dcd71f646680f2efd8db4afa5ad64fdcba30e748...2541b1294d2704b0964813337f33b291d3f8596b)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | |
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
- fix shellcheck
- break long lines
- remove unseless $? check
- remove needless \\
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/a12a3943b4bdde767164f792f33f40b04645d846...dcd71f646680f2efd8db4afa5ad64fdcba30e748)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|