aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* RELNOTES: add build and docs itemsLibravatar Kelvin M. Klann2023-02-17
| | | | Relates to #5667 #5668.
* Merge pull request #5667 from kmk3/selinux-c-change-noticesLibravatar netblue302023-02-17
|\ | | | | docs: selinux.c: Split Copyright notice & use same license as upstream
| * selinux.c: Use same license as upstream file (LGPLv2.1+)Libravatar Kelvin M. Klann2023-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The upstream file is licensed under the LGPLv2.1+ and it uses an SPDX license identifier rather than an LGPL license notice[1]. And according to the GNU project, the LGPLv2.1+ is compatible with both the GPLv2 (with the result being GPLv2) and the GPLv3 (with the result being GPLv3), though the reverse (GPL -> LGPL) does not apply[2] [3]. This means that if we make changes that are only available under the GPLv2, systemd would be unable to copy them back and release the result under the LGPLv2.1 without being in violation of the GPLv2. So replace the GPL license notice with the SPDX license identifier of the upstream file ("LGPL-2.1-or-later"), to make it easier to share changes between both projects. See also the following systemd commits[4] [5] [6] [7]: * 53e1b68390 ("Add SPDX license identifiers to source files under the LGPL", 2017-11-18) * db9ecf0501 ("license: LGPL-2.1+ -> LGPL-2.1-or-later", 2020-11-09) [1] https://github.com/systemd/systemd/blob/254d1313ae5a69c08c9b93032aaaf3d6083cfc07/src/shared/selinux-util.c [2] https://www.gnu.org/licenses/license-list.en.html#LGPLv2.1 [3] https://www.gnu.org/licenses/license-compatibility.html [4] https://github.com/systemd/systemd/commit/53e1b683907c2f12330f00feb9630150196f064d [5] https://github.com/systemd/systemd/pull/7386 [6] https://github.com/systemd/systemd/commit/db9ecf050165fd1033c6f81485917e229c4be537 [7] https://github.com/systemd/systemd/pull/17548
| * selinux.c: Split Copyright notice in twoLibravatar Kelvin M. Klann2023-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes firejail's Copyright notice match the ones in basically every other file, which simplifies updating the Copyright years. selinux.c was added on commit 1ad2d54c0 ("Add support for SELinux labeling", 2020-02-18) and it claims to be "from systemd selinux-util.c". As for systemd's Copyright notice, the current version of that file on the systemd project does not have any[1]. The first commit in the systemd repository is from 2009[2] and the file was copied in 2020 (and does not seem to have been synced since), so set the years in its Copyright notice to 2009-2020. Since there is no Copyright notice (and no author) in the upstream file, list "The systemd Authors" in the Copyright notice. See also systemd commit 0c69794138 ("tree-wide: remove Lennart's copyright lines", 2018-06-12)[3] [4]. [1] https://github.com/systemd/systemd/blob/254d1313ae5a69c08c9b93032aaaf3d6083cfc07/src/shared/selinux-util.c [2] https://github.com/systemd/systemd/commit/6091827530d6dd43479d6709fb6e9f745c11e900 [3] https://github.com/systemd/systemd/commit/0c697941389b7379c4471bc0a067ede02814bc57 [4] https://github.com/systemd/systemd/pull/9274
* | Merge pull request #5668 from kmk3/build-deb-apparmor-defaultLibravatar netblue302023-02-17
|\ \ | | | | | | build: deb: enable apparmor by default & remove deb-apparmor
| * | build: deb: enable apparmor by default & remove deb-apparmorLibravatar Kelvin M. Klann2023-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The official .deb package is always built with apparmor support, so use `--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in order to reduce redundancy. Note that custom configure options may be specified by calling ./mkdeb.sh directly. For example, to build the .deb package without apparmor support, instead of running `make deb`, the following commands can be used: make dist ./mkdeb.sh --disable-apparmor Also, change the `build_apparmor` GitLab CI job into `build_no_apparmor`, which is intended to check that building without apparmor still works. Note: This commit makes the resulting .deb package not have an "-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid redundancy (as having apparmor support becomes the default). Misc: This is a follow-up to #5654. Relates to #5154 #5176 #5547.
| * | ci: deb: remove redundant --prefix argumentsLibravatar Kelvin M. Klann2023-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "deb" target depends on the "dist" target, which creates an archive from DISTFILES. The arguments to ./configure are misleading, as they do not affect the archive that is used by `make deb`. That is the case because the configure output files (config.mk and config.sh) are not copied into the dist archive, only their input files (config.mk.in and config.sh.in). In order to affect the .deb package, the configure arguments have to be passed to mkdeb.sh, which then forwards them to ./configure itself. Note: This does not apply to the rpm-based jobs, as `make rpms` uses the files directly rather than using the dist archive. Relates to #5154.
| * | ci: move --prefix configure arg firstLibravatar Kelvin M. Klann2023-02-17
| | | | | | | | | | | | | | | | | | In the `build_and_test` job, to match the common usage. Added on commit 300efec35 ("let github CI run tests", 2020-10-24).
* | | merges, testing, private-etcLibravatar netblue302023-02-16
| | |
* | | wusc: allow hyphenation (#5666)Libravatar glitsj162023-02-15
| | |
* | | com.github.johnfactotum.Foliate: fix .local include (#5665)Libravatar glitsj162023-02-15
| |/ |/|
* | gcov_wrapper.h: Fix inconsistent Copyright yearsLibravatar Kelvin M. Klann2023-02-15
| | | | | | | | | | | | | | | | | | | | Make it "2014-2023", which is the same as in basically every other file that has the same Copyright author. This kind of amends commit b408b20c7 ("gcov: fix build failure with gcc 11.1.0", 2021-06-15) / PR #4376. This is a follow-up to #5664.
* | Update copyright to 2023 (#5664)Libravatar David Fetter2023-02-15
| |
* | qutebrowser: allow userscripts by default (#5649)Libravatar glitsj162023-02-15
| | | | | | | | | | | | | | Fixes #5639. qutebrowser: drop apparmor Suggested in PR review.
* | RELNOTES: fix inconsistent indents and optionsLibravatar Kelvin M. Klann2023-02-14
| | | | | | | | | | | | | | | | | | | | | | | | | | This amends commit 707f48a12 ("RELNOTES", 2023-02-14). Note: The "Allow only letters and digits" modif item was implemented on commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14) and relates to both #5578 and #5613. The "--hostname" part of both the "Prevent" and the "Allow" modif items was also only added on that commit. Discussion about the hostname: https://github.com/netblue30/firejail/pull/5613#issuecomment-1421271389 Relates to #5578.
* | RELNOTES: add modif and build itemsLibravatar Kelvin M. Klann2023-02-14
| | | | | | | | Relates to #5613 #5654.
* | RELNOTES: fix keep-shell-rc feature itemLibravatar Kelvin M. Klann2023-02-14
| | | | | | | | | | | | | | | | | | Move it before modifs, add missing PR reference and make the description match the PR name. This amends commit 9d68139d7 ("merges", 2023-02-06). Relates to #1127 #5634.
* | testing --nameLibravatar netblue302023-02-14
| |
* | RELNOTESLibravatar netblue302023-02-14
| |
* | fix buildLibravatar netblue302023-02-14
| |
* | merges; more on cleaning up esc charsLibravatar netblue302023-02-14
| |
* | Merge pull request #5613 from layderv/escape-cntrl-sequencesLibravatar netblue302023-02-14
|\ \ | | | | | | modif: Escape control characters of the command line
| * | Style changesLibravatar layderv2023-02-06
| | |
| * | Escape control charactersLibravatar layderv2023-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Names and commands can contain control characters: ``` firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s ``` results in "Text" printed in red. Prevent commands like `--tree` to control the terminal.
* | | merges, disable sort.py in profile checks temporarely, two more private-etc ↵Libravatar netblue302023-02-14
| | | | | | | | | | | | profiles
* | | Merge pull request #5653 from slowpeek/masterLibravatar netblue302023-02-14
|\ \ \ | | | | | | | | disable-programs.inc: blacklist sendgmail config
| * | | Blacklist sendgmail configLibravatar slowpeek2023-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sendgmail is a cli tool by Google that "uses Gmail in order to mimic sendmail for git send-email" as per its own description. In other words it is a basic sendmail replacement with OAuth2 support to send emails from Gmail accounts. https://github.com/google/gmail-oauth2-tools/tree/master/go/sendgmail Config files location depends on "xdg" build tag. Without the tag it would be "~/.sendgmail.*". With the tag it is either under "$XDG_CONFIG_HOME/sendgmail" if set or "~/.config/sendgmail" otherwise.
* | | | Merge pull request #5654 from kmk3/build-mkdeb-noargsLibravatar netblue302023-02-14
|\ \ \ \ | | |_|/ | |/| | build: mkdeb.sh: pass all arguments to ./configure
| * | | build: mkdeb.sh: pass all arguments to ./configureLibravatar Kelvin M. Klann2023-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of using the first argument as the `EXTRA_VERSION` variable. This should make the usage of mkdeb.sh less confusing, especially when one is not trying to set the variable. As for using `EXTRA_VERSION` (which is still optional with this commit), make sure that it is set as an environment variable before caling mkdeb.sh. Example: env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor See also commit 9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to ./configure", 2022-05-13) / PR #5154.
* | | | Merge pull request #5660 from glitsj16/tmc-fixLibravatar netblue302023-02-14
|\ \ \ \ | | | | | | | | | | transmission-cli: allow web client
| * | | | transmission-cli: allow web clientLibravatar glitsj162023-02-14
| | | | |
* | | | | Merge pull request #5661 from ↵Libravatar netblue302023-02-14
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | netblue30/dependabot/github_actions/github/codeql-action-2.2.4 build(deps): bump github/codeql-action from 2.2.1 to 2.2.4
| * | | | | build(deps): bump github/codeql-action from 2.2.1 to 2.2.4dependabot/github_actions/github/codeql-action-2.2.4Libravatar dependabot[bot]2023-02-13
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.1 to 2.2.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3ebbd71c74ef574dbc558c82f70e52732c8b44fe...17573ee1cc1b9d061760f3a006fc4aac4f944fd5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
* | | | | Merge pull request #5663 from netcarver/masterLibravatar netblue302023-02-14
|\ \ \ \ \ | |/ / / / |/| | | | disable-common.inc: Prevent access to LUKS keyfile
| * | | | Prevent access to LUKS keyfileLibravatar Netcarver2023-02-14
|/ / / /
* | / / private-etc: kdiff3, gzip, gunzip, tar etcLibravatar netblue302023-02-10
| |/ / |/| |
* | | private-etc: more on gcryptLibravatar netblue302023-02-09
| | |
* | | private-etc: moving gcrypt from tls-ca to x11 groupLibravatar netblue302023-02-08
| | |
* | | private-etc: libreoffice, audacity, forzen-bubble, transmission, ↵Libravatar netblue302023-02-08
| | | | | | | | | | | | md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
* | | adding machine-id to x11 groupLibravatar netblue302023-02-08
| | |
* | | testingLibravatar netblue302023-02-06
| | |
* | | private-etc testingLibravatar netblue302023-02-06
| | |
* | | testingLibravatar netblue302023-02-06
| | |
* | | Merge pull request #5643 from glitsj16/whois-fixLibravatar netblue302023-02-06
|\ \ \ | | | | | | | | whois: re-fix private-etc
| * | | re-fix private-etcLibravatar glitsj162023-02-06
|/ / /
* | | mergesLibravatar netblue302023-02-06
| | |
* | | build fixLibravatar netblue302023-02-06
| | |
* | | installing etc-cleanup tool in /usr/lib/firejail directoryLibravatar netblue302023-02-06
| | |
* | | Merge pull request #5634 from acatton/masterLibravatar netblue302023-02-06
|\ \ \ | | | | | | | | feature: Add 'keep-shell-rc' command and option
| * | | feature: add 'keep-shell-rc' flag and optionLibravatar Antoine Catton2023-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes #1127. This allow a user to provide their own zshrc/bashrc inside the jail. This is very useful when using firejail to develop and prevent bad pip packages to access your system.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-29 06:59:10 +0000