| Commit message (Collapse) | Author | Age |
... | |
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.1 to 2.4.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/6b3083af2869dc3314a0257a42f4af696cc79ba3...128a63446a954579617e875aaab7d2978154e969)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of Debian 9, use Debian 10 in build_debian_package.
It currently fails to update the package index[1]:
$ apt-get update -qq
W: The repository 'http://deb.debian.org/debian stretch Release' does not have a Release file.
W: The repository 'http://deb.debian.org/debian stretch-updates Release' does not have a Release file.
W: The repository 'http://security.debian.org/debian-security stretch/updates Release' does not have a Release file.
E: Failed to fetch http://deb.debian.org/debian/dists/stretch/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://deb.debian.org/debian/dists/stretch-updates/main/binary-amd64/Packages 404 Not Found [IP: 146.75.38.132 80]
E: Failed to fetch http://security.debian.org/debian-security/dists/stretch/updates/main/binary-amd64/Packages 404 Not Found [IP: 151.101.130.132 80]
E: Some index files failed to download. They have been ignored, or old ones used instead.
Also, note that LTS support for Debian 9 ended on 2022-06-30, while
Debian 10 has LTS support until 2024-06-30[2].
Relates to #5818.
[1] https://gitlab.com/Firejail/firejail_ci/-/jobs/4195782936
[2] https://wiki.debian.org/LTS
|
| | | |
|
| | |
| | |
| | |
| | | |
Relates to #5806 #5812 #5815.
|
|\ \ \
| | | |
| | | | |
docs: add uninstall instructions to README.md
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clarify how to remove the symlinks created by firecfg.
Reported by @MikeNavy in #5098.
|
|\ \ \ \
| | | | |
| | | | | |
ci: run for every branch instead of just master
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Having CI always run on WIP branches without having to open a PR
beforehand makes it easier to debug CI issues.
GitHub currently does not have any apparent limit for CI runs and there
are no project-specific secrets as far as I know, so it should be safe
to remove these restrictions.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Relevant lines from build_and_test[1]:
endpoint called ip address:port 1.1.1.1:1025, domain:
endpoint called ip address:port 54.185.253.63:43, domain: whois.pir.org.
##[error]StepSecurity Harden Runner: DNS resolution for domain dns.quad9.net. was blocked. This domain is not in the list of allowed-endpoints.
##[error]StepSecurity Harden Runner: DNS resolution for domain whois.pir.org. was blocked. This domain is not in the list of allowed-endpoints.
The relevant tests were added in the following commits:
* ef4409e7b ("added whois and dig profiles", 2018-08-30)
* 171898233 ("more profile fixes/testing", 2023-01-19)
Relates to #5439 #5485.
[1] https://github.com/netblue30/firejail/actions/runs/4854586882/jobs/8652141329
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Sometimes ping just works normally.
Log from build_and_test[1]:
TESTING: chroot (test/chroot/fs_chroot.exp)
spawn /bin/bash
firejail --chroot=/tmp/chroot
runner@fv-az615-403:~/work/firejail/firejail/test/chroot$
[...]
bash-5.1$ /bin/ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
TESTING ERROR 9
[1] https://github.com/kmk3/firejail/actions/runs/4875037540/jobs/8696877757
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Log from build_and_test[1]:
TESTING: network scan (net_scan.exp)
[...]
firejail /bin/bash
Child process initialized in 1704.83 ms
spawn /bin/bash
firejail --net=br0 --ip=10.10.20.60
runner@fv-az576-472:~/work/firejail/firejail/test/network$
<l/test/network$ firejail --net=br0 --ip=10.10.20.60
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
** Note: you can use --noprofile to disable default.profile **
Error select: arp.c:202 arp_check: Invalid argument
runner@fv-az576-472:~/work/firejail/firejail/test/network$ TESTING ERROR 4
This "Invalid argument" error does not always happen, so I assume that
it may be due to a negative integer value in `ts` when calling select.
Misc: Found in #5805.
[1] https://github.com/netblue30/firejail/actions/runs/4806275219/jobs/8553597462
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...f3feb00acb00f31a6f60280e6ace9ca31d91c76a)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | | |
|
| | |
| | |
| | |
| | | |
Relates to #5795 #5802.
|
|\ \ \
| |/ /
|/| | |
ci: formatting and misc improvements
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To make debugging easier.
Use a separate shell script instead of just a make target to ensure that
it can safely run before ./configure and without having make installed.
|
| | |
| | |
| | |
| | | |
To make debugging easier.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
* Add quotes around variables
* Use single quotes where applicable
|
| | |
| | |
| | |
| | |
| | |
| | | |
To turn each step in question into a normal multi-line shell script.
Note that each step already runs with `set -e` by default.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For increased readability.
Note: `>` basically turns each newline into a space while `|` keeps
newlines as is. Both remove leading indentation.
Note2: On jobs using `apt-get install`, this commit moves package names
to their own line, to make it easier to compare which packages are being
installed across such jobs.
|
| | |
| | |
| | |
| | |
| | | |
Kind of relates to commit 6d0c7514e ("split make test-github into
different actions", 2023-01-31).
|
| | |
| | |
| | |
| | |
| | |
| | | |
This makes each workflow ignore every other workflow.
Relates to #5481.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This amends the following commits:
* 370b9db39 ("gitlab pipeline fixes", 2020-04-21)
* 42fdea77f ("gitlab", 2020-04-21)
Added on commit 2e14c1a1d ("Adding sort.py to GitLab CI (#2973)",
2019-09-21).
|
|/ /
| |
| |
| |
| | |
I assume most people want this on, since it is a messenger application,
and you can control whether you turn it on or off in the app.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/03bee3930647ebbf994244c21ddbc0d4933aab4f...6b3083af2869dc3314a0257a42f4af696cc79ba3)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, the author name is used as the author email in git and vice
versa.
Changes:
* Split the commands to make them easier to read
* Put the name command first to match the usual git usage
* Fix swapped name/email arguments
* Use the DEBFULLNAME / DEBEMAIL environment variables instead of
GitLab-specific ones
Added on commit 4cf51b591 ("extend gitlab-ci configuration to run Debian
CI tests", 2019-06-21).
|
|\ \
| | |
| | | |
profiles: standardize on just "GTK" on comments
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For consistency and to reduce confusion.
The toolkit has been renamed from "GTK+" to just "GTK" in 2019[1].
Note: This also fixes some adjacent typos.
Commands used to search and replace:
$ git grep -lz 'G[Tt][Kk]' -- etc | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed -E \
-e 's/G[Tt][Kk]\+?/GTK/g' \
-e 's/GTK-.\.0/GTK/g' \
-e 's/GTK base/GTK-base/g' \
-e 's/GTK-base /GTK-based /g' \
-e 's/Light weight/Lightweight/g' \
-e 's/client with GTK/client made with GTK/g' '{}')\" >'{}'"
Misc: I noticed this on #5722.
[1] https://mail.gnome.org/archives/gtk-devel-list/2019-February/msg00000.html
|
| | |
|
|\ \
| | |
| | | |
youtube-viewers: refactor and add gtk-youtube-viewers-common
|
| | | |
|
| | |
| | |
| | |
| | |
| | | |
* Create url-eater.profile
* RELNOTES: add url-eater to 'new profiles'
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8f4b7f84864484a7bf31766abe9204da3cbe65b3...8e5e7e5ab8b370d6c329ec480221332ada57f0ab)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/d186a2a36cc67bfa1b860e6170d37fb9634742c7...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | | |
Relates to #5784.
|
|\ \ \
| |/ /
|/| | |
ci: split configure/build/install commands on gitlab
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Split them into separate steps to make it clearer in the logs which
command causes a job to fail when it does.
Note that they are already spli in the GitHub workflows:
* .github/workflows/build.yml
* .github/workflows/build-extra.yml
|
|\ \ \
| |/ /
|/| | |
softmaker-common.profile: add fstab to private-etc
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When using `private-etc`, the app "forgets" its product key and
asks for license activation, even though it had already been done.
Allow access to "/etc/fstab" to avoid it & the related GUI error:
The application cannot create a unique identifier.
Please make sure the application has sufficient permissions.
Fixes #5773.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Log from a recent run of build_ubuntu_package[1]:
$ ./configure && make deb && dpkg -i firejail*.deb
[...]
dpkg-deb: building package 'firejail' in 'debian.deb'.
A future release will drop --no-tag-display-limit; please use '--tag-display-limit 0' instead.
running with root privileges is not recommended!
E: firejail: latest-changelog-entry-without-new-date [usr/share/doc/firejail/changelog.Debian.gz:1]
[...]
make: *** [Makefile:341: deb] Error 2
$ command -V firejail && firejail --version
/usr/bin/bash: line 139: command: firejail: not found
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832916003
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is currently causing the following jobs to fail on GitLab[1]:
* build_ubuntu_package
* build_fedora_package
See commit df6ea884f ("merges, disable sort.py in profile checks
temporarely, two more private-etc profiles", 2023-02-14).
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832588068
|
| | |
| | |
| | |
| | | |
Relates to #5757.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Licensing-related changes are not quite the same as documentation
changes.
Relates to #5667.
|
| | |
| | |
| | |
| | | |
Relates to #5783.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...d186a2a36cc67bfa1b860e6170d37fb9634742c7)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Due to step-security/harden-runner blocking access to
objects.githubusercontent.com.
Log from a recent run of CodeQL[1] [2]:
##[group]Setup CodeQL tools
Did not find CodeQL tools version 2.12.6 in the toolcache.
Downloading CodeQL tools from https://github.com/github/codeql-action/releases/download/codeql-bundle-20230403/codeql-bundle-linux64.tar.gz. This may take a while.
connect ECONNREFUSED 54.185.253.63:443
Waiting 13 seconds before trying again
connect ECONNREFUSED 54.185.253.63:443
Waiting 12 seconds before trying again
##[error]connect ECONNREFUSED 54.185.253.63:443
##[error]Unable to download and extract CodeQL CLI
Post job cleanup.
[...]
Mon, 10 Apr 2023 07:20:18 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:20 GMT:endpoint called ip address:port 140.82.112.6:443, domain: api.github.com.
Mon, 10 Apr 2023 07:20:23 GMT:domain not allowed: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:23 GMT:ip address dropped: 54.185.253.63
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 140.82.112.4:443, domain: github.com.
Mon, 10 Apr 2023 07:20:23 GMT:endpoint called ip address:port 54.185.253.63:443, domain: objects.githubusercontent.com.
Mon, 10 Apr 2023 07:20:35 GMT:domain not allowed: api.snapcraft.io.
[1] https://github.com/netblue30/firejail/pull/5781
[2] https://github.com/netblue30/firejail/actions/runs/4655304231/jobs/8238131624
|