| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The official .deb package is always built with apparmor support, so use
`--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in
order to reduce redundancy.
Note that custom configure options may be specified by calling
./mkdeb.sh directly.
For example, to build the .deb package without apparmor support, instead
of running `make deb`, the following commands can be used:
make dist
./mkdeb.sh --disable-apparmor
Also, change the `build_apparmor` GitLab CI job into
`build_no_apparmor`, which is intended to check that building without
apparmor still works.
Note: This commit makes the resulting .deb package not have an
"-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid
redundancy (as having apparmor support becomes the default).
Misc: This is a follow-up to #5654.
Relates to #5154 #5176 #5547.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "deb" target depends on the "dist" target, which creates an archive
from DISTFILES.
The arguments to ./configure are misleading, as they do not affect the
archive that is used by `make deb`. That is the case because the
configure output files (config.mk and config.sh) are not copied into the
dist archive, only their input files (config.mk.in and config.sh.in).
In order to affect the .deb package, the configure arguments have to be
passed to mkdeb.sh, which then forwards them to ./configure itself.
Note: This does not apply to the rpm-based jobs, as `make rpms` uses the
files directly rather than using the dist archive.
Relates to #5154.
|
| |
|
|
|
|
| |
In the `build_and_test` job, to match the common usage.
Added on commit 300efec35 ("let github CI run tests", 2020-10-24).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using the first argument as the `EXTRA_VERSION` variable.
This should make the usage of mkdeb.sh less confusing, especially when
one is not trying to set the variable.
As for using `EXTRA_VERSION` (which is still optional with this commit),
make sure that it is set as an environment variable before caling
mkdeb.sh. Example:
env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor
See also commit 9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to
./configure", 2022-05-13) / PR #5154.
|
| |
|
|
| |
Relates to #5627 #5637.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Change the "fix:" prefix to "bugfix:" and move it below modifs, for
consistency with the previous releases.
Also, add a missing PR reference and make the description match the
current issue title.
Added on commit be88622c8 ("private-etc: fix man page", 2023-01-25).
Relates to #5601 #5618.
|
| |
|
|
|
|
| |
Added on commit 897f5791d ("merges", 2023-01-30).
Relates to #5578.
|
| |\
| |
| | |
build: mark most phony targets as such
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To improve clarity and to prevent unnecessary filesystem lookups.
Overall, this appears to reduce the amount of implicit rule searches by
~4% for the default build and by ~12% for the "man" target (as an
example):
$ git checkout master >/dev/null 2>&1
$ git show --pretty='%h %ai %s' -s
b55cb6a80 2023-01-31 18:56:42 -0500 testing
$ ./configure >/dev/null
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
7101
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1239
# (with this commit applied)
$ make clean >/dev/null && make --debug=i -j 4 | grep -F 'Trying implicit' | wc -l
6793
$ make clean >/dev/null && make --debug=i -j 4 man | grep -F 'Trying implicit' | wc -l
1085
Environment: GNU make 4.4-1 on Artix Linux.
Note: The amount lines printed is the same on non-parallel builds (that
is, without `-j 4`).
See commit 2465f9248 ("makefiles: make all, clean and distclean PHONY",
2021-02-12) / PR #4024 for details.
Note: By "most phony targets" I mean all non-path targets except for the
testing targets, which were being changed recently (for example, the
"test-github" target) and so might still be under development.
|
| |\ \
| |/
|/| |
etc_groups.h: sort groups alphabetically
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| |\
| |
| | |
disable-common.inc: add more ro editor/browser paths
|
| | |
| |
| |
| |
| |
| | |
Similarly to the existing ~/.nanorc entry.
Taken from nano.profile.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Move some paths from mutt.profile and neomutt.profile.
Added on commit 6b9bfad37 ("Fix python; add read-only to editors/cli
browsers;re-add cache directory", 2020-12-29) / PR #3849.
Misc: This is a follow-up to #5626.
|
| |\ \
| | |
| | | |
inkscape: additional hardening and settings saving via D-Bus
|
| | | | |
|
| | |\ \ |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
warzone2100: additional paths for Arch Linux
|
| | |\ \ \ \
| | | |/ /
| | |/| | |
|
| | | | | |
| | | | |
| | | | | |
As suggested in review.
|
| | | | | | |
|
| | | |/ /
| |/| | |
|
| | | | | |
|
| | | | | |
|
| | |/ /
|/| | |
|
| | | | |
|
| |\ \ \
| |_|/
|/| | |
modif: Prevent sandbox name from containing only digits
|
| | | |
| | |
| | |
| | |
| | | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is already blocked by the first entry:
blacklist-nolog ${HOME}/.*_history
Added on commit 1d56e466c ("three new blacklist in disable-common.inc",
2019-06-18).
|
| | | |
| | |
| | |
| | | |
group; added nvidia and X11 directories to @x11 group.
|
| |\ \ \
| | | |
| | | | |
mutt.profile: add ~/.mutthistory & reduce amount of paths created
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Let either the respective program or the user create the file.
* ~/.bogofilter: Used by the bogofilter program
* ~/.msmtprc: Used by the msmtp program
Added on commit a8a8e33bc ("Add whitelisting to mutt; improve geary, new
profile for neomutt", 2020-12-28) / PR #3849.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
To reduce the amount of spam created in the user home directory.
It's unlikely that these paths are going to be both:
* Created only after mutt is first opened through firejail and
* Created from within mutt
Also, no other profile does that:
$ git grep -El '(mkdir|mkfile) \$\{HOME\}/\.(emacs|nano|vim)' -- etc
etc/profile-m-z/mutt.profile
So just whitelist them if they already exist.
Added on commit a8a8e33bc ("Add whitelisting to mutt; improve geary, new
profile for neomutt", 2020-12-28) / PR #3849.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
From the manual of mutt 2.2.9:
> 3.125. history_file
>
> Type: path
> Default: "~/.mutthistory"
>
> The file in which Mutt will save its history.
|
| |\ \ \ \
| | | | |
| | | | | |
build: auto-generate syntax files
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
To ensure a consistent order.
Misc: This might also make it a bit faster.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make the syntax target by default to make it harder to forget to update
the syntax files.
Note that the syntax files are built mostly silently and that they are
generated relatively fast (they only take 40~70ms to build on a not
exactly recent machine with `make clean; time make -j 4 syntax`), so
they should not add much noise nor time noise when just trying to build
firejail, for example.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changes:
* Generate firejail.vim from firejail.vim.in
* Generate firejail-profile.lang from firejail-profile.lang.in
* Update the manual syntax file steps on the new command checklist on
CONTRIBUTING.md to use `make syntax` instead
Relates to #2679 #5502 #5577 #5612.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changes:
* Use the commands from contrib/vim/syntax/firejail.vim to create
makefile targets to generate syntax lists in contrib/syntax/lists
* Add contrib/syntax/files/example.in as an example of how to generate
syntax files
* Generate and add the syntax lists, to make it easier to spot if they
are properly updated when a new command is added or if their recipes
also need changes
* Add "syntax" and "contrib" makefile targets
Note: The generation commands are executed mostly silently to avoid
generating too much noise when also making other targets.
Note2: In some generation commands, a `$$` escape is used to pass `$` to
the shell, to avoid being interpreted by make as the start of a macro.
Note3: `@make_input@` is used in example.in to make it clear that the
file is generated (and that it is generated by make rather than
configure), similarly to how `@configure_input@` is used in configure
input files. See also apparmor.vim:
$ head -n 2 /usr/share/vim/vimfiles/syntax/apparmor.vim
" generated from apparmor.vim.in by create-apparmor.vim.py
" do not edit this file - edit apparmor.vim.in or create-apparmor.vim.py instead
Environment: apparmor 3.1.2-1 on Artix Linux.
Relates to #2679 #5502 #5577 #5612.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Having all of syntax files in the same directory makes it easier to
reference all of them at once on a makefile (such as with
`contrib/syntax/files/*.in`).
Also, this makes the path to the gtksourceview language-spec shorter.
Current path/new path:
* contrib/gtksourceview-5/language-specs/firejail-profile.lang
* contrib/syntax/files/firejail-profile.lang
Currently, adding a rule to the root Makefile to generate the
language-spec in the same directory as an input file would take at least
95 characters (with only a single dependency):
contrib/gtksourceview-5/language-specs/%.lang: contrib/gtksourceview-5/language-specs/%.lang.in
With this commit, the above shortened to 59 characters:
contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in
Which should make it more readable.
Relates to #2679 #5502.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The seccomp filters are used by firejail itself at runtime (and are
installed to `$(libdir)`), while the man pages are used by an external
program (and installing them is optional; see `HAVE_MAN`), so reorder
them.
Misc: The seccomp filter targets were apparently added on commit
64431c712 ("seccomp work 1", 2016-11-20).
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
And also add an "error: " prefix, to make the output clearer.
Before:
$ rm -f config.mk; make config.mk
printf 'run ./configure to generate %s\n' "config.mk" >&2
run ./configure to generate config.mk
false
make: *** No rule to make target 'config.mk'. Stop.
After:
$ rm -f config.mk; make config.mk
error: run ./configure to generate config.mk
make: *** No rule to make target 'config.mk'. Stop.
This amends commit e21637ca8 ("makefiles: add generated files as
dependencies", 2022-06-23) / PR #5219.
|
| | |/ / /
| | | |
| | | |
| | | |
| | | | |
See commit 9bf5e453c ("ci: sort items on paths-ignore lists",
2022-07-12) / PR #5481.
|
| |\ \ \ \
| | | | |
| | | | | |
atool: fix private-etc
|
| | | | | | |
|
Kelvin M. Klann
netblue30
glitsj16
layderv