| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To avoid depending on an extra package without need.
Commands used to search and replace:
$ f=contrib/vim/syntax/firejail.vim; \
printf '%s\n' "$(sed -E \
"s|rg -o '([^']+)' -r '\\\$1'|sed -En 's/.*\\1.*/\\\\1/p'|" "$f")" >"$f"
Note: `sed -E` is not in POSIX.1-2017 (Issue 7), but it has been
accepted into the upcoming POSIX standard version[1] and is supported by
at least GNU, busybox and OpenBSD grep.
Added on commit a1cc4a556 ("Add vim syntax and ftdetect files (#2679)",
2019-05-06).
[1] https://www.austingroupbugs.net/view.php?id=528
|
|
|
|
|
|
|
|
| |
Only a single script is passed by argument in each invocation.
Added on commit a1cc4a556 ("Add vim syntax and ftdetect files (#2679)",
2019-05-06) and on commit d2e10f2f5 ("vim: update list of syscalls",
2021-05-29) / PR #4318.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems to be equivalent to just delimiting the beginning and the end
of the line with `^foo$`.
Also, put the regex mode (-E) first.
Commands used to search and replace:
$ f=contrib/vim/syntax/firejail.vim; \
printf '%s\n' "$(sed -E \
"s|grep -vEx '([^']+)'|grep -Ev '^\\1\$'|" "$f")" >"$f"
Added on commit a1cc4a556 ("Add vim syntax and ftdetect files (#2679)",
2019-05-06).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
POSIX tr understands '\n', so use that instead of the less portable
$'\n'.
Commands used to search and replace:
$ f=contrib/vim/syntax/firejail.vim; \
printf '%s\n' "$(sed -E \
"s/tr +\\\$'\\\\n'/tr '\\\\n'/g" "$f")" >"$f"
Added on commit a1cc4a556 ("Add vim syntax and ftdetect files (#2679)",
2019-05-06).
|
|
|
|
|
|
|
| |
Tested with org.gnome.TextEditor.
The gtksourceview language-spec hasn't changed between gtksourceview 3,
4 and 5 AFAIK so it should also work on older systems if you copy/link
the file in the right places.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this, the help section remains consistent regardless of how the
script is called and even if the filename is changed. For example, if
someone renames "sort.py" to "firejail-sort" and puts it somewhere in
`$PATH`.
Example outputs of the script name (using `print(argv[0]); return`):
$ ./contrib/sort.py
./contrib/sort.py
$ python contrib/sort.sh
contrib/sort.py
$ (cd contrib && ./sort.py)
./sort.py
Note: This depends on `os.path` and `sys.argv`, so the imports have to
appear before the docstring. In which case, the docstring has to be
explicitly assigned to `__doc__` (as it ceases to be the first statement
in the file).
Note2: When running `pydoc ./contrib/sort.py`, `argv[0]` becomes
"/usr/bin/pydoc" (using python 3.10.8-1 on Artix Linux).
|
|
|
|
|
|
|
|
|
| |
And return a specific exit code, as suggested by @rusty-snake[1].
Escape the first line in the docstring to avoid printing a blank line as
the first line of the output.
[1] https://github.com/netblue30/firejail/pull/5429#discussion_r999637842
|
|
|
|
|
|
|
|
|
|
|
| |
Where applicable, instead of creating custom ones.
Example error messages:
rm -f 123 && ./contrib/sort.py 123
[ Error ] [Errno 2] No such file or directory: '123'
touch 123 && chmod -rwx 123 && ./contrib/sort.py 123
[ Error ] [Errno 13] Permission denied: '123'
|
|
|
|
|
|
|
| |
Misc: The trailing comma is due to using the opinionated `black` Python
formatter (which seems to be a relatively common one). This was the
only change made, so the code seems to already be following the format
used by this tool.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* Line-wrap comments at 79 characters
* Make comments clearer
* Make main docstring more similar to a command "usage" output
See the result with the following command, which generates a
man-page-like output and opens it in the man pager (such as in `less`):
$ pydoc ./contrib/sort.py
See also PEP-257, "Docstring Conventions"[1].
[1] https://peps.python.org/pep-0257/
|
|
|
|
|
|
|
|
|
|
|
| |
To make it clearer.
There are 3 different instances of protocol-related objects being used
in the fix_protocol function:
* The input
* The array of common sorted lines
* The (sorted) output
|
|
|
|
|
|
|
|
| |
To make it clearer.
Both the input and output of the sort_alphabetical function are strings
of comma-separated items, so there is no format conversion of any kind
being done (from "raw" to "not raw"), only sorting.
|
|
|
|
|
|
|
| |
Which also makes it fit in under 80 characters.
Always print "profile(s)" instead of changing the message based on the
argument count.
|
|
|
|
| |
To the sort function, instead of wrapping it in a lambda function.
|
|
|
|
| |
Instead of manually adding 1 to lineno.
|
|
|
|
|
|
|
|
|
|
| |
Test directly for presence of command instead of indirectly testing
the return code.
Additionally:
* uses a shell builtin `command -v` instead of external `which`
* `command -v` is the standardized version of `which`
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing
changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7.
There were many issues and requests for changes raised in the pull
request (both code-wise and design-wise) and most of them are still
unresolved[1].
[1] https://github.com/netblue30/firejail/pull/5315
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configure summary: autoconf essentially only parses configure.ac and
generates the configure script (that is, the "./configure" shell
script). The latter is what actually checks what is available on the
system and internally sets the value of the output variables. It then,
for every filename foo in AC_CONFIG_FILES (and for every output variable
name BAR in AC_SUBST), reads foo.in, replaces every occurrence of
`@BAR@` with the value of the shell variable `$BAR` and generates the
file foo from the result. After this, configure is finished and `make`
could be executed to start the build.
Now that (as of #5140) all output variables are only defined on
config.mk.in and on config.sh.in, there is no need to generate any
makefile nor any other mkfile or shell script at configure time. So
rename every "Makefile.in" to "Makefile", mkdeb.sh.in to mkdeb.sh,
src/common.mk.in to src/common.mk and leave just config.mk and config.sh
as the files to be generated at configure time.
This allows editing and committing all makefiles directly, without
potentially having to run ./configure in between.
Commands used to rename the makefiles:
$ git ls-files -z -- '*Makefile.in' | xargs -0 -I '{}' sh -c \
"git mv '{}' \"\$(dirname '{}')/Makefile\""
Additionally, from my (rudimentary) testing, this commit reduces the
time it takes to run ./configure by about 20~25% compared to commit
72ece92ea ("Transmission fixes: drop private-lib (#5213)", 2022-06-22).
Environment: dash 0.5.11.5-1, gcc 12.1.0-2, Artix Linux, ext4 on an HDD.
Commands used for benchmarking each commit:
$ : >time_configure && ./configure && make distclean &&
for i in $(seq 1 10); do
{ time -p ./configure; } 2>>time_configure; done
$ grep real time_configure |
awk '{ total += $2 } END { print total/NR }'
|
|
|
|
|
|
|
| |
This amends commit 9a0fbbd71 ("mkdeb.sh.in: pass remaining arguments to
./configure", 2022-05-13) / PR #5154.
See also #5176.
|
|
|
|
|
|
|
| |
The "cgroup" option was removed from etc/firejail.config on commit
73b089092 ("disable cgroup code", 2022-06-13).
Relates to #5200.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit b4d0b24c533c8aebb8961bf658e3b41580b073e2.
This amends commit 56b86f8ac ("Revert "Makefile.in: stop running
distclean on dist"", 2022-06-08) / PR #5182. Since the revert, `make
dist` itself already runs `make distclean`.
This also means that it is no longer necessary to run ./configure (to
generate "Makefile" from "Makefile.in") before running
./contrib/fj-mkdeb.py.
Misc: This is not a clean revert.
Relates to #5154.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix #772.
Relates to #1205 #3414 #5148.
|
|
|
|
|
|
|
| |
This (mostly) restores the behavior from before commit 1fb814e51
("Makefile.in: stop running distclean on dist", 2022-05-13) / PR #5142.
./configure still has to be called before calling ./contrib/fj-mkdeb.py
(to generate Makefile from Makefile.in before calling `make distclean`).
|
| |
|
| |
|
|\
| |
| | |
noprinters: add missing items & add to profile.template
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See CONTRIBUTING.md.
The changes are based on what was done on commit 5a612029b ("rename
noautopulse to keep-config-pulse", 2021-05-13) / PR #4278.
This amends commit bd15e763e ("--noprinter option", 2021-10-20) and
commit d9403dcdc ("small fix", 2021-10-20).
Relates to #4607.
|
|/ |
|
| |
|
|\
| |
| | |
Add new condition ALLOW_TRAY
|
| | |
|
| | |
|
|/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Curerently sys.argv is accessed without checks, resulting in an
IndexError:
```
Traceback (most recent call last):
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 205, in <module>
main()
File "/home/rusty-snake/Projects/firejail/contrib/jail_prober.py", line 170, in main
profile_path = sys.argv[1]
IndexError: list index out of range
```
This commit catches this IndexError and prints a more helpfull message
instaed:
```
USAGE: jail_prober.py <PROFILE-PATH> <PROGRAM>
```
|
| |
|
| |
|
|
|
|
|
| |
this is a bit nicer, as it does not overwrite the filetype if it
already has been set.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* add the keep-config-pulse option
* make noautopulse an alias for keep-config-pulse
* deprecate the noautopulse option
* misc: fix indentation of --keep-dev-shm on src/firejail/usage.c
Even though noautopulse is not intended for hardening, it looks like it
is, because it starts with "no", just like no3d, noroot, etc). In fact,
it is the only "no" option that differs in such a way.
And it has been accidentally misused as such before; see PR #4269 and
commit e4beaeaa8 ("drop noautopulse from agetpkg").
So effectively rename it to keep-config-pulse in order to avoid
confusion. This is similar to the keep-var-tmp and keep-dev-shm
options, which are used to "leave a path alone", just like noautopulse.
Note: The changes on this patch are based on the ones from commit
617ff40c9 ("add --noautopulse arg for complex pulse setups") / PR #1854.
See #4269 for the discussion.
|