| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
Add a profile for the Qt5 GUI to process Avidemux jobs.
Use a redirection to the avidemux3_qt5 profile to reuse translation
files. The application needs to create a network socket on localhost and
fails to run with protocol unix, so that entry in the default avidemux
profile needs to be extended.
|
|
|
|
|
| |
Add a profile for the command-line interface of Avidemux, which
redirects to the existing avidemux profile.
|
| |
|
|\
| |
| | |
build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the manual of GNU Automake (version 1.16.5)[1] [2]:
> 3.6 Variables reserved for the user
>
> Some `Makefile` variables are reserved by the GNU Coding Standards for
> the use of the "user"—the person building the package. For instance,
> `CFLAGS` is one such variable.
>
> Sometimes package developers are tempted to set user variables such
> as `CFLAGS` because it appears to make their job easier. However, the
> package itself should never set a user variable, particularly not to
> include switches that are required for proper compilation of the
> package. Since these variables are documented as being for the
> package builder, that person rightfully expects to be able to override
> any of these variables at build time.
>
> To get around this problem, Automake introduces an
> automake-specific shadow variable for each user flag variable.
> (Shadow variables are not introduced for variables like `CC`, where
> they would make no sense.) The shadow variable is named by prepending
> `AM_` to the user variable's name. For instance, the shadow variable
> for `YFLAGS` is `AM_YFLAGS`. The package maintainer—that is, the
> author(s) of the `Makefile.am` and `configure.ac` files—may adjust
> these shadow variables however necessary.
>
> Note Flag Variables Ordering::, for more discussion about these
> variables and how they interact with per-target variables.
See also the description of CFLAGS in the GNU Autoconf manual[3].
Note: We do not use automake (save for aclocal) nor generally follow the
GNU Coding Standards, but the concept still applies. Also, the closest
analogous in the project to the `AM_` prefix would currently likely be
`EXTRA_`.
[1] https://www.gnu.org/software/automake/manual/1.16.5/html_node/User-Variables.html
[2] https://www.gnu.org/software/automake/manual/1.16.5/html_node/Flag-Variables-Ordering.html
[3] https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Preset-Output-Variables.html
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
|
|/
|
|
|
|
|
|
| |
Just like the other nearby error messages for `chdir`.
Relates to #5510.
Suggested-by: @gitsteff
|
|
|
|
|
|
|
|
| |
Line-wrap them and make the order of the flags more similar across
src/prog.mk and src/so.mk.
This should make it easier to see the differences in CFLAGS between both
files.
|
|
|
|
| |
On src/prog.mk and src/so.mk.
|
|
|
|
|
|
|
|
|
|
|
| |
So that includers of src/prog.mk or src/so.mk can just define anything
extra that needs to be cleaned without having to override the "clean"
target (or having to declare a "distclean" target).
Example usage:
TOCLEAN += foo
TODISTCLEAN += bar
|
|
|
|
|
|
|
|
|
|
|
|
| |
For clarity, as it is included by the Makefiles that create programs and
non-shared-objects, but not by the ones that create shared objects (see
src/so.mk).
Commands used to move and search and replace:
$ git mv src/common.mk src/prog.mk
$ git grep -IFlz 'common.mk' -- src | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\$(sed 's/common.mk/prog.mk/' '{}')\" >'{}'"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following makefiles are nearly identical, except for the main target
name and for any extra headers that they might use:
* src/libpostexecseccomp/Makefile
* src/libtrace/Makefile
* src/libtracelog/Makefile
So move all of their (duplicated) code into a new src/so.mk file, and
add an include of src/so.mk, which leaves only variables, and the
includes of config.mk and src/so.mk in place.
With this commit, CFLAGS and LDFLAGS are only defined/changed in the
following files:
* config.mk.in
* src/common.mk
* src/so.mk
|
|
|
|
|
|
|
|
|
| |
Put the main target name into a new SO variable, put SO into a new
TARGET variable, make "all" depend on `$(TARGET)` and replace every
other occurrence of the main target name with `$(SO)`.
On the makefiles that build shared objects, to make them more similar.
With this commit, all of their targets are identical.
|
|
|
|
|
|
|
|
|
|
| |
The makefiles that both build C programs and include src/common.mk are
nearly identical, save for the main target name and for any extra
headers and objects that they might use.
So move all of their (duplicated) code into src/common.mk, which (other
than the "lib" target on src/lib/Makefile) leaves only variables and the
includes of config.mk and src/common.mk in place.
|
|
|
|
|
|
|
|
|
|
| |
Put the main target name into a new PROG variable, put PROG into a new
TARGET variable, make "all" depend on `$(TARGET)` and replace every
other occurrence of the main target name with `$(PROG)`.
On the makefiles that build non-shared objects, to make them more
similar. With this commit, all of their targets are identical (except
for the extra "lib" target on src/lib/Makefile).
|
|
|
|
|
| |
For increased readability, list one item per line on lines that are
currently longer than 80 characters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To make the makefiles more similar.
That is, add the following new variables:
* MOD_HDRS
* MOD_SRCS
* MOD_OBJS
And move existing module-specific header and object dependencies into
`MOD_HDRS` and `MOD_OBJS`, respectively. `MOD_SRCS` is added mostly for
symmetry/consistency.
Note: Use `MOD_` as a prefix instead of `EXTRA_` to avoid confusion, as
the latter is currently used for global variables (such as
`EXTRA_CFLAGS`), as opposed to module-specific variables.
Note2: Add them directly into the HDRS/SRCS/OBJS variables to avoid
cluttering the existing recipes with an extra variables unnecessarily.
This also allows, for example, referencing all of the object
dependencies with `$<` if `$(OBJS)` is the first dependency (at least in
GNU make).
Note3: Since HDRS/SRCS/OBJS use simple assignment (through `:=`), the
MOD variables should appear before including src/common.mk (or
src/so.mk).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use immediate expansion of the right-hand side (with `:=`) to set the
variables to the output of the commands rather than to the (text of the)
commands themselves.
This should prevent deferred/lazy evaluation, which is something that
might potentially result in the relevant files being looked up each time
that HDRS and SRCS are evaluated.
Commands used to search and replace:
git grep -Ilz '^SRCS' -- src | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed \
-e 's/^HDRS =/HDRS :=/' \
-e 's/^SRCS =/SRCS :=/' \
-e 's/^OBJS =/OBJS :=/' '{}')\" >'{}'"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To HDRS and SRCS, respectively.
To be more consistent with the OBJS variable.
Misc: These names also appear to be more common from the makefiles that
I've seen.
Commands used to search and replace:
git grep -IFlz -e H_FILE_LIST -e C_FILE_LIST -- src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/^H_FILE_LIST *=/HDRS =/' \
-e 's/\$(H_FILE_LIST)/\$(HDRS)/g' \
-e 's/^C_FILE_LIST *=/SRCS =/' \
-e 's/\$(C_FILE_LIST:/\$(SRCS:/g' \
'{}')\" >'{}'"
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compared to the objects that are actually used in a given recipe, some
program targets are missing object dependencies, while others appear to
have unused object dependencies.
Make each of those targets depend on the objects that are actually used
when linking.
Note: No check was done for extraneous/missing objects when linking;
this commit only makes the object dependencies equal to the objects
that are linked.
|
|
|
|
|
|
|
| |
Instead of including it through src/common.mk.
This allows each makefile to directly override any value defined in
config.mk.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "all" target is usually intended to be the default one and when
running make, the first target on a makefile is the one that gets built
if no target is specified (such as when running `make` with no
arguments).
Also, note that unlike config.mk, src/common.mk may define its own
targets, so move the "all" target to before the include of
src/common.mk, to ensure that "all" keeps being the default target
regardless of what is defined in src/common.mk.
Note: If the "all" target is defined as depending directly on `$(OBJS)`
while it is empty (that is, before src/common.mk is included), running
`make` (or `make all`) will result in make always concluding that there
is nothing to be done and exiting. So make "all" depend on an
intermediary phony "lib" target instead, which in turn depends on
`$(OBJS)` (and is declared after `$(OBJS)` is populated).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is unclear what its intended purpose would be. Example:
$ cat Makefile
OBJS = a b c
BINOBJS = $(foreach file, $(OBJS), $file)
all:
printf '"%s"\n' "$(BINOBJS)"
$ make
printf '"%s"\n' " ile ile ile"
" ile ile ile"
Added on commit 137985136 ("Baseline firejail 0.9.28", 2015-08-08).
|
|
|
|
| |
Added on commit a627071b3 ("intrusion detection system", 2021-07-28).
|
|\
| |
| | |
docs: clarify that --appimage should appear before --profile
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And fix the argument order in the examples to reflect that.
Background: The order in which these options appeared in the
documentation was inconsistent. src/man/firejail.txt used --appimage
before --profile and src/man/firejail-profile.txt used --profile before
--appimage. Then commit 44fefcac0 ("Make appimage examples consistent
with --appimage option short description", 2022-10-05) / PR #5402 was
made, which standardized on --profile before --appimage in both places.
But as mentioned by @rusty-snake[1], --appimage has be specified before
--profile in order for any `?HAS_APPIMAGE` conditionals inside of the
profile to evaluate to true.
So change the documentation to use and recommend the latter form.
Also, add --quiet to one example to make it clear that --appimage does
not have to be the first option (nor the last option before --profile).
[1] https://github.com/netblue30/firejail/pull/5402#issuecomment-1274889618
|
| |
| |
| |
| |
| |
| |
| | |
* Create cinelerra-gg
* add cinelerra-gg to `New profiles` section
* Add cinelerra-gg to firecfg.config
|
|/
|
|
|
| |
* Create godot3.profile
* Add godot3 redirect to firecfg.config
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
in musl they are just redefines of the non-64 versions
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
docs: Make appimage examples consistent with --appimage option short description
|
| | | |
|
|/ / |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* [man firejail] Make it explicit that some options are disabled by default in firejail.config
* Reword firejail.config notes
* Only add relevant firejail.config option in notes
* move firejail.config notes to the end of each section
* fix tracelog note
* fix erroneous line break
* really fix erroneous line break
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
|
|
|
|
|
|
|
|
|
| |
As suggested by @birdie-github[1].
This amends commit c78c2b4ec ("docs: note that blacklist/whitelist
follow symlinks", 2022-08-28) / PR #5344.
[1] https://github.com/netblue30/firejail/pull/5344#issuecomment-1229903967
|
|
|
|
|
|
| |
Committer note: This is the same as commit 6e687c301 ("tracelog disabled
by default in /etc/firejail/firejail.config file", 2022-08-29) but
without the Landlock-related changes.
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 54cb3e741e972c754e595d56de0bca0792299f83, reversing
changes made to 97b1e02d5f4dca4261dc9928f8a5ebf8966682d7.
There were many issues and requests for changes raised in the pull
request (both code-wise and design-wise) and most of them are still
unresolved[1].
[1] https://github.com/netblue30/firejail/pull/5315
|