From 862dff04436649b533deaf489f5715e273a5bef7 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 04:11:46 -0300
Subject: build: remove MOD_SRCS variable

It is unused and is unlikely to be used.

Added on commit f5b1ccaad ("makefiles: move extra deps into new MOD
vars", 2022-05-07) / PR #5478.
---
 src/prog.mk | 4 ++--
 src/so.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/prog.mk b/src/prog.mk
index e4473184f..ba089d39d 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -3,10 +3,10 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define PROG and TARGET and may also want to
-# define MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
+# define MOD_HDRS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
 
 HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS)
-SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS)
+SRCS := $(sort $(wildcard *.c))
 OBJS := $(SRCS:.c=.o) $(MOD_OBJS)
 
 PROG_CFLAGS = \
diff --git a/src/so.mk b/src/so.mk
index e464a7bff..0ba406c85 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -3,10 +3,10 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define SO and TARGET and may also want to define
-# MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
+# MOD_HDRS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
 
 HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS)
-SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS)
+SRCS := $(sort $(wildcard *.c))
 OBJS := $(SRCS:.c=.o) $(MOD_OBJS)
 
 SO_CFLAGS = \
-- 
cgit v1.2.3-54-g00ecf


From 5cba21bad5383a4d2c4f7da5df7395e0c3b9eba3 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 16 Jun 2023 23:55:50 -0300
Subject: build: rename MOD vars to EXTRA vars

To make them less confusing, as they are extra dependencies, not files
that are specific to the module.

Commands used to search and replace:

    $ git grep -IFlz -e 'MOD_HDRS' -e 'MOD_OBJS' -- src |
      xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
        -e 's/MOD_HDRS/EXTRA_HDRS/g' \
        -e 's/MOD_OBJS/EXTRA_OBJS/g' '{}')\" >'{}'"

Added on commit f5b1ccaad ("makefiles: move extra deps into new MOD
vars", 2022-05-07) / PR #5478.
---
 src/etc-cleanup/Makefile        | 2 +-
 src/fbuilder/Makefile           | 2 +-
 src/fcopy/Makefile              | 4 ++--
 src/fids/Makefile               | 2 +-
 src/firecfg/Makefile            | 4 ++--
 src/firejail/Makefile           | 4 ++--
 src/firemon/Makefile            | 4 ++--
 src/fldd/Makefile               | 4 ++--
 src/fnet/Makefile               | 4 ++--
 src/fnetfilter/Makefile         | 4 ++--
 src/fsec-optimize/Makefile      | 4 ++--
 src/fsec-print/Makefile         | 4 ++--
 src/fseccomp/Makefile           | 4 ++--
 src/fzenity/Makefile            | 2 +-
 src/jailcheck/Makefile          | 4 ++--
 src/libpostexecseccomp/Makefile | 2 +-
 src/libtracelog/Makefile        | 2 +-
 src/profstats/Makefile          | 2 +-
 src/prog.mk                     | 6 +++---
 src/so.mk                       | 6 +++---
 20 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/src/etc-cleanup/Makefile b/src/etc-cleanup/Makefile
index c8a12476e..c3c482bdb 100644
--- a/src/etc-cleanup/Makefile
+++ b/src/etc-cleanup/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 PROG = etc-cleanup
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/etc_groups.h
+EXTRA_HDRS = ../include/etc_groups.h
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fbuilder/Makefile b/src/fbuilder/Makefile
index 7595f0775..634bf725f 100644
--- a/src/fbuilder/Makefile
+++ b/src/fbuilder/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 PROG = fbuilder
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/syscall.h
+EXTRA_HDRS = ../include/common.h ../include/syscall.h
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fcopy/Makefile b/src/fcopy/Makefile
index e2956fdd1..a3c4abe9d 100644
--- a/src/fcopy/Makefile
+++ b/src/fcopy/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fcopy
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/syscall.h
-MOD_OBJS = ../lib/common.o
+EXTRA_HDRS = ../include/common.h ../include/syscall.h
+EXTRA_OBJS = ../lib/common.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fids/Makefile b/src/fids/Makefile
index 901cbb470..76388a03d 100644
--- a/src/fids/Makefile
+++ b/src/fids/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 PROG = fids
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h
+EXTRA_HDRS = ../include/common.h
 
 include $(ROOT)/src/prog.mk
diff --git a/src/firecfg/Makefile b/src/firecfg/Makefile
index 59b713f1b..de4639ab6 100644
--- a/src/firecfg/Makefile
+++ b/src/firecfg/Makefile
@@ -5,13 +5,13 @@ ROOT = ../..
 PROG = firecfg
 TARGET = $(PROG)
 
-MOD_HDRS = \
+EXTRA_HDRS = \
 ../include/common.h \
 ../include/euid_common.h \
 ../include/libnetlink.h \
 ../include/firejail_user.h \
 ../include/pid.h
 
-MOD_OBJS = ../lib/common.o ../lib/firejail_user.o
+EXTRA_OBJS = ../lib/common.o ../lib/firejail_user.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/firejail/Makefile b/src/firejail/Makefile
index 53bccf843..d3a4b4f81 100644
--- a/src/firejail/Makefile
+++ b/src/firejail/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = firejail
 TARGET = $(PROG)
 
-MOD_HDRS = \
+EXTRA_HDRS = \
 ../include/rundefs.h \
 ../include/common.h \
 ../include/ldd_utils.h \
@@ -18,7 +18,7 @@ MOD_HDRS = \
 ../include/etc_groups.h
 
 
-MOD_OBJS = \
+EXTRA_OBJS = \
 ../lib/common.o \
 ../lib/ldd_utils.o \
 ../lib/firejail_user.o \
diff --git a/src/firemon/Makefile b/src/firemon/Makefile
index e0059aee5..09387f3eb 100644
--- a/src/firemon/Makefile
+++ b/src/firemon/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = firemon
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/pid.h
-MOD_OBJS = ../lib/common.o ../lib/pid.o
+EXTRA_HDRS = ../include/common.h ../include/pid.h
+EXTRA_OBJS = ../lib/common.o ../lib/pid.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fldd/Makefile b/src/fldd/Makefile
index 86693a76c..7fec70a33 100644
--- a/src/fldd/Makefile
+++ b/src/fldd/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fldd
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h
-MOD_OBJS = ../lib/common.o ../lib/ldd_utils.o
+EXTRA_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h
+EXTRA_OBJS = ../lib/common.o ../lib/ldd_utils.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fnet/Makefile b/src/fnet/Makefile
index 8efc6d26b..50bfdfffd 100644
--- a/src/fnet/Makefile
+++ b/src/fnet/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fnet
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/libnetlink.h
-MOD_OBJS = ../lib/common.o ../lib/libnetlink.o
+EXTRA_HDRS = ../include/common.h ../include/libnetlink.h
+EXTRA_OBJS = ../lib/common.o ../lib/libnetlink.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fnetfilter/Makefile b/src/fnetfilter/Makefile
index 2be8311ae..156af3ed0 100644
--- a/src/fnetfilter/Makefile
+++ b/src/fnetfilter/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fnetfilter
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/syscall.h
-MOD_OBJS = ../lib/common.o
+EXTRA_HDRS = ../include/common.h ../include/syscall.h
+EXTRA_OBJS = ../lib/common.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fsec-optimize/Makefile b/src/fsec-optimize/Makefile
index 4941f13b1..5a14726a0 100644
--- a/src/fsec-optimize/Makefile
+++ b/src/fsec-optimize/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fsec-optimize
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
-MOD_OBJS = ../lib/common.o ../lib/errno.o
+EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
+EXTRA_OBJS = ../lib/common.o ../lib/errno.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fsec-print/Makefile b/src/fsec-print/Makefile
index 78e87a93f..d55167796 100644
--- a/src/fsec-print/Makefile
+++ b/src/fsec-print/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fsec-print
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
-MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
+EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h
+EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fseccomp/Makefile b/src/fseccomp/Makefile
index 461179f4d..f8c35d41f 100644
--- a/src/fseccomp/Makefile
+++ b/src/fseccomp/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = fseccomp
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/syscall.h
-MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
+EXTRA_HDRS = ../include/common.h ../include/syscall.h
+EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/fzenity/Makefile b/src/fzenity/Makefile
index a17a9252f..148babbe8 100644
--- a/src/fzenity/Makefile
+++ b/src/fzenity/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 PROG = fzenity
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h
+EXTRA_HDRS = ../include/common.h
 
 include $(ROOT)/src/prog.mk
diff --git a/src/jailcheck/Makefile b/src/jailcheck/Makefile
index 23cd9c1a9..3b0b83412 100644
--- a/src/jailcheck/Makefile
+++ b/src/jailcheck/Makefile
@@ -5,7 +5,7 @@ ROOT = ../..
 PROG = jailcheck
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h ../include/pid.h
-MOD_OBJS = ../lib/common.o ../lib/pid.o
+EXTRA_HDRS = ../include/common.h ../include/pid.h
+EXTRA_OBJS = ../lib/common.o ../lib/pid.o
 
 include $(ROOT)/src/prog.mk
diff --git a/src/libpostexecseccomp/Makefile b/src/libpostexecseccomp/Makefile
index dfd8eb318..c5ec14672 100644
--- a/src/libpostexecseccomp/Makefile
+++ b/src/libpostexecseccomp/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 SO = libpostexecseccomp.so
 TARGET = $(SO)
 
-MOD_HDRS = ../include/seccomp.h ../include/rundefs.h
+EXTRA_HDRS = ../include/seccomp.h ../include/rundefs.h
 
 include $(ROOT)/src/so.mk
diff --git a/src/libtracelog/Makefile b/src/libtracelog/Makefile
index ac48264df..2b43ce131 100644
--- a/src/libtracelog/Makefile
+++ b/src/libtracelog/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 SO = libtracelog.so
 TARGET = $(SO)
 
-MOD_HDRS = ../include/rundefs.h
+EXTRA_HDRS = ../include/rundefs.h
 
 include $(ROOT)/src/so.mk
diff --git a/src/profstats/Makefile b/src/profstats/Makefile
index b4cb1a6f7..ae88bf2fd 100644
--- a/src/profstats/Makefile
+++ b/src/profstats/Makefile
@@ -5,6 +5,6 @@ ROOT = ../..
 PROG = profstats
 TARGET = $(PROG)
 
-MOD_HDRS = ../include/common.h
+EXTRA_HDRS = ../include/common.h
 
 include $(ROOT)/src/prog.mk
diff --git a/src/prog.mk b/src/prog.mk
index ba089d39d..77ad0f65b 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -3,11 +3,11 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define PROG and TARGET and may also want to
-# define MOD_HDRS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
+# define EXTRA_HDRS, EXTRA_OBJS, TOCLEAN and TODISTCLEAN.
 
-HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS)
+HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
-OBJS := $(SRCS:.c=.o) $(MOD_OBJS)
+OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
 
 PROG_CFLAGS = \
 	-ggdb -O2 -DVERSION='"$(VERSION)"' \
diff --git a/src/so.mk b/src/so.mk
index 0ba406c85..446bf1100 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -3,11 +3,11 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define SO and TARGET and may also want to define
-# MOD_HDRS, MOD_OBJS, TOCLEAN and TODISTCLEAN.
+# EXTRA_HDRS, EXTRA_OBJS, TOCLEAN and TODISTCLEAN.
 
-HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS)
+HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
-OBJS := $(SRCS:.c=.o) $(MOD_OBJS)
+OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
 
 SO_CFLAGS = \
 	-ggdb -O2 -DVERSION='"$(VERSION)"' \
-- 
cgit v1.2.3-54-g00ecf


From b9864fd46ff583e019314855b7194df11c8a1050 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 04:24:28 -0300
Subject: build: rename TOCLEAN and TODISTCLEAN variables

To CLEANFILES and DISTCLEANFILES, respectively.

This matches what GNU automake uses.

Commands used to search and replace:

    $ git grep -IFlz -e TOCLEAN -e TODISTCLEAN |
      xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
      -e 's/TOCLEAN/CLEANFILES/g' \
      -e 's/TODISTCLEAN/DISTCLEANFILES/g' '{}')\" >'{}'"

Added on commit cbdee6555 ("makefiles: add TOCLEAN and TODISTCLEAN
variables", 2022-07-15) / PR #5478.
---
 src/prog.mk | 6 +++---
 src/so.mk   | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/prog.mk b/src/prog.mk
index 77ad0f65b..d138fc7ee 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -3,7 +3,7 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define PROG and TARGET and may also want to
-# define EXTRA_HDRS, EXTRA_OBJS, TOCLEAN and TODISTCLEAN.
+# define EXTRA_HDRS, EXTRA_OBJS, CLEANFILES and DISTCLEANFILES.
 
 HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
@@ -33,7 +33,7 @@ $(PROG): $(OBJS) $(ROOT)/config.mk
 	$(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
 .PHONY: clean
-clean:; rm -fr *.o $(PROG) *.gcov *.gcda *.gcno *.plist $(TOCLEAN)
+clean:; rm -fr *.o $(PROG) *.gcov *.gcda *.gcno *.plist $(CLEANFILES)
 
 .PHONY: distclean
-distclean: clean; rm -fr $(TODISTCLEAN)
+distclean: clean; rm -fr $(DISTCLEANFILES)
diff --git a/src/so.mk b/src/so.mk
index 446bf1100..f78f2aea6 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -3,7 +3,7 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define SO and TARGET and may also want to define
-# EXTRA_HDRS, EXTRA_OBJS, TOCLEAN and TODISTCLEAN.
+# EXTRA_HDRS, EXTRA_OBJS, CLEANFILES and DISTCLEANFILES.
 
 HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
@@ -28,7 +28,7 @@ $(SO): $(OBJS) $(ROOT)/config.mk
 	$(CC) $(SO_LDFLAGS) -shared -fPIC -z relro $(LDFLAGS) -o $@ $(OBJS) -ldl
 
 .PHONY: clean
-clean:; rm -fr $(OBJS) $(SO) *.plist $(TOCLEAN)
+clean:; rm -fr $(OBJS) $(SO) *.plist $(CLEANFILES)
 
 .PHONY: distclean
-distclean: clean; rm -fr $(TODISTCLEAN)
+distclean: clean; rm -fr $(DISTCLEANFILES)
-- 
cgit v1.2.3-54-g00ecf


From 75587a4de41dbf0bdc8fabdd7b2c39e3a46613a8 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 04:27:22 -0300
Subject: build: standardize clean/distclean targets in src

Changes:

* clean: remove the same types of files in src/prog.mk and src/so.mk
* distclean: remove unused recipes and DISTCLEANFILES variable
---
 config.mk.in | 2 ++
 src/prog.mk  | 6 +++---
 src/so.mk    | 6 +++---
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index 6ee541507..8c9d61a2d 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -64,3 +64,5 @@ LIBS=@LIBS@
 
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
+
+CLEANFILES = *.o *.gcov *.gcda *.gcno *.plist
diff --git a/src/prog.mk b/src/prog.mk
index d138fc7ee..5ed706da9 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -3,7 +3,7 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define PROG and TARGET and may also want to
-# define EXTRA_HDRS, EXTRA_OBJS, CLEANFILES and DISTCLEANFILES.
+# define EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES.
 
 HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
@@ -33,7 +33,7 @@ $(PROG): $(OBJS) $(ROOT)/config.mk
 	$(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
 .PHONY: clean
-clean:; rm -fr *.o $(PROG) *.gcov *.gcda *.gcno *.plist $(CLEANFILES)
+clean:; rm -fr $(PROG) $(CLEANFILES)
 
 .PHONY: distclean
-distclean: clean; rm -fr $(DISTCLEANFILES)
+distclean: clean
diff --git a/src/so.mk b/src/so.mk
index f78f2aea6..ee5d94a0f 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -3,7 +3,7 @@
 # Note: $(ROOT)/config.mk must be included before this file.
 #
 # The includer should probably define SO and TARGET and may also want to define
-# EXTRA_HDRS, EXTRA_OBJS, CLEANFILES and DISTCLEANFILES.
+# EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES.
 
 HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
@@ -28,7 +28,7 @@ $(SO): $(OBJS) $(ROOT)/config.mk
 	$(CC) $(SO_LDFLAGS) -shared -fPIC -z relro $(LDFLAGS) -o $@ $(OBJS) -ldl
 
 .PHONY: clean
-clean:; rm -fr $(OBJS) $(SO) *.plist $(CLEANFILES)
+clean:; rm -fr $(SO) $(CLEANFILES)
 
 .PHONY: distclean
-distclean: clean; rm -fr $(DISTCLEANFILES)
+distclean: clean
-- 
cgit v1.2.3-54-g00ecf


From 7ff2d6b50937dbaf58a1f28c1e5124e9a2fc59d6 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 23 Jun 2023 04:39:47 -0300
Subject: build: line-wrap MANFLAGS

---
 config.mk.in | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/config.mk.in b/config.mk.in
index 8c9d61a2d..ad8defe04 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -50,7 +50,27 @@ HAVE_LTS=@HAVE_LTS@
 HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
 HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
 
-MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_PRIVATE_LIB) $(HAVE_APPARMOR) $(HAVE_IDS) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) $(HAVE_ONLY_SYSCFG_PROFILES)
+MANFLAGS = \
+	$(HAVE_LTS) \
+	$(HAVE_OUTPUT) \
+	$(HAVE_X11) \
+	$(HAVE_PRIVATE_HOME) \
+	$(HAVE_PRIVATE_LIB) \
+	$(HAVE_APPARMOR) \
+	$(HAVE_IDS) \
+	$(HAVE_OVERLAYFS) \
+	$(HAVE_USERTMPFS) \
+	$(HAVE_DBUSPROXY) \
+	$(HAVE_FIRETUNNEL) \
+	$(HAVE_GLOBALCFG) \
+	$(HAVE_CHROOT) \
+	$(HAVE_NETWORK) \
+	$(HAVE_USERNS) \
+	$(HAVE_FILE_TRANSFER) \
+	$(HAVE_SELINUX) \
+	$(HAVE_SUID) \
+	$(HAVE_FORCE_NONEWPRIVS) \
+	$(HAVE_ONLY_SYSCFG_PROFILES)
 
 # User variables - should not be modified in the code (as they are reserved for
 # the user building the package); see the following for details:
-- 
cgit v1.2.3-54-g00ecf


From 07b9414e2f5fca352c9911273e93fc3020311eb2 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 23 Jun 2023 04:49:14 -0300
Subject: build: sort MANFLAGS and nearby variables

---
 config.mk.in | 54 +++++++++++++++++++++++++++---------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index ad8defe04..b9096a2bc 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -22,55 +22,55 @@ docdir=@docdir@
 mandir=@mandir@
 sysconfdir=@sysconfdir@
 
-HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
 BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@
-HAVE_SUID=@HAVE_SUID@
+HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
 HAVE_MAN=@HAVE_MAN@
+HAVE_SUID=@HAVE_SUID@
 
+HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_CHROOT=@HAVE_CHROOT@
+HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
-HAVE_NETWORK=@HAVE_NETWORK@
-HAVE_USERNS=@HAVE_USERNS@
-HAVE_X11=@HAVE_X11@
 HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
+HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
+HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
+HAVE_GCOV=@HAVE_GCOV@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
-HAVE_APPARMOR=@HAVE_APPARMOR@
+HAVE_IDS=@HAVE_IDS@
+HAVE_LTS=@HAVE_LTS@
+HAVE_NETWORK=@HAVE_NETWORK@
+HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
+HAVE_OUTPUT=@HAVE_OUTPUT@
 HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
-HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_PRIVATE_LIB=@HAVE_PRIVATE_LIB@
-HAVE_IDS=@HAVE_IDS@
-HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
 HAVE_SUID=@HAVE_SUID@
-HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
+HAVE_USERNS=@HAVE_USERNS@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
-HAVE_OUTPUT=@HAVE_OUTPUT@
-HAVE_LTS=@HAVE_LTS@
-HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
-HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
+HAVE_X11=@HAVE_X11@
 
 MANFLAGS = \
-	$(HAVE_LTS) \
-	$(HAVE_OUTPUT) \
-	$(HAVE_X11) \
-	$(HAVE_PRIVATE_HOME) \
-	$(HAVE_PRIVATE_LIB) \
 	$(HAVE_APPARMOR) \
-	$(HAVE_IDS) \
-	$(HAVE_OVERLAYFS) \
-	$(HAVE_USERTMPFS) \
+	$(HAVE_CHROOT) \
 	$(HAVE_DBUSPROXY) \
+	$(HAVE_FILE_TRANSFER) \
 	$(HAVE_FIRETUNNEL) \
+	$(HAVE_FORCE_NONEWPRIVS) \
 	$(HAVE_GLOBALCFG) \
-	$(HAVE_CHROOT) \
+	$(HAVE_IDS) \
+	$(HAVE_LTS) \
 	$(HAVE_NETWORK) \
-	$(HAVE_USERNS) \
-	$(HAVE_FILE_TRANSFER) \
+	$(HAVE_ONLY_SYSCFG_PROFILES) \
+	$(HAVE_OUTPUT) \
+	$(HAVE_OVERLAYFS) \
+	$(HAVE_PRIVATE_HOME) \
+	$(HAVE_PRIVATE_LIB) \
 	$(HAVE_SELINUX) \
 	$(HAVE_SUID) \
-	$(HAVE_FORCE_NONEWPRIVS) \
-	$(HAVE_ONLY_SYSCFG_PROFILES)
+	$(HAVE_USERNS) \
+	$(HAVE_USERTMPFS) \
+	$(HAVE_X11)
 
 # User variables - should not be modified in the code (as they are reserved for
 # the user building the package); see the following for details:
-- 
cgit v1.2.3-54-g00ecf


From 5801ce05af92e3fc102395555ef94cfad2d1f5dc Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 23 Jun 2023 04:33:14 -0300
Subject: build: split misc flags from MANFLAGS

And remove a duplicated `HAVE_SUID` declaration.
---
 config.mk.in | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index b9096a2bc..5cf83d9a5 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -22,19 +22,20 @@ docdir=@docdir@
 mandir=@mandir@
 sysconfdir=@sysconfdir@
 
+# Misc flags
 BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@
 HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
+HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
+HAVE_GCOV=@HAVE_GCOV@
 HAVE_MAN=@HAVE_MAN@
-HAVE_SUID=@HAVE_SUID@
 
+# MANFLAGS
 HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_CHROOT=@HAVE_CHROOT@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
-HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
 HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
 HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
-HAVE_GCOV=@HAVE_GCOV@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
 HAVE_IDS=@HAVE_IDS@
 HAVE_LTS=@HAVE_LTS@
-- 
cgit v1.2.3-54-g00ecf


From cddf20ff1e69c85715e65394388f4ce912c01789 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 10:24:19 -0300
Subject: build: remove redundant LDFLAGS in so.mk

Changes:

* Remove -fPIE, as it is mutually exclusive with -fPIC
* Remove -pie, as it is intended for executables (with -fPIE / -fpie)
* Remove duplicated `-z relro`

Note: The files built by the affected recipe are identical with and
without these changes when using gcc 13.1.1-1 on Artix Linux.
---
 src/so.mk | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/so.mk b/src/so.mk
index ee5d94a0f..7a8d09e89 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -16,7 +16,7 @@ SO_CFLAGS = \
 	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
 	-fPIC
 
-SO_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now
+SO_LDFLAGS = -fPIC -Wl,-z,relro -Wl,-z,now
 
 .PHONY: all
 all: $(TARGET)
@@ -25,7 +25,7 @@ all: $(TARGET)
 	$(CC) $(SO_CFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@
 
 $(SO): $(OBJS) $(ROOT)/config.mk
-	$(CC) $(SO_LDFLAGS) -shared -fPIC -z relro $(LDFLAGS) -o $@ $(OBJS) -ldl
+	$(CC) $(SO_LDFLAGS) -shared $(LDFLAGS) -o $@ $(OBJS) -ldl
 
 .PHONY: clean
 clean:; rm -fr $(SO) $(CLEANFILES)
-- 
cgit v1.2.3-54-g00ecf


From 9c08da15bd18d5a131fef5d6937ad9103f20340d Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 23 Jun 2023 08:59:43 -0300
Subject: build: move common CFLAGS/LDFLAGS first

---
 src/prog.mk | 6 +++---
 src/so.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/prog.mk b/src/prog.mk
index 5ed706da9..38cf714db 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -14,14 +14,14 @@ PROG_CFLAGS = \
 	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
 	-Wformat -Wformat-security \
 	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
-	-fPIE \
 	-DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
 	-DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
 	-DVARDIR='"/var/lib/firejail"' \
 	$(HAVE_GCOV) $(MANFLAGS) \
-	$(EXTRA_CFLAGS)
+	$(EXTRA_CFLAGS) \
+	-fPIE
 
-PROG_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now $(EXTRA_LDFLAGS)
+PROG_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
 
 .PHONY: all
 all: $(TARGET)
diff --git a/src/so.mk b/src/so.mk
index 7a8d09e89..ec0947933 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -16,7 +16,7 @@ SO_CFLAGS = \
 	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
 	-fPIC
 
-SO_LDFLAGS = -fPIC -Wl,-z,relro -Wl,-z,now
+SO_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIC
 
 .PHONY: all
 all: $(TARGET)
-- 
cgit v1.2.3-54-g00ecf


From 07716128b12346e60146404cbd5d3ec799708d1d Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sun, 18 Jun 2023 09:48:45 -0300
Subject: build: move remaining build flags into config.mk.in

Put all definitions in the same file.
---
 config.mk.in | 24 ++++++++++++++++++++++--
 src/prog.mk  | 14 --------------
 src/so.mk    |  9 ---------
 3 files changed, 22 insertions(+), 25 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index 5cf83d9a5..b32431ad7 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -81,9 +81,29 @@ CFLAGS=@CFLAGS@
 LDFLAGS=@LDFLAGS@
 
 # Project variables
-LIBS=@LIBS@
-
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
+PROG_CFLAGS = \
+	-ggdb -O2 -DVERSION='"$(VERSION)"' \
+	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
+	-Wformat -Wformat-security \
+	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
+	-DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
+	-DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
+	-DVARDIR='"/var/lib/firejail"' \
+	$(HAVE_GCOV) $(MANFLAGS) \
+	$(EXTRA_CFLAGS) \
+	-fPIE
+
+SO_CFLAGS = \
+	-ggdb -O2 -DVERSION='"$(VERSION)"' \
+	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
+	-Wformat -Wformat-security \
+	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
+	-fPIC
+
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
+PROG_LDFLAGS   = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
+SO_LDFLAGS     = -Wl,-z,relro -Wl,-z,now -fPIC
+LIBS =@LIBS@
 
 CLEANFILES = *.o *.gcov *.gcda *.gcno *.plist
diff --git a/src/prog.mk b/src/prog.mk
index 38cf714db..70b3629b2 100644
--- a/src/prog.mk
+++ b/src/prog.mk
@@ -9,20 +9,6 @@ HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
 OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
 
-PROG_CFLAGS = \
-	-ggdb -O2 -DVERSION='"$(VERSION)"' \
-	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
-	-Wformat -Wformat-security \
-	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
-	-DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
-	-DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
-	-DVARDIR='"/var/lib/firejail"' \
-	$(HAVE_GCOV) $(MANFLAGS) \
-	$(EXTRA_CFLAGS) \
-	-fPIE
-
-PROG_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
-
 .PHONY: all
 all: $(TARGET)
 
diff --git a/src/so.mk b/src/so.mk
index ec0947933..dadffc52f 100644
--- a/src/so.mk
+++ b/src/so.mk
@@ -9,15 +9,6 @@ HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS)
 SRCS := $(sort $(wildcard *.c))
 OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS)
 
-SO_CFLAGS = \
-	-ggdb -O2 -DVERSION='"$(VERSION)"' \
-	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
-	-Wformat -Wformat-security \
-	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
-	-fPIC
-
-SO_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIC
-
 .PHONY: all
 all: $(TARGET)
 
-- 
cgit v1.2.3-54-g00ecf


From 55322931afd6f081d5094414b14de36e2ae31d5f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 06:57:33 +0000
Subject: build(deps): bump github/codeql-action from 2.20.0 to 2.20.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.0 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/6c089f53dd51dc3fc7e599c3cb5356453a52ca9e...f6e388ebf0efc915c6c5b165b019ee61a6746a38)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql-analysis.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index eec359f40..b04bd6332 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -93,7 +93,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
+      uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -104,7 +104,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
+      uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -118,4 +118,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e
+      uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38
-- 
cgit v1.2.3-54-g00ecf


From 8ccff4af042031dd0511fceaf42a2585b31c2d9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 26 Jun 2023 06:57:36 +0000
Subject: build(deps): bump step-security/harden-runner from 2.4.0 to 2.4.1

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/128a63446a954579617e875aaab7d2978154e969...55d479fb1c5bcad5a4f9099a5d9f37c8857b2845)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build-extra.yml     | 10 +++++-----
 .github/workflows/build.yml           |  2 +-
 .github/workflows/codeql-analysis.yml |  2 +-
 .github/workflows/profile-checks.yml  |  2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index dd0dc4da0..8754e7eff 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -84,7 +84,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -110,7 +110,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -132,7 +132,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
@@ -150,7 +150,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index afa8d1305..32dbaf8cc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
       SHELL: /bin/bash
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         egress-policy: block
         allowed-endpoints: >
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index b04bd6332..9b82ab240 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -75,7 +75,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         disable-sudo: true
         egress-policy: block
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 8418a390b..0e7403508 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969
+      uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
       with:
         disable-sudo: true
         egress-policy: block
-- 
cgit v1.2.3-54-g00ecf


From 22031ce6415833dd0f88d1cb748a4a231810ccc0 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Fri, 23 Jun 2023 07:21:11 -0300
Subject: build: standardize common CFLAGS

Changes:

* Deduplicate common CFLAGS into a new COMMON_CFLAGS variable
* Move some definitions from PROG_CFLAGS into COMMON_CFLAGS
---
 config.mk.in | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index b32431ad7..89d401dfd 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -82,7 +82,7 @@ LDFLAGS=@LDFLAGS@
 
 # Project variables
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
-PROG_CFLAGS = \
+COMMON_CFLAGS = \
 	-ggdb -O2 -DVERSION='"$(VERSION)"' \
 	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
 	-Wformat -Wformat-security \
@@ -90,15 +90,15 @@ PROG_CFLAGS = \
 	-DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \
 	-DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \
 	-DVARDIR='"/var/lib/firejail"' \
+
+PROG_CFLAGS = \
+	$(COMMON_CFLAGS) \
 	$(HAVE_GCOV) $(MANFLAGS) \
 	$(EXTRA_CFLAGS) \
 	-fPIE
 
 SO_CFLAGS = \
-	-ggdb -O2 -DVERSION='"$(VERSION)"' \
-	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
-	-Wformat -Wformat-security \
-	-fstack-protector-all -D_FORTIFY_SOURCE=2 \
+	$(COMMON_CFLAGS) \
 	-fPIC
 
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
-- 
cgit v1.2.3-54-g00ecf


From 810b75bbf36c18dbacc713f5de18ab64360295c9 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Mon, 26 Jun 2023 03:47:23 -0300
Subject: build: set EXTRA_CFLAGS/EXTRA_LDFLAGS instead of append

This allows overriding them when calling make.
---
 config.mk.in | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config.mk.in b/config.mk.in
index 89d401dfd..f3c1f658c 100644
--- a/config.mk.in
+++ b/config.mk.in
@@ -81,7 +81,7 @@ CFLAGS=@CFLAGS@
 LDFLAGS=@LDFLAGS@
 
 # Project variables
-EXTRA_CFLAGS +=@EXTRA_CFLAGS@
+EXTRA_CFLAGS  =@EXTRA_CFLAGS@
 COMMON_CFLAGS = \
 	-ggdb -O2 -DVERSION='"$(VERSION)"' \
 	-Wall -Wextra $(HAVE_FATAL_WARNINGS) \
@@ -101,9 +101,9 @@ SO_CFLAGS = \
 	$(COMMON_CFLAGS) \
 	-fPIC
 
-EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
-PROG_LDFLAGS   = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
-SO_LDFLAGS     = -Wl,-z,relro -Wl,-z,now -fPIC
+EXTRA_LDFLAGS =@EXTRA_LDFLAGS@
+PROG_LDFLAGS  = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS)
+SO_LDFLAGS    = -Wl,-z,relro -Wl,-z,now -fPIC
 LIBS =@LIBS@
 
 CLEANFILES = *.o *.gcov *.gcda *.gcno *.plist
-- 
cgit v1.2.3-54-g00ecf


From f6dd1931e702fce9469e6ff0503852598f04cdfb Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Tue, 27 Jun 2023 04:16:26 -0300
Subject: RELNOTES: add build items

Relates to #5859 #5864 #5866.
---
 RELNOTES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/RELNOTES b/RELNOTES
index 2922b7765..718ac17a4 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -26,6 +26,9 @@ firejail (0.9.73) baseline; urgency=low
   * build: deb: enable apparmor by default & remove deb-apparmor (#5668)
   * build: Fix whitespace and add .editorconfig (#5674)
   * build: enable compiler warnings by default (#5842)
+  * build: remove -mretpoline and NO_EXTRA_CFLAGS (#5859)
+  * build: disable all built-in implicit make rules (#5864)
+  * build: organize and standardize make vars and targets (#5866)
   * ci: always update the package db before installing packages (#5742)
   * ci: fix codeql unable to download its own bundle (#5783)
   * ci: split configure/build/install commands on gitlab (#5784)
-- 
cgit v1.2.3-54-g00ecf