Commit 74d92f26 authored by Lorenzo "Palinuro" Faletra's avatar Lorenzo "Palinuro" Faletra
Browse files

Import Upstream version 0.9.58

parent 10e2693a
......@@ -190,7 +190,7 @@ uninstall:
rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firemon
rm -f $(DESTDIR)/$(datarootdir)/bash-completion/completions/firecfg
DISTFILES = "src etc platform contrib configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh COPYING README RELNOTES"
DISTFILES = "src etc platform contrib configure configure.ac dummy.c Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh mkdeb-apparmor.sh COPYING README RELNOTES"
DISTFILES_TEST = "test/apps test/apps-x11 test/apps-x11-xorg test/root test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/arguments test/fs test/sysutils test/chroot"
dist:
......@@ -211,6 +211,9 @@ asc:; ./mkasc.sh $(VERSION)
deb: dist
./mkdeb.sh $(NAME) $(VERSION)
deb-apparmor: dist
./mkdeb-apparmor.sh $(NAME) $(VERSION)
snap: all
cd platform/snap; ./snap.sh
......
......@@ -33,14 +33,16 @@ Maintainer:
- netblue30 (netblue30@yahoo.com)
Committers
- chiraag-nataraj (https://github.com/chiraag-nataraj)
- crass (https://github.com/crass)
- glitsj16 (https://github.com/glitsj16)
- Fred-Barclay (https://github.com/Fred-Barclay)
- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
- smithsohu (https://github.com/smitsohu)
- SkewedZeppelin (https://github.com/SkewedZeppelin)
- startx2017 (https://github.com/startx2017) - 0.9.38-LTS and *bugfixes branches maintainer)
- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer)
- Topi Miettinen (https://github.com/topimiettinen)
- Vincent43 (https://github.com/Vincent43)
- chiraag-nataraj (https://github.com/chiraag-nataraj)
- netblue30 (netblue30@yahoo.com)
......@@ -62,7 +64,7 @@ Aleksey Manevich (https://github.com/manevich)
- fix double quotes/single quotes problem
- big rework of argument processing subsystem
- --join fixes
- spliting up cmdline.c
- splitting up cmdline.c
- Busybox support
- X11 support rewrite
- gether shell selection code in one place
......@@ -85,6 +87,8 @@ andrew160 (https://github.com/andrew160)
- profile and man pages fixes
announ (https://github.com/announ)
- mpv and youtube-dl profile fixes
- git profile fix
- evince profile fix
Antonio Russo (https://github.com/aerusso)
- enumerate root directories in apparmor profile
- fix join-or-start
......@@ -122,6 +126,8 @@ bn0785ac (https://github.com/bn0785ac)
- fix inox, add snox profile
BogDan Vatra (https://github.com/bog-dan-ro)
- zoom profile
Brad Ackerman
- blacklist Bitwarden config in disable-passwdmgr.inc
Bruno Nova (https://github.com/brunonova)
- whitelist fix
- bash arguments fix
......@@ -147,6 +153,10 @@ Christian Stadelmann (https://github.com/genodeftest)
- evolution profile fix
Clayton Williams (https://github.com/gosre)
- addition of RLIMIT_AS
crass (https://github.com/crass)
- extract_command_name fixes
- update appimage size calculation to newest code from libappimage
- firejail should look for processes with names exactly named
curiosity-seeker (https://github.com/curiosity-seeker)
- tightening unbound and dnscrypt-proxy profiles
- correct and tighten QuiteRss profile
......@@ -158,6 +168,7 @@ curiosity-seeker (https://github.com/curiosity-seeker)
- added VirtualBox.profile
- various other profile fixes
- added digiKam profile
- write-protection for thumbnailer dir
da2x (https://github.com/da2x)
- matched RPM license tag
Daan Bakker (https://github.com/dbakker)
......@@ -268,6 +279,17 @@ glitsj16 (https://github.com/glitsj16)
- spelling fixes
- bitblbee profile fixes
- fix firefox common addons
- many profile fixes
- profile fixes: file, strings, claws-mail,
- new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
- new profiles: devilspie, devilspie2, easystroke, github-desktop, min
- new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
- new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
- new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
- new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
- new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
- new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
- new profiles: masterpdfeditor
graywolf (https://github.com/graywolf)
- spelling fix
greigdp (https://github.com/greigdp)
......@@ -309,7 +331,7 @@ Jaykishan Mutkawoa (https://github.com/jmutkawoa)
- cpio profile
James Elford (https://github.com/jelford)
- pass password manager support
- removed shell none from ssh-agent configuration, fixing the infinit loop
- removed shell none from ssh-agent configuration, fixing the infinite loop
- added gcloud profile
- blacklist sensitive cloud provider files in disable-common
Jean Lucas (https://github.com/flacks)
......@@ -375,6 +397,8 @@ LaurentGH (https://github.com/LaurentGH)
- allow private-bin parameters to be absolute paths
Loïc Damien (https://github.com/dzamlo)
- small fixes
luzpaz (https://github.com/luzpaz)
- code spelling fixes
maces (https://github.com/maces)
- Franz messenger profile
Madura A (https://github.com/manushanga)
......@@ -411,7 +435,8 @@ mustaqimM (https://github.com/mustaqimM)
- added profile for Nylas Mail
n1trux (https://github.com/n1trux)
- fix flashpeak-slimjet profile typos
netblue30 (netblue30@yahoo.com)
NickMolloy (https://github.com/NickMolloy)
- ARP address length fix
Niklas Haas (https://github.com/haasn)
- blacklisting for keybase.io's client
nyancat18 (https://github.com/nyancat18)
......@@ -426,6 +451,8 @@ Paul Moore <pmoore@redhat.com>
-src/fsec-print/print.c extracted from libseccomp software package
Paupiah Yash (https://github.com/CaffeinatedStud)
- gzip profile
Pawel (https://github.com/grimskies)
- make --join return exit code of the invoked program
Peter Millerchip (https://github.com/pmillerchip)
- memory allocation fix
- --private.keep to --private-home transition
......@@ -446,6 +473,9 @@ PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)
- added profile for gnome-ring
pirate486743186 (https://github.com/pirate486743186)
- KMail profile
- mpsyt profile
- fix youtube-dl and mpv
- fix gnome-mpv profile
Pixel Fairy (https://github.com/xahare)
- added fjclip.py, fjdisplay.py and fjresize.py in contrib section
PizzaDude (https://github.com/pizzadude)
......@@ -495,6 +525,15 @@ rogshdo (https://github.com/rogshdo)
- BitlBee profile
Ruan (https://github.com/ruany)
- fixed hexchat profile
rusty-snake (https://github.com/rusty-snake)
- fixed kdenlive profile
- added thunderbird-wayland and supertuxkart profiles
- fix bible-time, rhythmbox profiles
- more blacklists in disable-common.inc
- fixed some missing paths in disable-programs.inc
- added ghostwriter profle
- fix gajim profile, added gajim-history-manager profile
- updates for ~/.cargo
Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
- fixed ktorrent profile
sarneaud (https://github.com/sarneaud)
......@@ -611,6 +650,8 @@ Thomas Jarosch (https://github.com/thomasjfox)
- added lstat() / lstat64() support to libtrace
- include mkuid.sh in make dist
- cppcheck bugfixes
tinmanx (https://github.com/tinmanx)
- remove network access from cherrytree.profile
Tom Mellor (https://github.com/kalegrill)
- mupen64plus profile
Tomasz Jan Góralczyk (https://github.com/tjg)
......@@ -660,6 +701,9 @@ veloute (https://github.com/veloute)
- added standardnotes profile
- added flameshot profile
- added jdownloader profile
- fixed discord profile
- fixes for various profiles
- removed vim and ranger from firecfg
Vincent43 (https://github.com/Vincent43)
- apparmor enhancements
vismir2 (https://github.com/vismir2)
......
firejail (0.9.58) baseline; urgency=low
* --disable-mnt rework
* --net.print command
* GitLab CI/CD integration: disto specific builds
* profile parser enhancements and conditional handling support
for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F
* profile name support
* added explicit nonewprivs support to join option
* new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
* new profiles: devilspie, devilspie2, easystroke, github-desktop, min
* new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
* new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
* new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
* new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
* new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
* new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
* new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
* new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland
* new profiles: supertuxkart, ghostwriter, gajim-history-manager
* bugfixes
-- netblue30 <netblue30@yahoo.com> Sat, 26 Jan 2019 08:00:00 -0500
firejail (0.9.56) baseline; urgency=low
* modif: removed CFG_CHROOT_DESKTOP configuration option
* modif: removed compile time --enable-network=restricted
......@@ -132,7 +154,7 @@ firejail (0.9.50) baseline; urgency=low
* feature: --profile.print
* enhancement: print all seccomp filters under --debug
* enhancement: /proc/sys mounting
* enhancement: rework IP address assingment for --net options
* enhancement: rework IP address assignment for --net options
* enhancement: support for newer Xpra versions (2.1+) -
set xpra-attach yes in /etc/firejail/firejail.config
* enhancement: all profiles use a standard layout style
......@@ -166,7 +188,7 @@ firejail (0.9.50~rc1) baseline; urgency=low
* feature: --profile.print
* enhancement: print all seccomp filters under --debug
* enhancement: /proc/sys mounting
* enhancement: rework IP address assingment for --net options
* enhancement: rework IP address assignment for --net options
* enhancement: support for newer Xpra versions (2.1+) -
set xpra-attach yes in /etc/firejail/firejail.config
* enhancement: all profiles use a standard layout style
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for firejail 0.9.56.
# Generated by GNU Autoconf 2.69 for firejail 0.9.58.
#
# Report bugs to <netblue30@yahoo.com>.
#
......@@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='firejail'
PACKAGE_TARNAME='firejail'
PACKAGE_VERSION='0.9.56'
PACKAGE_STRING='firejail 0.9.56'
PACKAGE_VERSION='0.9.58'
PACKAGE_STRING='firejail 0.9.58'
PACKAGE_BUGREPORT='netblue30@yahoo.com'
PACKAGE_URL='https://firejail.wordpress.com'
......@@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures firejail 0.9.56 to adapt to many kinds of systems.
\`configure' configures firejail 0.9.58 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1337,7 +1337,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of firejail 0.9.56:";;
short | recursive ) echo "Configuration of firejail 0.9.58:";;
esac
cat <<\_ACEOF
......@@ -1442,7 +1442,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
firejail configure 0.9.56
firejail configure 0.9.58
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by firejail $as_me 0.9.56, which was
It was created by firejail $as_me 0.9.58, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -3832,7 +3832,7 @@ fi
# set sysconfdir
if test "$prefix" = /usr; then
sysconfdir="/etc"
test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
fi
ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile"
......@@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by firejail $as_me 0.9.56, which was
This file was extended by firejail $as_me 0.9.58, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -4433,7 +4433,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
firejail config.status 0.9.56
firejail config.status 0.9.58
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
AC_PREREQ([2.68])
AC_INIT(firejail, 0.9.56, netblue30@yahoo.com, , https://firejail.wordpress.com)
AC_INIT(firejail, 0.9.58, netblue30@yahoo.com, , https://firejail.wordpress.com)
AC_CONFIG_SRCDIR([src/firejail/main.c])
#AC_CONFIG_HEADERS([config.h])
......@@ -183,7 +183,7 @@ AC_SUBST(HAVE_SECCOMP_H)
# set sysconfdir
if test "$prefix" = /usr; then
sysconfdir="/etc"
test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
fi
AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \
......
......@@ -29,80 +29,84 @@ __license__ = "Unlicense"
import sys, os, glob, re
privRx=re.compile("^(?:#\s*)?private-bin")
privRx = re.compile("^(?:#\s*)?private-bin")
def fixSymlinkedBins(files, replMap):
"""
"""
Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap
replMap is a dict where key is the marker filename and value is the filename to add
"""
rxs=dict()
for (old,new) in replMap.items():
rxs[old]=re.compile("\\b"+old+"\\b")
rxs[new]=re.compile("\\b"+new+"\\b")
#print(rxs)
for filename in files:
lines=None
with open(filename,"r") as file:
lines=file.readlines()
shouldUpdate=False
for (i,line) in enumerate(lines):
if privRx.search(line):
for (old,new) in replMap.items():
if rxs[old].search(line) and not rxs[new].search(line):
lines[i]=rxs[old].sub(old+","+new, line)
shouldUpdate=True
print(lines[i])
if shouldUpdate:
with open(filename,"w") as file:
file.writelines(lines)
pass
rxs = dict()
for (old, new) in replMap.items():
rxs[old] = re.compile("\\b" + old + "\\b")
rxs[new] = re.compile("\\b" + new + "\\b")
#print(rxs)
for filename in files:
lines = None
with open(filename, "r") as file:
lines = file.readlines()
shouldUpdate = False
for (i, line) in enumerate(lines):
if privRx.search(line):
for (old, new) in replMap.items():
if rxs[old].search(line) and not rxs[new].search(line):
lines[i] = rxs[old].sub(old + "," + new, line)
shouldUpdate = True
print(lines[i])
if shouldUpdate:
with open(filename, "w") as file:
file.writelines(lines)
pass
def createSetOfBinaries(files):
"""
"""
Creates a set of binaries mentioned in private-bin directives of files.
"""
s=set()
for filename in files:
lines=None
with open(filename,"r") as file:
for line in file:
if privRx.search(line):
bins=line.split(",")
bins[0]=bins[0].split(" ")[-1]
bins = [n.strip() for n in bins]
s=s|set(bins)
return s
s = set()
for filename in files:
lines = None
with open(filename, "r") as file:
for line in file:
if privRx.search(line):
bins = line.split(",")
bins[0] = bins[0].split(" ")[-1]
bins = [n.strip() for n in bins]
s = s | set(bins)
return s
def createSymlinkTable(binDirs, binariesSet):
"""
"""
creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary.
binDirs are folders to look into for binaries symlinks
binariesSet is a set of binaries to be checked if they are actually a symlinks
"""
m=dict()
toProcess=binariesSet
while len(toProcess)!=0:
additional=set()
for sh in toProcess:
for bD in binDirs:
p=bD+os.path.sep+sh
if os.path.exists(p):
if os.path.islink(p):
m[sh]=os.readlink(p)
additional.add(m[sh].split(" ")[0])
else:
pass
break
toProcess=additional
return m
m = dict()
toProcess = binariesSet
while len(toProcess) != 0:
additional = set()
for sh in toProcess:
for bD in binDirs:
p = bD + os.path.sep + sh
if os.path.exists(p):
if os.path.islink(p):
m[sh] = os.readlink(p)
additional.add(m[sh].split(" ")[0])
else:
pass
break
toProcess = additional
return m
def doTheFixes(profilesPath, binDirs):
"""
"""
Fixes private-bin in .profiles for firejail. The pipeline is as follows:
discover files -> discover mentioned binaries ->
discover the ones which are symlinks ->
......@@ -110,48 +114,60 @@ def doTheFixes(profilesPath, binDirs):
filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) ->
apply fix
"""
files=glob.glob(profilesPath+os.path.sep+"*.profile")
bins=createSetOfBinaries(files)
#print("The binaries used are:")
#print(bins)
stbl=createSymlinkTable(binDirs,bins)
print("The replacement table is:")
print(stbl)
stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0}
print("Filtered replacement table is:")
print(stbl)
fixSymlinkedBins(files,stbl)
files = glob.glob(profilesPath + os.path.sep + "*.profile")
bins = createSetOfBinaries(files)
#print("The binaries used are:")
#print(bins)
stbl = createSymlinkTable(binDirs, bins)
print("The replacement table is:")
print(stbl)
stbl = {
a[0]: a[1]
for a in stbl.items()
if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep) < 0
}
print("Filtered replacement table is:")
print(stbl)
fixSymlinkedBins(files, stbl)
def printHelp():
print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__)
print("python3 " + os.path.basename(__file__) +
" <dir with .profile files>\nThe default dir is " +
defaultProfilesPath + "\n" + doTheFixes.__doc__)
def main():
"""The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
print(repr(sys.argv))
defaultProfilesPath="../etc"
if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ):
printHelp()
exit(1)
profilesPath=None
if len(sys.argv)==2:
if os.path.isdir(sys.argv[1]):
profilesPath=os.path.abspath(sys.argv[1])
else:
if os.path.exists(sys.argv[1]):
print(sys.argv[1]+" is not a dir")
else:
print(sys.argv[1]+" does not exist")
printHelp()
exit(1)
else:
print("Using default profiles dir: " + defaultProfilesPath)
profilesPath=defaultProfilesPath
binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]
print("Binaries dirs are:")
print(binDirs)
doTheFixes(profilesPath, binDirs)
"""The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
print(repr(sys.argv))
defaultProfilesPath = "../etc"
if len(sys.argv) > 2 or (len(sys.argv) == 2 and
(sys.argv[1] == '-h' or sys.argv[1] == '--help')):
printHelp()
exit(1)
profilesPath = None
if len(sys.argv) == 2:
if os.path.isdir(sys.argv[1]):
profilesPath = os.path.abspath(sys.argv[1])
else:
if os.path.exists(sys.argv[1]):
print(sys.argv[1] + " is not a dir")
else:
print(sys.argv[1] + " does not exist")
printHelp()
exit(1)
else:
print("Using default profiles dir: " + defaultProfilesPath)
profilesPath = defaultProfilesPath
binDirs = [
"/bin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"
]
print("Binaries dirs are:")
print(binDirs)
doTheFixes(profilesPath, binDirs)
if __name__ == "__main__":
main()
main()
......@@ -4,42 +4,46 @@
import os, re, shlex, subprocess, sys
def run(srcdir, args):
if srcdir: os.chdir(srcdir)
if srcdir: os.chdir(srcdir)
dry_run=False
escaped_args=[]
# We need to modify the list as we go. So be sure to copy the list to be iterated!
for a in args[:]:
if a.startswith('--prefix'):
# prefix should ALWAYS be /usr here. Discard user-set values
args.remove(a)
elif a == '--only-fix-mkdeb':
# for us, not configure
dry_run=True
args.remove(a)
else:
escaped_args.append(shlex.quote(a))
dry_run = False
escaped_args = []
# We need to modify the list as we go. So be sure to copy the list to be iterated!
for a in args[:]:
if a.startswith('--prefix'):
# prefix should ALWAYS be /usr here. Discard user-set values
args.remove(a)
elif a == '--only-fix-mkdeb':
# for us, not configure
dry_run = True
args.remove(a)
else:
escaped_args.append(shlex.quote(a))
# Fix up mkdeb.sh to include custom configure options.
with open('mkdeb.sh', 'rb') as f:
sh=str(f.read(), 'utf_8')
rx=re.compile(r'^\./configure\s.*$', re.M)
with open('mkdeb.sh', 'wb') as f:
f.write(bytes(rx.sub('./configure --prefix=/usr '+(' '.join(escaped_args)), sh), 'utf_8'))
# Fix up mkdeb.sh to include custom configure options.
with open('mkdeb.sh', 'rb') as f:
sh = str(f.read(), 'utf_8')
rx = re.compile(r'^\./configure\s.*$', re.M)
with open('mkdeb.sh', 'wb') as f:
f.write(
bytes(
rx.sub('./configure --prefix=/usr ' + (' '.join(escaped_args)),
sh), 'utf_8'))
if dry_run: return 0
if dry_run: return 0
# now run configure && make
if subprocess.call(['./configure', '--prefix=/usr']+args) == 0:
subprocess.call(['make', 'deb'])
# now run configure && make
if subprocess.call(['./configure', '--prefix=/usr'] + args) == 0:
subprocess.call(['make', 'deb'])
return 0
return 0
if __name__ == '__main__':
if len(sys.argv) == 2 and sys.argv[1] == '--help':
print('''Build a .deb of firejail with custom configure options
if len(sys.argv) == 2 and sys.argv[1] == '--help':
print('''Build a .deb of firejail with custom configure options
usage:
{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
......@@ -51,24 +55,26 @@ usage:
--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
CONFIGURE_OPTIONS: arguments for configure