remove LTS and FIRETUNNEL support

2026-05-15 14:16:14 -06:00 · 2023-12-23 08:29:33 -05:00 · 2023-12-23 08:29:33 -05:00 · db09546f29
commit db09546f29
parent a5e72caa0a
9 changed files with 2 additions and 186 deletions
--- a/2
+++ b/2
@ -59,7 +59,7 @@ Committers:
 - rusty-snake (https://github.com/rusty-snake)
 - smitsohu (https://github.com/smitsohu)
 - SkewedZeppelin (https://github.com/SkewedZeppelin)
- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches
+- startx2017 (https://github.com/startx2017)
  maintainer)
 - Topi Miettinen (https://github.com/topimiettinen)
 - veloute (https://github.com/veloute)
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 firejail (0.9.73) baseline; urgency=low
  * work in progress
+  * removed LTS and FIRETUNNEL support
  * feature: Add "keep-shell-rc" command and option (#1127 #5634)
  * feature: Print the argument when failing with "too long arguments" (#5677)
  * feature: a random hostname is assigned to each sandbox unless
--- a/config.mk.in
+++ b/config.mk.in
@ -34,12 +34,10 @@ HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_CHROOT=@HAVE_CHROOT@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
-HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
 HAVE_IDS=@HAVE_IDS@
 HAVE_LANDLOCK=@HAVE_LANDLOCK@
-HAVE_LTS=@HAVE_LTS@
 HAVE_NETWORK=@HAVE_NETWORK@
 HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@
 HAVE_OUTPUT=@HAVE_OUTPUT@
@ -57,12 +55,10 @@ MANFLAGS = \
 	$(HAVE_CHROOT) \
 	$(HAVE_DBUSPROXY) \
 	$(HAVE_FILE_TRANSFER) \
-	$(HAVE_FIRETUNNEL) \
 	$(HAVE_FORCE_NONEWPRIVS) \
 	$(HAVE_GLOBALCFG) \
 	$(HAVE_IDS) \
 	$(HAVE_LANDLOCK) \
-	$(HAVE_LTS) \
 	$(HAVE_NETWORK) \
 	$(HAVE_ONLY_SYSCFG_PROFILES) \
 	$(HAVE_OUTPUT) \
--- a/66
+++ b/66
@ -650,7 +650,6 @@ ac_includes_default="\
 ac_header_c_list=
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
-HAVE_LTS
 HAVE_ONLY_SYSCFG_PROFILES
 HAVE_FORCE_NONEWPRIVS
 HAVE_CONTRIB_INSTALL
@ -666,7 +665,6 @@ HAVE_GLOBALCFG
 HAVE_CHROOT
 HAVE_PRIVATE_LIB
 HAVE_PRIVATE_HOME
-HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
@ -743,7 +741,6 @@ enable_dbusproxy
 enable_output
 enable_usertmpfs
 enable_man
-enable_firetunnel
 enable_private_home
 enable_private_lib
 enable_chroot
@ -759,7 +756,6 @@ enable_gcov
 enable_contrib_install
 enable_force_nonewprivs
 enable_only_syscfg_profiles
-enable_lts
 '
      ac_precious_vars='build_alias
 host_alias
@ -1403,7 +1399,6 @@ Optional Features:
  --disable-output        disable --output logging
  --disable-usertmpfs     disable tmpfs as regular user
  --disable-man           disable man pages
-  --enable-firetunnel     enable firetunnel
  --disable-private-home  disable private home feature
  --disable-private-lib   disable private lib feature
  --disable-chroot        disable chroot
@ -1424,7 +1419,6 @@ Optional Features:
                          enable force nonewprivs
  --enable-only-syscfg-profiles
                          disable profiles in $HOME/.config/firejail
-  --enable-lts            enable long-term support software version (LTS)

 Some influential environment variables:
  CC          C compiler command
@ -3913,21 +3907,6 @@ fi

 fi

-HAVE_FIRETUNNEL=""
-
-# Check whether --enable-firetunnel was given.
-if test ${enable_firetunnel+y}
-then :
-  enableval=$enable_firetunnel;
-fi
-
-if test "x$enable_firetunnel" = "xyes"
-then :
-
-	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
-
-fi
-
 HAVE_PRIVATE_HOME=""

 # Check whether --enable-private-home was given.
@ -4155,39 +4134,6 @@ then :

 fi

-HAVE_LTS=""
-
-# Check whether --enable-lts was given.
-if test ${enable_lts+y}
-then :
-  enableval=$enable_lts;
-fi
-
-if test "x$enable_lts" = "xyes"
-then :
-
-	HAVE_LTS="-DHAVE_LTS"
-	HAVE_LANDLOCK=""
-	HAVE_IDS=""
-	HAVE_DBUSPROXY=""
-	HAVE_OVERLAYFS=""
-	HAVE_OUTPUT=""
-	HAVE_USERTMPFS=""
-	HAVE_MAN="-DHAVE_MAN"
-	HAVE_FIRETUNNEL=""
-	HAVE_PRIVATE_HOME=""
-	HAVE_PRIVATE_LIB=""
-	HAVE_CHROOT=""
-	HAVE_GLOBALCFG=""
-	HAVE_USERNS=""
-	HAVE_X11=""
-	HAVE_FILE_TRANSFER=""
-	HAVE_SUID="-DHAVE_SUID"
-	BUSYBOX_WORKAROUND="no"
-	HAVE_CONTRIB_INSTALL="no"
-
-fi
-
 ac_fn_c_check_header_compile "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default"
 if test "x$ac_cv_header_linux_seccomp_h" = xyes
 then :
@ -5384,11 +5330,9 @@ Features:
   disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
   enable --output logging: $HAVE_OUTPUT
   file transfer support: $HAVE_FILE_TRANSFER
-   firetunnel support: $HAVE_FIRETUNNEL
   global config: $HAVE_GLOBALCFG
   IDS support: $HAVE_IDS
   Landlock support: $HAVE_LANDLOCK
-   LTS: $HAVE_LTS
   manpage support: $HAVE_MAN
   network: $HAVE_NETWORK
   overlayfs support: $HAVE_OVERLAYFS
@ -5400,13 +5344,3 @@ Features:

 EOF

-if test "$HAVE_LTS" = -DHAVE_LTS; then
-	cat <<\EOF
-*********************************************************
-*    Warning: Long-term support (LTS) was enabled!      *
-*    Most compile-time options have been rewritten!     *
-*********************************************************
-
-EOF
-fi
-
--- a/configure.ac
+++ b/configure.ac
@ -137,14 +137,6 @@ AS_IF([test "x$enable_man" != "xno"], [
 	AS_IF([test "x$HAVE_GAWK" != "xyes"], [AC_MSG_ERROR([*** gawk not found ***])])
 ])

-HAVE_FIRETUNNEL=""
-AC_SUBST([HAVE_FIRETUNNEL])
-AC_ARG_ENABLE([firetunnel],
-    [AS_HELP_STRING([--enable-firetunnel], [enable firetunnel])])
-AS_IF([test "x$enable_firetunnel" = "xyes"], [
-	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
-])
-
 HAVE_PRIVATE_HOME=""
 AC_SUBST([HAVE_PRIVATE_HOME])
 AC_ARG_ENABLE([private-home],
@ -268,32 +260,6 @@ AS_IF([test "x$enable_only_syscfg_profiles" = "xyes"], [
 	HAVE_ONLY_SYSCFG_PROFILES="-DHAVE_ONLY_SYSCFG_PROFILES"
 ])

-HAVE_LTS=""
-AC_SUBST([HAVE_LTS])
-AC_ARG_ENABLE([lts],
-    [AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)])])
-AS_IF([test "x$enable_lts" = "xyes"], [
-	HAVE_LTS="-DHAVE_LTS"
-	HAVE_LANDLOCK=""
-	HAVE_IDS=""
-	HAVE_DBUSPROXY=""
-	HAVE_OVERLAYFS=""
-	HAVE_OUTPUT=""
-	HAVE_USERTMPFS=""
-	HAVE_MAN="-DHAVE_MAN"
-	HAVE_FIRETUNNEL=""
-	HAVE_PRIVATE_HOME=""
-	HAVE_PRIVATE_LIB=""
-	HAVE_CHROOT=""
-	HAVE_GLOBALCFG=""
-	HAVE_USERNS=""
-	HAVE_X11=""
-	HAVE_FILE_TRANSFER=""
-	HAVE_SUID="-DHAVE_SUID"
-	BUSYBOX_WORKAROUND="no"
-	HAVE_CONTRIB_INSTALL="no"
-])
-
 AC_CHECK_HEADER([linux/seccomp.h], [],
    [AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***])])

@ -332,11 +298,9 @@ Features:
   disable user profiles: $HAVE_ONLY_SYSCFG_PROFILES
   enable --output logging: $HAVE_OUTPUT
   file transfer support: $HAVE_FILE_TRANSFER
-   firetunnel support: $HAVE_FIRETUNNEL
   global config: $HAVE_GLOBALCFG
   IDS support: $HAVE_IDS
   Landlock support: $HAVE_LANDLOCK
-   LTS: $HAVE_LTS
   manpage support: $HAVE_MAN
   network: $HAVE_NETWORK
   overlayfs support: $HAVE_OVERLAYFS
@ -347,13 +311,3 @@ Features:
   X11 sandboxing support: $HAVE_X11

 EOF
-
-if test "$HAVE_LTS" = -DHAVE_LTS; then
-	cat <<\EOF
-*********************************************************
-*    Warning: Long-term support (LTS) was enabled!      *
-*    Most compile-time options have been rewritten!     *
-*********************************************************
-
-EOF
-fi
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@ -349,13 +349,6 @@ static const char *const compiletime_support =
 		"disabled"
 #endif

-	"\n\t- firetunnel support is "
-#ifdef HAVE_FIRETUNNEL
-		"enabled"
-#else
-		"disabled"
-#endif
-
 	"\n\t- IDS support is "
 #ifdef HAVE_IDS
 		"enabled"
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@ -1826,33 +1826,6 @@ int main(int argc, char **argv, char **envp) {
 			else
 				exit_err_feature("overlayfs");
 		}
-#endif
-#ifdef HAVE_FIRETUNNEL
-		else if (strcmp(argv[i], "--tunnel") == 0) {
-			// try to connect to the default client side of the tunnel
-			// if this fails, try the default server side of the tunnel
-			if (access("/run/firetunnel/ftc", R_OK) == 0)
-				profile_read("/run/firetunnel/ftc");
-			else if (access("/run/firetunnel/fts", R_OK) == 0)
-				profile_read("/run/firetunnel/fts");
-			else {
-				fprintf(stderr, "Error: no default firetunnel found, please specify it using --tunnel=devname option\n");
-				exit(1);
-			}
-		}
-		else if (strncmp(argv[i], "--tunnel=", 9) == 0) {
-			char *fname;
-
-			if (asprintf(&fname, "/run/firetunnel/%s", argv[i] + 9) == -1)
-				errExit("asprintf");
-			invalid_filename(fname, 0); // no globbing
-			if (access(fname, R_OK) == 0)
-				profile_read(fname);
-			else {
-				fprintf(stderr, "Error: tunnel not found\n");
-				exit(1);
-			}
-		}
 #endif
 		else if (strncmp(argv[i], "--include=", 10) == 0) {
 			char *ppath = expand_macros(argv[i] + 10);
--- a/src/man/firejail.1.in
+++ b/src/man/firejail.1.in
@ -42,15 +42,6 @@ Miscellaneous:
 firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version}
 .RE
 .SH DESCRIPTION
-#ifdef HAVE_LTS
-This is Firejail long-term support (LTS), an enterprise focused version of the software,
-LTS is usually supported for two or three years.
-During this time only bugs and the occasional documentation problems are fixed.
-The attack surface of the SUID executable was greatly reduced by removing some of the features.
-.br
-
-.br
-#endif
 Firejail is a SUID sandbox program that reduces the risk of security breaches by
 restricting the running environment of untrusted applications using Linux
 namespaces, seccomp-bpf and Linux capabilities.
@ -3043,28 +3034,6 @@ $ firejail \-\-tree
 .br
  11970:netblue:transmission-gtk

-#ifdef HAVE_FIRETUNNEL
-.TP
-\fB\-\-tunnel[=devname]
-Connect the sandbox to a network overlay/VPN tunnel created by firetunnel utility. This options
-tries first the client side of the tunnel. If this fails, it tries the server side. If multiple tunnels are active,
-please specify the tunnel device using \-\-tunnel=devname.
-.br
-
-.br
-The available tunnel devices are listed in /etc/firetunnel directory, one file for each device.
-The files are regular firejail profile files containing the network configuration,
-and are created and managed by firetunnel utility.
-By default ftc is the client-side device and fts is the server-side device. For more information
-please see man 1 firetunnel.
-.br
-
-.br
-Example:
-.br
-$ firejail --tunnel firefox
-.br
-#endif
 .TP
 \fB\-\-version
 Print program version/compile time support and exit.
--- a/src/zsh_completion/_firejail.in
+++ b/src/zsh_completion/_firejail.in
@ -213,10 +213,6 @@ _firejail_args=(
    '--ls=-[list files in sandbox container name|pid]: :_all_firejails'
 #endif

-#ifdef HAVE_FIRETUNNEL
-    '--tunnel=-[connect the sandbox to a tunnel created by firetunnel utility]: :'
-#endif
-
 #ifdef HAVE_NETWORK
    '--bandwidth=-[set bandwidth limits name|pid]: :_all_firejails'
    '--defaultgw=[configure default gateway]: :'