* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* private-etc: always include 'alternatives'
* Add firecfg support for tesseract
* Add tesseract to 'New profiles' section in README.md
* Create tesseract.profile
* tesseract: fix private-etc
* tesseract: fix XDG black/whitelisting
* tesseract: use 'seccomp socket' instead of 'protocol unix'
As kindly suggested by @rusty-snake.
* tesseract: add 'restrict-namespaces'
As kindly suggested by @rusty-snake.
* tesseract: use full seccomp filtering
The tesseract application works fine without 'protocol' or 'seccomp socket'.
Leave them commented.
With this commit, there are no more profiles creating paths in ~/.kde
nor in ~/.kde4:
$ git grep -e '^mkdir .*\.kde' -e '^mkfile .*\.kde' -- etc
$
See also commit 3ef030257 ("ktorrent.profile: stop creating legacy KDE
paths", 2022-10-11) / PR #5415.
firejail may fail to create the following files:
* ~/.kde/share/config/kcalcrc
* ~/.kde4/share/config/kcalcrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
See also commit 7f1906dba ("ktorrent.profile: fix mkfile without mkdir",
2022-10-11) / PR #5415.
Do not use `private-cache`, because PyCharm places in cache
directories stuff like spelling dictionary (i. e. if you download
spelling dictionary with `private-cache`, on restart PyCharm you need
to download spelling dictionary again).
* Add python3 support to nicotine
* Revert private-bin changes
Adding shell and python3 support to private-bin kept breaking nicotine for the user who reported it on IRC. Let's revert it as suggested by @rusty-snake.
firejail fails to create the following files:
* ~/.kde/share/config/ktorrentrc
* ~/.kde4/share/config/ktorrentrc
Because it does not create the preceding directories beforehand:
* ~/.kde/share/config
* ~/.kde4/share/config
Relates to #5414.
OpenDoas is an alternative to sudo. It is an unofficial port of
OpenBSD's doas. Details:
$ LC_ALL=C pacman -Si galaxy/opendoas |
grep -e '^Version' -e '^Description' -e '^URL'
Version : 6.8.2-1
Description : Run commands as super user or another user
URL : https://github.com/Duncaen/OpenDoas
Environment: Artix Linux.
Also, add /etc/doas.conf to etc/ids.config.
This reverts commit 393c5beff2.
Which broke mpv:
$ mpv --version
Cannot start application: No such file or directory
Probably because mpv itself uses many libraries and it has plugins that
may depend on files in /usr/lib as well:
$ pacman -Qlq mpv | grep /lib/ | grep -v '/$'
/usr/lib/libmpv.so
/usr/lib/libmpv.so.1
/usr/lib/libmpv.so.1.109.0
/usr/lib/pkgconfig/mpv.pc
$ strings /usr/bin/mpv | grep '^lib.*\.so' | sort -u | wc -l
53
$ pacman -Qlq yt-dlp | grep /lib/ | grep -v '/$' |
cut -f -4 -d / | sort -u
/usr/lib/python3.10
$ pacman -Q mpv yt-dlp
mpv 1:0.34.1-5
yt-dlp 2022.09.01-1
Environment: Artix Linux.
Also, private-lib is disabled by default in firejail.config (see #5190)
and mpv.profile does not use private-lib, so there should be no need to
whitelist anything in /usr/lib in the default profile.
As mentioned in its description, this profile is intended for an IDE, so
allow paths used for development and stop including the following
profiles:
* disable-devel.inc
* disable-exec.inc
* disable-interpreters.inc
Fixes#5292.
Programs that seem to support exiftool:
$ LC_ALL=C pacman -Sii perl-image-exiftool |
grep -e '^Version' -e '^Required' -e '^Optional For' | head -n 3
Version : 12.42-1
Required By : digikam geotag gitlab-workhorse mat2 rapid-photo-downloader
Optional For : darktable geeqie gpsprune hugin jpeg-archive ranger recoll shutter
Environment: Artix Linux.
Note for hugin.profile: Does not currently work with private-bin on
Arch/Artix; see the private-bin comment on
etc/profile-a-l/exiftool.profile.
Relates to #5365.
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* add awk and which to private-bin for better xdg-open support
* use both capitalized and regular discord commands to private-bin
* use both capitalized and regular discord commands to private-bin
* refactor CamelCased discord profiles
* refactor CamelCased discord profiles
* fix private-{bin,opt} sorting
* fix private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* unfuck private-{bin,opt} sorting
* fix sorting once more for CI
* fix sorting once again for CI
