electron-common.profile and blink-common.profile already apply
whitelisting in the user home, so ensure that the allowed paths are
available as well.
Relates to #6314.
It's a markdown editor and commit 358fce3ed ("ghostwriter: hardening and
private-bin improvements", 2023-02-08) / PR #5648 enabled whitelisting
in the user home, so disable it by default.
See commit bd8ed0b4e ("profiles: firecfg: disable text editors (#6477)",
2024-09-19).
Relates to #5648.
Commands used to search and replace:
./contrib/sort.py etc/inc/*.inc etc/profile*/*.profile
This amends commit 358fce3ed ("ghostwriter: hardening and private-bin
improvements", 2023-02-08) / PR #5648.
Add missing paths for:
* lua (for mpv)
* mplayer
* mpv
* smplayer
* vlc
Apparently mpv plugins may break without the lua path; see commit
ccff014de ("fix Lua in mpv.profile", 2020-07-28) / issue #3554.
Command used to search for relevant profiles:
$ git grep -IE -l '/\.?(s?mplayer|mpv|vlc)' -- etc
This is a follow-up to commit e4ebbfafe ("profiles: ensure allow-lua
where mpv is allowed (#6555)", 2024-11-29).
Currently whitespace is left as is within an entry.
In a `protocol` entry, if there is whitespace between the command and
its argument or around an item, the item in question is dropped from the
output.
Changes:
* `protocol`: Strip all whitespace in the argument
* Other commands: Strip leading/trailing whitespace around each item,
including any extra whitespace between a command and its argument
Note: Whitespace characters inside paths are left as is, as some paths
(such as `Foo Bar` may contain spaces.
Before:
$ printf 'private-bin a,b\nprivate-bin a,b\nprivate-bin b,a\nprivate-bin C,A B\nprotocol unix,net\nprotocol inet,unix\n' \
>foo.profile
$ ./contrib/sort.py -n foo.profile
sort.py: checking 1 profile(s)...
foo.profile:5:-protocol unix,net
foo.profile:5:+protocol
foo.profile:6:-protocol inet,unix
foo.profile:6:+protocol unix
After:
$ printf 'private-bin a,b\nprivate-bin a,b\nprivate-bin b,a\nprivate-bin C,A B\nprotocol unix,net\nprotocol inet,unix\n' \
>foo.profile
$ ./contrib/sort.py -n foo.profile
sort.py: checking 1 profile(s)...
foo.profile:2:-private-bin a,b
foo.profile:2:+private-bin a,b
foo.profile:3:-private-bin b,a
foo.profile:3:+private-bin a,b
foo.profile:4:-private-bin C,A B
foo.profile:4:+private-bin A B,C
foo.profile:5:-protocol unix,net
foo.profile:5:+protocol unix
foo.profile:6:-protocol inet,unix
foo.profile:6:+protocol unix,inet
Currently the output is mangled if the last item on the line contains
trailing whitespace and is moved when sorting.
So remove trailing whitespace in all lines (that is, not just in lines
containing supported commands).
Leave leading whitespace as is for now since it could potentially be
used for indentation.
Before:
$ printf '# hello world \nprivate-bin a,b \nprivate-bin b,a \nprivate-bin a,b\n' \
>foo.profile
$ ./contrib/sort.py -n foo.profile | tr ' ' .
sort.py:.checking.1.profile(s)...
foo.profile:3:-private-bin.b,a..
foo.profile:3:+private-bin.a..,b
After:
$ printf '# hello world \nprivate-bin a,b \nprivate-bin b,a \n' \
>foo.profile
$ ./contrib/sort.py -n foo.profile | tr ' ' .
sort.py:.checking.1.profile(s)...
foo.profile:1:-#.hello.world..
foo.profile:1:+#.hello.world
foo.profile:2:-private-bin.a,b..
foo.profile:2:+private-bin.a,b
foo.profile:3:-private-bin.b,a..
foo.profile:3:+private-bin.a,b
Rename `line` to `original_line` to make it less likely to accidentally
read from/write to it instead of the fixed line.
Rename `fixed_line` to `line` to make the code shorter since it is now
referenced much more often (up to 3 times in the same line of code) than
the original line.
See also commit aa17ca5fc ("sort.py: rename protocols to
original_protocols", 2022-10-17) / PR #5429.
