[GH-ISSUE #1636] Make Firejail available through composer by adding composer.json file (in all branches)

gitea-mirror commented

2026-05-05 07:27:19 -06:00

Owner

Originally created by @nuxwin on GitHub (Nov 7, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1636

@netblue30

Good morning,

One of our plugin make uses of your Firejail SUID program to create jailed environments. Because our plugin provides several jail builders (makejail, firejail...), we do not want source your program inside our plugin archive directly. Instead, our plugin make use of the PHP dependency manager (composer) to grab the Firejail package when it is needed:

...
=item _firejail( [ $action = 'deinstall' ] )

 Install or deinstall FireJail

 Param string $action Action to perform (install|deinstall)
 Return void, die on failure

=cut

sub _firejail
{
    my (undef, $action) = @_;
    $action //= 'deinstall';

    my $homeDir = "$main::imscpConfig{'GUI_ROOT_DIR'}/data/persistent/plugins/InstantSSH";

    iMSCP::Dir->new( dirname => $homeDir )->make(
        {
            user  => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'},
            group => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'},
            mode  => 0750
        }
    );

    my $composer = iMSCP::Composer->new(
        user          => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'},
        home_dir      => $homeDir,
        composer_path => '/usr/local/bin/composer'
    );
    $composer->getComposerJson( 'scalar' )->{'config'} = {
        %{$composer->getComposerJson( 'scalar' )->{'config'}},
        cafile => $main::imscpConfig{'DISTRO_CA_BUNDLE'},
        capath => $main::imscpConfig{'DISTRO_CA_PATH'}
    };
    $composer
        ->requirePackage( 'imscp/firejail', '~0.9.50.1-alpha.1' )
        ->setStdRoutines( \&_stdRoutine, \&_stdRoutine )
        ->updatePackages( undef, 'noautoloader' );

    local $CWD = "$homeDir/vendor/imscp/firejail";

    $File::chmod::UMASK = 0; # Stick to system CHMOD(1) behavior
    chmod( 'u+x', <*.sh> ) or die(
        sprintf( "Couldn't turns on the executable bit on the `%s` files: %s", join( ', ', <*.sh> ), $! )
    );

    if ( -f 'Makefile' ) {
        my $rs = execute( [ 'make', 'distclean' ], \my $stdout, \my $stderr );
        $rs == 0 or die( $stderr || 'Unknown error' );
        debug( $stdout ) if $stdout;
    }

    my $rs = execute( [ 'sh', 'configure', '--disable-x11' ], \my $stdout, \my $stderr );
    debug( $stdout ) if $stdout;
    $rs == 0 or die( $stderr || 'Unknown error' );

    $rs = execute( [ 'make', 'uninstall' ], \$stdout, \$stderr );
    debug( $stdout ) if $stdout;
    $rs == 0 or die( $stderr || 'Unknown error' );

    iMSCP::Dir->new( dirname => '/usr/local/etc/firejail' )->remove();

    if ( $action eq 'install' ) {
        $rs = execute( [ 'make', 'install' ], \$stdout, \$stderr );
        debug( $stdout ) if $stdout;
        $rs == 0 or die( $stderr || 'Unknown error' ) == 0 or die( $stderr || 'Unknown error' );

        for( 'firejail.config', 'login.users' ) {
            iMSCP::File->new(
                filename => "$main::imscpConfig{'PLUGINS_DIR'}/InstantSSH/config/etc/firejail/$_"
            )->copyFile(
                '/usr/local/etc/firejail', { preserve => 'no' }
            ) == 0 or die(
                getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error'
            )
        }
    }

    return unless -f '/etc/shells';

    my $file = iMSCP::File->new( filename => '/etc/shells' );
    my $fileContent = $file->get();
    defined $fileContent or die( getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error' );
    $fileContent =~ s%^/usr/local/bin/firejail\n%%gm;
    $fileContent .= "/usr/local/bin/firejail\n" unless $action eq 'deinstall';
    $file->set( $fileContent );
    $file->save() == 0 or die( getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error' );
}
...

For now, we've forked your repository and added the composer.json file to make your program available through packagist.org. However, it could be better to have the composer.json file hosted in upstream repository, that is, in your own repository. Of course, some could arg that the PHP dependency manager is for PHP dependencies only but in fact, it can be used for many purpose, hence our own usage.

Could it be possible?

Thank you.

See:

Originally created by @nuxwin on GitHub (Nov 7, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1636 @netblue30 Good morning, One of our plugin make uses of your Firejail SUID program to create jailed environments. Because our plugin provides several jail builders (makejail, firejail...), we do not want source your program inside our plugin archive directly. Instead, our plugin make use of the PHP dependency manager (composer) to grab the Firejail package when it is needed: ```perl ... =item _firejail( [ $action = 'deinstall' ] ) Install or deinstall FireJail Param string $action Action to perform (install|deinstall) Return void, die on failure =cut sub _firejail { my (undef, $action) = @_; $action //= 'deinstall'; my $homeDir = "$main::imscpConfig{'GUI_ROOT_DIR'}/data/persistent/plugins/InstantSSH"; iMSCP::Dir->new( dirname => $homeDir )->make( { user => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'}, group => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'}, mode => 0750 } ); my $composer = iMSCP::Composer->new( user => $main::imscpConfig{'SYSTEM_USER_PREFIX'} . $main::imscpConfig{'SYSTEM_USER_MIN_UID'}, home_dir => $homeDir, composer_path => '/usr/local/bin/composer' ); $composer->getComposerJson( 'scalar' )->{'config'} = { %{$composer->getComposerJson( 'scalar' )->{'config'}}, cafile => $main::imscpConfig{'DISTRO_CA_BUNDLE'}, capath => $main::imscpConfig{'DISTRO_CA_PATH'} }; $composer ->requirePackage( 'imscp/firejail', '~0.9.50.1-alpha.1' ) ->setStdRoutines( \&_stdRoutine, \&_stdRoutine ) ->updatePackages( undef, 'noautoloader' ); local $CWD = "$homeDir/vendor/imscp/firejail"; $File::chmod::UMASK = 0; # Stick to system CHMOD(1) behavior chmod( 'u+x', <*.sh> ) or die( sprintf( "Couldn't turns on the executable bit on the `%s` files: %s", join( ', ', <*.sh> ), $! ) ); if ( -f 'Makefile' ) { my $rs = execute( [ 'make', 'distclean' ], \my $stdout, \my $stderr ); $rs == 0 or die( $stderr || 'Unknown error' ); debug( $stdout ) if $stdout; } my $rs = execute( [ 'sh', 'configure', '--disable-x11' ], \my $stdout, \my $stderr ); debug( $stdout ) if $stdout; $rs == 0 or die( $stderr || 'Unknown error' ); $rs = execute( [ 'make', 'uninstall' ], \$stdout, \$stderr ); debug( $stdout ) if $stdout; $rs == 0 or die( $stderr || 'Unknown error' ); iMSCP::Dir->new( dirname => '/usr/local/etc/firejail' )->remove(); if ( $action eq 'install' ) { $rs = execute( [ 'make', 'install' ], \$stdout, \$stderr ); debug( $stdout ) if $stdout; $rs == 0 or die( $stderr || 'Unknown error' ) == 0 or die( $stderr || 'Unknown error' ); for( 'firejail.config', 'login.users' ) { iMSCP::File->new( filename => "$main::imscpConfig{'PLUGINS_DIR'}/InstantSSH/config/etc/firejail/$_" )->copyFile( '/usr/local/etc/firejail', { preserve => 'no' } ) == 0 or die( getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error' ) } } return unless -f '/etc/shells'; my $file = iMSCP::File->new( filename => '/etc/shells' ); my $fileContent = $file->get(); defined $fileContent or die( getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error' ); $fileContent =~ s%^/usr/local/bin/firejail\n%%gm; $fileContent .= "/usr/local/bin/firejail\n" unless $action eq 'deinstall'; $file->set( $fileContent ); $file->save() == 0 or die( getMessageByType( 'error', { amount => 1, remove => 1 } ) || 'Unknown error' ); } ... ``` For now, we've forked your repository and added the composer.json file to make your program available through packagist.org. However, it could be better to have the composer.json file hosted in upstream repository, that is, in your own repository. Of course, some could arg that the PHP dependency manager is for PHP dependencies only but in fact, it can be used for many purpose, hence our own usage. Could it be possible? Thank you. See: - https://packagist.org/packages/imscp/firejail - https://github.com/imscp-packages/firejail

gitea-mirror

2026-05-05 07:27:19 -06:00

closed this issue
added the
information_old
label

gitea-mirror commented

2026-05-05 07:27:24 -06:00

Author

Owner

@reinerh commented on GitHub (Nov 7, 2017):

Why don't you just install firejail via the package manager provided by your distribution?
Is it possible to add this file also in a subdirectory in platform/ where packaging-related files for other package management systems are located?

Btw packagist.org asks for very fishy workflows on their frontpage:

Run this in your command line:
curl -sS https://getcomposer.org/installer | php

@reinerh commented on GitHub (Nov 7, 2017): Why don't you just install firejail via the package manager provided by your distribution? Is it possible to add this file also in a subdirectory in platform/ where packaging-related files for other package management systems are located? Btw packagist.org asks for very fishy workflows on their frontpage: ``` Run this in your command line: curl -sS https://getcomposer.org/installer | php ```

gitea-mirror commented

2026-05-05 07:27:26 -06:00

Author

Owner

@nuxwin commented on GitHub (Nov 8, 2017):

@reinerh

Because most of time, versions provided by distribution packages are outdated.
Nops ;) That file must be stored at the root of the git repository, else, composer will not find it
There is no problem. What your're quoting is only a command allowing to install composer.phar, the PHP dependency manager. For our project, we use our own wrapper around composer.phar:

https://github.com/i-MSCP/imscp/blob/1.5.x/engine/PerlLib/iMSCP/Composer.pm#L147

@nuxwin commented on GitHub (Nov 8, 2017): @reinerh 1. Because most of time, versions provided by distribution packages are outdated. 2. Nops ;) That file must be stored at the root of the git repository, else, composer will not find it 3. There is no problem. What your're quoting is only a command allowing to install composer.phar, the PHP dependency manager. For our project, we use our own wrapper around composer.phar: https://github.com/i-MSCP/imscp/blob/1.5.x/engine/PerlLib/iMSCP/Composer.pm#L147

gitea-mirror commented

2026-05-05 07:27:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 9, 2017):

The biggest problem you have is firejail mainline branch is unstable. Most of the time it is a war zone. I would suggest in https://github.com/imscp-packages/firejail you bring in the latest release. Example:

git clone -b 0.9.50 http://github.com/netblue30/firejail

The latest is 0.9.50.

Another option is to use the LTS branch: https://github.com/netblue30/firejail/tree/0.9.38-LTS

git clone -b 0.9.38-LTS http://github.com/netblue30/firejail

This branch is always stable, we make sure we test everything before checking in fixes - only fixes are going in, no new developments. We can also add your composer.json file on this branch if you send a pull request.

@netblue30 commented on GitHub (Nov 9, 2017): The biggest problem you have is firejail mainline branch is unstable. Most of the time it is a war zone. I would suggest in https://github.com/imscp-packages/firejail you bring in the latest release. Example: ````` git clone -b 0.9.50 http://github.com/netblue30/firejail ````` The latest is 0.9.50. Another option is to use the LTS branch: https://github.com/netblue30/firejail/tree/0.9.38-LTS ````` git clone -b 0.9.38-LTS http://github.com/netblue30/firejail ````` This branch is always stable, we make sure we test everything before checking in fixes - only fixes are going in, no new developments. We can also add your composer.json file on this branch if you send a pull request.

gitea-mirror commented

2026-05-05 07:27:28 -06:00

Author

Owner

@nuxwin commented on GitHub (Nov 9, 2017):

@netblue30

You're totally right. Problem is that I cannot add earlier releases because the composer.json file was not present... So here, I've tagged current state of the 0.9.50-bugfixes branch as alpha release (0.9.50.1). But anyway, with that version, I'm encountering problems with the chroot feature (some files missing inside the /var/run/firejail/mnt directory and also my resolv.conf being rejected by firejail...) I need investigate a bit more before creating new issues here ;)

I stay you informed.

@nuxwin commented on GitHub (Nov 9, 2017): @netblue30 You're totally right. Problem is that I cannot add earlier releases because the composer.json file was not present... So here, I've tagged current state of the 0.9.50-bugfixes branch as alpha release (0.9.50.1). But anyway, with that version, I'm encountering problems with the chroot feature (some files missing inside the /var/run/firejail/mnt directory and also my resolv.conf being rejected by firejail...) I need investigate a bit more before creating new issues here ;) I stay you informed.

gitea-mirror commented

2026-05-05 07:27:29 -06:00

Author

Owner

@netblue30 commented on GitHub (Nov 10, 2017):

Not a problem, I can port ac0d75f943 on 0.9.50-bugfixes if you need it. We keep this branch around mainly for reference and big problems fixed on mainline.

When you build your chroot don't bother with resolv.conf. A simple empty file (touch chrootdir/etc/resolv.conf) will do it. Firejail will replace it with whatever you have in /etc/resolv.conf on the server in that moment.

@netblue30 commented on GitHub (Nov 10, 2017): Not a problem, I can port https://github.com/netblue30/firejail/commit/ac0d75f9431f28e0f2aa583d073c300883197e2e on 0.9.50-bugfixes if you need it. We keep this branch around mainly for reference and big problems fixed on mainline. When you build your chroot don't bother with resolv.conf. A simple empty file (touch chrootdir/etc/resolv.conf) will do it. Firejail will replace it with whatever you have in /etc/resolv.conf on the server in that moment.

gitea-mirror commented

2026-05-05 07:27:30 -06:00

Author

Owner

@chiraag-nataraj commented on GitHub (Sep 30, 2018):

The last commit in that repository was on Nov 13, 2017. I'm going to close this for now, since it seems like we're not going to add composer.json. If someone wants to re-open (that is, if I misunderstood the thread and adding this is still on the table), feel free to do so.

@chiraag-nataraj commented on GitHub (Sep 30, 2018): The last commit in that repository was on Nov 13, 2017. I'm going to close this for now, since it seems like we're not going to add composer.json. If someone wants to re-open (that is, if I misunderstood the thread and adding this is still on the table), feel free to do so.

gitea-mirror referenced this issue

2026-05-05 10:08:57 -06:00

[PR #1099] [MERGED] added iridium browser profile #3845

Rows
Columns

[GH-ISSUE #1636] Make Firejail available through composer by adding composer.json file (in all branches) #1099