[GH-ISSUE #3523] No more way to specify custom configure options when building deb? #2216

New issue

Closed

opened 2026-05-05 08:54:04 -06:00 by gitea-mirror · 10 comments

gitea-mirror commented 2026-05-05 08:54:04 -06:00

Owner

Copy link

Originally created by @laniakea64 on GitHub (Jul 18, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3523

Building firejail from 9ecd3cad54 is not possible with fj-mkdeb.py -

$ ./contrib/fj-mkdeb.py --enable-apparmor --disable-firetunnel
Error: Could not find the firejail source tree.  Exiting.

This is probably as of 87e7b31399 , where mkdeb.sh is now dynamically generated. But running the build commands directly still doesn't pick up all configure arguments:

$ ./configure --enable-apparmor --disable-firetunnel
$ make deb

That produces a deb with firetunnel support enabled:

$ firejail --version
firejail version 0.9.63

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

Could the dynamic generation of mkdeb.sh please take custom configure options into account?
Or is that still not possible, so fj-mkdeb.py needs to be updated?

Originally created by @laniakea64 on GitHub (Jul 18, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3523 Building firejail from https://github.com/netblue30/firejail/commit/9ecd3cad544c8a8b64d2d8e4acc0cede60d6c284 is not possible with `fj-mkdeb.py` - ``` $ ./contrib/fj-mkdeb.py --enable-apparmor --disable-firetunnel Error: Could not find the firejail source tree. Exiting. ``` This is probably as of 87e7b313997b1d2be6553cfb22fef71b74c84ea6 , where `mkdeb.sh` is now dynamically generated. But running the build commands directly still doesn't pick up all configure arguments: ``` $ ./configure --enable-apparmor --disable-firetunnel $ make deb ``` That produces a deb with firetunnel support **enabled**: ``` $ firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ``` Could the dynamic generation of `mkdeb.sh` please take custom configure options into account? Or is that still not possible, so `fj-mkdeb.py` needs to be updated?

gitea-mirror closed this issue 2026-05-05 08:54:05 -06:00

gitea-mirror commented 2026-05-05 08:54:07 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 19, 2020):

Could the dynamic generation of mkdeb.sh please take custom configure options into account?

It does. The error says something else. It should work with.

$ ./configure
$ ./contrib/fj-mkdeb.py --enable-apparmor --disable-firetunnel

<!-- gh-comment-id:660609403 --> @rusty-snake commented on GitHub (Jul 19, 2020): > Could the dynamic generation of mkdeb.sh please take custom configure options into account? It does. The error says something else. It should work with. ``` $ ./configure $ ./contrib/fj-mkdeb.py --enable-apparmor --disable-firetunnel ```

gitea-mirror commented 2026-05-05 08:54:08 -06:00

Author

Owner

Copy link

@laniakea64 commented on GitHub (Jul 20, 2020):

Unfortunately that still doesn't work -

$ firejail --version
firejail version 0.9.63

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is enabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

<!-- gh-comment-id:660741629 --> @laniakea64 commented on GitHub (Jul 20, 2020): Unfortunately that still doesn't work - ``` $ firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ```

gitea-mirror commented 2026-05-05 08:54:09 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 20, 2020):

But the error is gone? If not try to use --fj-src to workaround.

<!-- gh-comment-id:660931548 --> @rusty-snake commented on GitHub (Jul 20, 2020): But the error is gone? If not try to use `--fj-src` to workaround.

gitea-mirror commented 2026-05-05 08:54:10 -06:00

Author

Owner

Copy link

@laniakea64 commented on GitHub (Jul 20, 2020):

But the error is gone?

Yes it built without error. But as the output above shows, my configure options were still ignored.

Maybe it would help clarify the problem to link the longer back story? - https://github.com/netblue30/firejail/issues/772

I still don't know the reasoning behind https://github.com/netblue30/firejail/issues/772#issuecomment-249189442 . Now that mkdeb.sh is dynamically generated, does that reasoning still apply?

<!-- gh-comment-id:660996059 --> @laniakea64 commented on GitHub (Jul 20, 2020): > But the error is gone? Yes it built without error. But as the output above shows, my configure options were still ignored. Maybe it would help clarify the problem to link the longer back story? - https://github.com/netblue30/firejail/issues/772 I still don't know the reasoning behind https://github.com/netblue30/firejail/issues/772#issuecomment-249189442 . Now that `mkdeb.sh` is dynamically generated, does that reasoning still apply?

gitea-mirror commented 2026-05-05 08:54:10 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Jul 20, 2020):

I can't test it, because I have no debian, but this generates a mkdeb.sh with ./configure --prefix=/usr --enable-apparmor --disable-firetunnel:
./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel

<!-- gh-comment-id:661151219 --> @rusty-snake commented on GitHub (Jul 20, 2020): I can't test it, because I have no debian, but this generates a mkdeb.sh with `./configure --prefix=/usr --enable-apparmor --disable-firetunnel`: `./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel`

gitea-mirror commented 2026-05-05 08:54:11 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Jul 21, 2020):

I can't test it, because I have no debian...

Tested and it works on my end:

$ firejail --version
firejail version 0.9.63

Compile time support:
        - AppArmor support is enabled
        - AppImage support is enabled
        - chroot support is enabled
        - file and directory whitelisting support is enabled
        - file transfer support is enabled
        - firetunnel support is disabled
        - networking support is enabled
        - overlayfs support is enabled
        - private-home support is enabled
        - seccomp-bpf support is enabled
        - SELinux support is disabled
        - user namespace support is enabled
        - X11 sandboxing support is enabled

<!-- gh-comment-id:661997912 --> @Fred-Barclay commented on GitHub (Jul 21, 2020): > I can't test it, because I have no debian... Tested and it works on my end: ``` $ firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is enabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is disabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled ```

gitea-mirror commented 2026-05-05 08:54:12 -06:00

Author

Owner

Copy link

@laniakea64 commented on GitHub (Jul 22, 2020):

I can't test it, because I have no debian, but this generates a mkdeb.sh with ./configure --prefix=/usr --enable-apparmor --disable-firetunnel:
./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel

Thanks @rusty-snake for the workaround, it works for me too:

./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel && make deb

<!-- gh-comment-id:662167709 --> @laniakea64 commented on GitHub (Jul 22, 2020): > I can't test it, because I have no debian, but this generates a mkdeb.sh with `./configure --prefix=/usr --enable-apparmor --disable-firetunnel`: > `./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel` Thanks @rusty-snake for the workaround, it works for me too: ``` ./configure && ./contrib/fj-mkdeb.py --only-fix-mkdeb --enable-apparmor --disable-firetunnel && make deb ```

gitea-mirror commented 2026-05-05 08:54:13 -06:00

Author

Owner

Copy link

@laniakea64 commented on GitHub (Aug 25, 2020):

So will there be first-class availability of custom configure options for .deb build? Or does fj-mkdeb.py need to be patched based on the workaround above?

<!-- gh-comment-id:680323728 --> @laniakea64 commented on GitHub (Aug 25, 2020): So will there be first-class availability of custom configure options for .deb build? Or does `fj-mkdeb.py` need to be patched based on the workaround above?

gitea-mirror commented 2026-05-05 08:54:14 -06:00

Author

Owner

Copy link

@laniakea64 commented on GitHub (Sep 3, 2020):

So will there be first-class availability of custom configure options for .deb build? Or does fj-mkdeb.py need to be patched based on the workaround above?

I ask because if there still cannot be first-class availability of custom configure options for .deb build, I am the original author of fj-mkdeb.py and would try to look into updating it.

<!-- gh-comment-id:686529054 --> @laniakea64 commented on GitHub (Sep 3, 2020): > So will there be first-class availability of custom configure options for .deb build? Or does `fj-mkdeb.py` need to be patched based on the workaround above? I ask because if there still cannot be first-class availability of custom configure options for .deb build, I am the original author of `fj-mkdeb.py` and would try to look into updating it.

gitea-mirror commented 2026-05-05 08:54:14 -06:00

Author

Owner

Copy link

@rusty-snake commented on GitHub (Sep 3, 2020):

I see no reason why fj-mkdeb.py should not have a option for that.

<!-- gh-comment-id:686534264 --> @rusty-snake commented on GitHub (Sep 3, 2020): I see no reason why `fj-mkdeb.py` should not have a option for that.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2216

No description provided.