-
Notifications
You must be signed in to change notification settings - Fork 569
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable apparmor support by default in update_deb.sh #3450
Conversation
https://github.com/netblue30/firejail/blob/master/mkdeb.sh.in#L45
|
@rusty-snake Yeah, using sed isn't the problem. I'm trying to create a script that creates deb files from the git code. https://github.com/netblue30/firejail/blob/master/mkdeb.sh is relevant for doing so with a tarball, so I'll need to dust of my Debian experience to try to integrate things nicely. I'm labelling this as WIP, my Ubuntu LTS is currently in a broken state due to 52e24db and dae3933 and I'll need some time to revive that. I use |
I'm not sure if it helps, but the .gitlab-ci.yml file (the debian_ci section) contains some rough instructions how to build a Debian package from a firejail upstream commit, with the build metadata/instructions from the current Debian package (except the patches; they are removed before the build, as they sometimes no longer apply cleanly, which would cause the CI to fail). |
@reinerh Thanks for the info, I'll look into that. While we're on the subject, I wonder how much extra work it would be to set up/maintain a PPA with daily builds or something similar? Do you think that's worth the effort? Not that I'm trying to shuffle my way out of anything, but I always considered you the best-placed collaborator for all things Debian/Ubuntu, so just asking for your input. |
It's not really much effort to set up a PPA. And I'm also not sure if that many users would actually be interested in daily builds (and are not able to build it for themselves). |
Thanks for the feedback. I tend to agree. It's probably sufficient to provide clear instructions on how to build from git and add warnings where due, like how to avoid overwriting firejail.config and a link to the relevant bug(s). |
This should bring the script in sync with packages installed from PPA.
IMO enabling apparmor support by default here ensures a git installation that is compatible with the OS repository and PPA packages (see the firejail-from-git wiki page).
One thing I'm not sure of is how we can patch firejail.config to accomodate https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916920.