From 9aaf505431e478c24a2ea078c3366f77913da6d5 Mon Sep 17 00:00:00 2001 From: amano-kenji <106365348+amano-kenji@users.noreply.github.com> Date: Mon, 6 Jan 2025 16:42:30 +0000 Subject: [PATCH] profiles: refactor com.github.johnfactotum.Foliate into foliate.profile (#6582) On Gentoo Linux, there is `/usr/bin/foliate` instead of `/usr/bin/com.github.johnfactotum.Foliate`. --- .../com.github.johnfactotum.Foliate.profile | 58 +---------------- etc/profile-a-l/foliate.profile | 62 +++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 66 insertions(+), 55 deletions(-) create mode 100644 etc/profile-a-l/foliate.profile diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index 6177b52c061..ca68c933f3d 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile @@ -3,60 +3,8 @@ # This file is overwritten after every install/update # Persistent local customizations include com.github.johnfactotum.Foliate.local -# Persistent global definitions -include globals.local -noblacklist ${DOCUMENTS} -noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate -noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate +private-bin com.github.johnfactotum.Foliate -# Allow gjs (blacklisted by disable-interpreters.inc) -include allow-gjs.inc - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc -include disable-shell.inc -include disable-xdg.inc - -mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate -mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate -whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate -whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate -whitelist ${DOCUMENTS} -whitelist ${DOWNLOADS} -whitelist /usr/share/com.github.johnfactotum.Foliate -include whitelist-common.inc -include whitelist-usr-share-common.inc -include whitelist-var-common.inc - -apparmor -caps.drop all -machine-id -net none -nodvd -nogroups -noinput -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix -seccomp -tracelog - -disable-mnt -private-bin com.github.johnfactotum.Foliate,gjs -private-cache -private-dev -private-etc @x11,gconf -private-tmp - -read-only ${HOME} -read-write ${HOME}/.cache/com.github.johnfactotum.Foliate -read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate -restrict-namespaces +# Redirect +include foliate.profile diff --git a/etc/profile-a-l/foliate.profile b/etc/profile-a-l/foliate.profile new file mode 100644 index 00000000000..9ce28254f0b --- /dev/null +++ b/etc/profile-a-l/foliate.profile @@ -0,0 +1,62 @@ +# Firejail profile for foliate +# Description: Simple and modern GTK eBook reader +# This file is overwritten after every install/update +# Persistent local customizations +include foliate.local +# Persistent global definitions +include globals.local + +noblacklist ${DOCUMENTS} +noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate +noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate + +# Allow gjs (blacklisted by disable-interpreters.inc) +include allow-gjs.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate +mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate +whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate +whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate +whitelist ${DOCUMENTS} +whitelist ${DOWNLOADS} +whitelist /usr/share/com.github.johnfactotum.Foliate +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +machine-id +net none +nodvd +nogroups +noinput +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix +seccomp +tracelog + +disable-mnt +private-bin foliate,gjs +private-cache +private-dev +private-etc @x11,gconf +private-tmp + +read-only ${HOME} +read-write ${HOME}/.cache/com.github.johnfactotum.Foliate +read-write ${HOME}/.local/share/com.github.johnfactotum.Foliate +restrict-namespaces diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1e39a21b1f2..d2f0e9c253d 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -293,6 +293,7 @@ flashpeak-slimjet floorp flowblade fluffychat +foliate font-manager fontforge fossamail