Firecfg CLI archivers - missing and/or broken on Arch makepkg

[glitsj16]

I noticed that firecfg enables some of the available command-line archivers, but not others (see compiled list below). Is there any (official) policy to decide which archivers are supported in firecfg and which not? If this is simply due to omissions, we need to add the missing ones IMHO.

List of currently missing archiver (redirect) profiles in firecfg:

7z, 7za, 7zr, bsdcat, bsdcpio, bsdtar, cpio, gtar, gunzip, gzexe, gzip, lbunzip2, lbzcat, lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep, lzip, lzless, lzma, lzmainfo, lzmore, p7zip, tar, uncompress, unlzma, unrar, unxz, unzip, xz, xzcat, xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore, zcat, zcmp, zdiff, zegrep, zfgrep, zforce, zgrep, zless, zmore, znew

[rusty-snake]

Tools like *grep, *diff, *less, *more, .. should be added IMHO (after removing whitelist-var). Tools like xz, lzma, cpio maybe conflict with some packet-managers.

[glitsj16]

Tools like *grep, *diff, *less, *more, .. should be added IMHO (after removing whitelist-var).

I just checked. None of the CLI archivers includes whitelist-var-common.inc, so that shouldn't pose any problems.

[rusty-snake]

@glitsj16 you right, but maybe some noblacklist and writable-var-log (and writable-var?).

--writable-var-log
Use the real /var/log directory, not a clone. By default, a tmpfs is
mounted on top of /var/log directory, and a skeleton filesystem is
created based on the original /var/log.

[Vincent43]

Yeah, archivers are tricky due to package managers issues. bzip2 already causes trouble for me in Arch. I think it's better to focus on gui archivers like ark, engrampa, etc. which most people use and leave cli tools out from defaults.

[glitsj16]

@rusty-snake I agree, we should review all CLI-archivers for stuff like that. I've been doing this occasionally for a while now (manually firejailed all archivers that have a profile, I don't use firecfg). It did take a few .local files, but for me these archivers all work fine - both on Arch and Ubuntu 16.04 LTS. Only one exception: bsdtar (which I run non-firejailed).

@Vincent43 I tend to agree that firecfg should only deal with GUI archivers. I'm willing to make a PR for that shortly, allthough I'm not sure it will be in time for the upcoming 0.9.62 release (end-of-year holidays and all that...). Out of curiosity, what seems to be the problem with bzip2 you face on Arch exactly?

[Vincent43]

Out of curiosity, what seems to be the problem with bzip2 you face on Arch exactly?

I don't remember specifics right now but I think it caused issues with makepkg.

[glitsj16]

I don't remember specifics right now but I think it caused issues with makepkg.

@Vincent43 Sounds familiar. That seems to be where the bsdtar profile is causing havoc for me. After some more tests it seems to stem from the fact that Arch relies on fakeroot in makepkg. Outside makepkg these archivers seem to work just fine. For testing I added a fakeroot wrapper that disables firejailed applications via PATH manipulation, explicitly leaving out /usr/local/bin (where firecfg drops the symlinks). Far from ideal, but at least I'm able to keep archiver profiles enabled.

More research/testing is needed here, but this convinces me even more that we should implement your suggestion to leave CLI tools out of firecfg sooner rather than later. If we decide to take that road we should prepare for users asking support for (safe, reliable) ways to exclude/include profiles into firecfg (cfr. #3016).