Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

profiles: whois: re-fix private-etc #5643

Merged
merged 1 commit into from
Feb 6, 2023
Merged

Conversation

glitsj16
Copy link
Collaborator

@glitsj16 glitsj16 commented Feb 6, 2023

Thanks @rusty-snake for pointing out jwhois actually is a thing.

Copy link
Collaborator

@kmk3 kmk3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the changes are reverted as mentioned here, this PR won't be needed
(and it would be yet another commit that would need to be reverted).

@netblue30
Copy link
Owner

No problem, let's grab it as is. There could be more changes coming.

@netblue30 netblue30 merged commit 1be9bb3 into netblue30:master Feb 6, 2023
@glitsj16 glitsj16 deleted the whois-fix branch February 6, 2023 18:19
@kmk3
Copy link
Collaborator

kmk3 commented Feb 6, 2023

@netblue30 on Feb 6:

No problem, let's grab it as is. There could be more changes coming.

It is a problem actually: It makes it harder to revert only the relevant
changes, which is already very difficult due to some of the affected commits
changing both the profiles and the source code in the same commit and because
there is a merge of master into itself.

kmk3 added a commit to kmk3/firejail that referenced this pull request Feb 7, 2023
This reverts commit 5d0822c and later
commits that touch the same files (which is necessary in order to revert
the commit in question).

There seems to be a non-trivial amount of changes done in error in the
big refactor from commit 5d0822c ("private-etc: big profile changes",
2023-02-05).  For example, there are profiles for CLI programs
(including man.profile) and servers that now contain the @X11 group:

    $ git grep -l '^private-etc .*@X11' -- etc
    # [...]
    etc/profile-a-l/email-common.profile:private-etc @tls-ca,@X11,gnupg,hosts.conf,mailname,timezone
    etc/profile-m-z/man.profile:private-etc @X11,groff,man_db.conf,manpath.config,sysless
    etc/profile-m-z/mutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo
    etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver
    etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@X11,Nextcloud,host.conf,os-release
    etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@X11,host.conf,mime.types,rpc,services

Note: These are just the ones that I immediately noticed; it is possible
that there are many that I missed.

Part of the issue is that the groups appear to be inconsistent and
rather broad.  For exmaple, paths related to 3D graphics (vulkan) and
audio (openal) are in the @games group, which are not used only by games
and not all games use those standards/libraries.  As another example,
the @X11 group contains paths related to GTK, KDE and GPU hardware
acceleration, even though those are not necessarily tied to X11 (and
even though hardware acceleration may be used by headless programs).
Replacing the known paths with groups that are not very granular results
in loss of information about what exactly a profile actually needs and
so makes the profiles less self-documenting.  Note also that a given
path could potentially belong to multiple groups, which would preclude
using the "etc-cleanup" tool (in its current form at least), as it would
not know which is the correct group to replace the path with.

Command used to revert the changes:

    $ git revert \
      1be9bb3 \
      e889db0 \
      e6f2374 \
      acb0154 \
      740f502 \
      5649bd4 \
      2e4e9d1 \
      0f996ea \
      5d0822c

Note: This reverts commits from PRs netblue30#5641 netblue30#5642 netblue30#5643, most of which are
later re-applied.

Relates to netblue30#5610.
kmk3 added a commit to kmk3/firejail that referenced this pull request Feb 7, 2023
This reverts commit 5d0822c and later
commits that touch the same files (which is necessary in order to revert
the commit in question).

There seems to be a non-trivial amount of changes done in error in the
big refactor from commit 5d0822c ("private-etc: big profile changes",
2023-02-05).  For example, there are profiles for CLI programs
(including man.profile) and servers that now contain the @X11 group:

    $ git grep -l '^private-etc .*@X11' -- etc
    # [...]
    etc/profile-a-l/email-common.profile:private-etc @tls-ca,@X11,gnupg,hosts.conf,mailname,timezone
    etc/profile-m-z/man.profile:private-etc @X11,groff,man_db.conf,manpath.config,sysless
    etc/profile-m-z/mutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gai.conf,gnupg,gnutls,hosts.conf,mail,mailname,nntpserver,terminfo
    etc/profile-m-z/neomutt.profile:private-etc @tls-ca,@X11,Mutt,Muttrc,Muttrc.d,gnupg,hosts.conf,mail,mailname,neomuttrc,neomuttrc.d,nntpserver
    etc/profile-m-z/nextcloud.profile:private-etc @tls-ca,@X11,Nextcloud,host.conf,os-release
    etc/profile-m-z/nodejs-common.profile:private-etc @tls-ca,@X11,host.conf,mime.types,rpc,services

Note: These are just the ones that I immediately noticed; it is possible
that there are many that I missed.

Part of the issue is that the groups appear to be inconsistent and
rather broad.  For example, paths related to 3D graphics (vulkan) and
audio (openal) are in the @games group, which are not used only by games
and not all games use those standards/libraries.  As another example,
the @X11 group contains paths related to GTK, KDE and GPU hardware
acceleration, even though those are not necessarily tied to X11 (and
even though hardware acceleration may be used by headless programs).
Replacing the known paths with groups that are not very granular results
in loss of information about what exactly a profile actually needs and
so makes the profiles less self-documenting.  Note also that a given
path could potentially belong to multiple groups, which would preclude
using the "etc-cleanup" tool (in its current form at least), as it would
not know which is the correct group to replace the path with.

Command used to revert the changes:

    $ git revert \
      1be9bb3 \
      e889db0 \
      e6f2374 \
      acb0154 \
      740f502 \
      5649bd4 \
      2e4e9d1 \
      0f996ea \
      5d0822c

Note: This reverts commits from PRs netblue30#5641 netblue30#5642 netblue30#5643, most of which are
later re-applied.

Relates to netblue30#5610.
@kmk3 kmk3 changed the title whois: re-fix private-etc profiles: whois: re-fix private-etc Jul 9, 2024
kmk3 added a commit that referenced this pull request Oct 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done (on RELNOTES)
Development

Successfully merging this pull request may close these issues.

3 participants