Repository: netblue30/firetools Branch: master Commit: ead99ac1773f Files: 82 Total size: 414.5 KB Directory structure: gitextract_utvx9ppu/ ├── .gitignore ├── .travis.yml ├── COPYING ├── Makefile.in ├── README ├── README.md ├── RELNOTES ├── configure ├── configure.ac ├── install.sh ├── mkasc.sh ├── mkdeb.sh ├── mkman.sh ├── platform/ │ ├── debian/ │ │ ├── control │ │ └── copyright │ └── rpm/ │ ├── firetools.spec │ ├── mkrpm.sh │ └── old-mkrpm.sh ├── src/ │ ├── common/ │ │ ├── common.h │ │ ├── hyperlink.cpp │ │ ├── hyperlink.h │ │ ├── pid.cpp │ │ ├── pid.h │ │ ├── utils.cpp │ │ └── utils.h │ ├── firejail-ui/ │ │ ├── appdb.cpp │ │ ├── appdb.h │ │ ├── firejail-ui.desktop │ │ ├── firejail-ui.pro │ │ ├── firejail-ui.qrc │ │ ├── firejail_ui.h │ │ ├── help_widget.cpp │ │ ├── help_widget.h │ │ ├── home_widget.cpp │ │ ├── home_widget.h │ │ ├── main.cpp │ │ ├── network.cpp │ │ ├── restrictions │ │ ├── uihelp │ │ ├── uimenus │ │ ├── wizard.cpp │ │ └── wizard.h │ ├── firetools/ │ │ ├── applications.cpp │ │ ├── applications.h │ │ ├── firetools.desktop │ │ ├── firetools.h │ │ ├── firetools.pro │ │ ├── firetools.qrc │ │ ├── main.cpp │ │ ├── mainwindow.cpp │ │ ├── mainwindow.h │ │ └── uiapps │ ├── fmgr/ │ │ ├── config.cpp │ │ ├── fmgr.h │ │ ├── fmgr.pro │ │ ├── fmgr.qrc │ │ ├── fs.cpp │ │ ├── fs.h │ │ ├── main.cpp │ │ ├── mainwindow.cpp │ │ ├── mainwindow.h │ │ ├── topwidget.cpp │ │ └── topwidget.h │ ├── fstats/ │ │ ├── config.cpp │ │ ├── db.cpp │ │ ├── db.h │ │ ├── dbpid.cpp │ │ ├── dbpid.h │ │ ├── dbstorage.h │ │ ├── fstats.h │ │ ├── fstats.pro │ │ ├── fstats.qrc │ │ ├── graph.cpp │ │ ├── graph.h │ │ ├── main.cpp │ │ ├── pid_thread.cpp │ │ ├── pid_thread.h │ │ ├── stats_dialog.cpp │ │ └── stats_dialog.h │ └── man/ │ ├── firejail-ui.txt │ └── firetools.txt └── todo ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ *.o *.pyc *.so *~ autom4te.cache/ firetools_config.h firetools_config_extras.h sanitizer.sh Makefile config.log config.status build/ *.1 *.1.gz src/firejail-ui/moc* src/firejail-ui/qrc* src/fstats/moc* src/fstats/qrc* src/firetools/moc* src/firetools/qrc* src/fmgr/moc* src/fmgr/qrc* src/firejail-ui/.qmake.stash src/firetools/.qmake.stash src/fmgr/.qmake.stash src/fstats/.qmake.stash firetools-*.tar.xz firetools*.deb ================================================ FILE: .travis.yml ================================================ language: c++ dist: trusty sudo: true script: - sudo apt-get -y install libqt4-dev qt4-qmake lintian - ( cd firetools ; ./configure --enable-fatal-warnings --prefix=/usr && make && sudo make install && sudo make deb) ================================================ FILE: COPYING ================================================ GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. ================================================ FILE: Makefile.in ================================================ all: src firetools.1 firejail-ui.1 datarootdir=@datarootdir@ PREFIX=@prefix@ prefix=@prefix@ VERSION=@PACKAGE_VERSION@ NAME=@PACKAGE_NAME@ PACKAGE_TARNAME=@PACKAGE_TARNAME@ DOCDIR=@docdir@ firetools_config_extras.h: echo "#define PACKAGE_LIBDIR \"$(DESTDIR)/$(PREFIX)/lib/firetools\"" > firetools_config_extras.h .PHONY: src src: firetools_config_extras.h $(MAKE) -C $@ $(MFLAGS) firetools.1: src/man/firetools.txt ./mkman.sh $(VERSION) src/man/firetools.txt firetools.1 firejail-ui.1: src/man/firejail-ui.txt ./mkman.sh $(VERSION) src/man/firejail-ui.txt firejail-ui.1 clean:;rm -f build/*; rm -f *.1 *.1.gz; make -C src clean distclean: clean make -C src distclean rm -f firetools_config.h firetools_config_extras.h Makefile config.status config.log rm -f src/firetools/config.log src/firetools/config.status #fedora fix rm -f src/fmgr/config.log src/fmgr/config.status #fedora fix rm -f src/debmenu/config.log src/debmenu/config.status #fedora fix rm -f src/firejail-ui/config.log src/firejail-ui/config.status #fedora fix rm -fr autom4te.cache rm -f sanitizer.sh realinstall: mkdir -p $(DESTDIR)/$(PREFIX)/bin mkdir -p $(DESTDIR)/$(PREFIX)/share/applications mkdir -p $(DESTDIR)/$(PREFIX)/share/pixmaps mkdir -p $(DESTDIR)/$(PREFIX)/lib/firetools mkdir -p $(DESTDIR)/$(DOCDIR) mkdir -p $(DESTDIR)/$(PREFIX)/share/man/man1 install -c -m 0755 build/firetools $(DESTDIR)/$(PREFIX)/bin/. install -c -m 0755 build/firejail-ui $(DESTDIR)/$(PREFIX)/bin/. install -c -m 0755 build/fmgr $(DESTDIR)/$(PREFIX)/lib/firetools/fmgr install -c -m 0755 build/fstats $(DESTDIR)/$(PREFIX)/lib/firetools/fstats install -c -m 0644 src/firetools/uiapps $(DESTDIR)/$(PREFIX)/lib/firetools/. install -c -m 0644 src/firejail-ui/uimenus $(DESTDIR)/$(PREFIX)/lib/firetools/. install -c -m 0644 src/firejail-ui/uihelp $(DESTDIR)/$(PREFIX)/lib/firetools/. install -c -m 0644 src/firetools/firetools.desktop $(DESTDIR)/$(PREFIX)/share/applications/. install -c -m 0644 src/firejail-ui/firejail-ui.desktop $(DESTDIR)/$(PREFIX)/share/applications/. install -c -m 0644 src/firetools/resources/firetools.png $(DESTDIR)/$(PREFIX)/share/pixmaps/. install -c -m 0644 src/firetools/resources/firetools-minimal.png $(DESTDIR)/$(PREFIX)/share/pixmaps/. install -c -m 0644 src/firejail-ui/resources/firejail-ui.png $(DESTDIR)/$(PREFIX)/share/pixmaps/. install -c -m 0644 COPYING $(DESTDIR)/$(DOCDIR)/. install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/. install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/. rm -f firetools.1.gz gzip -n9 firetools.1 install -c -m 0644 firetools.1.gz $(DESTDIR)/$(PREFIX)/share/man/man1/. rm -f firejail-ui.1.gz gzip -n9 firejail-ui.1 install -c -m 0644 firejail-ui.1.gz $(DESTDIR)/$(PREFIX)/share/man/man1/. install: all $(MAKE) realinstall install-strip: all strip build/* $(MAKE) realinstall uninstall:; rm -f $(DESTDIR)/$(PREFIX)/bin/firetools rm -f $(DESTDIR)/$(PREFIX)/bin/firejail-ui rm -f $(DESTDIR)/$(PREFIX)/share/pixmaps/firetools.png rm -f $(DESTDIR)/$(PREFIX)/share/pixmaps/firetools-minimal.png rm -f $(DESTDIR)/$(PREFIX)/share/pixmaps/firejail-ui.png rm -f $(DESTDIR)/$(PREFIX)/share/applications/firetools.desktop rm -f $(DESTDIR)/$(PREFIX)/share/applications/firejail-ui.desktop rm -fr $(DESTDIR)/$(PREFIX)/share/doc/firetools rm -fr $(DESTDIR)/$(PREFIX)/share/man/man1/firetools.1* rm -fr $(DESTDIR)/$(PREFIX)/share/man/man1/firejail-ui.1* rm -fr $(DESTDIR)/$(PREFIX)/lib/firetools dist: mv config.status config.status.old make distclean mv config.status.old config.status rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz mkdir $(NAME)-$(VERSION) cd $(NAME)-$(VERSION); cp -a ../src .; rm -fr src/profile_editor; cp -a ../platform .; cd $(NAME)-$(VERSION); cp -a ../configure .; cp -a ../configure.ac .; cp -a ../Makefile.in .; cp -a ../install.sh .; cp -a ../mkdeb.sh .;cp -a ../mkask.sh .; cp -a ../mkman.sh .;cd .. cd $(NAME)-$(VERSION); cp -a ../COPYING .; cp -a ../README .; cp -a ../RELNOTES .; cd .. cd $(NAME)-$(VERSION); rm -fr `find . -name .svn`; rm -fr $(NAME)-$(VERSION); cd .. tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) rm -fr $(NAME)-$(VERSION) deb: dist ./mkdeb.sh $(NAME) $(VERSION) cppcheck: clean cppcheck --force . scan-build: clean scan-build make asc:; ./mkasc.sh $(VERSION) ================================================ FILE: README ================================================ Firetools is the graphical user interface of Firajail security sandbox. Download: http://sourceforge.net/projects/firejail/files/ Dependencies: firejail, Qt4 or Qt5 library, qmake Build and install: ./configure && make && sudo make install Documentation and support: http://firejail.wordpress.com License: GPL v2 or later Setting up a compilation environment: (Debian/Ubuntu)$ sudo apt-get install build-essential qt5-default qt5-qmake qtbase5-dev-tools libqt5svg5 git (CentOS 7)$ sudo yum install gcc-c++ qt5-qtbase-devel qt5-qtsvg.x86_64 git Compile and install: $ git clone https://github.com/netblue30/firetools $ cd firetools (Debian/Ubuntu)$ ./configure --prefix=/usr && make && sudo make install (CentOS 7)$ ./configure --prefix=/usr --with-qmake=/usr/lib64/qt5/bin/qmake && make && sudo make install Maintainer: - netblue30 (netblue30@yahoo.com) Committers: - Fred-Barclay (https://github.com/Fred-Barclay) - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) - smithsohu (https://github.com/smitsohu) - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer) - netblue30 (netblue30@yahoo.com) Firetools Authors: netblue30 (netblue30@yahoo.com) a1346054 (https://github.com/a1346054) - code cleanup Daniel Schildt (https://github.com/d2s) - ignore built packages in .gitignore - grayscale icon for launcher - fix/add comments throughout the code - add more auto-detected apps - improve visual style - reduce margins, improve usability - add signal-desktop icon dmio (https://github.com/dmio) - detect and switch qt versions with autotools helmutg (https://github.com/helmutg) - Use correct host-prefixed qmake to allow cross-building Piraty (https://github.com/Piraty) - use system's icons when available Reiner Herrmann - Debian and Ubuntu integration - various fixes Topi Miettinen (https://github.com/topimiettinen) - change labels to black to be visible with dark themes and various other fixes Warren Togami (https://github.com/wtogami) - rewrite of mkrpm.sh, Fedora packaging cleanup Terminal icon (gnome-terminal.png) taken from Gnome project, license LGPL v3 or CC BY-SA 3.0. Libreoffice-writer (libreoffice-writer.png) taken from LibreOffice project, license LGPL v3 (or later) or CC BY-SA 3.0 or MPL 1.1. Icedove icon (icedove.png) taken from Debian project, license MPL 1.1 or GPL v2 or LGPL v2.1. Firefox icon (firefox.png) taken from Firefox project, license MPL 2.0. fmgr and firejail-ui icons (go_top.png, go_up.png, user-home.png, gnome-fs-directory.png, empty.png) take from nuoveXT 2 project (http://gnome-look.org/content/show.php/nuoveXT+2?content=56625), license LGPL fmgr and firejail-ui icons (emblem-symbolic-link.png, view-refresh.png) taken from Adwaita project (http://gnome-look.org/content/show.php/?content=144237), license GPL Copyright (C) 2015 Firetools Authors ================================================ FILE: README.md ================================================ # Firetools Firetools is the graphical user interface of Firejail security sandbox. It provides a sandbox launcher integrated with the system tray, sandbox editing, management and statistics. The application is built using Qt5 library. Home page: https://firejailtools.wordpress.com Download: http://sourceforge.net/projects/firejail/files/firetools/ Travis-CI status: https://travis-ci.org/netblue30/firetools
Firetools Demo
Firetools Demo 		Firejail Introduction
Firejail Introduction
## Setting up a compilation environment: ````` (Debian/Ubuntu) $ sudo apt-get install build-essential qt5-default qt5-qmake qtbase5-dev-tools libqt5svg5 git (CentOS 7) $ sudo yum install gcc-c++ qt5-qtbase-devel qt5-qtsvg.x86_64 git ````` ## Compile & Install ````` $ git clone https://github.com/netblue30/firetools $ cd firetools (Debian/Ubuntu) $ ./configure (CentOS 7) ./configure --with-qmake=/usr/lib64/qt5/bin/qmake $ make $ sudo make install-strip ````` ## Usage: ````` FIRETOOLS(1) firetools man page FIRETOOLS(1) NAME Firetools - Graphical tools collection for Firejail security sandbox SYNOPSIS firetools [OPTIONS] DESCRIPTION Firetools is a GUI application for Firejail. It offers a system tray launcher for sandboxed apps, sandbox editing, management, and statistics. The software package also includes a sandbox config‐ uration wizard, firejail-ui. The list of applications recognized automatically by Firetools is stored in /usr/lib/firetools/ap‐ plist. To add more applications to the list drop a similar file in your home directory in ~/.con‐ fig/firetools/uiapps. OPTIONS --autostart Configure firetools to run automatically in system tray when X11 session is started. --debug Print debug messages. -?, --help Print options end exit. --version Print software version and exit. CONFIGURATION /usr/lib/firetools/uiapps file contains the default list of applications recognized by default. The user can add more applications by creating a simillar file in ~/.config/firetools/uiapps in user home directory. Each line describes an application as follows: executable; description; icon; (optional) firejail command Some examples: inkscape;Inkscape SVG Editor;inkscape calibre;eBook Reader;/usr/share/calibre/images/lt.png mpv;MPV;mpv;firejail mpv --player-operation-mode=pseudo-gui ABOUT FIREJAIL Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capa‐ bilities. It allows a process and all its descendants to have their own private view of the glob‐ ally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the Li‐ cense, or (at your option) any later version. Homepage: http://firejail.wordpress.com SEE ALSO firejail(1), firejail-ui(1), ````` ================================================ FILE: RELNOTES ================================================ firetools (0.9.72) baseline; urgency=low * modif: move hardcoded apps recognized by default in uiapps file * modif: remove sandbox edit dialog and replace it with uiapps file * feature: added uiapps file for default and user apps configuration * feature: added a system network monitor in sandbox stats * feature: added apparmor support in firejail-ui * feature: added bluetooth support in firejail-ui * feature: print final sandbox configuration in firejail-ui * bugfixes -- netblue30 Tue, 3 Jan 2023 08:00:00 -0500 firetools (0.9.64) baseline; urgency=low * more fdns support * support for firejail version 0.9.64 * bugfixes -- netblue30 Fri, 8 Jan 2021 08:00:00 -0500 firetools (0.9.62) baseline; urgency=low * added fdns support * added stats system tray icon * split network interface stats in a separate window * detect --net=none in network interface stats * support for Firejail LTS versions * bugfixes -- netblue30 Mon, 16 Dec 2019 08:00:00 -0500 firetools (0.9.52) baseline; urgency=low * modif: moving to a grayscale color scheme * feature: firewall support in stats window * feature: AppArmor support in stats window * feature: adding Signal to the default list of applications * bugfixes and various user interface improvements -- netblue30 Thu, 1 Mar 2018 13:00:00 -0500 firetools (0.9.50) baseline; urgency=low * modif: removed the periodic window update for seccomp, caps, and dns * feature: memory deny exec stats support * feature: print security profile name in stats window * feature: protocol support in firejail-ui * feature: nodvd support in firejail-ui * feature: novideo support in firejail-ui * feature: notv support in firejail-ui * enhancement: save window size for fmgr and fstats upon exit and restore it next time the program is started * enhancement: updated default application list * enhancement: rework icon search for firetools launcher * enhancement: --enable-fatal-warnings compile configuration * Travis CI integration * bugfixes -- netblue30 Sat, 30 Sep 2017 08:00:00 -0500 firetools (0.9.46) baseline; urgency=low * split firetools in two distinct executables * updated the default list of applications for firetools * added firejail-ui, a configuration wizard for firejail * move make dist from .tar.bz2 to .tar.xz * implemented detached signatures * bugfixes -- netblue30 Wed, 22 Feb 2017 08:00:00 -0500 firetools (0.9.44) baseline; urgency=low * support for firejail --x11 detection * bugfixes -- netblue30 Mon, 24 Oct 2016 08:00:00 -0500 firetools (0.9.40.1) baseline; urgency=low * bugfixes -- netblue30 Wed, 15 Jun 2016 08:00:00 -0500 firetools (0.9.40) baseline; urgency=low * Grsecurity support * updated the default application list * sandbox file manager (firemgr) application * protocols and cpu cores support * sandbox name support * X11 dispaly support * bugfixes -- netblue30 Sun, 29 May 2016 08:00:00 -0500 firetools (0.9.30) baseline; urgency=low * 1h and 12h statistics support * user namespaces support * QT5 support * applist update * bugfixes -- netblue30 Thu, 1 Sep 2015 08:00:00 -0500 firetools (0.9.26.1) baseline; urgency=low * RPM package support * bugfixes -- netblue30 Tue, 10 Jun 2015 08:00:00 -0500 firetools (0.9.26) baseline; urgency=low * first version -- netblue30 Tue, 19 May 2015 08:00:00 -0500 ================================================ FILE: configure ================================================ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for firetools 0.9.73. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: netblue30@yahoo.com about your system, including any $0: error possibly output before this message. Then install $0: a modern shell, or manually run the script under such a $0: shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firetools' PACKAGE_TARNAME='firetools' PACKAGE_VERSION='0.9.73' PACKAGE_STRING='firetools 0.9.73' PACKAGE_BUGREPORT='netblue30@yahoo.com' PACKAGE_URL='http://firejail.wordpress.com' ac_unique_file="src/firetools/main.cpp" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_subst_vars='LTLIBOBJS LIBOBJS QMAKE HAVE_FATAL_WARNINGS EGREP GREP CPP RANLIB LN_S INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM ac_ct_CXX CXXFLAGS CXX OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir runstatedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_fatal_warnings with_qmake ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CXX CXXFLAGS CCC CPP' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -runstatedir | --runstatedir | --runstatedi | --runstated \ | --runstate | --runstat | --runsta | --runst | --runs \ | --run | --ru | --r) ac_prev=runstatedir ;; -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ | --run=* | --ru=* | --r=*) runstatedir=$ac_optarg ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures firetools 0.9.73 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/firetools] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of firetools 0.9.73:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-fatal-warnings -W -Wall -Werror Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-qmake=PATH Path to qmake executable Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CXX C++ compiler command CXXFLAGS C++ compiler flags CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . firetools home page: . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF firetools configure 0.9.73 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_cxx_try_compile LINENO # ---------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_cxx_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_cxx_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_cxx_try_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## ---------------------------------- ## ## Report this to netblue30@yahoo.com ## ## ---------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by firetools $as_me 0.9.73, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu #AC_CONFIG_HEADERS([config.h]) ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_ext=cpp ac_cpp='$CXXCPP $CPPFLAGS' ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_cxx_compiler_gnu if test -z "$CXX"; then if test -n "$CCC"; then CXX=$CCC else if test -n "$ac_tool_prefix"; then for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CXX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CXX"; then ac_cv_prog_CXX="$CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CXX=$ac_cv_prog_CXX if test -n "$CXX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5 $as_echo "$CXX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CXX" && break done fi if test -z "$CXX"; then ac_ct_CXX=$CXX for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CXX+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CXX"; then ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CXX="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CXX=$ac_cv_prog_ac_ct_CXX if test -n "$ac_ct_CXX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5 $as_echo "$ac_ct_CXX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CXX" && break done if test "x$ac_ct_CXX" = x; then CXX="g++" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CXX=$ac_ct_CXX fi fi fi fi # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5 $as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; } if ${ac_cv_cxx_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_cxx_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5 $as_echo "$ac_cv_cxx_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GXX=yes else GXX= fi ac_test_CXXFLAGS=${CXXFLAGS+set} ac_save_CXXFLAGS=$CXXFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5 $as_echo_n "checking whether $CXX accepts -g... " >&6; } if ${ac_cv_prog_cxx_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_cxx_werror_flag=$ac_cxx_werror_flag ac_cxx_werror_flag=yes ac_cv_prog_cxx_g=no CXXFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_cv_prog_cxx_g=yes else CXXFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : else ac_cxx_werror_flag=$ac_save_cxx_werror_flag CXXFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : ac_cv_prog_cxx_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cxx_werror_flag=$ac_save_cxx_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5 $as_echo "$ac_cv_prog_cxx_g" >&6; } if test "$ac_test_CXXFLAGS" = set; then CXXFLAGS=$ac_save_CXXFLAGS elif test $ac_cv_prog_cxx_g = yes; then if test "$GXX" = yes; then CXXFLAGS="-g -O2" else CXXFLAGS="-g" fi else if test "$GXX" = yes; then CXXFLAGS="-O2" else CXXFLAGS= fi fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi # checking pthread library { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 $as_echo_n "checking for main in -lpthread... " >&6; } if ${ac_cv_lib_pthread_main+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lpthread $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { return main (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_pthread_main=yes else ac_cv_lib_pthread_main=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 $as_echo "$ac_cv_lib_pthread_main" >&6; } if test "x$ac_cv_lib_pthread_main" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBPTHREAD 1 _ACEOF LIBS="-lpthread $LIBS" else as_fn_error $? "*** POSIX thread support not installed - please install first ***" "$LINENO" 5 fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" if test "x$ac_cv_header_pthread_h" = xyes; then : else as_fn_error $? "*** POSIX thread support not installed - please install first ***" "$LINENO" 5 fi HAVE_FATAL_WARNINGS="" # Check whether --enable-fatal_warnings was given. if test "${enable_fatal_warnings+set}" = set; then : enableval=$enable_fatal_warnings; fi if test "x$enable_fatal_warnings" = "xyes"; then : HAVE_FATAL_WARNINGS="-W -Wall -Werror" fi QMAKE="" # Check whether --with-qmake was given. if test "${with_qmake+set}" = set; then : withval=$with_qmake; qmake="$withval" QMAKE="$qmake" else if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}qmake", so it can be a program name with args. set dummy ${ac_tool_prefix}qmake; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_QMAKE+:} false; then : $as_echo_n "(cached) " >&6 else case $QMAKE in [\\/]* | ?:[\\/]*) ac_cv_path_QMAKE="$QMAKE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_QMAKE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi QMAKE=$ac_cv_path_QMAKE if test -n "$QMAKE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $QMAKE" >&5 $as_echo "$QMAKE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_QMAKE"; then ac_pt_QMAKE=$QMAKE # Extract the first word of "qmake", so it can be a program name with args. set dummy qmake; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_ac_pt_QMAKE+:} false; then : $as_echo_n "(cached) " >&6 else case $ac_pt_QMAKE in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_QMAKE="$ac_pt_QMAKE" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_ac_pt_QMAKE="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_QMAKE=$ac_cv_path_ac_pt_QMAKE if test -n "$ac_pt_QMAKE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_QMAKE" >&5 $as_echo "$ac_pt_QMAKE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_QMAKE" = x; then QMAKE="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac QMAKE=$ac_pt_QMAKE fi else QMAKE="$ac_cv_path_QMAKE" fi fi echo "trying $QMAKE" #if test -f /usr/lib64/qt4/bin/qmake; then # QMAKE=/usr/lib64/qt4/bin/qmake #fi if test -z "$QMAKE" then as_fn_error $? "qmake and/or Qt are missing, please install them." "$LINENO" 5 fi if test -f "$QMAKE" then echo "found $QMAKE" else as_fn_error $? "qmake and/or Qt are missing, please install them." "$LINENO" 5 fi $QMAKE -v cd src/firetools && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/firejail-ui && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/fstats && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/fmgr && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cp confdefs.h firetools_config.h ac_config_files="$ac_config_files Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' # Transform confdefs.h into DEFS. # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. # # If the first sed substitution is executed (which looks for macros that # take arguments), then branch to the quote section. Otherwise, # look for a macro that doesn't take arguments. ac_script=' :mline /\\$/{ N s,\\\n,, b mline } t clear :clear s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g t quote s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g t quote b any :quote s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g s/\[/\\&/g s/\]/\\&/g s/\$/$$/g H :any ${ g s/^\n// s/\n/ /g p } ' DEFS=`sed -n "$ac_script" confdefs.h` ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by firetools $as_me 0.9.73, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE Configuration files: $config_files Report bugs to . firetools home page: ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ firetools config.status 0.9.73 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --he | --h | --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" eval set X " :F $CONFIG_FILES " shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi echo echo "Required run time packages:" echo " firejail" echo " libqt5svg5 (Qt5 SVG icon library) if the program was compiled for Qt5." echo ================================================ FILE: configure.ac ================================================ AC_PREREQ([2.68]) AC_INIT(firetools, 0.9.73, netblue30@yahoo.com, , http://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firetools/main.cpp]) #AC_CONFIG_HEADERS([config.h]) AC_PROG_CC AC_PROG_CXX AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_RANLIB # checking pthread library AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed - please install first ***])) AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed - please install first ***])) HAVE_FATAL_WARNINGS="" AC_ARG_ENABLE([fatal_warnings], AS_HELP_STRING([--enable-fatal-warnings], [-W -Wall -Werror])) AS_IF([test "x$enable_fatal_warnings" = "xyes"], [ HAVE_FATAL_WARNINGS="-W -Wall -Werror" AC_SUBST(HAVE_FATAL_WARNINGS) ]) QMAKE="" AC_ARG_WITH( qmake, AS_HELP_STRING( [--with-qmake=PATH], [Path to qmake executable] ), [ qmake="$withval" QMAKE="$qmake" ], [ AC_PATH_TOOL([QMAKE],[qmake]) ] ) echo "trying $QMAKE" #if test -f /usr/lib64/qt4/bin/qmake; then # QMAKE=/usr/lib64/qt4/bin/qmake #fi if test -z "$QMAKE" then AC_MSG_ERROR([qmake and/or Qt are missing, please install them.]) fi if test -f "$QMAKE" then echo "found $QMAKE" else AC_MSG_ERROR([qmake and/or Qt are missing, please install them.]) fi $QMAKE -v cd src/firetools && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/firejail-ui && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/fstats && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cd src/fmgr && CXXFLAGS="$CXXFLAGS $HAVE_FATAL_WARNINGS" $QMAKE && cd ../.. cp confdefs.h firetools_config.h AC_OUTPUT(Makefile) echo echo "Required run time packages:" echo " firejail" echo " libqt5svg5 (Qt5 SVG icon library) if the program was compiled for Qt5." echo ================================================ FILE: install.sh ================================================ #!/bin/sh echo "installing..." ================================================ FILE: mkasc.sh ================================================ #!/bin/sh echo "Calculating SHA256 for all files in /transfer - firetools version $1" cd /transfer sha256sum -- * > "firetools-$1-unsigned" gpg --clearsign --digest-algo SHA256 < "firetools-$1-unsigned" > "firetools-$1.asc" gpg --verify "firetools-$1.asc" gpg --detach-sign --armor "firetools-$1.tar.xz" rm "firetools-$1-unsigned" ================================================ FILE: mkdeb.sh ================================================ #!/bin/sh # a code archive should already be available TOP=$(pwd) CODE_ARCHIVE="$1-$2.tar.xz" CODE_DIR="$1-$2" INSTALL_DIR="$TOP/debian" DEBIAN_CTRL_DIR="$TOP/debian/DEBIAN" DEBIAN_CTRL_DIR+="/debian/DEBIAN" echo "*****************************************" echo "code archive: $CODE_ARCHIVE" echo "code directory: $CODE_DIR" echo "install directory: $INSTALL_DIR" echo "debian control directory: $DEBIAN_CTRL_DIR" echo "*****************************************" tar -xJvf "$CODE_ARCHIVE" mkdir -p "$INSTALL_DIR" cd "$CODE_DIR" ./configure --prefix=/usr make -j4 DESTDIR=$INSTALL_DIR make install-strip cd .. echo "*****************************************" SIZE=$(du -s debian/usr) echo "install size $SIZE" echo "*****************************************" INSTALL_DIR="$TOP/debian/usr" mv "$INSTALL_DIR/share/doc/firetools/RELNOTES" "$INSTALL_DIR/share/doc/firetools/changelog.Debian" gzip -9 -n "$INSTALL_DIR/share/doc/firetools/changelog.Debian" rm "$INSTALL_DIR/share/doc/firetools/COPYING" cp platform/debian/copyright "$INSTALL_DIR/share/doc/firetools/." mkdir -p "$DEBIAN_CTRL_DIR" sed "s/FIRETOOLSVER/$2/g" platform/debian/control > "$DEBIAN_CTRL_DIR/control" find ./debian -type d -exec chmod 755 {} + dpkg-deb --build debian lintian debian.deb mv debian.deb "firetools_$2_1_amd64.deb" echo "if building a 32bit package, rename the deb file manually" rm -fr debian rm -fr "$CODE_DIR" ================================================ FILE: mkman.sh ================================================ #!/bin/sh set -e sed "s/VERSION/$1/g" $2 > $3 MONTH=$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b) sed -i "s/MONTH/$MONTH/g" $3 YEAR=$(LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y) sed -i "s/YEAR/$YEAR/g" $3 ================================================ FILE: platform/debian/control ================================================ Package: firetools Version: FIRETOOLSVER-1 Architecture: amd64 Maintainer: netblue30 Installed-Size: 684 Depends: libqt5gui5, libqt5svg5, libc6 Section: admin Priority: optional Homepage: http://firejail.sourceforge.net Description: Firejail graphical user interface program. Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccmp-bpf and Linux capabilities. . Firetools is the graphical interface of Firejail. Built using Qt4/Qt5 library, it provides a sandbox launcher, editing, management and statistics. ================================================ FILE: platform/debian/copyright ================================================ This is the Debian/Ubuntu prepackaged version of firetools. Firetools is the graphical interface of Firejail security sandbox. Copyright (C) 2014,2017 Firetools Authors (see README file for more details) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. The complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL-2. Homepage: http://firejail.sourceforge.net. ================================================ FILE: platform/rpm/firetools.spec ================================================ %define __spec_install_post %{nil} %define debug_package %{nil} %define __os_install_post %{_dbpath}/brp-compress Summary: Firejail graphical user interface Name: firetools Version: FIRETOOLSVERSION Release: 1%{?dist} License: GPL+ Group: Development/Tools SOURCE0 : %{name}-%{version}.tar.xz URL: http://firejail.sourceforege.net BuildRequires: qt5-qtbase-devel Requires: firejail qt5-qtsvg %description Firetools is the graphical user interface of Firejail. Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. %prep %setup -q %build %configure --with-qmake=/usr/bin/qmake-qt5 make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT %make_install rm -rf $RPM_BUILD_ROOT/%{_docdir}/ %files %defattr(-,root,root,-) %doc COPYING README RELNOTES %{_bindir}/* %{_mandir}/* %{_datadir}/applications/firetools.desktop %{_datadir}/pixmaps/firetools.png %{_datadir}/pixmaps/firetools-minimal.png %changelog * Wed Sep 21 2016 Warren Togami 0.9.40.1-1 - clean up rpm spec to roughly Fedora Packaging Guidelines - easy self-contained build from git repo with ./mkrpm.sh as a non-root user * Wed Jun 15 2016 netblue30 0.9.40.1-1 - bugfixes * Sun May 29 2016 netblue30 0.9.40-1 - Grsecurity support - updated the default application list - sandbox file manager (firemgr) application - protocols and cpu cores support - sandbox name support - X11 dispaly support - bugfixes * Sat Oct 3 2015 netblue30 0.9.30-1 - 1h and 12h statistics support - user namespaces support - QT5 support - applist update - bugfixes * Mon Jun 15 2015 netblue30 0.9.26.1 - First rpm package release ================================================ FILE: platform/rpm/mkrpm.sh ================================================ #!/bin/bash ### ### mkrpm.sh ### NAME and VER are read from configure.ac. ### The VER git tag is exported into a tarball and built into an RPM package. ### set -e # stop upon non-zero return #set -x # print everything this script does # Sanity check: necessary tools for CMD in git sed rpmbuild; do if ! which $CMD > /dev/null 2>&1; then echo "ERROR: Command not found: $CMD" && exit 255 fi done # Sanity check: base source directory is expected for DIRNAME in $(dirname $0)/../rpm $(dirname $0)/../../platform; do if [ ! -d $DIRNAME ]; then echo "ERROR: Unexpected directory, aborting." exit 255 fi done PATH_TO_BASESRC=$(readlink -f $(dirname $0)/../../) NAME=$(grep AC_INIT $PATH_TO_BASESRC/configure.ac | sed -r 's/^AC_INIT\(([a-z]+),.*/\1/') VER=$(grep AC_INIT $PATH_TO_BASESRC/configure.ac | sed -r 's/^AC_INIT\([a-z]+, ?([\.0-9]+),.*/\1/') # export tarball archive from git tag cd $PATH_TO_BASESRC mkdir -p build git -c tar.tar.xz.command="xz -c9" archive --prefix=$NAME-$VER/ -o build/$NAME-$VER.tar.xz $VER PATH_TO_TARBALL=$(readlink -f build/$NAME-$VER.tar.xz) PATH_TO_SPEC=$(readlink -f platform/rpm/$NAME.spec) cd - # fresh temporary rpmbuild _topdir for each build mkdir -p $HOME/tmprpmbuild export RPMTMPDIR=$(mktemp -d -p $HOME/tmprpmbuild) mkdir -p $RPMTMPDIR/{RPMS,SRPMS,BUILD,SOURCES,SPECS} # stage rpmbuild inputs cp $PATH_TO_TARBALL $RPMTMPDIR/SOURCES/ cp $PATH_TO_SPEC $RPMTMPDIR/SPECS/ sed -i "s/Version: FIRETOOLSVERSION/Version: $VER/" $RPMTMPDIR/SPECS/$NAME.spec # build rpmbuild --define='_topdir %{getenv:RPMTMPDIR}' -ba $RPMTMPDIR/SPECS/$NAME.spec # copy rpmbuild outputs to build/ directory rm -rf $PATH_TO_BASESRC/build/*.rpm cp $(find $RPMTMPDIR -name '*.rpm') $PATH_TO_BASESRC/build/ # success echo echo " BUILD COMPLETE" echo find $PATH_TO_BASESRC/build/ -name '*.rpm' ================================================ FILE: platform/rpm/old-mkrpm.sh ================================================ #!/bin/bash VER="0.9.62" cd ~ rm -fr rpmbuild mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp} cat <~/.rpmmacros %_topdir %(echo $HOME)/rpmbuild %_tmppath %{_topdir}/tmp EOF cd ~/rpmbuild mkdir -p firetools-$VER/usr/bin install -m 755 /usr/bin/firetools firetools-$VER/usr/bin/. install -m 755 /usr/bin/firejail-ui firetools-$VER/usr/bin/. mkdir -p firetools-$VER/usr/lib/firetools install -m 755 /usr/lib/firetools/fmgr firetools-$VER/usr/lib/firetools/. install -m 755 /usr/lib/firetools/fstats firetools-$VER/usr/lib/firetools/. install -m 644 /usr/lib/firetools/uimenus firetools-$VER/usr/lib/firetools/. install -m 644 /usr/lib/firetools/uihelp firetools-$VER/usr/lib/firetools/. mkdir -p firetools-$VER/usr/share/applications/ install -m 644 /usr/share/applications/firetools.desktop firetools-$VER/usr/share/applications/. install -m 644 /usr/share/applications/firejail-ui.desktop firetools-$VER/usr/share/applications/. mkdir -p firetools-$VER/usr/share/pixmaps install -m 644 /usr/share/pixmaps/firetools-minimal.png firetools-$VER/usr/share/pixmaps/. install -m 644 /usr/share/pixmaps/firetools.png firetools-$VER/usr/share/pixmaps/. install -m 644 /usr/share/pixmaps/firetools-minimal.png firetools-$VER/usr/share/pixmaps/. install -m 644 /usr/share/pixmaps/firejail-ui.png firetools-$VER/usr/share/pixmaps/. mkdir -p firetools-$VER/usr/share/doc/firetools install -m 644 /usr/share/doc/firetools/COPYING firetools-$VER/usr/share/doc/firetools/. install -m 644 /usr/share/doc/firetools/README firetools-$VER/usr/share/doc/firetools/. install -m 644 /usr/share/doc/firetools/RELNOTES firetools-$VER/usr/share/doc/firetools/. mkdir -p firetools-$VER/usr/share/man/man1 install -m 644 /usr/share/man/man1/firetools.1.gz firetools-$VER/usr/share/man/man1/. install -m 644 /usr/share/man/man1/firejail-ui.1.gz firetools-$VER/usr/share/man/man1/. tar -czvf firetools-$VER.tar.gz firetools-$VER cp firetools-$VER.tar.gz SOURCES/. cat < SPECS/firetools.spec %define __spec_install_post %{nil} %define debug_package %{nil} %define __os_install_post %{_dbpath}/brp-compress Summary: Firejail user interface Name: firetools Version: $VER Release: 1 License: GPL+ Group: Development/Tools SOURCE0 : %{name}-%{version}.tar.gz URL: http://firejail.sourceforege.net BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root %description Firetools is the graphical user interface of Firejail. Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. %prep %setup -q %build %install rm -rf %{buildroot} mkdir -p %{buildroot} cp -a * %{buildroot} %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) %{_bindir}/* %{_docdir}/* %{_mandir}/* /usr/share/applications/firetools.desktop /usr/share/applications/firejail-ui.desktop /usr/share/pixmaps/firetools.png /usr/share/pixmaps/firetools-minimal.png /usr/share/pixmaps/firejail-ui.png /usr/lib/firetools/fmgr /usr/lib/firetools/fstats /usr/lib/firetools/uihelp /usr/lib/firetools/uimenus %changelog * Tue Dec 17 2019 netblue30 0.9.62-1 * Thu Jan 24 2019 netblue30 0.9.58-1 * Fri Mar 2 2018 netblue30 0.9.52-1 * Mon Oct 2 2017 netblue30 0.9.50-1 * Fri Feb 24 2017 netblue30 0.9.46-1 - split firetools in two distinct executables - updated the default list of applications for firetools - added firejail-ui, a configuration wizard for firejail - move make dist from .tar.bz2 to .tar.xz - implemented detached signatures - bugfixes * Mon Oct 24 2016 netblue30 0.9.44-1 - support for firejail --x11 detection - bugfixes * Sun May 29 2016 netblue30 0.9.40-1 - Grsecurity support - updated the default application list - sandbox file manager (firemgr) application - protocols and cpu cores support - sandbox name support - X11 dispaly support - bugfixes * Sat Oct 3 2015 netblue30 0.9.30-1 - 1h and 12h statistics support - user namespaces support - QT5 support - applist update - bugfixes * Mon Jun 15 2015 netblue30 0.9.26.1 - First rpm package release EOF rpmbuild -ba SPECS/firetools.spec rpm -qpl RPMS/x86_64/firetools-$VER-1.x86_64.rpm cd .. rm -f firetools-$VER-1.x86_64.rpm cp rpmbuild/RPMS/x86_64/firetools-$VER-1.x86_64.rpm . ================================================ FILE: src/common/common.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef COMMON_H #define COMMON_H //#define _GNU_SOURCE #include #include #include #include #include #include #include #include #include #include #include #define errExit(msg) do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0) // macro to print ip addresses in a printf statement #define PRINT_IP(A) \ ((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF)) // macro to print a mac addresses in a printf statement #define PRINT_MAC(A) \ ((unsigned) (*(A)) & 0xff), ((unsigned) (*((A) + 1) & 0xff)), ((unsigned) (*((A) + 2) & 0xff)), \ ((unsigned) (*((A) + 3)) & 0xff), ((unsigned) (*((A) + 4) & 0xff)), ((unsigned) (*((A) + 5)) & 0xff) // convert a network mask to the number of bits static inline uint8_t mask2bits(uint32_t mask) { uint32_t tmp = 0x80000000; int i; uint8_t rv = 0; for (i = 0; i < 32; i++, tmp >>= 1) { if (tmp & mask) rv++; else break; } return rv; } // read an IPv4 address and convert it to uint32_t static inline int atoip(const char *str, uint32_t *ip) { unsigned a, b, c, d; // allow only numbers const char *ptr = str; while (*ptr != '\0') { if (isdigit(*ptr) || *ptr == '.') ; else return 1; ptr++; } if (sscanf(str, "%u.%u.%u.%u", &a, &b, &c, &d) != 4 || a > 255 || b > 255 || c > 255 || d > 255) return 1; *ip = a * 0x1000000 + b * 0x10000 + c * 0x100 + d; return 0; } // verify ip address is in the ifip/ifmask network range static inline char *in_netrange(uint32_t ip, uint32_t ifip, uint32_t ifmask) { if ((ip & ifmask) != (ifip & ifmask)) return (char *) "Error: the IP address is not in the interface range\n"; else if ((ip & ifmask) == ip) return (char *) "Error: the IP address is a network address\n"; else if ((ip | ~ifmask) == ip) return (char *) "Error: the IP address is a network address\n"; return NULL; } #endif ================================================ FILE: src/common/hyperlink.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "hyperlink.h" Hyperlink::Hyperlink( const QString & text, QWidget * parent ) :QLabel(parent) { (void) text; } void Hyperlink::mousePressEvent ( QMouseEvent * event ) { (void) event; emit clicked(); } ================================================ FILE: src/common/hyperlink.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef HYPERLINK_H #define HYPERLINK_H #include class Hyperlink : public QLabel { Q_OBJECT public: Hyperlink( const QString & text, QWidget * parent = 0 ); ~Hyperlink(){} signals: void clicked(); protected: void mousePressEvent ( QMouseEvent * event ) ; }; #endif ================================================ FILE: src/common/pid.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "common.h" #include "pid.h" #include "utils.h" #include #include #include #include #include #include #define PIDS_BUFLEN 4096 Process *pids = 0; ProcessData *pids_data = 0; int pids_first = 0; int pids_last = 0; int max_pids = 32769; static int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid); // get the memory associated with this pid void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared) { // open stat file char *file; if (asprintf(&file, "/proc/%u/statm", pid) == -1) { perror("asprintf"); exit(1); } FILE *fp = fopen(file, "r"); if (!fp) { free(file); return; } free(file); unsigned a, b, c; if (3 != fscanf(fp, "%u %u %u", &a, &b, &c)) { fclose(fp); return; } *rss += b; *shared += c; fclose(fp); } void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime) { // open stat file char *file; if (asprintf(&file, "/proc/%u/stat", pid) == -1) { perror("asprintf"); exit(1); } FILE *fp = fopen(file, "r"); if (!fp) { free(file); return; } free(file); char line[PIDS_BUFLEN]; if (fgets(line, PIDS_BUFLEN - 1, fp)) { char *ptr = line; // jump 13 fields int i; for (i = 0; i < 13; i++) { while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') ptr++; if (*ptr == '\0') goto myexit; ptr++; } if (2 != sscanf(ptr, "%u %u", utime, stime)) goto myexit; } myexit: fclose(fp); } unsigned long long pid_get_start_time(unsigned pid) { // open stat file char *file; if (asprintf(&file, "/proc/%u/stat", pid) == -1) { perror("asprintf"); exit(1); } FILE *fp = fopen(file, "r"); if (!fp) { free(file); return 0; } free(file); char line[PIDS_BUFLEN]; unsigned long long retval = 0; if (fgets(line, PIDS_BUFLEN - 1, fp)) { char *ptr = line; // jump 21 fields int i; for (i = 0; i < 21; i++) { while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') ptr++; if (*ptr == '\0') goto myexit; ptr++; } if (1 != sscanf(ptr, "%llu", &retval)) goto myexit; } myexit: fclose(fp); return retval; } char *pid_get_user_name(uid_t uid) { struct passwd *pw = getpwuid(uid); if (pw) return strdup(pw->pw_name); return NULL; } uid_t pid_get_uid(pid_t pid) { uid_t rv = 0; // open stat file char *file; if (asprintf(&file, "/proc/%u/status", pid) == -1) { perror("asprintf"); exit(1); } FILE *fp = fopen(file, "r"); if (!fp) { free(file); return 0; } // look for firejail executable name char buf[PIDS_BUFLEN]; while (fgets(buf, PIDS_BUFLEN - 1, fp)) { if (strncmp(buf, "Uid:", 4) == 0) { char *ptr = buf + 5; while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { ptr++; } if (*ptr == '\0') goto doexit; rv = atoi(ptr); break; // break regardless! } } doexit: fclose(fp); free(file); return rv; } // recursivity!!! // mon_pid: pid of sandbox to be monitored, 0 if all sandboxes are included void pid_read(pid_t mon_pid) { //timetrace_start(); if (pids == NULL) { FILE *fp = fopen("/proc/sys/kernel/pid_max", "r"); if (fp) { int val; if (fscanf(fp, "%d", &val) == 1) { if (val >= max_pids) max_pids = val + 1; } fclose(fp); } pids = (Process *) malloc(sizeof(Process) * max_pids + 1); if (pids == NULL) errExit("malloc"); memset(pids, 0, sizeof(Process) * max_pids); pids_data = (ProcessData *) malloc(sizeof(ProcessData) * max_pids + 1); if (pids == NULL) errExit("malloc"); memset(pids_data, 0, sizeof(Process) * max_pids); } memset(pids + pids_first, 0, sizeof(Process) * (pids_last - pids_first + 1)); pids_first = 0; pids_last = 0; pid_t mypid = getpid(); DIR *dir; if (!(dir = opendir("/proc"))) { // sleep 2 seconds and try again sleep(2); if (!(dir = opendir("/proc"))) { fprintf(stderr, "Error: cannot open /proc directory\n"); exit(1); } } pid_t child = -1; struct dirent *entry; char *end; while (child < 0 && (entry = readdir(dir))) { pid_t pid = strtol(entry->d_name, &end, 10); pid %= max_pids; pids_last = pid; if (end == entry->d_name || *end) continue; if (pid == mypid) continue; // open stat file char *file; if (asprintf(&file, "/proc/%u/status", pid) == -1) { perror("asprintf"); exit(1); } FILE *fp = fopen(file, "r"); if (!fp) { free(file); continue; } memset(&pids_data[pid], 0, sizeof(ProcessData)); // look for firejail executable name char buf[PIDS_BUFLEN]; while (fgets(buf, PIDS_BUFLEN - 1, fp)) { if (strncmp(buf, "Name:", 5) == 0) { char *ptr = buf + 5; while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { ptr++; } if (*ptr == '\0') { fprintf(stderr, "Error: cannot read /proc file\n"); exit(1); } if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { if (pid_proc_cmdline_x11_xpra_xephyr(pid)) pids[pid].level = 0; else { pids[pid].level = 1; if (pids_first == 0) pids_first = pid; } } else pids[pid].level = 0; } if (strncmp(buf, "State:", 6) == 0) { if (strstr(buf, "(zombie)")) pids[pid].level = 0; } else if (strncmp(buf, "PPid:", 5) == 0) { char *ptr = buf + 5; while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { ptr++; } if (*ptr == '\0') { fprintf(stderr, "Error: cannot read /proc file\n"); exit(1); } unsigned parent = atoi(ptr); parent %= max_pids; pids_data[pid].parent = parent; if (pids[parent].level > 0) pids[pid].level = (pids[parent].level == UCHAR_MAX)? UCHAR_MAX: pids[parent].level + 1; //if (pids[pid].level) //printf("pid %d level %u parent %d\n", pid, pids[pid].level, pids_data[pid].parent); } else if (strncmp(buf, "Uid:", 4) == 0) { if (pids[pid].level > 0) { char *ptr = buf + 5; while (*ptr != '\0' && (*ptr == ' ' || *ptr == '\t')) { ptr++; } if (*ptr == '\0') { fprintf(stderr, "Error: cannot read /proc file\n"); exit(1); } pids_data[pid].uid = atoi(ptr); } break; } } fclose(fp); free(file); } closedir(dir); } // return 1 if error int name2pid(const char *name, pid_t *pid) { pid_t parent = getpid(); DIR *dir; if (!(dir = opendir("/proc"))) { // sleep 2 seconds and try again sleep(2); if (!(dir = opendir("/proc"))) { fprintf(stderr, "Error: cannot open /proc directory\n"); exit(1); } } struct dirent *entry; char *end; while ((entry = readdir(dir))) { pid_t newpid = strtol(entry->d_name, &end, 10); if (end == entry->d_name || *end) continue; if (newpid == parent) continue; // check if this is a firejail executable char *comm = pid_proc_comm(newpid); if (comm) { // remove \n char *ptr = strchr(comm, '\n'); if (ptr) *ptr = '\0'; if (strcmp(comm, "firejail")) { free(comm); continue; } free(comm); } char *cmd = pid_proc_cmdline(newpid); if (cmd) { // mark the end of the name char *ptr = strstr(cmd, "--name="); char *start = ptr; if (!ptr) { free(cmd); continue; } while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') ptr++; *ptr = '\0'; int rv = strcmp(start + 7, name); if (rv == 0) { free(cmd); *pid = newpid; closedir(dir); return 0; } free(cmd); } } closedir(dir); return 1; } #define BUFLEN 4096 char *pid_proc_comm(const pid_t pid) { // open /proc/pid/cmdline file char *fname; int fd; if (asprintf(&fname, "/proc/%d//comm", pid) == -1) return NULL; if ((fd = open(fname, O_RDONLY)) < 0) { free(fname); return NULL; } free(fname); // read file char buffer[BUFLEN]; ssize_t len; if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { close(fd); return NULL; } buffer[len] = '\0'; close(fd); // remove \n char *ptr = strchr(buffer, '\n'); if (ptr) *ptr = '\0'; // return a malloc copy of the command line char *rv = strdup(buffer); if (strlen(rv) == 0) { free(rv); return NULL; } return rv; } char *pid_proc_cmdline(const pid_t pid) { // open /proc/pid/cmdline file char *fname; int fd; if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) return NULL; if ((fd = open(fname, O_RDONLY)) < 0) { free(fname); return NULL; } free(fname); // read file unsigned char buffer[BUFLEN]; ssize_t len; if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { close(fd); return NULL; } buffer[len] = '\0'; close(fd); // clean data int i; for (i = 0; i < len; i++) { if (buffer[i] == '\0') buffer[i] = ' '; } // return a malloc copy of the command line char *rv = strdup((char *) buffer); if (strlen(rv) == 0) { free(rv); return NULL; } return rv; } // recursivity!!! void pid_get_cpu_sandbox(unsigned pid, unsigned *utime, unsigned *stime) { //printf("call %d, last %d\n", pid, pids_last); if (pids[pid].level == 1) { *utime = 0; *stime = 0; } unsigned utmp = 0; unsigned stmp = 0; pid_get_cpu_time(pid, &utmp, &stmp); *utime += utmp; *stime += stmp; int i; for (i = pid + 1; i < (pids_last + 1); i++) { if (pids_data[i].parent == (int) pid) pid_get_cpu_sandbox(i, utime, stime); } } void pid_get_mem_sandbox(unsigned pid, unsigned *rss, unsigned *shared) { if (pids[pid].level == 1) { *rss = 0; *shared = 0; } pid_getmem(pid, rss, shared); int i; for (i = pid + 1; i < (pids_last + 1); i++) { if (pids_data[i].parent == (int) pid) pid_get_mem_sandbox(i, rss, shared); } } #define MAXBUF PIDS_BUFLEN void pid_get_netstats_sandbox(int parent, unsigned long long *rx, unsigned long long *tx) { *rx = 0; *tx = 0; // find the first child int child = -1; if (parent == 1) child = 1; else { for (child = parent + 1; child < (pids_last + 1); child++) { if (pids_data[child].parent == parent) break; } } if (child == -1) return; // open /proc/child/net/dev file and read rx and tx char *fname; if (asprintf(&fname, "/proc/%d/net/dev", child) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (!fp) { free(fname); return; } char buf[MAXBUF]; while (fgets(buf, MAXBUF, fp)) { if (strncmp(buf, "Inter", 5) == 0) continue; if (strncmp(buf, " face", 5) == 0) continue; char *ptr = buf; while (*ptr != '\0' && *ptr != ':') { ptr++; } if (*ptr == '\0') { fclose(fp); free(fname); return; } ptr++; long long unsigned rxval; long long unsigned txval; unsigned a, b, c, d, e, f, g; int rv = sscanf(ptr, "%llu %u %u %u %u %u %u %u %llu", &rxval, &a, &b, &c, &d, &e, &f, &g, &txval); if (rv == 9) { *rx += rxval; *tx += txval; } } free(fname); fclose(fp); return; } // return 1 if firejail --x11 on command line static int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { // if comm is not firejail return 0 char *comm = pid_proc_comm(pid); if (strcmp(comm, "firejail") != 0) { free(comm); return 0; } free(comm); // open /proc/pid/cmdline file char *fname; int fd; if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) return 0; if ((fd = open(fname, O_RDONLY)) < 0) { free(fname); return 0; } free(fname); // read file unsigned char buffer[BUFLEN]; ssize_t len; if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { close(fd); return 0; } buffer[len] = '\0'; close(fd); // skip the first argument int i; for (i = 0; buffer[i] != '\0'; i++); // parse remaining command line options while (1) { // extract argument i++; if (i >= len) break; char *arg = (char *)buffer + i; // detect the last command line option if (strcmp(arg, "--") == 0) break; if (strncmp(arg, "--", 2) != 0) break; if (strcmp(arg, "--x11=xorg") == 0) return 0; // check x11 if (strncmp(arg, "--x11", 5) == 0) return 1; i += strlen(arg); } return 0; } // dbus proxy path used by firejail and firemon #define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy" int pid_find_child(int id) { int i; int first_child = -1; // find the first child for (i = 0; i < max_pids && first_child == -1; i++) { if (pids[i].level == 2 && pids_data[i].parent == id) { // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering) char *cmdline = pid_proc_cmdline(i); if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) { free(cmdline); continue; } free(cmdline); first_child = i; break; } } if (first_child == -1) return -1; // find the second-level child for (i = 0; i < max_pids; i++) { if (pids[i].level == 3 && pids_data[i].parent == first_child) return i; } // if a second child is not found, return the first child pid // this happens for processes sandboxed with --join return first_child; } ================================================ FILE: src/common/pid.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef PID_H #define PID_H #include "common.h" typedef struct { unsigned char level; // 0 not a process, not firejail, or zombie process // 1 main firejail process // > 1 firejail child } Process; typedef struct { pid_t parent; uid_t uid; unsigned utime; unsigned stime; unsigned rss; unsigned shared; unsigned long long rx; // network rx, bytes unsigned long long tx; // networking tx, bytes } ProcessData; extern int max_pids; extern Process *pids; extern ProcessData *pids_data; extern int pids_first; extern int pids_last; // pid self-contained functions void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared); void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime); unsigned long long pid_get_start_time(unsigned pid); uid_t pid_get_uid(pid_t pid); char *pid_get_user_name(uid_t uid); int name2pid(const char *name, pid_t *pid); char *pid_proc_comm(const pid_t pid); char *pid_proc_cmdline(const pid_t pid); int pid_find_child(int id); // read all processes in pids array void pid_read(pid_t mon_pid); void pid_get_cpu_sandbox(unsigned pid, unsigned *utime, unsigned *stime); void pid_get_mem_sandbox(unsigned pid, unsigned *rss, unsigned *shared); void pid_get_netstats_sandbox(int pid, unsigned long long *rx, unsigned long long *tx); #endif ================================================ FILE: src/common/utils.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include #include #include #include "common.h" #include "utils.h" #include #define MAXBUF (1024 * 1024) // 1MB output buffer static char outbuf[MAXBUF + 1]; // run a user program using popen; returns static memory char *run_program(const char *prog) { // open pipe FILE *fp; fp = popen(prog, "r"); if (fp == NULL) return NULL; // read pipe int len; char *ptr = outbuf; size_t size = MAXBUF; while ((len = fread(ptr, 1, size, fp)) > 0) { size -= len; ptr += len; if (size < 80) // probably not enough room to read a new full line break; } *ptr = '\0'; pclose(fp); return outbuf; } // returns true or false if the program was found using "which" shell command bool which(const char *prog) { // build command char *cmd; if (asprintf(&cmd, "which %s", prog) == -1) { perror("asprintf"); exit(1); } // run command char *res = run_program(cmd); if (strstr(res, prog)) return true; return false; } // check if a name.desktop file exists in config home directory bool have_config_file(const char *name) { assert(name); // build the full path char *path = get_config_file_name(name); if (!path) return false; // check file struct stat s; bool rv = true; if (stat(path, &s) == -1) rv = false; else if (!S_ISREG(s.st_mode)) rv = false; free(path); return rv; } // get a coniguration file path based on the name; returns allocated memory char *get_config_file_name(const char *name) { assert(name); // build the full path char *path; char *homedir = get_home_directory(); if (asprintf(&path, "%s/.config/firetools/%s.desktop", homedir, name) == -1) errExit("asprintf"); free(homedir); return path; } // get the full path of the home directory; returns allocated memory char *get_home_directory() { // access account information struct passwd *pw = getpwuid(getuid()); if (!pw) errExit("getpwuid"); // extract home directory if (pw->pw_dir != NULL) { char *homedir = strdup(pw->pw_dir); if (!homedir) errExit("strdup"); return homedir; } return 0; } // get config directory name; returns allocated memory char *get_config_directory() { char *homedir = get_home_directory(); if (!homedir) return 0; char *rv; if (asprintf(&rv, "%s/.config/firetools", homedir) == -1) errExit("asprintf"); free(homedir); return rv; } // create firetools directory if it doesn't exist void create_config_directory() { struct stat s; char *path; char *homedir = get_home_directory(); if (asprintf(&path, "%s/.config/firetools", homedir) == -1) errExit("asprintf"); free(homedir); if (stat(path, &s) == -1) { /* coverity[toctou] */ int rv = mkdir(path, 0755); if (rv == -1) { fprintf(stderr, "Error: cannot create %s directory\n", path); exit(1); } } free(path); } int sargc; char *sargv[SARG_MAX]; void split_command(char *cmd) { int i; char *ptr = cmd; sargc = 0; memset(sargv, 0, sizeof(sargv)); if (!ptr || *ptr == '\0') return; for (i = 0; i < SARG_MAX; i++) { char *start; // skip space while (*ptr == ' ' || *ptr == '\t') ptr++; if (*ptr == '\n' || *ptr == '\r' || *ptr == '\0') break; start = ptr; // advance while (*ptr != '\0' && *ptr != ' ' && *ptr != '\t' && *ptr != '\n' && *ptr != '\r') ptr++; if (*ptr == '\0') { sargv[sargc++] = start; break; } *ptr++ = '\0'; sargv[sargc++] = start; } } //************************** // time trace based on getticks function //************************** typedef struct list_entry_t { struct list_entry_t *next; struct timespec ts; } ListEntry; static ListEntry *ts_list = NULL; static inline float msdelta(struct timespec *start, struct timespec *end) { unsigned sec = end->tv_sec - start->tv_sec; long nsec = end->tv_nsec - start->tv_nsec; return (float) sec * 1000 + (float) nsec / 1000000; } void timetrace_start(void) { ListEntry *t = (ListEntry *) malloc(sizeof(ListEntry)); if (!t) errExit("malloc"); memset(t, 0, sizeof(ListEntry)); clock_gettime(CLOCK_MONOTONIC, &t->ts); // add it to the list t->next = ts_list; ts_list = t; } float timetrace_end(void) { if (!ts_list) return 0; // remove start time from the list ListEntry *t = ts_list; ts_list = t->next; struct timespec end; clock_gettime(CLOCK_MONOTONIC, &end); float rv = msdelta(&t->ts, &end); free(t); return rv; } ================================================ FILE: src/common/utils.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef UTILS_H #define UTILS_H // run a user program using popen; returns static memory char *run_program(const char *prog); // returns true or false if the program was found using "which" shell command bool which(const char *prog); // check if a name.desktop file exists in config home directory bool have_config_file(const char *name); // get a coniguration file path based on the name; returns allocated memory char *get_config_file_name(const char *name); // get the full path of the home directory; returns allocated memory char *get_home_directory(); // get config directory name; returns allocated memory char *get_config_directory(); // create ~/.config/firetools directory if it doesn't exist void create_config_directory(); // split a line into words #define SARG_MAX 128 extern int sargc; extern char *sargv[SARG_MAX]; void split_command(char *cmd); // timetrace void timetrace_start(void); float timetrace_end(void); #endif ================================================ FILE: src/firejail-ui/appdb.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #if QT_VERSION >= 0x050000 #include #else #include #endif #include "appdb.h" #include "../../firetools_config_extras.h" #include #include #define MAXBUF 4096 static bool check_executable(const char *exec) { struct stat s; if (stat(exec, &s) == 0) return true; // check well-known paths const char *path[] = { "/usr/bin/", "/bin/", "/usr/games/", "/usr/local/bin/", "/sbin/", "/usr/sbin/", NULL }; int i = 0; while (path[i] != NULL) { bool found = false; char *name; if (asprintf(&name, "%s%s", path[i], exec) == -1) errExit("asprintf"); if (stat(name, &s) == 0) found = true; free(name); if (found) return true; i++; } return false; } AppEntry::AppEntry(char *line) { assert(line); if (arg_debug) printf("processing \"%s\"\n", line); group_ = QString(""); app_ = QString(""); command_ = QString(""); next_ = 0; char *ptr = strtok(line, ";"); if (ptr) { group_ = QString(ptr); ptr = strtok(NULL, ";"); if (ptr) { app_ = QString(ptr); ptr = strtok(NULL, ";"); if (ptr) { command_ = QString(ptr); if (command_.endsWith("*")) { command_ = ""; return; } // try to find the executable char *str = strdup(command_.toUtf8().data()); if (!str) errExit("strdup"); // skip executables ending in * char *ptr = strchr(str, ' '); if (ptr) *ptr = '\0'; if (check_executable(str) == false) { if (arg_debug) printf("executable %s not found\n", str); command_ = QString(""); } free(str); } } } } // return the list of applications AppEntry* appdb_load_file(void) { const char *fname = PACKAGE_LIBDIR "/uimenus"; FILE *fp = fopen(fname, "r"); if (!fp) { fprintf(stderr, "Error: cannot find uimenus file in %s\n", fname); return 0; } AppEntry *retval = 0; AppEntry *last = 0; char buf[MAXBUF]; while (fgets(buf, MAXBUF, fp)) { char *ptr1 = buf; while (*ptr1 == ' ' || *ptr1 == '\t') ptr1++; char *ptr2 = strchr(ptr1, '\n'); if (ptr2) *ptr2 = '\0'; AppEntry *entry = new AppEntry(ptr1); if (entry->group_.isEmpty() || entry->app_.isEmpty() || entry->command_.isEmpty()) { if (arg_debug) printf("line not accepted\n"); delete entry; continue; } // add the app to the list if (!retval) { retval = entry; last = entry; } else { last->next_ = entry; last = entry; } } fclose(fp); if (arg_debug) printf("menus loaded\n"); return retval; } // print database void appdb_print_list(AppEntry *ptr) { while (ptr) { ptr->print(); ptr = ptr->next_; } } // add all groups to the widget void appdb_load_group(AppEntry *ptr, QListWidget *group) { QString last; while (ptr) { if (last != ptr->group_) { new QListWidgetItem(ptr->group_, group); } last = ptr->group_; ptr = ptr->next_; } } // add all groups to the widget void appdb_load_app(AppEntry *ptr, QListWidget *app, QString group) { app->clear(); while (ptr) { if (group == ptr->group_) { new QListWidgetItem(ptr->app_, app); } ptr = ptr->next_; } } void appdb_set_command(AppEntry *ptr, QLineEdit *command, QString app) { while (ptr) { if (app == ptr->app_) { command->setText(ptr->command_); break; } ptr = ptr->next_; } } ================================================ FILE: src/firejail-ui/appdb.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef APPDB_H #define APPDB_H #include "firejail_ui.h" #include class QListWidget; class QLineEdit; struct AppEntry { QString group_; QString app_; QString command_; AppEntry *next_; AppEntry(char *line); void print() { printf("%s;%s;%s\n", group_.toUtf8().data(), app_.toUtf8().data(), command_.toUtf8().data()); } }; AppEntry *appdb_load_file(void); void appdb_print_list(AppEntry *ptr); void appdb_load_group(AppEntry *ptr, QListWidget *group); void appdb_load_app(AppEntry *ptr, QListWidget *app, QString group); void appdb_set_command(AppEntry *ptr, QLineEdit *command, QString app); #endif ================================================ FILE: src/firejail-ui/firejail-ui.desktop ================================================ [Desktop Entry] Name=Firejail Configuration Wizard Comment=Firejail configuration wizard Exec=firejail-ui Icon=firejail-ui Terminal=false Type=Application Categories=Qt;Utility;Security; Keywords=jail;security;seccomp; ================================================ FILE: src/firejail-ui/firejail-ui.pro ================================================ QMAKE_CXXFLAGS += $$(CXXFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_CFLAGS += $$(CFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_LFLAGS += $$(LDFLAGS) -Wl,-z,relro -Wl,-z,now QT += widgets HEADERS = ../common/utils.h ../common/pid.h ../common/common.h \ firejail_ui.h wizard.h home_widget.h help_widget.h appdb.h SOURCES = main.cpp \ wizard.cpp \ home_widget.cpp \ help_widget.cpp \ appdb.cpp \ network.cpp \ ../common/utils.cpp \ ../common/pid.cpp RESOURCES = firejail-ui.qrc TARGET=../../build/firejail-ui ================================================ FILE: src/firejail-ui/firejail-ui.qrc ================================================ resources/background.png resources/firetools.png resources/firetools-minimal.png resources/firejail-ui.png resources/gnome-fs-directory.png ================================================ FILE: src/firejail-ui/firejail_ui.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef FIREJAIL_UI_H #define FIREJAIL_UI_H #include "../common/common.h" extern int arg_debug; extern int kernel_major; extern int kernel_minor; // network.cpp const char *detect_network(); #endif ================================================ FILE: src/firejail-ui/help_widget.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #if QT_VERSION >= 0x050000 #include #else #include #endif #include #include #include #include #include "help_widget.h" #include "../../firetools_config_extras.h" #define MAXBUF 4096 HelpWidget::HelpWidget(QWidget * parent): QDialog(parent) { QString message; const char *fname = PACKAGE_LIBDIR "/uihelp"; //todo error recovery FILE *fp = fopen(fname, "r"); if (!fp) { fprintf(stderr, "Error: cannot find uihelp file in %s\n", fname); return; } char buf[MAXBUF]; while (fgets(buf, MAXBUF, fp)) message += QString(buf); fclose(fp); QTextBrowser *browser = new QTextBrowser; browser->setHtml(message); QDialogButtonBox *box = new QDialogButtonBox( Qt::Horizontal ); QPushButton *button = new QPushButton( "Ok" ); connect( button, SIGNAL(clicked()), this, SLOT(okClicked()) ); box->addButton( button, QDialogButtonBox::AcceptRole ); QVBoxLayout *layout = new QVBoxLayout; layout->addWidget(browser); layout->addWidget(box); setLayout(layout); setMinimumWidth(600); setMinimumHeight(400); } void HelpWidget::okClicked() { accept(); } ================================================ FILE: src/firejail-ui/help_widget.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef HELP_WIDGET_H #define HELP_WIDGET_H #include "firejail_ui.h" #include class HelpWidget: public QDialog { Q_OBJECT public: HelpWidget(QWidget * parent = 0); private slots: void okClicked(); }; #endif ================================================ FILE: src/firejail-ui/home_widget.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #if QT_VERSION >= 0x050000 #include #else #include #endif #include #include "firejail_ui.h" #include "home_widget.h" #include "../common/utils.h" #include #include #include #include HomeWidget::HomeWidget(QWidget * parent): QListWidget(parent) { readFiles(); } void HomeWidget::readFiles() { char *homedir = get_home_directory(); DIR *dir = opendir(homedir); if (!dir) errExit("opendir"); struct dirent *entry; while ((entry = readdir(dir))) { // with a few exceptions, reject all dot files bool accept = false; if (strcmp(entry->d_name, ".config") == 0 || strcmp(entry->d_name, ".mozilla") == 0) accept = true; if (!accept && *entry->d_name == '.') continue; // allow only directorries struct stat s; char *name; if (asprintf(&name, "%s/%s", homedir, entry->d_name) == -1) errExit("asprintf"); if (stat(name, &s) == -1) { free(name); continue; } free(name); if (!S_ISDIR(s.st_mode)) continue; if (arg_debug) printf("configuring homewidget entry %s\n", entry->d_name); QCheckBox *box = new QCheckBox(entry->d_name); QListWidgetItem *item = new QListWidgetItem(); addItem(item); setItemWidget(item, box); } closedir(dir); } QString HomeWidget::getContent() { QString retval = QString(""); for(int i = 0; i < count(); ++i) { QListWidgetItem* ptr = item(i); QCheckBox *box = (QCheckBox *) itemWidget(ptr); if (box->isChecked()) { QString name = box->text(); retval += "whitelist ~/" + box->text() + "\n"; } } return retval; } ================================================ FILE: src/firejail-ui/home_widget.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef HOME_WIDGET_H #define HOME_WIDGET_H #include "firejail_ui.h" #include class HomeWidget : public QListWidget { Q_OBJECT public: HomeWidget(QWidget * parent = 0); QString getContent(); private: void readFiles(); }; #endif ================================================ FILE: src/firejail-ui/main.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include #include #include "firejail_ui.h" #include "wizard.h" #include "../common/utils.h" #include "../../firetools_config.h" int arg_debug = 0; int kernel_major; int kernel_minor; static void usage() { printf("Firejail-ui - Firejail sandbox configuration wizard\n\n"); printf("Usage: firejail-ui [options]\n\n"); printf("Options:\n"); printf("\t--debug - debug mode\n\n"); printf("\t--help - this help screen\n\n"); printf("\t--version - print software version and exit\n\n"); } int main(int argc, char *argv[]) { // parse arguments for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--debug") == 0) arg_debug = 1; else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") == 0) { usage(); return 0; } else if (strcmp(argv[i], "--version") == 0) { printf("Firejail-ui version " PACKAGE_VERSION "\n"); return 0; } else { fprintf(stderr, "Error: invalid option\n"); usage(); return 1; } } // test run time dependencies - exit if (!which("firejail")) { fprintf(stderr, "Error: firejail package not found, please install it!\n"); exit(1); } // create firetools directory if it doesn't exist create_config_directory(); // read kernel version struct utsname u; int rv = uname(&u); if (rv != 0) errExit("uname"); if (2 != sscanf(u.release, "%d.%d", &kernel_major, &kernel_minor)) { fprintf(stderr, "***********************************\n"); fprintf(stderr, "Warning: cannot extract a sane Linux kernel version: %s.\n", u.version); fprintf(stderr, " Assuming a default version of 3.2. Quite a number of sandboxing\n"); fprintf(stderr, " features are disabled.\n"); fprintf(stderr, "***********************************\n"); } if (kernel_major < 3) { fprintf(stderr, "Error: a Linux kernel 3.x or newer is required in order to run Firejail\n"); exit(1); } if (arg_debug) printf("Linux kernel version %d.%d\n", kernel_major, kernel_minor); // initialize resources //Q_INIT_RESOURCE(firejail-ui); QApplication app(argc, argv); Wizard wizard; wizard.show(); return app.exec(); } ================================================ FILE: src/firejail-ui/network.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "firejail_ui.h" #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include #include #include #include #include #include #include #include #include #include #include #define BUFSIZE 1024 // return default gateway for the system in host format uint32_t network_get_defaultgw() { FILE *fp = fopen("/proc/self/net/route", "r"); if (!fp) // probably we are dealing with a GrSecurity system return 0; // attempt error recovery char buf[BUFSIZE]; uint32_t retval = 0; while (fgets(buf, BUFSIZE, fp)) { if (strncmp(buf, "Iface", 5) == 0) continue; char *ptr = buf; while (*ptr != ' ' && *ptr != '\t') ptr++; while (*ptr == ' ' || *ptr == '\t') ptr++; unsigned dest; unsigned gw; int rv = sscanf(ptr, "%x %x", &dest, &gw); if (rv == 2 && dest == 0) { retval = ntohl(gw); break; } } fclose(fp); return retval; } // return 1 if the interface is a wireless interface int check_wireless(const char* ifname, char* protocol) { int sock = -1; struct iwreq pwrq; memset(&pwrq, 0, sizeof(pwrq)); int len = strlen(ifname); if (len > IFNAMSIZ) len = IFNAMSIZ; memcpy(pwrq.ifr_name, ifname, len); if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("sockqet"); return 0; } if (ioctl(sock, SIOCGIWNAME, &pwrq) != -1) { if (protocol) strncpy(protocol, pwrq.u.name, IFNAMSIZ); close(sock); return 1; } close(sock); return 0; } // detect network const char *detect_network() { struct ifaddrs *ifaddr, *ifa; if (getifaddrs(&ifaddr) == -1) errExit("getifaddrs"); // find the default gateway uint32_t gw = network_get_defaultgw(); printf("default gateway detected: %d.%d.%d.%d\n", PRINT_IP(gw)); if (gw == 0) { fprintf(stderr, "Warning: cannot find the default gateway. Networking namespace is disabled.\n"); return ""; } // Walk through linked list, maintaining head pointer so we can free list later for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL) continue; int family = ifa->ifa_addr->sa_family; if (family != AF_INET) continue; // no loopback if (ifa->ifa_flags & IFF_LOOPBACK) continue; // interface not running if ((ifa->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING)) continue; // no wireless if (check_wireless(ifa->ifa_name, NULL)) continue; uint32_t if_addr = ntohl(((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr); uint32_t if_mask = ntohl(((struct sockaddr_in *)ifa->ifa_netmask)->sin_addr.s_addr); printf("network interface: %s %d.%d.%d.%d %d.%d.%d.%d\n", ifa->ifa_name, PRINT_IP(if_addr), PRINT_IP(if_mask)); // check default gateway is resolved on this interface if (in_netrange(gw, if_addr, if_mask) == NULL) { char *ifname = strdup(ifa->ifa_name); if (!ifname) errExit("strdup"); freeifaddrs(ifaddr); return ifname; } } fprintf(stderr, "Warning: no suitable interface detected for network namespace.\n"); freeifaddrs(ifaddr); return ""; } ================================================ FILE: src/firejail-ui/restrictions ================================================ Sandbox feature dependencies: - seccomp, nonewprivs, protocol - kernel 3.5 (done) - noroot - kernel 3.8 (done) - overlayfs - kernel 3.18 - nox11 only with a network namespace (done) - net= doesn't work on wireless interfaces ================================================ FILE: src/firejail-ui/uihelp ================================================
Sandbox Configuration



Although hundreds of user-space applications are already supported by Firejail, sometimes is necessary to customize the sandbox environment. This configuration wizard was built in order to make this task easier.

Start with the filesystem configuration, move to the network and multimedia subsystems, and finish with the kernel. In the end you can fine tune your profile in the editor window.

Filesystem

Personal user files are located in home directory. By default Firejail denies access to some of the most sensitive files there, such as password and encryption keys. To enhance your privacy, these are some of the options available:
Restrict home directory: Choose private user directories visible inside the sandbox. By default, with the exception of some well-known password and encryption files, all private user files are visible inside the sandbox.

Restrict /dev directory: A small number of very basic devices are visible inside the sandbox. Sound and 3D acceleration should also be available if this checkbox is set.

Restrict /tmp directory: Start with a clean /tmp directory.

Restrict /mnt and /media: Blacklist /mnt and /media directories.

Networking

A network namespace is a separate copy of TCP/IP networking stack. Initially, all processes share the same networking stack created by the init process. Firejail allows users to create a new network namespace, therefore isolating the sandbox traffic.
System network: Use the default networking stack provided by the system.

Network namespace: Install a separate networking stack and connect it to the main Ethernet interface. A new IP address is assigned, and a new network filter is installed using iptables command.

Disable networking: Use an unconnected network stack. There will be no traffic coming in or going out of the sandbox.

DNS: Specify two DNS nameservers to use inside the sandbox. If none is specified, the sandbox will use the system DNS server.

Protocol: Select what networking protocols are allowed: unix (regular Unix inter-process communication), inet (IPv4), inet6 (IPv6), netlink (socket communication with Linux kernel), packet (Ethernet-level protocols), and bluetooth.

Multimedia

If the application is not using sound or 3D acceleration, it is always a good idea to drop the support inside the sandbox. Disabling X11 graphic interface is recommended when running servers and console programs.
Disable sound: No sound subsystem access inside the sandbox.

Disable video camera devices: No video camera access.

Disable CD-ROM/DVD devices: No access to CD-ROM device.

Disable TV/DVB devices: TV cards are disabled.

Disable 3D acceleration: Hardware acceleration drivers are disabled.

Disable X11: X11 graphical user interface subsystem is disabled.

Kernel

These are some of the most powerful sandboxing features implemented by the Linux kernel:
Enable seccomp-bpf: This security facility allows filtering out the most dangerous system calls inside the kernel, therefore reducing the attack surface. A Linux Kernel version 3.5 is required for this option to work.

Disable all Linux capabilities: Capabilities (POSIX 1003.1e) are designed to split up the root privilege into a set of distinct privileges which can be independently enabled or disabled. For regular user-space programs, all these privileges should be disabled.

Restricted user namespace (noroot): This option installs a user namespace with a single user, the current user. root user does not exist in the new namespace. A Linux Kernel version 3.8 is required for this option to work.

AppArmor This option enables Firejail's default AppArmor profile for your program.

================================================ FILE: src/firejail-ui/uimenus ================================================ Accessibility;Florence virtual keyboard;/usr/bin/florence Accessibility;Xmag;xmag Editors;GEdit;/usr/bin/gedit Editors;Abiword Word Processor;/usr/bin/abiword Editors;Bluefish;/usr/bin/bluefish Editors;CherryTree Note Taking Application;/usr/bin/cherrytree Editors;Focuswriter;/usr/bin/focuswriter Editors;FTE;/usr/bin/xfte Editors;GNU Emacs Editor;/usr/bin/emacs Editors;jEdit;/usr/bin/jedit Editors;JuffEd;/usr/bin/juffed Editors;KWrite;/usr/bin/kwrite Editors;LeafPad;/usr/bin/leafpad Editors;LyX;/usr/bin/lyx Editors;medit;/usr/bin/medit Editors;Monkey Studio;/usr/bin/monkeystudio Editors;Mousepad;/usr/bin/mousepad Editors;NEdit;/usr/bin/nedit Editors;nobleNote;/usr/bin/noblenote Editors;Plume Creator;/usr/bin/plume-creator Editors;PyRoom;/usr/bin/pyroom Editors;Quanta Plus;/usr/bin/quanta Editors;ReText;/usr/bin/retext Editors;SciTE;/usr/bin/scite Editors;Sigil;/usr/bin/sigil Editors;TEA;/usr/bin/tea Editors;TeXstudio;/usr/bin/texstudio Editors;TeXworks;/usr/bin/texworks Editors;X2;/usr/bin/x2 Editors;Xedit;xedit Editors;xJed;/usr/bin/xjed Editors;Notes;/usr/bin/xfce4-notes Editors;Pluma;/usr/bin/pluma Editors;Xed;/usr/bin/xed Emulators;VirtualBox;/usr/bin/virtualbox File Management;File Roller Archive Manager;/usr/bin/file-roller File Management;Engrampa;/usr/bin/engrampa File Management;Brasero CD/DVD Burning Application;/usr/bin/brasero File Management;Caja File Manager;/usr/bin/caja File Management;Dolphin File Manager;/usr/bin/dolphin File Management;gentoo File Manager;/usr/bin/gentoo File Management;GNOME Commander File Manager;/usr/bin/gnome-commander File Management;Konqueror File Manager;/usr/bin/konqueror File Management;Krusader File Manager;/usr/bin/krusader File Management;Launchy;/usr/bin/launchy File Management;Nautilus File Manager;/usr/bin/nautilus File Management;Nemo File Manager;/usr/bin/nemo File Management;PCManFM File Manager;pcmanfm File Management;ROX-Filer File Manager;/usr/bin/rox-filer File Management;SpaceFM File Manager;/usr/bin/spacefm File Management;Thunar File Manager;/usr/bin/thunar File Management;Worker File Manager;/usr/bin/worker File Management;Xarchiver;/usr/bin/xarchiver File Management;Xfe File Manager;/usr/bin/xfe File Management;Desktop Search;/usr/bin/tracker-needle Games;0 A.D.;/usr/games/0ad Games;2048 puzzle;/usr/games/2048-qt Games;3dchess;/usr/games/3Dc Games;4digits;/usr/games/4digits Games;ALIEN ARENA;/usr/games/alien-arena Games;AssaultCube;/usr/games/assaultcube Games;Blobwars;/usr/games/blobwars Games;Bomber;/usr/games/bomber Games;Extreme Tux Racer;/usr/games/etr Games;Flight Gear;/usr/games/fgfs Games;Freeciv;/usr/games/freeciv Games;Frozen-Bubble;/usr/games/frozen-bubble Games;Hedgewars;/usr/games/hedgewars Games;Micropolis;/usr/games/micropolis Games;Nexuiz Classic;/usr/games/nexuiz Games;Oclock;oclock Games;Open Transport Tycoon Deluxe;/usr/games/openttd Games;Penguin Command;/usr/games/penguin-command Games;Quake 4;/usr/games/quake4 Games;Quake III Arena;/usr/games/quake3 Games;Quake II;/usr/games/quake2 Games;Quake;/usr/games/quake Games;Return to Castle Wolfenstein;/usr/games/wolfsp Games;Scorched3D;/usr/games/scorched3d Games;Seven Kingdoms;/usr/games/7kaa Games;Simutrans;/usr/games/simutrans Games;Starfighter;/usr/games/starfighter Games;SuperTuxKart;/usr/games/supertuxkart Games;SuperTux;/usr/games/supertux2 Games;TORCS;/usr/games/torcs Games;UFO: Alien Invasion;/usr/games/ufoai Games;Unknown Horizons;/usr/games/unknown-horizons Games;Warzone 2100;/usr/games/warzone2100 Games;Wolfenstein 3D;/usr/games/wolf4sdl Games;Xclock (analog);xclock -analog Games;Xclock (digital);xclock -digital -update 1 Games;Xeyes;xeyes Games;Xlogo;xlogo Graphics;Allegro Sprite Editor;/usr/bin/aseprite Graphics;Blender;/usr/bin/blender Graphics;Darktable;/usr/bin/darktable Graphics;Diagram editor;/usr/bin/dia Graphics;digiKam;/usr/bin/digikam Graphics;gnome-paint;/usr/bin/gnome-paint Graphics;ImageMagick;/usr/bin/display.im6 logo:* Graphics;Inkscape;/usr/bin/inkscape Graphics;Ipe;/usr/bin/ipe Graphics;K-3D;/usr/bin/k3d Graphics;Karbon;/usr/bin/karbon Graphics;Krita;/usr/bin/krita Graphics;luminance-hdr;/usr/bin/luminance-hdr Graphics;mtPaint;/usr/bin/mtpaint Graphics;MyPaint;/usr/bin/mypaint Graphics;Ocamlgraph;/usr/bin/ocamlgraph-editor Graphics;Pencil2D;/usr/bin/pencil2d Graphics;PhotoCollage;/usr/bin/photocollage Graphics;Pinta;/usr/bin/pinta Graphics;rgbPaint;/usr/bin/rgbpaint Graphics;showFoto;/usr/bin/showfoto Graphics;Synfig Studio;/usr/bin/synfigstudio Graphics;Tgif;/usr/bin/tgif Graphics;The GIMP;/usr/bin/gimp Graphics;Trimage;/usr/bin/trimage Graphics;tupi - 2D Animation design and authoring tool;/usr/bin/tupi Graphics;Tux Paint;/usr/bin/tuxpaint Graphics;Whitedune;/usr/bin/whitedune Graphics;XPaint;/usr/bin/xpaint Graphics;X Window Snapshot;xwd | xwud* Graphics;Shotwell Photo Manager;/usr/bin/shotwell Graphics;Screenshot;/usr/bin/xfce4-screenshooter Graphics;Gnome Screenshot;/usr/bin/gnome-screenshot Graphics;Mate Screenshot;/usr/bin/mate-screenshot Graphics;Ristretto Image Viewer;/usr/bin/ristretto Graphics;Simple Scan;/usr/bin/simple-scan Help;Xman;xman Help;yelp;/usr/bin/yelp Network;Chromium;/usr/bin/chromium Network;Chromium;/usr/bin/chromium-browser Network;Deluge BitTorrent Client;/usr/bin/deluge Network;Dillo;/usr/bin/dillo Network;dwb;/usr/bin/dwb Network;FileZilla;/usr/bin/filezilla Network;Firefox-ESR;/usr/bin/firefox-esr Network;Firefox;/usr/bin/firefox Network;HexChat;/usr/bin/hexchat Network;Hv3;/usr/bin/hv3 Network;Icedove Mail;icedove Network;Iceweasel;/usr/bin/iceweasel Network;Konqueror;/usr/bin/konqueror Network;Liferea;/usr/bin/liferea Network;Netsurf Web Browser;/usr/bin/netsurf-gtk Network;qBittorrent;/usr/bin/qbittorrent Network;QuiteRSS;/usr/bin/quiterss Network;Transmission BitTorrent Client (GTK);/usr/bin/transmission-gtk Network;Transmission BitTorrent Client (Qt);/usr/bin/transmission-qt Network;Uget;/usr/bin/uget-gtk Network;Wireshark;/usr/bin/wireshark Network;Xbiff;xbiff Network;X Chat;/usr/bin/xchat Network;xtightvncviewer;/usr/bin/xtightvncviewer Network;Thunderbird;/usr/bin/thunderbird Network;Pidgin;/usr/bin/pidgin Network;Remmina Remote Desktop Client;/usr/bin/remmina Office;Calibre eBook reader;/usr/bin/calibre Office;LibreOffice Base;/usr/bin/lobase Office;LibreOffice Calc;/usr/bin/localc Office;LibreOffice Charts;/usr/bin/locharts Office;LibreOffice Draw;/usr/bin/lodraw Office;LibreOffice Impress;/usr/bin/loimpress Office;LibreOffice Math;/usr/bin/lomath Office;LibreOffice;/usr/bin/libreoffice Office;LibreOffice Writer;/usr/bin/lowriter Office;Scribus;/usr/bin/scribus Office;zathura;/usr/bin/zathura Office;Dictionary;/usr/bin/xfce4-dict Office;Orage Calendar;/usr/bin/orage Programming;Geany;/usr/bin/geany Programming;TkWish8.6;x-terminal-emulator -e /usr/bin/wish8.6 Science;galculator;/usr/bin/galculator Science;Xcalc;xcalc Science;Gnome Calculator;/usr/bin/gnome-calculator Science;Calculator;/usr/bin/mate-calc Sound;Alsamixergui;/usr/bin/alsamixergui Sound;Amarok;/usr/bin/amarok Sound;AScd;/usr/bin/ascd Sound;Asunder;/usr/bin/asunder Sound;Audacious;/usr/bin/audacious Sound;Audacity;/usr/bin/audacity Sound;Banshee;/usr/bin/banshee Sound;cccd;/usr/bin/cccd Sound;Clementine;/usr/bin/clementine Sound;Echomixer;/usr/bin/echomixer Sound;Envy24 control;/usr/bin/envy24control Sound;HDAJackRetask;/usr/bin/hdajackretask Sound;HDSPConf;/usr/bin/hdspconf Sound;HDSPMixer;/usr/bin/hdspmixer Sound;KMix;/usr/bin/kmix Sound;Kowthelist;/usr/bin/knowthelist Sound;KRadio;/usr/bin/kradio4 Sound;KsCD;/usr/bin/kscd Sound;Linux Multimedia Studio;/usr/bin/lmms Sound;LXMusic;/usr/bin/lxmusic Sound;MusE MIDI/audio sequencer;/usr/bin/muse Sound;MuseScore;/usr/bin/musescore Sound;Musique;/usr/bin/musique Sound;paman;/usr/bin/paman Sound;pavucontrol;/usr/bin/pavucontrol Sound;pavumeter;/usr/bin/pavumeter Sound;PulseAudio Volume Control;/usr/bin/pavucontrol Sound;PulseAudio Volume Meter;/usr/bin/pavumeter Sound;Rmedigicontrol;/usr/bin/rmedigicontrol Sound;Rhythmbox;/usr/bin/rhythmbox Sound;Sound Juicer;/usr/bin/sound-juicer System;About Myself;/usr/bin/userinfo System;Disk Management;/usr/bin/usermount System;Editres;editres System;GNOME partition editor;su-to-root -X -c /usr/sbin/gparted System;Network Admin;/usr/bin/network-admin System;Openbox Configuration Manager;/usr/bin/obconf System;Password;/usr/bin/userpasswd System;Reportbug (GTK+);/usr/bin/reportbug --exit-prompt --ui gtk2 System;Services Admin;/usr/bin/services-admin System;Shares Admin;/usr/bin/shares-admin System;Time Admin;/usr/bin/time-admin System;User accounts Admin;/usr/bin/users-admin System;Xclipboard;xclipboard System;Xconsole;xconsole -file /dev/xconsole System;Xev;x-terminal-emulator -e xev System;Xfontsel;xfontsel System;Xkill;xkill System;Xload;xload System;Xrefresh;xrefresh System;Xvidtune;xvidtune System;Orage Globaltime;/usr/bin/globaltime Terminal Emulators;Gnome Terminal;/usr/bin/gnome-terminal Terminal Emulators;LXTerminal;/usr/bin/lxterminal Terminal Emulators;Rxvt-Unicode (Black, Xft);urxvt Terminal Emulators;Xfce Terminal;/usr/bin/xfce4-terminal Terminal Emulators;X-Terminal as root (GKsu);/usr/bin/gksu -u root /usr/bin/x-terminal-emulator Terminal Emulators;XTerm (Unicode);uxterm Terminal Emulators;XTerm;xterm Text;Character map;/usr/bin/gucharmap Video;Bino;/usr/bin/bino Video;DeVeDe;/usr/bin/devede Video;Dragon Player;/usr/bin/dragon Video;DvdAuthor;/usr/bin/dvdauthor Video;DVD slide show maker;/usr/bin/imagination Video;Flowblade Movie Editor;/usr/bin/flowblade Video;Flowblade;/usr/bin/flowblade Video;FreetuxTV;/usr/bin/freetuxtv Video;gnome-mplayer;/usr/bin/gnome-mplayer Video;gnome-mpv;/usr/bin/gnome-mpv Video;gxine;/usr/bin/gxine Video;HandBrake;/usr/bin/handbrake Video;Kaffeine;/usr/bin/kaffeine Video;Kazam;/usr/bin/kazam Video;Kdenlive;/usr/bin/kdenlive Video;Kino;/usr/bin/kino Video;KMPlayer;/usr/bin/kmplayer Video;KPlayer;/usr/bin/kplayer Video;LiVES;/usr/bin/lives Video;Minitube;/usr/bin/minitube Video;MKV Creator;/usr/bin/mmg Video;MPlayer GUI;/usr/bin/gmplayer Video;MPlayer;/usr/bin/mplayer Video;mpv Media Player;/usr/bin/mpv Video;OpenShot Video Editor;/usr/bin/openshot Video;qStopMotion;/usr/bin/qstopmotion Video;Simple Screen Recorder;/usr/bin/simplescreenrecorder Video;SMPlayer;/usr/bin/smplayer Video;SMTube;/usr/bin/smtube Video;Snappy;/usr/bin/snappy Video;Totem;/usr/bin/totem Video;Xplayer;/usr/bin/xplayer Video;tvtime;/usr/bin/tvtime Video;VLC media player;/usr/bin/qvlc Video;Voctomix;/usr/bin/voctogui Video;vokoscreen;/usr/bin/vokoscreen Video;Xine;/usr/bin/xine Viewers;Evince;/usr/bin/evince Viewers;Atril;/usr/bin/atril Viewers;Xreader;/usr/bin/xreader Viewers;Eye of MATE;/usr/bin/eom Viewers;Eye of Gnome;/usr/bin/eog Viewers;Xviewer;/usr/bin/xviewer Viewers;Geeqie;/usr/bin/geeqie Viewers;GPicView;/usr/bin/gpicview Viewers;gThumb Image Viewer;/usr/bin/gthumb Viewers;Pix Image Viewer;/usr/bin/pix Viewers;Gwenview;/usr/bin/gwenview Viewers;Mirage;/usr/bin/mirage Viewers;nomacs;/usr/bin/nomacs Viewers;Okular;/usr/bin/okular Viewers;Phototonic;/usr/bin/phototonic Viewers;QComicBook;/usr/bin/qcomicbook Viewers;qPDFview;qpdfview Viewers;Quick Image Viewer;/usr/bin/qiv Viewers;sxiv;/usr/bin/sxiv Viewers;Xditview;xditview Viewers;Xpdf;/usr/bin/xpdf ================================================ FILE: src/firejail-ui/wizard.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #if QT_VERSION >= 0x050000 #include #else #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include "../../firetools_config_extras.h" #include "wizard.h" #include "home_widget.h" #include "help_widget.h" #include "appdb.h" #include //QString global_title("Firejail Configuration Wizard"); QString global_title(""); QTextEdit *global_profile; QString global_subtitle( "Firejail is a SUID program that reduces the risk of security " "breaches by restricting the running environment of untrusted " "applications using the latest Linux kernel sandboxing technologies. " "It allows a process and all its descendants to have their own private " "view of the globally shared kernel resources, such as the network stack, " "process table, and mount table." ); HomeWidget *global_home_widget; QString global_ifname = ""; bool global_dns_enabled = false; bool global_protocol_enabled = false; Wizard::Wizard(QWidget *parent): QWizard(parent) { setPage(Page_Application, new ApplicationPage); setPage(Page_Config, new ConfigPage); setPage(Page_Config2, new ConfigPage2); setPage(Page_StartSandbox, new StartSandboxPage); setStartId(Page_Application); setOption(HaveHelpButton, true); connect(this, SIGNAL(helpRequested()), this, SLOT(showHelp())); setWindowTitle(tr("Firetools Config")); setWizardStyle(QWizard::MacStyle); setPixmap(QWizard::BackgroundPixmap, QPixmap(":/resources/background.png")); //resize( QSize(600, 400).expandedTo(minimumSizeHint()) ); } void Wizard::showHelp() { HelpWidget hw; hw.exec(); } using namespace std; void Wizard::accept() { if (arg_debug) printf("Wizard::accept\n"); QStringList arguments; // build the profile in a termporary file char profname[] = "/tmp/firejail-ui-XXXXXX"; int fd = mkstemp(profname); if (fd == -1) errExit("mkstemp"); QString profarg = QString("--profile=") + QString(profname); arguments << profarg; assert(global_profile); QString profile = global_profile->toPlainText(); dprintf(fd, "%s\n", qPrintable(profile)); ::close(fd); // split command into arguments QString cmd = field("command").toString(); QStringList cmds = cmd.split( " " ); arguments += cmds; // start a new process, QProcess *process = new QProcess(); process->startDetached(QString("firejail"), arguments); sleep(1); printf("Sandbox started, exiting firejail-ui...\n"); // force a program exit exit(0); } ApplicationPage::ApplicationPage(QWidget *parent): QWizardPage(parent) { setTitle(global_title); setSubTitle(global_subtitle); // fonts QFont bold; bold.setBold(true); QFont oldFont; oldFont.setBold(false); QGroupBox *app_box = new QGroupBox(tr("Step 1: Choose an application")); app_box->setFont(bold); // app_box->setStyleSheet("QGroupBox { color : black; }"); QLabel *label1 = new QLabel(tr("Choose an application from the menus below")); label1->setFont(oldFont); // label1->setStyleSheet("QLabel { color : black; }"); QGridLayout *app_box_layout = new QGridLayout; group_ = new QListWidget; group_->setFont(oldFont); // group_->setStyleSheet("QGridLayout { color : black; }"); command_ = new QLineEdit; command_->setFont(oldFont); // group_->setStyleSheet("QLineEdit { color : black; }"); browse_ = new QPushButton("browse filesystem"); QIcon icon(":resources/gnome-fs-directory.png"); browse_->setIcon(icon); connect(browse_, SIGNAL(clicked()), this, SLOT(browseClicked())); QLabel *label2 = new QLabel("or type in the program name:"); label2->setFont(oldFont); // label2->setStyleSheet("QLabel { color : black; }"); app_ = new QListWidget; app_->setFont(oldFont); // app_->setStyleSheet("QListWidget { color : black; }"); app_->setMinimumWidth(300); app_box_layout->addWidget(label1, 0, 0, 1, 2); app_box_layout->addWidget(group_, 1, 0); app_box_layout->addWidget(app_, 1, 1); app_box_layout->addWidget(browse_, 2, 0); app_box_layout->addWidget(label2, 2, 1); app_box_layout->addWidget(command_, 3, 0, 1, 2); app_box->setLayout(app_box_layout); QGroupBox *profile_box = new QGroupBox(tr("Step 2: Choose a security profile")); profile_box->setFont(bold); // profile_box->setStyleSheet("QGroupBox { color : black; }"); use_default_ = new QRadioButton("Build a default security profile"); use_default_->setFont(oldFont); // use_default_->setStyleSheet("QRadioButton { color : black; }"); use_default_->setChecked(true); use_custom_ = new QRadioButton("Build a custom security profile"); use_custom_->setFont(oldFont); // use_custom_->setStyleSheet("QRadioButton { color : black; }"); QVBoxLayout *profile_box_layout = new QVBoxLayout; profile_box_layout->addWidget(use_default_); profile_box_layout->addWidget(use_custom_); profile_box->setLayout(profile_box_layout); QGridLayout *layout = new QGridLayout; layout->addWidget(app_box, 0, 0); layout->addWidget(profile_box, 1, 0); setLayout(layout); // load database appdb_ = appdb_load_file(); if (arg_debug) appdb_print_list(appdb_); appdb_load_group(appdb_, group_); // connect widgets connect(group_, SIGNAL(itemClicked(QListWidgetItem*)), this, SLOT(groupClicked(QListWidgetItem*))); connect(group_, SIGNAL(currentItemChanged(QListWidgetItem*,QListWidgetItem*)), this, SLOT(groupChanged(QListWidgetItem*,QListWidgetItem*))); connect(app_, SIGNAL(itemClicked(QListWidgetItem*)), this, SLOT(appClicked(QListWidgetItem*))); registerField("command*", command_); registerField("use_custom", use_custom_); // setFocusPolicy(Qt::StrongFocus); } void ApplicationPage::groupChanged(QListWidgetItem * current, QListWidgetItem * previous) { (void) previous; groupClicked(current); } void ApplicationPage::keyPressEvent(QKeyEvent *event) { switch (event->key()) { case Qt::Key_Return: printf("Return pressed\n"); if (group_->hasFocus()) { printf("group focus\n'"); groupClicked(group_->currentItem()); } else if (app_->hasFocus()) { printf("app focus\n'"); appClicked(app_->currentItem()); } break; default: QWizardPage::keyPressEvent(event); } } void ApplicationPage::browseClicked() { QString fname = QFileDialog::getOpenFileName(this, tr("Choose Application")); if (fname.isNull()) return; // check the file is an executable const char *cmd = fname.toUtf8().data(); if (arg_debug) printf("Command: %s\n", cmd); if (access(cmd, X_OK)) QMessageBox::warning(this, "Error", "The file is not an executable program" ); else command_->setText(fname); } void ApplicationPage::groupClicked(QListWidgetItem *item) { QString group = item->text(); if (arg_debug) printf("ApplicationPage::groupClicked %s\n", group.toLatin1().data()); appdb_load_app(appdb_, app_, group); app_->repaint(); } void ApplicationPage::appClicked(QListWidgetItem *item) { QString app = item->text(); if (arg_debug) printf("ApplicationPage::appClicked %s\n", app.toLatin1().data()); appdb_set_command(appdb_, command_, app); } int ApplicationPage::nextId() const { if (use_custom_->isChecked()) return Wizard::Page_Config; else return Wizard::Page_StartSandbox; } ConfigPage::ConfigPage(QWidget *parent): QWizardPage(parent) { setTitle(global_title); // setSubTitle(global_subtitle); QLabel *label1 = new QLabel(tr("Step 3: Configure the sandbox")); // label1->setStyleSheet("QLabel { color : black; }"); whitelisted_home_ = new QCheckBox("Restrict /home directory"); // whitelisted_home_->setStyleSheet("QCheckBox { color : black; }"); registerField("restricted_home", whitelisted_home_); private_dev_ = new QCheckBox("Restrict /dev directory"); private_dev_->setChecked(true); // private_dev_->setStyleSheet("QCheckBox { color : black; }"); registerField("private_dev", private_dev_); private_tmp_ = new QCheckBox("Restrict /tmp directory"); private_tmp_->setChecked(true); // private_tmp_->setStyleSheet("QCheckBox { color : black; }"); registerField("private_tmp", private_tmp_); mnt_media_ = new QCheckBox("Restrict /mnt and /media"); mnt_media_->setChecked(true); // mnt_media_->setStyleSheet("QCheckBox { color : black; }"); registerField("mnt_media", mnt_media_); QGroupBox *fs_box = new QGroupBox(tr("File System")); // fs_box->setStyleSheet("QGroupBox { color : black; }"); QVBoxLayout *fs_box_layout = new QVBoxLayout; fs_box_layout->addWidget(whitelisted_home_); fs_box_layout->addWidget(private_dev_); fs_box_layout->addWidget(private_tmp_); fs_box_layout->addWidget(mnt_media_); fs_box->setLayout(fs_box_layout); // fs_box->setFlat(false); // fs_box->setCheckable(true); // networking global_ifname = detect_network(); sysnetwork_ = new QRadioButton("System network"); sysnetwork_->setChecked(true); // sysnetwork_->setStyleSheet("QRadioButton { color : black; }"); registerField("sysnetwork", sysnetwork_); nonetwork_ = new QRadioButton("Disable networking"); // nonetwork_->setStyleSheet("QRadioButton { color : black; }"); registerField("nonetwork", nonetwork_); if (global_ifname.isEmpty()) { netnamespace_ = new QRadioButton("Namespace"); netnamespace_->setEnabled(false); } else netnamespace_ = new QRadioButton(QString("Namespace (") + global_ifname + ")"); // netnamespace_->setStyleSheet("QRadioButton { color : black; }"); registerField("netnamespace", netnamespace_); QGroupBox *net_box = new QGroupBox(tr("Networking")); // net_box->setStyleSheet("QGroupBox { color : black; }"); QVBoxLayout *net_box_layout = new QVBoxLayout; net_box_layout->addWidget(sysnetwork_); net_box_layout->addWidget(netnamespace_); net_box_layout->addWidget(nonetwork_); net_box->setLayout(net_box_layout); home_ = new HomeWidget; QGroupBox *home_box = new QGroupBox(tr("Home Directory")); // home_box->setStyleSheet("QGroupBox { color : black; }"); QVBoxLayout *home_box_layout = new QVBoxLayout; home_box_layout->addWidget(home_); home_box->setLayout(home_box_layout); home_->setEnabled(false); connect(whitelisted_home_, SIGNAL(toggled(bool)), this, SLOT(setHome(bool))); global_home_widget = home_; // DNS dns1_ = new QLineEdit; dns1_->setText("9.9.9.9"); dns1_->setMaximumWidth(150); dns1_->setFixedWidth(170); registerField("dns1", dns1_); dns2_ = new QLineEdit; dns2_->setText("1.1.1.1"); dns2_->setMaximumWidth(150); dns2_->setFixedWidth(170); registerField("dns2", dns2_); QGroupBox *dns_box = new QGroupBox(tr("DNS")); dns_box->setCheckable(true); dns_box->setChecked(false); // dns_box->setStyleSheet("QGroupBox { color : black; }"); connect(dns_box, SIGNAL(toggled(bool)), this, SLOT(setDns(bool))); QVBoxLayout *dns_box_layout = new QVBoxLayout; dns_box_layout->addWidget(dns1_); dns_box_layout->addWidget(dns2_); dns_box->setLayout(dns_box_layout); // protocol protocol_unix_ = new QCheckBox("unix"); protocol_unix_->setChecked(true); registerField("protocol_unix", protocol_unix_); protocol_inet_ = new QCheckBox("inet"); protocol_inet_->setChecked(true); registerField("protocol_inet", protocol_inet_); protocol_inet6_ = new QCheckBox("inet6"); protocol_inet6_->setChecked(true); registerField("protocol_inet6", protocol_inet6_); protocol_netlink_ = new QCheckBox("netlink"); protocol_netlink_->setChecked(false); registerField("protocol_netlink", protocol_netlink_); protocol_packet_ = new QCheckBox("packet"); protocol_packet_->setChecked(false); registerField("protocol_packet", protocol_packet_); protocol_bluetooth_ = new QCheckBox("bluetooth"); protocol_bluetooth_->setChecked(false); registerField("protocol_bluetooth", protocol_bluetooth_); QGroupBox *protocol_box = new QGroupBox(tr("Network Protocol")); protocol_box->setCheckable(true); protocol_box->setChecked(false); // protocol_box->setStyleSheet("QGroupBox { color : black; }"); connect(protocol_box, SIGNAL(toggled(bool)), this, SLOT(setProtocol(bool))); QGridLayout *protocol_box_layout = new QGridLayout; protocol_box_layout->addWidget(protocol_unix_, 0, 0); protocol_box_layout->addWidget(protocol_inet_, 0, 1); protocol_box_layout->addWidget(protocol_inet6_, 1, 0); protocol_box_layout->addWidget(protocol_netlink_, 1, 1); protocol_box_layout->addWidget(protocol_packet_, 2, 0); protocol_box_layout->addWidget(protocol_bluetooth_, 2, 1); protocol_box->setLayout(protocol_box_layout); if (kernel_major == 3 && kernel_minor < 5) { if (arg_debug) printf("disabling protocol\n"); protocol_box->setEnabled(false); } QWidget *w = new QWidget; w->setMinimumHeight(8); QGridLayout *layout = new QGridLayout; layout->addWidget(label1, 0, 0); layout->addWidget(w, 1, 0); layout->addWidget(fs_box, 2, 0); layout->addWidget(home_box, 2, 1, 2, 1); layout->addWidget(net_box, 3, 0); layout->addWidget(dns_box, 4, 0); layout->addWidget(protocol_box, 4, 1); setLayout(layout); } bool ConfigPage::validatePage() { if (global_dns_enabled) { uint32_t addr; QString ip = dns1_->text(); if (!ip.isEmpty()) { const char *str = ip.toUtf8().data(); if (atoip(str, &addr)) { QMessageBox::warning(this, "Error", QString("Invalid IP address ") + ip); return false; } } ip = dns2_->text(); if (!ip.isEmpty()) { const char *str = ip.toUtf8().data(); if (atoip(str, &addr)) { QMessageBox::warning(this, "Error", QString("Invalid IP address ") + ip); return false; } } return true; } else return true; } void ConfigPage::setDns(bool on) { global_dns_enabled = on; } void ConfigPage::setProtocol(bool on) { global_protocol_enabled = on; } void ConfigPage::setHome(bool active) { home_->setEnabled(active); } int ConfigPage::nextId() const { return Wizard::Page_Config2; } ConfigPage2::ConfigPage2(QWidget *parent): QWizardPage(parent) { setTitle(global_title); // setSubTitle(global_subtitle); QLabel *label1 = new QLabel(tr("Step 3: Configure the sandbox... continued...")); // label1->setStyleSheet("QLabel { color : black; }"); nosound_ = new QCheckBox("Disable sound"); // nosound_->setStyleSheet("QCheckBox { color : black; }"); registerField("nosound", nosound_); nodvd_ = new QCheckBox("Disable CD-ROM/DVD devices"); // nodvd_->setStyleSheet("QCheckBox { color : black; }"); registerField("nodvd", nodvd_); novideo_ = new QCheckBox("Disable video camera devices"); // novideo_->setStyleSheet("QCheckBox { color : black; }"); registerField("novideo", novideo_); notv_ = new QCheckBox("Disable TV/DVB devices"); // notv_->setStyleSheet("QCheckBox { color : black; }"); registerField("notv", notv_); no3d_ = new QCheckBox("Disable 3D acceleration"); // no3d_->setStyleSheet("QCheckBox { color : black; }"); registerField("no3d", no3d_); nox11_ = new QCheckBox("Disable X11 support"); registerField("nox11", nox11_); QGroupBox *multimed_box = new QGroupBox(tr("Multimedia")); // multimed_box->setStyleSheet("QGroupBox { color : black; }"); QVBoxLayout *multimed_box_layout = new QVBoxLayout; multimed_box_layout->addWidget(nosound_); multimed_box_layout->addWidget(novideo_); multimed_box_layout->addWidget(nodvd_); multimed_box_layout->addWidget(notv_); multimed_box_layout->addWidget(no3d_); multimed_box_layout->addWidget(nox11_); multimed_box->setLayout(multimed_box_layout); // multimed_box->setFlat(false); // multimed_box->setCheckable(true); seccomp_ = new QCheckBox("Enable seccomp-bpf"); if (kernel_major == 3 && kernel_minor < 5) { if (arg_debug) printf("disabling seccomp-bpf\n"); seccomp_->setEnabled(false); } else seccomp_->setChecked(true); registerField("seccomp", seccomp_); caps_ = new QCheckBox("Disable all Linux capabilities"); caps_->setChecked(true); // caps_->setStyleSheet("QCheckBox { color : black; }"); registerField("caps", caps_); noroot_ = new QCheckBox("Restricted user namespace (noroot)"); if (kernel_major == 3 && kernel_minor < 8) { if (arg_debug) printf("disabling noroot\n"); noroot_->setEnabled(false); } else noroot_->setChecked(true); // noroot_->setStyleSheet("QCheckBox { color : black; }"); registerField("noroot", noroot_); apparmor_ = new QCheckBox("Enable AppArmor"); apparmor_->setChecked(true); registerField("apparmor", apparmor_); QGroupBox *kernel_box = new QGroupBox(tr("Kernel")); // kernel_box->setStyleSheet("QGroupBox { color : black; }"); QVBoxLayout *kernel_box_layout = new QVBoxLayout; kernel_box_layout->addWidget(seccomp_); kernel_box_layout->addWidget(caps_); kernel_box_layout->addWidget(noroot_); kernel_box_layout->addWidget(apparmor_); kernel_box->setLayout(kernel_box_layout); QWidget *w = new QWidget; w->setMinimumHeight(8); QGridLayout *layout = new QGridLayout; layout->addWidget(label1, 0, 0); layout->addWidget(w, 1, 0); layout->addWidget(multimed_box, 2, 0); layout->addWidget(kernel_box, 3, 0); setLayout(layout); } int ConfigPage2::nextId() const { return Wizard::Page_StartSandbox; } void ConfigPage2::initializePage() { if (field("sysnetwork").toBool()) nox11_->setEnabled(false); else nox11_->setEnabled(true); } StartSandboxPage::StartSandboxPage(QWidget *parent): QWizardPage(parent) { setTitle(global_title); // setSubTitle(global_subtitle); // fonts QFont bold; bold.setBold(true); QFont oldFont; oldFont.setBold(false); global_profile = new QTextEdit(); QLabel *label1 = new QLabel(tr("This is the configuration we created for your sandbox. " "You can modify it in the text box below.

" "For more information, visit us at http://firejail.wordpress.com.")); QLabel *label2 = new QLabel(tr("Press Done to start the sandbox.

")); QWidget *empty1 = new QWidget; empty1->setMinimumHeight(12); QWidget *empty2 = new QWidget; empty2->setMinimumHeight(25); QGridLayout *layout = new QGridLayout; layout->addWidget(empty1, 0, 0); layout->addWidget(label1, 1, 0); layout->addWidget(global_profile, 2, 0); layout->addWidget(label2, 3, 0); setLayout(layout); } void StartSandboxPage::initializePage() { QString txt = "# Custom profile for " + field("command").toString() + "\n"; // include txt += "\n# file system\n"; txt += "include /etc/firejail/disable-common.inc\n"; // home directory if (field("restricted_home").toBool()) { QString whitelist = global_home_widget->getContent(); if (whitelist.isEmpty()) whitelist = QString("private\n"); else whitelist += QString("include /etc/firejail/whitelist-common.inc\n"); txt += whitelist; } // filesystem if (field("private_tmp").toBool()) txt += "private-tmp\n"; if (field("private_dev").toBool()) txt += "private-dev\n"; if (field("mnt_media").toBool()) { txt += "blacklist /mnt\n"; txt += "blacklist /media\n"; } // network txt += "\n# network\n"; if (field("sysnetwork").toBool()) ; else if (field("nonetwork").toBool()) txt += "net none\n"; else if (field("netnamespace").toBool()) txt += "net " + global_ifname + "\n"; // dns if (global_dns_enabled) { QString dns1 = field("dns1").toString(); if (!dns1.isEmpty()) txt += "dns " + dns1 + "\n"; QString dns2 = field("dns2").toString(); if (!dns2.isEmpty()) txt += "dns " + dns2 + "\n"; } // network protocol if (global_protocol_enabled) { if (field("protocol_unix").toBool() || field("protocol_inet").toBool() || field("protocol_inet6").toBool() || field("protocol_netlink").toBool() || field("protocol_bluetooth").toBool() || field("protocol_packet").toBool()) { QString protocol = QString("protocol "); if (field("protocol_unix").toBool()) protocol += QString("unix,"); if (field("protocol_inet").toBool()) protocol += QString("inet,"); if (field("protocol_inet6").toBool()) protocol += QString("inet6,"); if (field("protocol_netlink").toBool()) protocol += QString("netlink,"); if (field("protocol_packet").toBool()) protocol += QString("packet"); if (field("protocol_bluetooth").toBool()) protocol += QString("bluetooth"); txt += protocol + "\n"; } } // multimedia txt += "\n# multimedia\n"; if (field("nosound").toBool()) txt += "nosound\n"; if (field("no3d").toBool()) txt += "no3d\n"; if (field("nox11").toBool()) txt += "x11 none\n"; if (field("nodvd").toBool()) txt += "nodvd\n"; if (field("novideo").toBool()) txt += "novideo\n"; if (field("notv").toBool()) txt += "notv\n"; // kernel txt += "\n# kernel\n"; if (field("seccomp").toBool()) { txt += "seccomp\n"; txt += "nonewprivs\n"; } if (field("caps").toBool()) txt += "caps.drop all\n"; if (field("noroot").toBool()) txt += "noroot\n"; if (field("apparmor").toBool()) txt += "apparmor\n"; global_profile->setText(txt); } int StartSandboxPage::nextId() const { return -1; } ================================================ FILE: src/firejail-ui/wizard.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef LICENSEWIZARD_H #define LICENSEWIZARD_H #include "firejail_ui.h" #include class QCheckBox; class QLabel; class QLineEdit; class QRadioButton; class QPushButton; class HomeWidget; class QListWidget; class QListWidgetItem; class QTextEdit; struct AppEntry; class Wizard : public QWizard { Q_OBJECT public: enum { Page_Application, Page_Config, Page_Config2, Page_StartSandbox }; Wizard(QWidget *parent = 0); void accept(); private slots: void showHelp(); }; class ApplicationPage : public QWizardPage { Q_OBJECT public: ApplicationPage(QWidget *parent = 0); int nextId() const; protected: void keyPressEvent(QKeyEvent *event); private slots: void groupChanged(QListWidgetItem * current, QListWidgetItem * previous); void groupClicked(QListWidgetItem*); void appClicked(QListWidgetItem*); void browseClicked(); private: AppEntry *appdb_; QListWidget *app_; QListWidget *group_; QLineEdit *command_; QRadioButton *use_default_; QRadioButton *use_custom_; QPushButton *browse_; }; class ConfigPage : public QWizardPage { Q_OBJECT public: ConfigPage(QWidget *parent = 0); bool validatePage(); int nextId() const; public slots: void setHome(bool); void setDns(bool); void setProtocol(bool); private: // filesystem QCheckBox *whitelisted_home_; QCheckBox *private_dev_; QCheckBox *private_tmp_; QCheckBox *mnt_media_; HomeWidget *home_; // networking QRadioButton *sysnetwork_; QRadioButton *nonetwork_; QRadioButton *netnamespace_; // DNS QLineEdit *dns1_; QLineEdit *dns2_; QCheckBox *dns1check_; QCheckBox *dns2check_; // protocol QCheckBox *protocol_unix_; QCheckBox *protocol_inet_; QCheckBox *protocol_inet6_; QCheckBox *protocol_netlink_; QCheckBox *protocol_packet_; QCheckBox *protocol_bluetooth_; }; class ConfigPage2 : public QWizardPage { Q_OBJECT public: ConfigPage2(QWidget *parent = 0); int nextId() const; void initializePage(); public slots: private: // multimedia QCheckBox *nosound_; QCheckBox *no3d_; QCheckBox *nodvd_; QCheckBox *novideo_; QCheckBox *notv_; QCheckBox *nox11_; // kernel QCheckBox *seccomp_; QCheckBox *caps_; QCheckBox *noroot_; QCheckBox *apparmor_; }; class StartSandboxPage : public QWizardPage { Q_OBJECT public: StartSandboxPage(QWidget *parent = 0); void initializePage(); int nextId() const; private slots: private: }; #endif ================================================ FILE: src/firetools/applications.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include #include "firetools.h" #include "applications.h" #include "../common/utils.h" #include "../../firetools_config_extras.h" #include #include QList applist; /* From: http://standards.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html Icons and themes are looked for in a set of directories. By default, apps should look in $HOME/.icons (for backwards compatibility), in $XDG_DATA_DIRS/icons and in / usr/share/pixmaps (in that order). Applications may further add their own icon directories to this list, and users may extend or change the list (in application/desktop specific ways).In each of these directories themes are stored as subdirectories. A theme can be spread across several base directories by having subdirectories of the same name. This way users can extend and override system themes. In order to have a place for third party applications to install their icons there should always exist a theme called "hicolor" [1]. The data for the hicolor theme is available for download at: http://www.freedesktop.org/software/icon-theme/. I mplementations are required to look in the "hicolor" theme if an icon was not found in the current theme. */ // compare strings static inline bool compare_ignore_case(QString q1, QString q2) { q1 = q1.toLower(); q2 = q2.toLower(); return q1 == q2; } static QString walk(QString path, QString name) { QDirIterator it(path, QDirIterator::Subdirectories); while (it.hasNext()) { it.next(); QFileInfo fi = it.fileInfo(); if (fi.isFile() && compare_ignore_case(fi.baseName(), name)) { if (arg_debug) printf("\t- %s\n", fi.canonicalFilePath().toUtf8().data()); return fi.canonicalFilePath(); } } return QString(""); } static QIcon resize48x48(QIcon icon) { QSize sz = icon.actualSize(QSize(64, 64)); if (arg_debug) printf("\t- input pixmap: w %d, h %d\n", sz.width(), sz.height()); QPixmap pix = icon.pixmap(sz.height(), sz.width()); QPixmap pixin; int delta = 0; if (sz.height() == sz.width() && sz.height() <= 40) { pixin = pix.scaled(40, 40); delta = 12; } else { pixin = pix.scaled(48, 48); delta = 8; } QPixmap pixout(64, 64); pixout.fill(QColor(0, 0, 0, 0)); QPainter *paint = new QPainter(&pixout); paint->drawPixmap(delta, delta, pixin); if (arg_debug) printf("\t- output pixmap: w %d, h %d\n", pixout.width(), pixout.height()); paint->end(); return QIcon(pixout); } QIcon loadIcon(QString name) { if (arg_debug) printf("searching icon %s\n", name.toLocal8Bit().data()); if (name == ":resources/fstats" || name == ":resources/firejail-ui") { if (arg_debug) printf("\t- resource\n"); return QIcon(name); // not resized, using the real 64x64 size } if (name.startsWith(":resources")) { if (arg_debug) printf("\t- resource\n"); return resize48x48(QIcon(name)); } if (name.startsWith('/')) { if (arg_debug) printf("\t- full path\n"); return resize48x48(QIcon(name)); } // Look for the file in Firejail config directory under /home/user QString conf = QDir::homePath() + "/.config/firetools/" + name + ".png"; QFileInfo checkFile1(conf); if (checkFile1.exists() && checkFile1.isFile()) { if (arg_debug) printf("\t- local config dir, png file\n"); return QIcon(conf); } conf = QDir::homePath() + "/.config/firetools/" + name + ".jpg"; QFileInfo checkFile2(conf); if (checkFile2.exists() && checkFile2.isFile()) { if (arg_debug) printf("\t- local config dir, jpg file\n"); return QIcon(conf); } if (!svg_not_found) { conf = QDir::homePath() + "/.config/firetools/" + name + ".svg"; QFileInfo checkFile3(conf); if (checkFile3.exists() && checkFile3.isFile()) { if (arg_debug) printf("\t- local config dir, svg file\n"); return QIcon(conf); } } if (QIcon::hasThemeIcon(name)) { if (arg_debug) printf("\t- fromTheme\n"); return resize48x48(QIcon::fromTheme(name)); } { QString qstr = walk("/usr/share/icons", name); if (!qstr.isEmpty()) { return resize48x48(QIcon(qstr)); } } { QDirIterator it("/usr/share/pixmaps", QDirIterator::Subdirectories); while (it.hasNext()) { it.next(); QFileInfo fi = it.fileInfo(); if (fi.isFile() && compare_ignore_case(fi.baseName(), name)) { if (arg_debug) printf("\t- /usr/share/pixmaps\n"); QIcon icon = QIcon(fi.canonicalFilePath()); return resize48x48(icon); } } } return QIcon(); } bool applist_check(QString name) { QList::iterator it; for (it = applist.begin(); it != applist.end(); ++it) { if (it->name_ == name) return true; } return false; } void applist_print() { QList::iterator it; for (it = applist.begin(); it != applist.end(); ++it) printf("\t%s\n", it->name_.toLocal8Bit().constData()); } int applications_init(const char *fname) { assert(fname); // load default apps if (arg_debug) printf("Loading applications from %s\n", fname); char *newfname = NULL; if (strncmp(fname, "~/", 2) == 0) { struct passwd *pw = getpwuid(getuid()); if (!pw) errExit("getpwuid"); if (asprintf(&newfname, "%s/%s", pw->pw_dir, fname + 2) == -1) errExit("asprintf"); } FILE *fp = fopen((newfname)? newfname: fname, "r"); if (!fp) return 0; char buf[1024]; int line = 0; int cnt = 0; while (fgets(buf, sizeof(buf), fp)) { line++; // comment if (*buf == '#') continue; char *ptr = strchr(buf, '\n'); if (ptr) *ptr = '\0'; char *name = buf; while (*name == ' ' || *name == '\t') name++; if (*name == '\0') continue; ptr = strchr(name, ';'); if (!ptr) { fprintf(stderr, "Error: invalid line %d in %s\n", line, PACKAGE_LIBDIR "/uiapps"); exit(1); } *ptr++ = '\0'; char *description = ptr; ptr = strchr(description, ';'); if (!ptr) { fprintf(stderr, "Error: invalid line %d in %s\n", line, PACKAGE_LIBDIR "/uiapps"); exit(1); } *ptr++ = '\0'; char *icon = ptr; char *command = NULL; ptr = strchr(icon, ';'); if (ptr) { *ptr++ = '\0'; command = ptr; } if (arg_debug) { printf("checking #%s#%s#%s#%s\n", name, description, icon, (command)? command: ""); } // do we have the program? if (which(name) == false) continue; if (command && strncmp(command, "PACKAGE_LIBDIR", 14) == 0) { char *newcmd; if (asprintf(&newcmd, PACKAGE_LIBDIR "%s", command + 14) == -1) errExit("asprintf"); command = newcmd; } QIcon qi = loadIcon(icon); if (qi.isNull()) continue; applist.append(Application(name, description, command, qi)); cnt++; } fclose(fp); if (arg_debug) printf("%d applications added\n", cnt); return cnt; } ================================================ FILE: src/firetools/applications.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef APPLICATIONS_H #define APPLICATIONS_H #include #include #include #define TOP 10 #define MARGIN 2 #define AFRAMES 6 // animation frames #define ADELAY 20 // animation delay #define ROWS 6 // applications.cpp struct Application { QString name_; QString description_; QString exec_; QIcon app_icon_; Application(const char *name, const char *description, const char *exec, QIcon app_icon): name_(name), description_(description), exec_(exec), app_icon_(app_icon) { if (exec == NULL || strlen(exec) == 0) exec_ = QString("firejail ") + name; } }; extern QList applist; int applications_init(const char *fname); bool applist_check(QString name); void applications_print(); void applist_print(); #endif ================================================ FILE: src/firetools/firetools.desktop ================================================ [Desktop Entry] Name=Firetools Comment=Firejail Tools and Stats Exec=firetools Icon=firetools Terminal=false Type=Application Categories=Qt;System;Security; Keywords=jail;security;seccomp; ================================================ FILE: src/firetools/firetools.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef FIRETOOLS_H #define FIRETOOLS_H #include "../common/common.h" typedef enum { GRAPH_4MIN = 0, GRAPH_1H, GRAPH_12H } GraphType; extern int arg_debug; extern int svg_not_found; #endif ================================================ FILE: src/firetools/firetools.pro ================================================ QMAKE_CXXFLAGS += $$(CXXFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_CFLAGS += $$(CFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_LFLAGS += $$(LDFLAGS) -Wl,-z,relro -Wl,-z,now QT += widgets HEADERS = mainwindow.h ../common/utils.h ../common/common.h applications.h \ firetools.h SOURCES = mainwindow.cpp \ main.cpp \ ../common/utils.cpp \ ../common/pid.cpp \ applications.cpp RESOURCES = firetools.qrc TARGET=../../build/firetools ================================================ FILE: src/firetools/firetools.qrc ================================================ resources/firetools.png resources/firetools-minimal.png resources/fstats.png resources/firejail-ui.png resources/icedove.png resources/firefox.png resources/libreoffice-writer.png resources/gnome-terminal.png resources/signal-desktop.png ================================================ FILE: src/firetools/main.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include "firetools.h" #include "mainwindow.h" #include "../common/utils.h" #include "../../firetools_config.h" int arg_debug = 0; int svg_not_found = 0; // desktop file content for autostart static const char *deskfile_minimize = "[Desktop Entry]\n" "Name=Firetools\n" "Comment=Firejail tools & stats\n" "Exec=firetools --minimize\n" "Icon=firetools\n" "Terminal=false\n" "Type=Application\n" "Categories=Qt;System;Security;\n"; // Usage instructions for the command line output static void usage() { printf("firetools - Firejail tools and stats utility\n\n"); printf("Usage: firetools [options]\n\n"); printf("Options:\n"); printf("\t--autostart - configure firetools to run automatically in system tray\n"); printf("\t\twhen X11 session is started\n\n"); printf("\t--debug - debug mode\n\n"); printf("\t--help - this help screen\n\n"); printf("\t--minimize - start the program minimized in system tray\n\n"); printf("\t--version - print software version and exit\n\n"); } int main(int argc, char *argv[]) { int arg_minimize = 0; // Parse arguments for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--debug") == 0) arg_debug = 1; else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") == 0) { usage(); return 0; } else if (strcmp(argv[i], "--version") == 0) { printf("Firetools version " PACKAGE_VERSION "\n"); return 0; } else if (strcmp(argv[i], "--autostart") == 0) { // Find home directory char *home = get_home_directory(); if (!home) { fprintf(stderr, "Error: cannot find user home directory"); return 1; } // Create a .config/autostart directory if it doesn't exist char *autodir; if (asprintf(&autodir, "%s/.config/autostart", home) == -1) errExit("asprintf"); int rv = mkdir(autodir, 0755); (void) rv; // Create desktop file char *autofile; if (asprintf(&autofile, "%s/.config/autostart/firetools.desktop", home) == -1) errExit("asprintf"); FILE *fp = fopen(autofile, "w"); if (!fp) { fprintf(stderr, "Error: cannot open %s\n", autofile); return 1; } fprintf(fp, "%s\n", deskfile_minimize); fclose(fp); printf("firetools autostart configured\n"); return 0; } else if (strcmp(argv[i], "--minimize") == 0) arg_minimize = 1; else { fprintf(stderr, "Error: invalid option\n"); usage(); return 1; } } #if QT_VERSION >= 0x050000 struct stat s; // Test run time dependencies - print warning and continue program QString ppath = QLibraryInfo::location(QLibraryInfo::PluginsPath); ppath += "/imageformats/libqsvg.so"; if (stat(ppath.toUtf8().constData(), &s) == -1) { fprintf(stderr, "Warning: QT5 SVG support not installed, please install libqt5svg5 package\n"); svg_not_found = 1; } #endif // Test run time dependencies - exit if (!which("firejail")) { fprintf(stderr, "Error: firejail package not found, please install it!\n"); exit(1); } // Create firetools directory if it doesn't exist create_config_directory(); // Initialize resources Q_INIT_RESOURCE(firetools); QApplication app(argc, argv); MainWindow fc; if (!arg_minimize) fc.show(); // Configure system tray QSystemTrayIcon icon(QIcon(":resources/firetools-minimal.png")); icon.show(); icon.setToolTip("Firetools (click to open)"); QMenu *trayIconMenu = new QMenu(&fc); trayIconMenu->addAction(fc.minimizeAction); trayIconMenu->addAction(fc.restoreAction); trayIconMenu->addSeparator(); trayIconMenu->addAction(fc.quitAction); icon.setContextMenu(trayIconMenu); icon.connect(&icon, SIGNAL(activated(QSystemTrayIcon: :ActivationReason)), &fc, SLOT(trayActivated(QSystemTrayIcon: :ActivationReason))); // Direct all errror to /dev/null to work around this qt bug: // https://bugreports.qt.io/browse/QTBUG-43270 FILE *rv = NULL; if (!arg_debug) { rv = freopen( "/dev/null", "w", stderr ); (void) rv; } // Start application int tmp = app.exec(); (void) tmp; if (rv) fclose(rv); } ================================================ FILE: src/firetools/mainwindow.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "firetools.h" #include #if QT_VERSION >= 0x050000 #include #else #include #endif #include "../../firetools_config_extras.h" #include "../../firetools_config.h" #include "mainwindow.h" #include "../common/utils.h" #include "applications.h" MainWindow::MainWindow(QWidget *parent): QWidget(parent, Qt::FramelessWindowHint | Qt::WindowSystemMenuHint) { active_index_ = -1; animation_id_ = 0; app_cnt_ = 0; cols_ = 0; // check firejail if (!which("firejail")) { QMessageBox::warning(this, tr("Firetools"), tr("
Firejail software not found. Please install it.


")); exit(1); } // check if we have permission to run firejail char *testrun = run_program("firejail /bin/true 2>&1"); if (!testrun || strstr(testrun, "Error")) { QMessageBox::warning(this, tr("Firetools"), tr("
Cannot run Firejail sandbox, you may not have
the correct permissions to access this program.


")); exit(1); } // check svg support #if QT_VERSION >= 0x050000 QList flist = QImageReader::supportedImageFormats(); bool svgfound = false; for (int i = 0; i < flist.size(); i++) { QByteArray a = flist.at(i); const char *str = a.constData(); if (strcmp(str, "svg") == 0) svgfound = true; } if (!svgfound) { QMessageBox::warning(this, tr("Firetools"), tr("
Qt5 SVG icon library not found. Please install it:
" "sudo apt-get install libqt5svg5

")); } #endif app_cnt_ = applications_init(PACKAGE_LIBDIR "/uiapps"); app_cnt_ += applications_init("~/.config/firetools/uiapps"); cols_ = app_cnt_ / ROWS; if (app_cnt_ % ROWS) cols_++; createTrayActions(); createLocalActions(); setContextMenuPolicy(Qt::ActionsContextMenu); setToolTip(tr("Double click on an icon to open an application.\n" "Drag the launcher with the left mouse button.\n" "Use the right mouse button to open a context menu.")); setWindowTitle(tr("Firetools")); } // Run statistics tools void MainWindow::runTools() { // start fstats as a separate process int rv = system(PACKAGE_LIBDIR "/fstats &"); (void) rv; } // Start firejail-ui void MainWindow::newSandbox() { // start firejail-ui as a separate process int rv = system("firejail-ui &"); (void) rv; } // About window void MainWindow::runAbout() { QString msg = ""; msg += "
" + tr( "Firetools is a GUI application for Firejail. " "It offers a system tray launcher for sandboxed apps, " "sandbox editing, management, and statistics. " "The software package also includes a sandbox configuration wizard, firejail-ui.
" "
" "Firejail is a SUID sandbox program that reduces the risk of security " "breaches by restricting the running environment of untrusted applications " "using Linux namespaces, Linux capabilities and seccomp-bpf.

") + tr("Firetools version:") + " " + PACKAGE_VERSION + "
" + tr("QT version: ") + " " + QT_VERSION_STR + "
" + tr("License:") + " GPL v2
" + tr("Homepage:") + " " + QString(PACKAGE_URL) + "


"; QMessageBox::about(this, tr("About"), msg); } // Mouse events: mouse release void MainWindow::mouseReleaseEvent(QMouseEvent *event) { if (event->button() == Qt::LeftButton) { int x = event->pos().x(); int y = event->pos().y(); if (x >= MARGIN * 2 + cols_ * 64 - 16 && x <= MARGIN * 2 + cols_ * 64 + 4 && y >= 4 && y <= 15) { showMinimized(); } event->accept(); active_index_ = -1; } } // Mouse events: mouse press void MainWindow::mousePressEvent(QMouseEvent *event) { if (event->button() == Qt::LeftButton) { dragPosition_ = event->globalPos() - frameGeometry().topLeft(); event->accept(); active_index_ = -1; } } // Mouse events void MainWindow::mouseMoveEvent(QMouseEvent *event) { if (event->buttons() & Qt::LeftButton) { move(event->globalPos() - dragPosition_); event->accept(); } } // Mouse events: double-click void MainWindow::mouseDoubleClickEvent(QMouseEvent *event) { if (event->button() == Qt::LeftButton) { QPoint pos = event->pos(); int index = app_get_index(pos); if (index != -1) { QString exec = applist[index].exec_ + " &"; int rv = system(exec.toStdString().c_str()); (void) rv; event->accept(); animation_id_ = AFRAMES; active_index_ = index; QTimer::singleShot(0, this, SLOT(update())); } } } // Main window visual design void MainWindow::paintEvent(QPaintEvent *) { // Start painting QPainter painter(this); painter.setRenderHint(QPainter::Antialiasing); // Window size hint QSize sz = sizeHint(); // Window rectangle size coordinates QRect windowRectSize(0, 0, sz.width(), sz.height()); // Background color for the main window // (dark gray) QBrush windowBackgroundColor(QColor(68, 68, 68)); // Fills the given rectangle with the specified color values. // https://doc.qt.io/qt-5.10/qpainter.html#drawRect painter.fillRect(windowRectSize, windowBackgroundColor); // Loop icons to rows int i = 0; int j = 0; for (; i < app_cnt_; i++, j++) { if (j >= ROWS) j = 0; // Select icon from the looped items QIcon icon = applist[i].app_icon_; int sz = 64 ; if (active_index_ == i) sz -= animation_id_ * 3; // More details and examples: // - https://doc.qt.io/qt-5.10/qpainter.html#drawPixmap // Target int pixmapTargetXposition = MARGIN * 2 + (64 - sz) / 2 + (i / ROWS) * 64; int pixmapTargetYposition = MARGIN *2 + j * 64 + TOP + (64 - sz) / 2; QPoint pixmapTarget(pixmapTargetXposition, pixmapTargetYposition); // Source int pixmapWidth = sz; int pixmapHeight = sz; QSize pixmapSize(pixmapWidth, pixmapHeight); // "The QPixmap class is an off-screen image representation that can be used as a paint device." // - https://doc.qt.io/qt-5.10/qpixmap.html // "Returns a pixmap with the requested size, mode, and state," // - https://doc.qt.io/qt-5.10/qicon.html#pixmap QPixmap pixmap = icon.pixmap(pixmapSize, QIcon::Normal, QIcon::On); // Paint pixmap items painter.drawPixmap(pixmapTarget, pixmap); } // Close button // Rectangle size & coordinates for the close button // QRect closeButtonRectSize(MARGIN * 2 + cols * 64 - 8, 8, 12, 3); QRect closeButtonRectSize(MARGIN * 2 + cols_ * 64 - 14,6, 12, 3); // Color for the close button QBrush closeButtonRectColor(Qt::white); // Fills the given rectangle with the color painter.fillRect(closeButtonRectSize, closeButtonRectColor); // Default font painter.setFont(QFont("Sans", TOP, QFont::Normal)); // Animation timer detay if animations are enabled if (animation_id_ > 0) { animation_id_--; QTimer::singleShot(ADELAY, this, SLOT(update())); } } // Window resize void MainWindow::resizeEvent(QResizeEvent * /* event */) { // margins QRegion m1(0, 0, cols_ * 64 + MARGIN * 4, TOP + ROWS * 64 + MARGIN * 4); QRegion m2(MARGIN, MARGIN + TOP, cols_ * 64 + MARGIN * 2, ROWS * 64 + MARGIN * 2); QRegion m3(MARGIN * 2, MARGIN * 2 + TOP, cols_ * 64, ROWS * 64); QRegion all = m1.subtracted(m2); all = all.united(m3); setMask(all); } // Window size hint QSize MainWindow::sizeHint() const { return QSize(64 * cols_ + MARGIN * 4, ROWS * 64 + MARGIN * 4 + TOP); } bool MainWindow::event(QEvent *event) { if (event->type() == QEvent::ToolTip) { QHelpEvent *helpEvent = static_cast(event); int index = app_get_index(helpEvent->pos()); if (index == -1) { int x = helpEvent->pos().x(); int y = helpEvent->pos().y(); if (x >= MARGIN * 2 + cols_ * 64 - 8 && x <= MARGIN * 2 + cols_ * 64 + 4 && y >= 4 && y <= 15) { QToolTip::showText(helpEvent->globalPos(), QString("Minimize")); return true; } else if (x >= 0 && x < 64 && y >= 4 && y <= 15) { QToolTip::showText(helpEvent->globalPos(), QString("Run tools")); return true; } else QToolTip::hideText(); } else { QToolTip::showText(helpEvent->globalPos(), applist[index].description_); return true; } } return QWidget::event(event); } void MainWindow::trayActivated(QSystemTrayIcon::ActivationReason reason) { if (reason == QSystemTrayIcon::Context) return; if (reason == QSystemTrayIcon::DoubleClick) return; if (reason == QSystemTrayIcon::MiddleClick) return; if (isVisible()) hide(); else showNormal(); } void MainWindow::createTrayActions() { minimizeAction = new QAction(tr("Mi&nimize"), this); connect(minimizeAction, SIGNAL(triggered()), this, SLOT(hide())); restoreAction = new QAction(tr("&Restore"), this); connect(restoreAction, SIGNAL(triggered()), this, SLOT(showNormal())); quitAction = new QAction(tr("&Quit"), this); connect(quitAction, SIGNAL(triggered()), this, SLOT(main_quit())); } void MainWindow::createLocalActions() { QAction *newsandbox = new QAction(tr("&Configuration"), this); connect(newsandbox, SIGNAL(triggered()), this, SLOT(newSandbox())); addAction(newsandbox); QAction *runtools = new QAction(tr("&Statistics"), this); connect(runtools, SIGNAL(triggered()), this, SLOT(runTools())); addAction(runtools); QAction *separator1 = new QAction(this); separator1->setSeparator(true); addAction(separator1); QAction *about = new QAction(tr("&About"), this); connect(about, SIGNAL(triggered()), this, SLOT(runAbout())); addAction(about); qhelp_ = new QAction(tr("&Help"), this); connect(qhelp_, SIGNAL(triggered()), this, SLOT(help())); addAction(qhelp_); QAction *separator2 = new QAction(this); separator2->setSeparator(true); addAction(separator2); QAction *qminimize = new QAction(tr("&Minimize"), this); connect(qminimize, SIGNAL(triggered()), this, SLOT(showMinimized())); addAction(qminimize); QAction *qquit = new QAction(tr("&Quit"), this); connect(qquit, SIGNAL(triggered()), this, SLOT(main_quit())); addAction(qquit); } // Help dialog void MainWindow::help() { QMessageBox msgBox; QString txt; txt += "
"; txt += "Double click on an icon to sandbox the application. "; txt += "Click on \"-\" in the right top corner to minimize the program in the system tray. "; txt += "Drag the launcher with the left mouse button.

\n"; txt += "Use the right mouse button to open the context menu.

\n"; txt += "   Configuration: run the configuration wizard.
\n"; txt += "   Statistics: open the stats window.
\n"; txt += "   About: program version.
\n"; txt += "   Help: this help window.
\n"; txt += "   Minimize: minimize the launcher
\n"; txt += "   Quit: shut down the lprogram.

\n"; txt += "The list of applications recognized automatically by Firetools is stored in /usr/lib/firetools/applist. "; txt += "To add more applications to the list drop a similar file in your home directory in ~/.config/firetools/uiapps.

"; QMessageBox::about(this, tr("Firetools"), txt); } // Shutdown sequence void MainWindow::main_quit() { printf("exiting...\n"); // delete application list QList::iterator it = applist.begin(); while (it !=applist.end()) it = applist.erase(it); qApp->quit(); } int MainWindow::app_get_index(QPoint pos) { if (pos.y() < (MARGIN * 2 + TOP)) return -1; if (pos.x() > (MARGIN * 2) && pos.x() < (MARGIN * 2 + cols_ * 64)) { int index_y = (pos.y() - 2 * MARGIN - TOP) / 64; int index_x = (pos.x() - 2 * MARGIN) / 64; int index = index_y + index_x * ROWS; if (index < app_cnt_) return index; } return -1; } ================================================ FILE: src/firetools/mainwindow.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef MAINWINDOW_H #define MAINWINDOW_H #include #include #include class MainWindow : public QWidget { Q_OBJECT public: MainWindow(QWidget *parent = 0); QSize sizeHint() const; protected: void mouseMoveEvent(QMouseEvent *event); void mousePressEvent(QMouseEvent *event); void mouseReleaseEvent(QMouseEvent *event); void mouseDoubleClickEvent(QMouseEvent *event); void paintEvent(QPaintEvent *event); void resizeEvent(QResizeEvent *event); bool event(QEvent *event); public slots: void trayActivated(QSystemTrayIcon::ActivationReason); private slots: void runTools(); void help(); void main_quit(); void newSandbox(); void runAbout(); private: void createTrayActions(); void createLocalActions(); int app_get_index(QPoint pos); private: QPoint dragPosition_; QAction *qhelp_; int active_index_; int animation_id_; int app_cnt_; // number of applications int cols_; // number of columns public: // tray QAction *minimizeAction; QAction *restoreAction; QAction *quitAction; }; #endif ================================================ FILE: src/firetools/uiapps ================================================ # Program list for Firetools # # Each line defines an application, with semicolons separated fields as follows: # # executable; description; icon; (optional) command for starting Firejail # # Examples: # # inkscape;Inkscape SVG Editor;inkscape # calibre;Calibre eBook Reader;/usr/share/calibre/images/lt.png # # Lines starting in # are comments. # # default apps for Firetools firejail-ui;Configuration;:resources/firejail-ui;firejail-ui firetools;Statistics;:resources/fstats;PACKAGE_LIBDIR/fstats # Accessories calibre;Calibre eBook Reader;/usr/share/calibre/images/lt.png cherrytree;CherryTree Note Taking Application;cherrytree eog;Eye of Gnome Image Viewer;eog eom;Eye of MATE Image Viewer;eom fbreader;eBook Reader;FBReader galculator;Calculator;galculator gnome-calculator;Gnome Calculator;gnome-calculator gpicview;GPicView Image Viewer;gpicview gthumb;gThumb Image Viewer;gthumb gwenview;Gwenview Image Viewer;gwenview kcalc;KDE Calculator;kcalc keepass;KeePass Pasword Manager;keepass keepass2;KeePass2 Pasword Manager;keepass2 keepassx;KeePassX Pasword Manager;keepassx keepassx2;KeePassX2 Pasword Manager;keepassx2 keepassxc;KeePassXC Pasword Manager;keepassxc pix;Pix Image Management Application;pix urxvt;rxvt-unicode Terminal;urxvt xviewer;xviewer Image Viewer;xviewer xreader;Xreader Document Viewer;xreader xterm;xterm Terminal;:resources/gnome-terminal.png # Games 0ad;0AD Game;0ad 2048-qt;2048 Game;2048-qt 3Dc;Play chess across 3 boards!;3dchess etr;Extreme Tux Racer Game;etr frozen-bubble;Frozen-Bubble Game;frozen-bubble pingus;Pingus Game;pingus supertux2;Super Tux Game;supertux warzone2100;Warzone 2100 Game;warzone2100 # Graphics digikam;digiKam Photo Editor;digikam gimp;Gimp Graphic Editor;gimp inkscape;Inkscape SVG Editor;inkscape kolourpaint;KolourPaint Image Editor;kolourpaint kamoso;KDE Camera Utility;kamoso krita;krita Graphic Editor;krita openshot;OpenShot Video Editor;openshot showfoto;showfoto Image Viewer and Editor;showfoto # Internet akregator;RSS/Atom Feed Aggregator;akregator chromium;Chromium Web Browser;chromium chromium-browser;Chromium Web Browser;chromium-browser deluge;Deluge BitTorrent Client;deluge empathy;Empathy Messaging Client;empathy falkon;Falkon Web Browser;falkon filezilla;FileZilla File Transfer Application;filezilla firefox;Mozilla Firefox;:resources/firefox hexchat;HexChat Messaging Client;hexchat icecat;GNU IceCat;:resources/firefox icedove;Debian Icedove Email Client;:resources/icedove iceweasel;Debian Iceweasel;:resources/firefox google-chrome;Google Chrome;google-chrome midori;Midori Web Browser;midori netsurf;Netsurf Web Browser;netsurf opera;Opera Web Browser;opera pidgin;Pidgin Messaging Client;pidgin qbittorrent;qBittorrent Client;qbittorrent quassel;Quassel IRC Client;quassel signal-desktop;Signal Messenger;:resources/signal-desktop.png thunderbird;Thunderbird Email Client;thunderbird transmission-gtk;Transmission BitTorrent Client;transmission transmission-qt;Transmission BitTorrent Client;transmission xchat;XChat Messaging Client;xchat # Office abiword;Abiword Word Processor;abiword emacs;GNU Emacs Text Editor;emacs evince;Evince PDF Viewer;evince gedit;GNOME Text Eeditor;org.gnome.gedit jedit;jEdit Text Editor;jedit kate;Kate Text Editor;kate kile;Kile KDE Integrated LaTeX Environment;kile kwrite;KDE Text Editor;kwrite leafpad;leafpad Text Editor;leafpad lowriter;LibreOffice Writer;:resources/libreoffice-writer.png mousepad;Mousepad Text Editor;accessories-text-editor okular;Okular Universal Document Viewer;okular qpdfview;qPDFView PDF Viewer;qpdfview scribus;Scribus Page Layout Program;scribus xpdf;Xpdf PDF Viewer;xpdf # Sound and video amarok;Amarok Media Player;amarok audacious;Audacious Media Player;audacious audacity;Audacity Sound Editor;audacity audex;Audio Ripper;audex clementine;Clementine Media Player;application-x-clementine dragon;Dragon Player;dragonplayer elisa;Simple KDE Music Player;elisa ghb;HandBrake Media Convertor;hb-icon gnome-mplayer;GNOME Media Player;gnome-mplayer haruna;Haruna Video Player;haruna k3b;K3b CD/DVD Burning/Riping Application;k3b kaffeine;Kaffeine Media Player;kaffeine kdenlive;Kdenlive Video Editor;kdenlive kget;KDE Download Manager;kget kid3;KDE Audio Tagger;kid3 kino;Kino Video Player;kino kmail;KMail Email Client;kmail kmix;KDE Sound Channel Mixer;kmix kmplayer;KDE Multimedia Player;kmplayer konqueror;Konqueror Web Browser;konqueror konversation;Konversation IRC Client;konversation kopete;Kopete Instant Messaging;kopete ktorrent;Ktorrent BitTorrent Client;ktorrent kwave;KWave Sound Editor;kwave mpv;MPV Media Player;mpv;firejail mpv --player-operation-mode=pseudo-gui rhythmbox;Rhythmbox Media Player;rhythmbox smplayer;SMPlayer Media Player;smplayer subtitlecomposer;KDE Subtitle Composer;subtitlecomposer totem;Totem Media Player;totem vlc;VideoLAN Client;vlc xplayer;Xplayer Media Player;xplayer ================================================ FILE: src/fmgr/config.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "fmgr.h" #include "../common/utils.h" #define DEFAULT_X_SIZE 500 #define DEFAULT_Y_SIZE 500 #define MINSIZE 500 #define BUFSIZE 4096 void config_read_screen_size(int *x, int *y) { // set defaults *x = DEFAULT_X_SIZE; *y = DEFAULT_X_SIZE; // open config file char *cfgdir = get_config_directory(); if (!cfgdir) return; char *fname; if (asprintf(&fname, "%s/fmgr.config", cfgdir) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); free(fname); if (!fp) return; // read file and parse it char buf[BUFSIZE]; while (fgets(buf, BUFSIZE, fp)) { char *ptr = buf; while (*ptr == ' ' || *ptr == '\t') ptr++; if (strncmp(ptr, "x ", 2) == 0) { ptr += 2; if (sscanf(ptr, "%d", x) != 1) { fprintf(stderr, "Error: invalid X size in ~/.config/firetools/fmgr.config\n"); fclose(fp); return; } } else if (strncmp(ptr, "y ", 2) == 0) { ptr += 2; if (sscanf(ptr, "%d", y) != 1) { fprintf(stderr, "Error: invalid Y size in ~/.config/firetools/fmgr.config\n"); fclose(fp); return; } } } fclose(fp); } void config_write_screen_size(int x, int y) { x = (x < MINSIZE)? DEFAULT_X_SIZE: x; y = (y < MINSIZE)? DEFAULT_Y_SIZE: y; // open config file char *cfgdir = get_config_directory(); if (!cfgdir) return; char *fname; if (asprintf(&fname, "%s/fmgr.config", cfgdir) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "w"); free(fname); if (!fp) return; // write file fprintf(fp, "x %d\n", x); fprintf(fp, "y %d\n", y); fclose(fp); } ================================================ FILE: src/fmgr/fmgr.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef FIREFM_H #define FIREFM_H #include #include #include #include "../common/common.h" #include "../common/utils.h" // main.cpp extern int arg_debug; // config.cpp void config_read_screen_size(int *x, int *y); void config_write_screen_size(int x, int y); #endif ================================================ FILE: src/fmgr/fmgr.pro ================================================ QMAKE_CXXFLAGS += $$(CXXFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_CFLAGS += $$(CFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_LFLAGS += $$(LDFLAGS) -Wl,-z,relro -Wl,-z,now QT += widgets HEADERS = fmgr.h mainwindow.h topwidget.h fs.h SOURCES = mainwindow.cpp topwidget.cpp main.cpp \ ../common/utils.cpp fs.cpp config.cpp RESOURCES = fmgr.qrc TARGET=../../build/fmgr ================================================ FILE: src/fmgr/fmgr.qrc ================================================ resources/firetools.png resources/firetools-minimal.png resources/go-top.png resources/go-up.png resources/user-home.png resources/gnome-fs-directory.png resources/empty.png resources/emblem-symbolic-link.png resources/refresh.png ================================================ FILE: src/fmgr/fs.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "fs.h" #include "fmgr.h" #include FS::FS(pid_t pid): pid_(pid) { initialize(pid); } void FS::initialize(pid_t pid) { char *cmd; if (asprintf(&cmd, "firejail --fs.print=%d", (int) pid) == -1) errExit("asprintf"); char *str = run_program(cmd); if (str == NULL) return; char *ptr = strtok(str, "\n"); while (ptr) { if (arg_debug) printf("fs.print: %s\n", ptr); if (strncmp(ptr, "tmpfs ", 6) == 0) { paths_.append(QString(ptr + 6)); ops_.append(QString("T")); } else if (strncmp(ptr, "blacklist ", 10) == 0 ) { paths_.append(QString(ptr + 10)); ops_.append(QString("B")); } else if (strncmp(ptr, "blacklist-nolog ", 16) == 0 ) { paths_.append(QString(ptr + 16)); ops_.append(QString("B")); } else if (strncmp(ptr, "read-only ", 10) == 0 ) { paths_.append(QString(ptr + 10)); ops_.append(QString("R")); } else if (strncmp(ptr, "clone ", 6) == 0 ) { paths_.append(QString(ptr + 6)); ops_.append(QString("C")); } else if (strncmp(ptr, "create ", 7) == 0 ) { paths_.append(QString(ptr + 7)); ops_.append(QString("G")); // generated } ptr = strtok(NULL, "\n"); } paths_.replaceInStrings(" ", "\\ "); } void FS::checkPath(QString path) { if (arg_debug) printf("checkPath %s\n", path.toUtf8().constData()); path_ = path; } QString FS::checkFile(QString file) { file = file.replace(" ", "\\ "); QString full_path = path_ + file; if (arg_debug) printf("checkFile full path %s\n", full_path.toUtf8().constData()); QString str = ""; for (int i = 0; i < paths_.size(); ++i) { if (full_path == paths_.at(i)) { str += ops_.at(i); } } if (arg_debug) printf("checkFile database %s, result %s\n", full_path.toUtf8().constData(), str.toUtf8().constData()); return str; } ================================================ FILE: src/fmgr/fs.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef FS_H #define FS_H #include #include #include class FS { public: FS(pid_t pid); QString getType(QString path, QString file); void checkPath(QString path); QString checkFile(QString file); private: void initialize(pid_t pid); pid_t pid_; QStringList paths_; QStringList ops_; QString path_; }; #endif ================================================ FILE: src/fmgr/main.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include "fmgr.h" #include "mainwindow.h" //#include "../common/utils.h" #include "../../firetools_config.h" int arg_debug = 0; static void usage() { printf("firemgr - Firejail file manager\n\n"); printf("Usage: firemgr [options] sandbox-pid\n\n"); printf("Options:\n"); printf("\t--debug - debug mode\n\n"); printf("\t--help - this help screen\n\n"); printf("\t--version - print software version and exit\n\n"); } static bool is_pid(const char *str) { assert(str != NULL); const char *ptr = str; while (*ptr != '\0') { if (!isdigit(*ptr)) return false; ptr++; } int pid = atoi(str); if (pid <= 0) return false; return true; } int main(int argc, char *argv[]) { int i; // parse arguments for (i = 1; i < argc; i++) { if (strcmp(argv[i], "--debug") == 0) arg_debug = 1; else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") == 0) { usage(); return 0; } else if (strcmp(argv[i], "--version") == 0) { printf("Firetools version " PACKAGE_VERSION "\n"); return 0; } else if (*argv[i] == '-') { fprintf(stderr, "Error: invalid option\n"); usage(); return 1; } else break; } // in this moment we should have a pid if (i == argc || i != (argc - 1) || !is_pid(argv[i])) { fprintf(stderr, "Error: process ID expected\n"); usage(); return 1; } pid_t pid = (pid_t) atoi(argv[i]); // initialize resources Q_INIT_RESOURCE(fmgr); QApplication app(argc, argv); MainWindow fm(pid); fm.show(); return app.exec(); } ================================================ FILE: src/fmgr/mainwindow.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "fmgr.h" #include "fs.h" #include #if QT_VERSION >= 0x050000 #include #else #include #endif #include "mainwindow.h" #include "topwidget.h" #include #include MainWindow::MainWindow(pid_t pid, QWidget *parent): QMainWindow(parent), pid_(pid) { // check firejail installed if (!which("firejail")) { QMessageBox::warning(this, tr("Firejail File Manager"), tr("
Firejail software not found. Please install it.


")); exit(1); } // verify sandbox { char *cmd; if (asprintf(&cmd, "firejail --ls=%d / 2>&1", pid_) == -1) errExit("asprintf"); char *out = run_program(cmd); if (out == NULL || strncmp(out, "Error", 5) == 0) { char *msg; if (asprintf(&msg, "
Sandbox %d not found.


", pid) == -1) errExit("asprintf"); QMessageBox::warning(this, tr("Firejail File Manager"), tr(msg)); exit(1); } } // initialize FS fs_ = new FS(pid); top_ = new TopWidget(this); connect(top_, SIGNAL(upClicked()), this, SLOT(handleUp())); connect(top_, SIGNAL(rootClicked()), this, SLOT(handleRoot())); connect(top_, SIGNAL(refreshClicked()), this, SLOT(handleRefresh())); connect(top_, SIGNAL(homeClicked()), this, SLOT(handleHome())); line_ = new QLineEdit(this); QString txt = build_line(); line_->setText(txt); line_->setReadOnly(true); table_ = new QTableWidget(0, 6, this); QStringList header; header.append(" "); header.append(" "); header.append("Mount"); header.append("Owner"); header.append("Size"); header.append("Name"); table_->setHorizontalHeaderLabels(header); table_->verticalHeader()->setVisible(false); table_->setColumnWidth(0, 20); table_->setColumnWidth(1, 26); table_->setColumnWidth(2, 100); table_->setColumnWidth(3, 100); table_->setColumnWidth(4, 100); table_->setColumnWidth(5, 500); table_->horizontalHeader()->setStretchLastSection(true); table_->setShowGrid(false); table_->setColumnHidden(0, true); connect(table_, SIGNAL(cellClicked(int, int)), this, SLOT (cellClicked(int, int))); print_files("/"); QWidget *empty1 = new QWidget(this); empty1->setMinimumWidth(30); QWidget *empty2 = new QWidget(this); empty2->setMinimumWidth(10); QGridLayout *mainLayout = new QGridLayout; mainLayout->addWidget(top_, 0, 0); mainLayout->addWidget(empty1, 0, 1); mainLayout->addWidget(line_, 0, 2); mainLayout->addWidget(empty2, 0, 3); mainLayout->addWidget(table_, 1, 0, 1, 4); mainLayout->setColumnStretch(0, 1); mainLayout->setColumnStretch(1, 1); mainLayout->setColumnStretch(2, 200); mainLayout->setColumnStretch(3, 1); QWidget *mainWidget = new QWidget; mainWidget->setLayout(mainLayout); setCentralWidget(mainWidget); setMinimumWidth(500); // set screen size and title int x; int y; config_read_screen_size(&x, &y); resize(x, y); char *title; if (asprintf(&title, "Firejail Sandbox %d", pid) == -1) errExit("asprintf"); setWindowTitle(tr(title)); free(title); } MainWindow::~MainWindow() { if (!isMaximized()) config_write_screen_size(width(), height()); } void MainWindow::print_files(const char *path) { // replace ' ' with '\ ' QString qpath(path); if (strchr(path, ' ')) { qpath.replace(" ", "\\ "); path = qpath.toUtf8().constData(); } if (arg_debug) printf("print_files path %s\n", path); char *cmd; if (asprintf(&cmd, "firejail --quiet --ls=%d %s 2>&1", pid_, path) == -1) errExit("asprintf"); // clear table int rows = table_->rowCount(); while (rows > 0) { table_->removeRow(0); rows--; } char *out = run_program(cmd); if (out == NULL || strncmp(out, "Error", 5) == 0) { char *msg; if (asprintf(&msg, "
Directory %s not found.


", path) == -1) errExit("asprintf"); QMessageBox::warning(this, tr("Firejail File Manager"), tr(msg)); free(msg); return; } // fs flags fs_->checkPath(QString(path)); char *ptr = strtok(out, "\n"); rows = 0; while (ptr) { // skip warnings and errors if (strncmp(ptr, "Warning:", 8) == 0 || strncmp(ptr, "Error:", 6) == 0) { ptr = strtok(NULL, "\n"); continue; } split_command(ptr); // adjust the list in order to accept file names with spaces if (sargc > 5) { char *ptr = sargv[4]; // replace '\0' with ' ' (sargc - 5) times for (int i = sargc - 5; i > 0; i--) { while (*ptr != '\0') ptr++; *ptr = ' '; } sargc = 5; } if (sargc == 5) { if (strcmp(sargv[4], "..") != 0 && strcmp(sargv[4], ".") != 0) { table_->setRowCount(rows + 1); // image if (*sargv[0] == 'd') { table_->setItem(rows, 0, new QTableWidgetItem("D")); QImage *img = new QImage(":resources/gnome-fs-directory.png"); QTableWidgetItem *timage = new QTableWidgetItem; timage->setData(Qt::DecorationRole, QPixmap::fromImage(*img)); table_->setItem(rows, 1, new QTableWidgetItem(*timage)); } else if (*sargv[0] == 'l') { table_->setItem(rows, 0, new QTableWidgetItem("L")); QImage *img = new QImage(":resources/emblem-symbolic-link.png"); QTableWidgetItem *timage = new QTableWidgetItem; timage->setData(Qt::DecorationRole, QPixmap::fromImage(*img)); table_->setItem(rows, 1, new QTableWidgetItem(*timage)); } else { table_->setItem(rows, 0, new QTableWidgetItem("F")); QImage *img = new QImage(":resources/empty.png"); QTableWidgetItem *timage = new QTableWidgetItem; timage->setData(Qt::DecorationRole, QPixmap::fromImage(*img)); table_->setItem(rows, 1, new QTableWidgetItem(*timage)); } // fs flags QString s = fs_->checkFile(QString(sargv[4])); if (s.contains("B")) s = "Blacklist"; else if (s.contains("T") && s.contains("R")) s = "Temporary-RO"; else if (s.contains("T")) s = "Temporary"; else if (s.contains("G")) { if (s.contains("R")) s = "Generated-RO"; else s = "Generated"; } else if (s.contains("C")) { if (s.contains("R")) s = "Clone-RO"; else s = "Clone"; } else if (s.contains("R")) s = "Read-only"; QTableWidgetItem *item = new QTableWidgetItem(s); item->setTextAlignment(Qt::AlignCenter); table_->setItem(rows, 2, item); item = new QTableWidgetItem(sargv[1]); item->setTextAlignment(Qt::AlignCenter); table_->setItem(rows, 3, item); item = new QTableWidgetItem(sargv[3]); item->setTextAlignment(Qt::AlignCenter); table_->setItem(rows, 4, item); item = new QTableWidgetItem(QString(" ") + QString(sargv[4])); // item->setTextAlignment(Qt::AlignHorizontal_Mask); table_->setItem(rows, 5, item); rows++; } } ptr = strtok(NULL, "\n"); } } void MainWindow::handleUp() { if (path_.size() == 0) return handleRefresh(); path_.takeLast(); QString full_path = build_path(); print_files(full_path.toStdString().c_str()); QString txt = build_line(); line_->setText(txt); } void MainWindow::handleRefresh() { QString full_path = build_path(); print_files(full_path.toStdString().c_str()); QString txt = build_line(); line_->setText(txt); } void MainWindow::handleHome() { const char* username = getenv("USER"); path_.clear(); path_.append(QString("home")); if (username) path_.append(QString(username)); QString full_path = build_path(); print_files(full_path.toStdString().c_str()); QString txt = build_line(); line_->setText(txt); } void MainWindow::handleRoot() { path_.clear(); print_files("/"); QString txt = build_line(); line_->setText(txt); } QString MainWindow::build_path() { QString retval = QString("/"); for (int i = 0; i < path_.size(); ++i) { retval += path_.at(i); retval += QString("/"); } return retval; } QString MainWindow::build_line() { QString retval = "/"; // retval.sprintf("%d:///", pid_); for (int i = 0; i < path_.size(); ++i) { retval += path_.at(i); retval += QString("/"); } return retval; } void MainWindow::cellClicked(int row, int column) { (void) column; QString type = table_->item(row, 0)->text(); if (type != "D") return; QString dir = table_->item(row, 5)->text(); dir = dir.mid(2); path_.append(dir); QString full_path = build_path(); print_files(full_path.toStdString().c_str()); QString txt = build_line(); line_->setText(txt); } ================================================ FILE: src/fmgr/mainwindow.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef MAINWINDOW_H #define MAINWINDOW_H #include class QLineEdit; class QTableWidget; class TopWidget; class FS; class MainWindow : public QMainWindow { Q_OBJECT public: MainWindow(pid_t pid, QWidget *parent = 0); ~MainWindow(); private slots: void handleUp(); void handleHome(); void handleRoot(); void handleRefresh(); void cellClicked(int row, int column); private: void print_files(const char *path); QString build_path(); QString build_line(); private: pid_t pid_; TopWidget *top_; QLineEdit *line_; QTableWidget *table_; QStringList path_; FS *fs_; }; #endif ================================================ FILE: src/fmgr/topwidget.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "fmgr.h" #include "topwidget.h" #include "mainwindow.h" #include #if QT_VERSION >= 0x050000 #include #else #include #endif void TopWidget::paintEvent(QPaintEvent *event) { (void) event; QPainter painter(this); // draw painter.drawImage(0, 0, QImage(":resources/go-up.png")); painter.drawImage(34, 0, QImage(":resources/refresh.png")); painter.drawImage(68, 0, QImage(":resources/go-top.png")); painter.drawImage(102, 0, QImage(":resources/user-home.png")); } void TopWidget::mousePressEvent(QMouseEvent *event) { QPoint pos = event->pos(); if (event->button() == Qt::LeftButton) { if (pos.x() <= 24) emit upClicked(); else if (pos.x() >= 34 && pos.x() < 58) emit refreshClicked(); else if (pos.x() >= 68 && pos.x() < 92) emit rootClicked(); else if (pos.x() >= 102 && pos.x() < 12692) emit homeClicked(); } event->accept(); } ================================================ FILE: src/fmgr/topwidget.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef TOPWIDGET_H #define TOPWIDGET_H #include #include class TopWidget: public QWidget { Q_OBJECT public: TopWidget(QWidget *parent = 0): QWidget(parent) {} QSize minimumSizeHint() const { return QSize(126, 24); } QSize sizeHint() const { return QSize(126, 24); } signals: void upClicked(); void rootClicked(); void refreshClicked(); void homeClicked(); protected: void paintEvent(QPaintEvent *event); void mousePressEvent(QMouseEvent *event); private: // bool drag_; }; #endif ================================================ FILE: src/fstats/config.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "fstats.h" #include "../common/utils.h" #define DEFAULT_X_SIZE 650 #define DEFAULT_Y_SIZE 650 #define MINSIZE 400 #define BUFSIZE 4096 void config_read_screen_size(int *x, int *y) { // set defaults *x = DEFAULT_X_SIZE; *y = DEFAULT_X_SIZE; // open config file char *cfgdir = get_config_directory(); if (!cfgdir) return; char *fname; if (asprintf(&fname, "%s/fstats.config", cfgdir) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); free(fname); if (!fp) return; // read file and parse it char buf[BUFSIZE]; while (fgets(buf, BUFSIZE, fp)) { char *ptr = buf; while (*ptr == ' ' || *ptr == '\t') ptr++; if (strncmp(ptr, "x ", 2) == 0) { ptr += 2; if (sscanf(ptr, "%d", x) != 1) { fprintf(stderr, "Error: invalid X size in ~/.config/firetools/fstats.config\n"); fclose(fp); return; } } else if (strncmp(ptr, "y ", 2) == 0) { ptr += 2; if (sscanf(ptr, "%d", y) != 1) { fprintf(stderr, "Error: invalid Y size in ~/.config/firetools/fstats.config\n"); fclose(fp); return; } } } fclose(fp); } void config_write_screen_size(int x, int y) { x = (x < MINSIZE)? DEFAULT_X_SIZE: x; y = (y < MINSIZE)? DEFAULT_Y_SIZE: y; // open config file char *cfgdir = get_config_directory(); if (!cfgdir) return; char *fname; if (asprintf(&fname, "%s/fstats.config", cfgdir) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "w"); free(fname); if (!fp) return; // write file fprintf(fp, "x %d\n", x); fprintf(fp, "y %d\n", y); fclose(fp); } ================================================ FILE: src/fstats/db.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "db.h" Db::Db(): cycle_(DbPid::MAXCYCLE - 1), g1h_cycle_(DbPid::MAXCYCLE - 1), g1h_cycle_delta_(DbPid::G1HCYCLE_DELTA - 1), g12h_cycle_(DbPid::MAXCYCLE - 1), g12h_cycle_delta_(DbPid::G12HCYCLE_DELTA - 1), pidlist_(0) {} void Db::newCycle() { if (++cycle_ >= DbPid::MAXCYCLE) cycle_ = 0; if (++g1h_cycle_delta_ >= DbPid::G1HCYCLE_DELTA) { g1h_cycle_delta_ = 0; if (++g1h_cycle_ >= DbPid::MAXCYCLE) g1h_cycle_ = 0; if (++g12h_cycle_delta_ >= DbPid::G12HCYCLE_DELTA) { g12h_cycle_delta_ = 0; if (++g12h_cycle_ >= DbPid::MAXCYCLE) g12h_cycle_ = 0; } } } DbPid *Db::findPid(pid_t pid) { if (!pidlist_) { return 0; } return pidlist_->find(pid); } DbPid *Db::newPid(pid_t pid) { assert(findPid(pid) == 0); DbPid *newpid = new DbPid(pid); if (!pidlist_) pidlist_ = newpid; else pidlist_->add(newpid); return newpid; } DbPid *Db::removePid(pid_t pid) { // find dbpid DbPid *dbpid = findPid(pid); if (!dbpid) return 0; // remove first element if (dbpid == pidlist_) pidlist_ = dbpid->getNext(); else pidlist_->remove(dbpid); dbpid->resetNext(); return dbpid; } void Db::dbgprint() { if (pidlist_) pidlist_->dbgprint(); } void Db::dbgprintcycle() { printf("4min cycle %d, 1h delta %d, 1h cycle %d, 12h delta %d, 12h cycle %d\n", cycle_, g1h_cycle_delta_, g1h_cycle_, g12h_cycle_delta_, g12h_cycle_); } ================================================ FILE: src/fstats/db.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef DB_H #define DB_H #include "fstats.h" #include "dbpid.h" class Db { public: static Db& instance() { static Db myinstance; return myinstance; } void newCycle(); int getCycle() { return cycle_; } int getG1HCycle() { return g1h_cycle_; } int getG1HCycleDelta() { return g1h_cycle_delta_; } int getG12HCycle() { return g12h_cycle_; } int getG12HCycleDelta() { return g12h_cycle_delta_; } DbPid *firstPid() { return pidlist_; } DbPid *newPid(pid_t pid); DbPid *findPid(pid_t pid); DbPid *removePid(pid_t pid); void dbgprint(); void dbgprintcycle(); private: Db(); Db(Db const&); void operator=(Db const&); private: int cycle_; int g1h_cycle_; int g1h_cycle_delta_; int g12h_cycle_; int g12h_cycle_delta_; DbPid *pidlist_; }; #endif ================================================ FILE: src/fstats/dbpid.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "dbpid.h" DbPid::DbPid(pid_t pid): next_(0), pid_(pid), cmd_(0), netnamespace_(false), netnone_(false), uid_(0), configured_(false) { } DbPid::~DbPid() { if (cmd_) delete cmd_; if (next_) delete next_; } void DbPid::setCmd(const char *cmd) { if (cmd == 0) { if (cmd_) delete cmd_; cmd_ = 0; } else { if (cmd_) { if (strcmp(cmd_, cmd)) { delete cmd_; cmd_ = 0; } } if (!cmd_) { cmd_ = new char[strlen(cmd) + 1]; strcpy(cmd_, cmd); } } } void DbPid::add(DbPid *dbpid) { assert(dbpid); if (!next_) { next_ = dbpid; return; } next_->add(dbpid); } void DbPid::remove(DbPid *dbpid) { assert(dbpid); if (next_ == dbpid) { next_ = dbpid->next_; return; } if (next_) next_->remove(dbpid); } DbPid *DbPid::find(pid_t pid) { if (pid_ == pid) { return this; } if (next_) { return next_->find(pid); } return 0; } void DbPid::dbgprint() { printf("***\n"); printf("*** PID %d, %s\n", pid_, cmd_); printf("***\n"); for (int i = 0; i < MAXCYCLE; i++) data_1min_[i].dbgprint(i); if (next_) next_->dbgprint(); } ================================================ FILE: src/fstats/dbpid.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef DBPID_H #define DBPID_H #include #include #include "fstats.h" #include "dbstorage.h" class DbPid { public: static const int MAXCYCLE = 60; static const int G1HCYCLE_DELTA = 60; // transition from 1min to 1h static const int G12HCYCLE_DELTA = 12; // transition from 1h to 12h DbStorage data_1min_[MAXCYCLE]; DbStorage data_1h_[MAXCYCLE]; DbStorage data_12h_[MAXCYCLE]; DbPid(pid_t pid); ~DbPid(); void setCmd(const char *cmd); const char *getCmd() { return cmd_; } void add(DbPid *dbpid); void remove(DbPid *dbpid); DbPid *find(pid_t pid); void dbgprint(); DbPid *getNext() { return next_; } void resetNext() { next_ = 0; } pid_t getPid() { return pid_; } bool netNamespace() { return netnamespace_; } void setNetNamespace(bool val) { netnamespace_ = val; } bool netNone() { return netnone_; } void setNetNone(bool val) { netnone_ = val; } uid_t getUid() { return uid_; } void setUid(uid_t val) { uid_ = val; } bool isConfigured() { return configured_; } void setConfigured() { configured_ = true; } private: DbPid *next_; pid_t pid_; char *cmd_; bool netnamespace_; bool netnone_; uid_t uid_; bool configured_; }; #endif ================================================ FILE: src/fstats/dbstorage.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef DBSTORAGE_H #define DBSTORAGE_H #include #include struct DbStorage { float cpu_; float rss_; float shared_; float rx_; float tx_; DbStorage(): cpu_(0), rss_(0), shared_(0), rx_(0), tx_(0) {} DbStorage& operator=(const DbStorage& val) { cpu_ = val.cpu_; rss_ = val.rss_; shared_ = val.shared_; rx_ = val.rx_; tx_ = val.tx_; return *this; } DbStorage& operator+=(const DbStorage& val) { cpu_ += val.cpu_; rss_ += val.rss_; shared_ += val.shared_; rx_ += val.rx_; tx_ += val.tx_; return *this; } DbStorage& operator/=(int val) { cpu_ /= val; rss_ /= val; shared_ /= val; rx_ /= val; tx_ /= val; return *this; } void dbgprint(int cycle) { printf("%d: %.2f, %.2f, %.2f, %.2f, %.2f\n", cycle, cpu_, rss_, shared_, rx_, tx_); } float get(int id) { switch (id) { case 0: return cpu_; case 1: return rss_ + shared_; case 2: return rx_; case 3: return tx_; default: assert(0); } return 0; } }; #endif ================================================ FILE: src/fstats/fstats.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef FSTATS_H #define FSTATS_H #include "../common/common.h" typedef enum { GRAPH_1MIN = 0, GRAPH_1H, GRAPH_12H } GraphType; #define SYSTEM_PID 1 extern int arg_debug; extern int svg_not_found; // config.cpp void config_read_screen_size(int *x, int *y); void config_write_screen_size(int x, int y); #endif ================================================ FILE: src/fstats/fstats.pro ================================================ QMAKE_CXXFLAGS += $$(CXXFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_CFLAGS += $$(CFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_LFLAGS += $$(LDFLAGS) -Wl,-z,relro -Wl,-z,now QMAKE_LIBS += $$(LIBS) -lrt QT += widgets HEADERS = ../common/utils.h ../common/pid.h ../common/common.h \ pid_thread.h db.h dbstorage.h dbpid.h stats_dialog.h graph.h fstats.h SOURCES = main.cpp \ ../common/pid.cpp \ ../common/utils.cpp \ stats_dialog.cpp \ pid_thread.cpp \ db.cpp \ dbpid.cpp \ graph.cpp \ config.cpp RESOURCES = fstats.qrc TARGET=../../build/fstats ================================================ FILE: src/fstats/fstats.qrc ================================================ resources/fstats.png resources/fstats-minimal.png ================================================ FILE: src/fstats/graph.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include "graph.h" #include "dbpid.h" #include "db.h" static QByteArray byteArray[4]; static const char *id_label[4] = { "CPU (%)", "Memory (KiB)", "RX (KB/s)", "TX (KB/s)" }; QString graph(int id, DbPid *dbpid, int cycle, GraphType gt) { assert(id < 4); assert(dbpid); // adjust cycle for 1H if (gt == GRAPH_1H) cycle = Db::instance().getG1HCycle(); else if (gt == GRAPH_12H) cycle = Db::instance().getG12HCycle(); assert(cycle < DbPid::MAXCYCLE); int maxcycle = DbPid::MAXCYCLE; int i; int j; // set pixmap #define TOPMARGIN 20 #define RIGHTMARGIN 60 QPixmap *pixmap = new QPixmap((maxcycle - 1) * 4 + RIGHTMARGIN, TOPMARGIN + 100 + 30); QPainter *paint = new QPainter(pixmap); paint->fillRect(0, 0, (maxcycle - 1) * 4 + 100, TOPMARGIN + 100 + 30, Qt::white); paint->setPen(Qt::black); paint->drawRect(0, TOPMARGIN, (maxcycle - 1) * 4, 100); paint->setPen(QColor(80, 80, 80, 128)); paint->drawLine(0, TOPMARGIN + 25, (maxcycle - 1) * 4, TOPMARGIN + 25); paint->drawLine(0, TOPMARGIN + 50, (maxcycle - 1) * 4, TOPMARGIN + 50); paint->drawLine(0, TOPMARGIN + 75, (maxcycle - 1) * 4, TOPMARGIN + 75); paint->drawLine((maxcycle - 1) * 1, TOPMARGIN, (maxcycle - 1) * 1, TOPMARGIN + 100); paint->drawLine((maxcycle - 1) * 2, TOPMARGIN, (maxcycle - 1) * 2, TOPMARGIN + 100); paint->drawLine((maxcycle - 1) * 3, TOPMARGIN, (maxcycle - 1) * 3, TOPMARGIN + 100); // extract maximum value float maxval = 0; for (i = 0; i < maxcycle; i++) { float val; if (gt == GRAPH_1MIN) val = dbpid->data_1min_[i].get(id); else if (gt == GRAPH_1H) val = dbpid->data_1h_[i].get(id); else if (gt == GRAPH_12H) val = dbpid->data_12h_[i].get(id); else assert(0); if (val > maxval) maxval = val; } // adjust maxval maxval = qCeil(maxval); if (maxval < 2) maxval = 2; else if (maxval < 5) maxval = 5; else if (maxval < 10) maxval = 10; else if (maxval < 20) maxval = 20; else if (maxval < 50) maxval = 50; else if (maxval < 100) maxval = 100; else if (maxval < 200) maxval = 200; else if (maxval < 500) maxval = 500; else if (maxval < 1000) maxval = 1000; else if (maxval < 2000) maxval = 2000; else if (maxval < 5000) maxval = 5000; else if (maxval < 10000) maxval = 10000; else if (maxval < 20000) maxval = 20000; else if (maxval < 50000) maxval = 50000; else if (maxval < 100000) maxval = 100000; else if (maxval < 200000) maxval = 200000; else if (maxval < 500000) maxval = 500000; else if (maxval < 1000000) maxval = 1000000; else if (maxval < 2000000) maxval = 2000000; paint->setPen(Qt::red); for (i = 0, j = cycle + 1; i < maxcycle - 1; i++) { float y1; if (gt == GRAPH_1MIN) y1 = dbpid->data_1min_[j].get(id); else if (gt == GRAPH_1H) y1 = dbpid->data_1h_[j].get(id); else if (gt == GRAPH_12H) y1 = dbpid->data_12h_[j].get(id); else assert(0); y1 = (y1 / maxval) * 100; y1 = 100 - y1 + TOPMARGIN; j++; if (j >= maxcycle) j = 0; float y2; if (gt == GRAPH_1MIN) y2 = dbpid->data_1min_[j].get(id); else if (gt == GRAPH_1H) y2 = dbpid->data_1h_[j].get(id); else if (gt == GRAPH_12H) y2 = dbpid->data_12h_[j].get(id); else assert(0); y2 = (y2 / maxval) * 100; y2 = 100 - y2 + TOPMARGIN; paint->drawLine(i * 4, (int) y1, (i + 1) * 4, (int) y2); } // axis paint->setPen(Qt::black); QString ymax = QString::number((int) maxval); paint->drawText((maxcycle - 1) * 4 + 3, TOPMARGIN + 3, QString::number((int) maxval)); if (qCeil(maxval / 2) == maxval / 2) paint->drawText((maxcycle - 1) * 4 + 3, TOPMARGIN + 50 + 3, QString::number((int) maxval / 2)); else paint->drawText((maxcycle - 1) * 4 + 3, TOPMARGIN + 50 + 3, QString::number(maxval / 2, 'f', 1)); paint->drawText((maxcycle - 1) * 4 + 3, TOPMARGIN + 100 + 3, QString("0")); if (gt == GRAPH_12H) paint->drawText(0 + 2, TOPMARGIN + 100 + 15, QString("(hours)")); if (gt == GRAPH_1H) paint->drawText(0 + 2, TOPMARGIN + 100 + 15, QString("(minutes)")); else paint->drawText(0 + 2, TOPMARGIN + 100 + 15, QString("(seconds)")); if (gt == GRAPH_1MIN) { paint->drawText((maxcycle - 1) * 2 - 5, TOPMARGIN + 100 + 15, QString("-30")); paint->drawText((maxcycle - 1) * 3 - 5, TOPMARGIN + 100 + 15, QString("-15")); } else if (gt == GRAPH_1H) { paint->drawText((maxcycle - 1) * 2 - 5, TOPMARGIN + 100 + 15, QString("-30")); paint->drawText((maxcycle - 1) * 3 - 5, TOPMARGIN + 100 + 15, QString("-15")); } else if (gt == GRAPH_12H) { paint->drawText((maxcycle - 1) * 2 - 5, TOPMARGIN + 100 + 15, QString("-6")); paint->drawText((maxcycle - 1) * 3 - 5, TOPMARGIN + 100 + 15, QString("-3")); } else assert(0); // title paint->setPen(Qt::black); paint->drawText(0 + 2, TOPMARGIN - 2, QString(id_label[id])); // generate image QBuffer buffer(&byteArray[id]); pixmap->save(&buffer, "PNG"); // QString url = QString(""); QString url = QString(""; delete paint; delete pixmap; return url; } ================================================ FILE: src/fstats/graph.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef GRAPH_H #define GRAPH_H #include #include "fstats.h" class DbPid; QString graph(int id, DbPid *dbpid, int cycle, GraphType gt); #endif ================================================ FILE: src/fstats/main.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include #include #include "../common/utils.h" #include "../../firetools_config.h" #include "stats_dialog.h" int arg_debug = 0; int svg_not_found = 0; static void usage() { printf("fstats - Stats & tools for Firetools project\n\n"); printf("Usage: fstats [options]\n\n"); printf("Options:\n"); printf("\t--debug - debug mode\n\n"); printf("\t--help - this help screen\n\n"); printf("\t--version - print software version and exit\n\n"); } int main(int argc, char *argv[]) { // parse arguments for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "--debug") == 0) arg_debug = 1; else if (strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") == 0) { usage(); return 0; } else if (strcmp(argv[i], "--version") == 0) { printf("fstats version " PACKAGE_VERSION "\n"); return 0; } else { fprintf(stderr, "Error: invalid option\n"); usage(); return 1; } } #if QT_VERSION >= 0x050000 struct stat s; // test run time dependencies - print warning and continue program QString ppath = QLibraryInfo::location(QLibraryInfo::PluginsPath); ppath += "/imageformats/libqsvg.so"; if (stat(ppath.toUtf8().constData(), &s) == -1) { fprintf(stderr, "Warning: QT5 SVG support not installed, please install libqt5svg5 package\n"); svg_not_found = 1; } #endif // test run time dependencies - exit if (!which("firejail")) { fprintf(stderr, "Error: firejail package not found, please install it!\n"); exit(1); } // create firetools config directory if it doesn't exist create_config_directory(); // initialize resources Q_INIT_RESOURCE(fstats); QApplication app(argc, argv); StatsDialog sd; sd.show(); // Configure system tray QSystemTrayIcon icon(QIcon(":resources/fstats-minimal.png")); icon.show(); icon.setToolTip("Firetools (click to open)"); QMenu *trayIconMenu = new QMenu(&sd); trayIconMenu->addAction(sd.minimizeAction); trayIconMenu->addAction(sd.restoreAction); trayIconMenu->addSeparator(); trayIconMenu->addAction(sd.quitAction); icon.setContextMenu(trayIconMenu); icon.connect(&icon, SIGNAL(activated(QSystemTrayIcon: :ActivationReason)), &sd, SLOT(trayActivated(QSystemTrayIcon: :ActivationReason))); // direct all error to /dev/null to work around this qt bug: // https://bugreports.qt.io/browse/QTBUG-43270 FILE *rv = NULL; if (!arg_debug) { rv = freopen( "/dev/null", "w", stderr ); (void) rv; } // start application int tmp = app.exec(); (void) tmp; if (rv) fclose(rv); } ================================================ FILE: src/fstats/pid_thread.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #include #include "pid_thread.h" #include "../common/pid.h" #include "db.h" #include "../common/utils.h" bool data_ready = false; PidThread::PidThread(): ending_(false) { start(); } // todo: implement cleanup PidThread::~PidThread() { ending_ = true; } // store process data in database static void store(int pid, int interval, int clocktick) { assert(pid < max_pids); DbPid *dbpid = Db::instance().findPid(pid); if (!dbpid) { dbpid = Db::instance().newPid(pid); } assert(dbpid); int cycle = Db::instance().getCycle(); // store the data in database DbStorage *st = &dbpid->data_1min_[cycle]; st->cpu_ = (float) ((pids_data[pid].utime + pids_data[pid].stime) * 100) / (interval * clocktick); st->rss_ = pids_data[pid].rss; st->shared_ = pids_data[pid].shared; st->rx_ = ((float) pids_data[pid].rx) /( interval * 1000); st->tx_ = ((float) pids_data[pid].tx) /( interval * 1000); if (!dbpid->isConfigured()) { if (arg_debug) printf("configuring dbpid for sandbox %d\n", pid); // user id dbpid->setUid(pids_data[pid].uid); // check network namespace char *name; if (asprintf(&name, "/run/firejail/network/%d-netmap", pid) == -1) errExit("asprintf"); struct stat s; if (stat(name, &s) == 0) dbpid->setNetNamespace(true); else dbpid->setNetNamespace(false); free(name); // command line char *cmd = pid_proc_cmdline(pid);; dbpid->setCmd(cmd); if (strstr(cmd, "--net=none")) dbpid->setNetNone(true); else { // detect --net=none for symlinks in /usr/local/bin int child = pid_find_child(pid); if (child != -1) { char *fname; if (asprintf(&fname, "/proc/%d/net/dev", child) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { char buf[4096]; int cnt = 0; while (fgets(buf, 4096, fp)) cnt++; fclose(fp); if (cnt <= 3) dbpid->setNetNone(true); } } } free(cmd); dbpid->setConfigured(); } } // remove closed processes from database static void clear() { DbPid *dbpid = Db::instance().firstPid(); while (dbpid) { DbPid *next = dbpid->getNext(); pid_t pid = dbpid->getPid(); if (pids[pid].level != 1 && pid != 1) { // remove database entry DbPid *dbentry = Db::instance().removePid(pid); if (dbentry) delete dbentry; } dbpid = next; } } void PidThread::run() { // memory page size clicks per second int pgsz = getpagesize(); int clocktick = sysconf(_SC_CLK_TCK); bool first = true; while (1) { if (ending_) break; // initialize process table - start with an empty proc table pid_read(0); // start cpu and network measurements unsigned utime = 0; unsigned stime = 0; unsigned long long rx; unsigned long long tx; for (int i = pids_first; i <= pids_last; i++) { if (pids[i].level == 1) { // cpu pid_get_cpu_sandbox(i, &utime, &stime); pids_data[i].utime = utime; pids_data[i].stime = stime; // network pid_get_netstats_sandbox(i, &rx, &tx); pids_data[i].rx = rx; pids_data[i].tx = tx; } } // system network pid_get_netstats_sandbox(SYSTEM_PID, &rx, &tx); pids_data[SYSTEM_PID].rx = rx; pids_data[SYSTEM_PID].tx = tx; if (!first) { // sleep 1 second msleep(500); data_ready = false; msleep(500); } else first = false; // start a new database cycle Db::instance().newCycle(); timetrace_start(); // read the cpu time again, memory for (int i = pids_first; i <= pids_last; i++) { if (pids[i].level == 1) { // cpu time pid_get_cpu_sandbox(i, &utime, &stime); if (pids_data[i].utime <= utime) pids_data[i].utime = utime - pids_data[i].utime; else pids_data[i].utime = 0; if (pids_data[i].stime <= stime) pids_data[i].stime = stime - pids_data[i].stime; else pids_data[i].stime = 0; // memory unsigned rss; unsigned shared; pid_get_mem_sandbox(i, &rss, &shared); pids_data[i].rss = rss * pgsz / 1024; pids_data[i].shared = shared * pgsz / 1024; // network DbPid *dbpid = Db::instance().findPid(i); if (dbpid && dbpid->isConfigured() && dbpid->netNamespace() == true) { pid_get_netstats_sandbox(i, &rx, &tx); if (rx >= pids_data[i].rx) pids_data[i].rx = rx - pids_data[i].rx; else pids_data[i].rx = 0; if (tx > pids_data[i].tx) pids_data[i].tx = tx - pids_data[i].tx; else pids_data[i].tx = 0; } else { pids_data[i].rx = 0; pids_data[i].tx = 0; } store(i, 1, clocktick); } } // store system namespace network data pid_get_netstats_sandbox(SYSTEM_PID, &rx, &tx); if (rx >= pids_data[SYSTEM_PID].rx) pids_data[SYSTEM_PID].rx = rx - pids_data[SYSTEM_PID].rx; else pids_data[SYSTEM_PID].rx = 0; if (tx > pids_data[SYSTEM_PID].tx) pids_data[SYSTEM_PID].tx = tx - pids_data[SYSTEM_PID].tx; else pids_data[SYSTEM_PID].tx = 0; store(SYSTEM_PID, 1, clocktick); float delta = timetrace_end(); if (arg_debug) printf("stats read %.02f ms, pid from %d to %d\n", delta, pids_first, pids_last); // remove closed process entries from database clear(); // 4min to 1h transfer if (Db::instance().getG1HCycleDelta() == 0) { // for each pid DbPid *dbpid = Db::instance().firstPid(); while (dbpid) { int cycle = Db::instance().getCycle(); int g1hcycle = Db::instance().getG1HCycle(); DbStorage result; for (int i = 0; i < DbPid::G1HCYCLE_DELTA; i++) { result += dbpid->data_1min_[cycle]; if (--cycle < 0) cycle = DbPid::MAXCYCLE - 1; } result /= DbPid::G1HCYCLE_DELTA; dbpid->data_1h_[g1hcycle] = result; if (Db::instance().getG12HCycleDelta() == 0) { int g12hcycle = Db::instance().getG12HCycle(); g1hcycle = Db::instance().getG1HCycle(); DbStorage result2; for (int i = 0; i < DbPid::G12HCYCLE_DELTA; i++) { result2 += dbpid->data_1h_[g1hcycle]; if (--g1hcycle < 0) g1hcycle = DbPid::MAXCYCLE - 1; } result2 /= DbPid::G12HCYCLE_DELTA; dbpid->data_12h_[g12hcycle] = result2; } dbpid = dbpid->getNext(); } } //Db::instance().dbgprint(); emit cycleReady(); data_ready = true; } } ================================================ FILE: src/fstats/pid_thread.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef PID_THREAD_H #define PID_THREAD_H #include #include #include #include #include #include #include "fstats.h" class PidThread : public QThread { Q_OBJECT public: PidThread(); ~PidThread(); signals: void cycleReady(); protected: void run(); private: bool ending_; }; #endif ================================================ FILE: src/fstats/stats_dialog.cpp ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include #if QT_VERSION >= 0x050000 #include #else #include #endif #include #include #include #include #include #include /* For mode constants */ #include /* For O_* constants */ #include #include #include "stats_dialog.h" #include "db.h" #include "graph.h" #include "../common/common.h" #include "../common/utils.h" #include "../common/pid.h" #include "../../firetools_config.h" #include "../../firetools_config_extras.h" #include "pid_thread.h" #include "fstats.h" extern bool data_ready; static QString getName(pid_t pid); static QString getProfile(pid_t pid); static bool userNamespace(pid_t pid); static int getX11Display(pid_t pid); // from fdns:procs.c - void procs_list(void) { // returns malloc memory static char *find_fdns_shm_file_name(void) { int procs_addr_default = 0; int procs_addr_loopback = 0; char *procs_addr_real = NULL; DIR *dir; if (!(dir = opendir("/run/fdns"))) { // sleep 2 seconds and try again sleep(2); if (!(dir = opendir("/run/fdns"))) return 0; } struct dirent *entry; int procs_addr_flag = 0; while ((entry = readdir(dir))) { if (*entry->d_name == '.') continue; char *fname; if (asprintf(&fname, "/proc/%s", entry->d_name) == -1) errExit("asprintf"); if (access(fname, R_OK) == 0) { char *runfname; if (asprintf(&runfname, "/run/fdns/%s", entry->d_name) == -1) errExit("asprintf"); if (arg_debug) printf("pid %s,", entry->d_name); FILE *fp = fopen(runfname, "r"); if (fp) { static const int MAXBUF = 1024; char buf[MAXBUF]; if (fgets(buf, MAXBUF, fp)) { char *ptr = strchr(buf, '\n'); if (ptr) *ptr = '\0'; if (!procs_addr_flag) { if (strcmp(buf, "127.1.1.1") == 0) { procs_addr_default = 1; procs_addr_flag = 1; } else if (strcmp(buf, "127.0.0.1") == 0) { procs_addr_loopback = 1; procs_addr_flag = 1; } else if (!procs_addr_real) { procs_addr_real = strdup(buf); if (!procs_addr_real) errExit("strdup"); } } } } printf("\n"); fclose(fp); free(runfname); } free(fname); } closedir(dir); char *rv = 0; if (procs_addr_default) { rv = strdup("/dev/shm/fdns-stats-127.1.1.1"); if (!rv) errExit("strdup"); } else if (procs_addr_loopback) { rv = strdup("/dev/shm/fdns-stats-127.0.0.1"); if (!rv) errExit("strdup"); } else if (procs_addr_real) { if (asprintf(&rv, "/dev/shm/fdns-stats-%s", procs_addr_real) == -1) errExit("asprintf"); } if (procs_addr_real) free(procs_addr_real); return rv; } StatsDialog::StatsDialog(): QDialog(), fdns_report_(0), fdns_seq_(0), fdns_fd_(0), fdns_first_run_(true), mode_(MODE_TOP), pid_(0), uid_(0), lts_(false), pid_initialized_(false), pid_seccomp_(false), pid_caps_(QString("")), pid_noroot_(false), pid_cpu_cores_(QString("")), pid_protocol_(QString("")), pid_name_(QString("")), profile_(QString("")), pid_x11_(0), fdns_dump_(""), have_join_(true), caps_cnt_(64), graph_type_(GRAPH_1MIN), net_none_(false), shm_file_name_(0) { // clean storage area cleanStorage(); // detect LTS version char *str = run_program("firejail --version"); if (str && strstr(str, "LTS")) lts_ = true; procView_ = new QTextBrowser; procView_->setOpenLinks(false); procView_->setOpenExternalLinks(false); procView_->setText("accumulating data..."); connect(procView_, SIGNAL(anchorClicked(const QUrl &)), this, SLOT(anchorClicked(const QUrl &))); QGridLayout *layout = new QGridLayout; layout->addWidget(procView_, 0, 0); setLayout(layout); // set screen size and title int x; int y; config_read_screen_size(&x, &y); resize(x, y); setWindowTitle(tr("Firetools Stats")); // detect if joining a sandbox is possible on this system struct utsname u; int rv = uname(&u); if (rv == 0) { int major; int minor; if (2 == sscanf(u.release, "%d.%d", &major, &minor)) { if (major < 3) have_join_ = false; else if (major == 3 && minor < 8) have_join_ = false; } } // detect the number of capabilities supported by the current kernel str = run_program("firejail --debug-caps"); if (!str) return; int val; if (sscanf(str, "Your kernel supports %d", &val) == 1 && val <= 64) { if (arg_debug) printf("%d capabilities supported by the kernel\n", val); caps_cnt_ = val; } thread_ = new PidThread(); connect(thread_, SIGNAL(cycleReady()), this, SLOT(cycleReady())); createTrayActions(); } StatsDialog::~StatsDialog() { if (fdns_fd_) ::close(fdns_fd_); if (!isMaximized()) config_write_screen_size(width(), height()); } void StatsDialog::cleanStorage() { storage_dns_ = ""; storage_caps_ = ""; storage_seccomp_ = ""; storage_intro_ = ""; storage_network_ = ""; storage_netfilter_ = ""; } // Shutdown sequence void StatsDialog::main_quit() { printf("exiting...\n"); qApp->quit(); } void StatsDialog::trayActivated(QSystemTrayIcon::ActivationReason reason) { if (reason == QSystemTrayIcon::Context) return; if (reason == QSystemTrayIcon::DoubleClick) return; if (reason == QSystemTrayIcon::MiddleClick) return; if (isVisible()) hide(); else showNormal(); } void StatsDialog::createTrayActions() { minimizeAction = new QAction(tr("Mi&nimize"), this); connect(minimizeAction, SIGNAL(triggered()), this, SLOT(hide())); restoreAction = new QAction(tr("&Restore"), this); connect(restoreAction, SIGNAL(triggered()), this, SLOT(showNormal())); quitAction = new QAction(tr("&Quit"), this); connect(quitAction, SIGNAL(triggered()), this, SLOT(main_quit())); } QString StatsDialog::header() { QString msg; if (mode_ == MODE_TOP) { msg += "
"; msg += "About"; msg += "     Configure New Sandbox"; msg += "     Firejail DNS"; msg += "
"; } else if (mode_ == MODE_FDNS) { msg += "
"; msg += "Home"; msg += "     Proxy"; msg += "
"; } else if (mode_ == MODE_FDNS_DUMP) { msg += "
"; msg += "Home"; msg += "     Live"; msg += "
"; } else if (mode_ == MODE_PID) { msg += "
"; msg += "Home"; if (uid_ == getuid()) msg += "      Shutdown"; if (have_join_ && uid_ == getuid()) msg += "      Join"; if (!lts_) msg += "      File Manager"; msg += "      Process Tree"; msg += "      Network"; msg += "
"; } else { msg += "
"; msg += "Home"; msg += "      " + QString::number(pid_) + ""; if (uid_ == getuid()) msg += "      Shutdown"; if (have_join_ && uid_ == getuid()) msg += "      Join"; if (!lts_) msg += "      File Manager"; msg += "      Process Tree"; msg += "      Network"; msg += "
"; } msg += "
"; return msg; } void StatsDialog::updateTop() { timetrace_start(); QString msg = header(); msg += "
Sandbox List

\n"; msg += "\n"; int cycle = Db::instance().getCycle(); assert(cycle < DbPid::MAXCYCLE); DbPid *ptr = Db::instance().firstPid(); while (ptr) { pid_t pid = ptr->getPid(); const char *cmd = ptr->getCmd(); if (pid != SYSTEM_PID && cmd) { if (arg_debug) printf("pid %d, netnamespace %d, netnone %d - %s\n", pid, ptr->netNamespace(), ptr->netNone(), cmd); char *str; DbStorage *st = &ptr->data_1min_[cycle]; if (ptr->netNone()) { if (asprintf(&str, "", pid, pid, st->cpu_, (int) (st->rss_ + st->shared_), cmd) != -1) { msg += str; } } else if (ptr->netNamespace()) { if (asprintf(&str, "", pid, pid, st->cpu_, (int) (st->rss_ + st->shared_), st->rx_, st->tx_, cmd) != -1) { msg += str; } } else { if (asprintf(&str, "", pid, pid, st->cpu_, (int) (st->rss_ + st->shared_), cmd) != -1) { msg += str; } } free(str); } ptr = ptr->getNext(); } msg += "
PIDCPU
(%)		Memory
(KiB)  		RX
(KB/s)  		TX
(KB/s)  		Command
%d%.02f%dno network%s
%d%.02f%d%.02f%.02f%s
%d%.02f%dsystem%s



"; msg += "System Network
"; DbPid *dbpid = Db::instance().findPid(SYSTEM_PID); msg += "  
"+ graph(2, dbpid, cycle, GRAPH_1MIN) + "" + graph(3, dbpid, cycle, GRAPH_1MIN) + "
"; procView_->setHtml(msg); float delta = timetrace_end(); if (arg_debug) printf("updateTop %.02f ms\n", delta); } QString StatsDialog::printDump(int index) { QString msg = ""; struct tm *t = localtime(&fdns_report_->tstamp[index]); char *s; if (asprintf(&s, "%02d:%02d:%02d ", t->tm_hour, t->tm_min, t->tm_sec) == -1) errExit("asprintf"); if (strstr(fdns_report_->logentry[index], "dropped")) { msg += ""; msg += QString(s) + fdns_report_->logentry[index]; msg += ""; } else msg += QString(s) + fdns_report_->logentry[index]; free(s); msg += "
"; return msg; } void StatsDialog::updateFdnsDump() { if (!fdns_dump_.isEmpty()) return; QString msg = header(); if (access(shm_file_name_, R_OK)) { msg += QString("Error: cannot open shared memory, probably fdns is not running
"); fdns_fd_ = 0; procView_->setHtml(msg); return; } int fd = ::open(shm_file_name_, O_RDONLY); if (fd <= 0) { msg += "Error: cannot access Firejail DNS data"; procView_->setHtml(msg); return; } DnsReport report; ssize_t len = ::read(fd, &report, sizeof(DnsReport)); if (len != sizeof(DnsReport)) { msg += "Error: cannot access Firejail DNS data"; procView_->setHtml(msg); return; } ::close(fd); QDateTime current = QDateTime::currentDateTime(); msg += "Fireail DNS report for " + current.toString() + "

"; msg += "Stats:
"; msg += QString(fdns_report_->header1) + "
"; msg += QString(fdns_report_->header2) + "

"; msg += "Resolvers:
"; for (int i = 0; i < fdns_report_->resolvers; i++) { QString str= QString("Resolver %1: ").arg(i); msg += str; if (fdns_report_->encrypted[i]) { char *s; if (asprintf(&s, "connected to %d.%d.%d.%d
", PRINT_IP(fdns_report_->peer_ip[i])) == -1) errExit("asprintf"); QString str2 = s; free(s); msg += str2; } else msg += "fallback mode
"; } msg += "
"; msg += "Process:
"; QString qs = QString("PID: %1
").arg(report.pid); msg += qs; qs = QString("Fallback server: %1
").arg(report.fallback); msg += qs; if (report.disable_local_doh) msg += "DoH disabled for applications behind the proxy
"; else msg += "DoH allowed for applications behind the proxy
"; qs = QString("To shutdown the proxy run \"sudo kill -9 %1\" in a terminal

").arg(report.pid); msg += qs; msg += "Queries:
"; qs = QString("(queries cleared after %1 minutes)
").arg(report.log_timeout); msg += qs; for (int i = fdns_report_->logindex; i < MAX_LOG_ENTRIES; i++) { if (fdns_report_->tstamp && strlen(fdns_report_->logentry[i])) msg += printDump(i); } for (int i = 0; i < fdns_report_->logindex; i++) { if (fdns_report_->tstamp && strlen(fdns_report_->logentry[i])) msg += printDump(i); } procView_->setHtml(msg); fdns_dump_ = msg; if (fdns_fd_) ::close(fdns_fd_); fdns_fd_ = 0; fdns_report_ = 0; } void StatsDialog::updateFdns() { QString msg = header(); if (access(shm_file_name_, R_OK)) { msg += QString("Error: cannot open shared memory, probably fdns is not running
"); if (fdns_fd_) ::close(fdns_fd_); fdns_fd_ = 0; fdns_report_ = 0; procView_->setHtml(msg); return; } // open fdns shared memory if necessary if (!fdns_fd_) { fdns_fd_ = shm_open(shm_file_name_ + 8, O_RDONLY, S_IRWXU); if (fdns_fd_ == -1) { msg += "Error: cannot access shared memory, probably fdns is not running
"; if (fdns_fd_) ::close(fdns_fd_); fdns_fd_ = 0; fdns_report_ = 0; procView_->setHtml(msg); return; } } if (fdns_fd_ && fdns_report_ == 0) { fdns_report_ = (DnsReport *) mmap(0, sizeof(DnsReport), PROT_READ, MAP_SHARED, fdns_fd_, 0 ); if (fdns_report_ == (void *) - 1) { msg += "Error: cannot map /dev/shm/fdns_stats file in process memory<
"; fdns_report_ = 0; ::close(fdns_fd_); fdns_fd_ = 0; procView_->setHtml(msg); return; } } if (fdns_fd_ && fdns_report_) { if (fdns_first_run_ || fdns_seq_ != fdns_report_->seq) { fdns_first_run_ = false; fdns_seq_ = fdns_report_->seq; // print header msg += ""; msg += fdns_report_->header1; msg += "
"; msg += fdns_report_->header2; msg += "

"; // print log lines int row = 24; int i; int logrows = MAX_LOG_ENTRIES; if ((row - 4) > 0 && (row - 4) < MAX_LOG_ENTRIES) logrows = row - 4; int index = fdns_report_->logindex - logrows; for (i = 0; i < logrows; i++, index++) { int position = index; if (index < 0) position += MAX_LOG_ENTRIES; if (fdns_report_->tstamp && strlen(fdns_report_->logentry[position])) msg += printDump(position); } procView_->setHtml(msg); } } procView_->update(); } void StatsDialog::updateFirewall() { DbPid *dbptr = Db::instance().findPid(pid_); if (!dbptr) { mode_ = MODE_TOP; return; } QString msg = storage_netfilter_; if (msg.isEmpty()) { if (arg_debug) printf("reading firewall configuration\n"); msg = header() + storage_intro_; char *cmd; if (asprintf(&cmd, "firejail --netfilter.print=%d", pid_) != -1) { char *str = run_program(cmd); if (str) msg += "
" + QString(str) + "
"; } storage_netfilter_ = msg; procView_->setHtml(msg); } } void StatsDialog::updateTree() { DbPid *dbptr = Db::instance().findPid(pid_); if (!dbptr) { mode_ = MODE_TOP; return; } if (arg_debug) printf("reading process tree configuration\n"); QString msg = header() + storage_intro_; msg += "
"; char *str = 0; char *cmd; if (asprintf(&cmd, "firemon --tree --wrap %d", pid_) != -1) { str = run_program(cmd); char *ptr = str; // htmlize! while (*ptr != 0) { if (*ptr == '\n') { *ptr = '\0'; msg += QString(str) + "
\n"; ptr++; while (*ptr == ' ') { msg += "  "; ptr++; } str = ptr; continue; } ptr++; } free(cmd); } msg += "
"; procView_->setHtml(msg); } void StatsDialog::updateSeccomp() { DbPid *dbptr = Db::instance().findPid(pid_); if (!dbptr) { mode_ = MODE_TOP; return; } QString msg = storage_seccomp_; if (msg.isEmpty()) { if (arg_debug) printf("reading seccomp configuration\n"); QString msg = header() + storage_intro_; msg += "
"; char *str = 0; char *cmd; if (asprintf(&cmd, "firejail --seccomp.print=%d", pid_) != -1) { str = run_program(cmd); char *ptr = str; // htmlize! while (*ptr != 0) { if (*ptr == '\n') { *ptr = '\0'; msg += QString(str) + "
\n"; ptr++; while (*ptr == ' ') { msg += "  "; ptr++; } str = ptr; continue; } ptr++; } free(cmd); } msg += "
"; procView_->setHtml(msg); storage_seccomp_ = msg; } } void StatsDialog::updateCaps() { DbPid *dbptr = Db::instance().findPid(pid_); if (!dbptr) { mode_ = MODE_TOP; return; } QString msg = storage_caps_; if (msg.isEmpty()) { if (arg_debug) printf("reading caps configuration\n"); msg = header() + storage_intro_; msg += "
"; char *str = 0; char *cmd; if (asprintf(&cmd, "firejail --caps.print=%d", pid_) != -1) { str = run_program(cmd); char *ptr = str; // htmlize! int cnt = 0; while (*ptr != 0) { if (*ptr == '\n') { // print only caps supported by the current kernel if (cnt >= caps_cnt_) break; cnt++; *ptr = '\0'; msg += QString(str) + "
\n"; ptr++; str = ptr; continue; } ptr++; } free(cmd); } msg += "
"; procView_->setHtml(msg); storage_caps_ = msg; } } static QString get_dns(int pid) { QString rv; char *str = 0; char *cmd; if (asprintf(&cmd, "firejail --dns.print=%d", pid) != -1) { str = run_program(cmd); char *ptr = str; // htmlize! while (*ptr != 0) { if (*ptr == '\n') { *ptr = '\0'; bool skip = false; if (*str == '#') skip = true; if (!skip) rv += QString(str) + "
\n"; ptr++; while (*ptr == ' ') { if (!skip) rv += "  "; ptr++; } str = ptr; continue; } ptr++; } } free(cmd); return rv; } // build the network interface list for firejail versions 0.9.56 or older, including 0.9.56-LTS static QString get_interfaces_old(int pid) { QString rv; char *fname; if (asprintf(&fname, "/run/firejail/network/%d-netmap", pid) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { char buf[4096]; int i = -1; while (fgets(buf, 4096, fp)) { i++; char *ptr = strchr(buf, '\n'); if (ptr) *ptr = '\0'; // extract parent device ptr = strchr(buf, ':'); if (!ptr) continue; char *parent_dev = buf; *ptr = '\0'; ptr++; char *child_dev = ptr; QString str = QString("%1 (parent device %2").arg(child_dev).arg(parent_dev); // detect bridge device char *sysfile; if (asprintf(&sysfile, "/sys/class/net/%s/bridge", parent_dev) == -1) errExit("asprintf"); struct stat s; if (stat(sysfile, &s) == 0) str += ", bridge)"; else str += ")"; free(sysfile); rv += str + "
"; } fclose(fp); } free(fname); return rv; } // build the network interface list for firejail versions 0.9.57 and up // returns an empty string if --net.print is not available in the currently installed firejail version static QString get_interfaces_new(int pid) { QString rv; char *str = 0; char *cmd; if (asprintf(&cmd, "firejail --net.print=%d 2>&1", pid) != -1) { str = run_program(cmd); free(cmd); // htmlize! char *ptr = strtok(str, "\n"); if (!ptr || strncmp(ptr, "Error", 5) == 0) goto errexit; while ((ptr = strtok(NULL, "\n")) != NULL) { if (strncmp(ptr, "Error", 5) == 0) goto errexit; if (strncmp(ptr, "Interface ", 10) == 0) continue; if (strncmp(ptr, "lo ", 3) == 0) continue; // parse the interface line, example //eth0-12202 c6:7f:d1:a9:3d:bc 192.168.1.82 255.255.255.0 UP // ifname char *ifname = ptr; while (*ptr != ' ' && *ptr != '\0') ptr++; if (*ptr == '\0') goto errexit; *ptr = '\0'; ptr++; // skip mac address while (*ptr == ' ') ptr++; while (*ptr != ' ' && *ptr != '\0') ptr++; if (*ptr == '\0') goto errexit; while (*ptr == ' ') ptr++; // ip address char *ip = ptr; while (*ptr != ' ' && *ptr != '\0') ptr++; if (*ptr == '\0') goto errexit; *ptr = '\0'; ptr++; while (*ptr == ' ') ptr++; // extract mask... char *mask = ptr; while (*ptr != ' ' && *ptr != '\0') ptr++; if (*ptr == '\0') goto errexit; *ptr = '\0'; // ... and build a CIDR addrss uint32_t mask_uint32; if (atoip(mask, &mask_uint32)) goto errexit; int bits = mask2bits(mask_uint32); rv += QString(ifname) + "   " + QString(ip) + "/" + QString::number(bits) + "
"; } } return rv; errexit: return QString(); // empty string } void StatsDialog::updateNetwork() { int cycle = Db::instance().getCycle(); assert(cycle < DbPid::MAXCYCLE); DbPid *dbptr = Db::instance().findPid(pid_); if (!dbptr) { mode_ = MODE_TOP; return; } // DNS QString msg = header() + storage_intro_; if (storage_dns_.isEmpty()) { if (arg_debug) printf("reading dns configuration\n"); storage_dns_ += ""; } msg += storage_dns_; // network interfaces if (storage_network_.isEmpty()) { if (net_none_) storage_network_ = ""; } msg += storage_network_; // graph type msg += ""; if (dbptr->netNamespace() == true && net_none_ == false) { if (graph_type_ == GRAPH_1MIN) { msg += ""; } else if (graph_type_ == GRAPH_1H) { msg += ""; } else if (graph_type_ == GRAPH_12H) { msg += ""; } else assert(0); } // netfilter if (dbptr->netNamespace() == true && net_none_ == false) msg += "\n"; else if (dbptr->netNone() == true) msg += "\n"; else msg += "\n"; if (dbptr->netNamespace() == true && net_none_ == false) msg += ""; msg += QString("
DNS
"; storage_dns_ += get_dns(pid_); storage_dns_ += "		Network Interfaces
lo
"; else if (dbptr->netNamespace() == false) storage_network_ = "		Using the system network namespace"; else { storage_network_ = "Network Interfaces
lo
"; QString tmp = get_interfaces_new(pid_); if (tmp.isEmpty()) tmp = get_interfaces_old(pid_); storage_network_ += tmp; } storage_network_ += "
Stats: 1min 1h 12hStats: 1min 1h 12hStats: 1min 1h 12hFirewall: enabled
Firewall: no firewall
Firewall: system firewall
"+ graph(2, dbptr, cycle, graph_type_) + "" + graph(3, dbptr, cycle, graph_type_) + "

"); // bandwidth limits if (dbptr->netNamespace() == true && net_none_ == false) { char *fname; if (asprintf(&fname, "/run/firejail/bandwidth/%d-bandwidth", pid_) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { msg += "
"; msg += "Bandwidth limits:

\n"; char buf[1024]; while (fgets(buf, 1024, fp)) { msg += buf; msg += "
"; } fclose(fp); msg += "
"; } free(fname); } procView_->setHtml(msg); } void StatsDialog::kernelSecuritySettings() { if (arg_debug) printf("Checking security settings for pid %d\n", pid_); // reset all pid_seccomp_ = false; pid_caps_ = QString(""); pid_cpu_cores_ = QString(""); pid_protocol_ = QString(""); pid_mem_deny_exec_ = QString("disabled"); pid_apparmor_ = QString(""); // caps char *cmd; if (asprintf(&cmd, "firemon --caps %d", pid_) == -1) return; char *str = run_program(cmd); if (str) { char *ptr = strstr(str, "CapBnd:"); if (ptr) pid_caps_ = QString(ptr + 7); else pid_caps_ = QString(""); } free(cmd); // seccomp if (asprintf(&cmd, "firemon --seccomp %d", pid_) == -1) return; str = run_program(cmd); if (str) { char *ptr = strstr(str, "Seccomp"); if (ptr) { if (strstr(ptr, "2")) pid_seccomp_ = true; } } free(cmd); // cpu cores if (asprintf(&cmd, "firemon --cpu %d", pid_) == -1) return; str = run_program(cmd); if (str) { char *ptr = strstr(str, "Cpus_allowed_list:"); if (ptr) { ptr += 18; pid_cpu_cores_ = QString(ptr); } } free(cmd); // protocols if (asprintf(&cmd, "firejail --protocol.print=%d", pid_) == -1) return; str = run_program(cmd); if (str) { if (strncmp(str, "Cannot", 6) == 0) pid_protocol_ = QString("disabled"); else pid_protocol_ = QString(str); } free(cmd); // mem deny exec if (asprintf(&cmd, "firejail --ls=%d /run/firejail/mnt", pid_) == -1) return; str = run_program(cmd); if (str) { if (strstr(str, "seccomp.mdwx")) pid_mem_deny_exec_ = "enabled"; } free(cmd); // apparmor if (asprintf(&cmd, "firejail --apparmor.print=%d", pid_) == -1) return; str = run_program(cmd); if (str) { const char *tofind = "AppArmor: "; char *ptr = strstr(str, tofind); if (ptr) pid_apparmor_ = QString(ptr + strlen(tofind)); } free(cmd); } void StatsDialog::updatePid() { QString msg = ""; int cycle = Db::instance().getCycle(); assert(cycle < DbPid::MAXCYCLE); DbPid *ptr = Db::instance().findPid(pid_); if (!ptr) { mode_ = MODE_TOP; return; } const char *cmd = ptr->getCmd(); if (!cmd) { mode_ = MODE_TOP; return; } // initialize static values if (pid_initialized_ == false) { kernelSecuritySettings(); pid_noroot_ = userNamespace(pid_); pid_name_ = getName(pid_); profile_ = getProfile(pid_); pid_x11_ = getX11Display(pid_); pid_initialized_ = true; // detect --net=none int child = pid_find_child(pid_); char *fname; if (asprintf(&fname, "/proc/%d/net/dev", child) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { char buf[4096]; int cnt = 0; while (fgets(buf, 4096, fp)) cnt++; fclose(fp); if (cnt <= 3) net_none_ = true; else net_none_ = false; } free(fname); } // get user name DbStorage *st = &ptr->data_1min_[cycle]; struct passwd *pw = getpwuid(ptr->getUid()); if (!pw) errExit("getpwuid"); uid_ = pw->pw_uid; // add header msg += header(); // add intro storage_intro_ = ""; if (!pid_name_.isEmpty()) storage_intro_ += ""; storage_intro_ += ""; if (!profile_.isEmpty()) storage_intro_ += ""; storage_intro_ += "
Sandbox name: " + pid_name_ + "
Command: " + QString(cmd) + "
Profile: " + profile_ + "

"; msg += storage_intro_; msg += ""; msg += QString(""; if (ptr->netNamespace() == false) { QString net = (net_none_)? " no network": " system"; msg += ""; } else msg += QString(""; msg += QString(""; if (ptr->netNamespace() == false) { QString net = (net_none_)? " no network": " system"; msg += ""; } else msg += QString(""; msg += QString(""; msg += QString(""; msg += QString(""; msg += QString(""; msg += QString(""; // user namespace msg += ""; msg += QString(""; if (pid_seccomp_) msg += QString(""; else msg += QString(""); msg += ""; msg += ""; // X11 display if (pid_x11_) { msg += ""; } else msg +=""; // memory deny exec msg += ""; // apparmor if (!pid_apparmor_.isEmpty()) msg += ""; // graph type msg += ""; msg += ""; if (graph_type_ == GRAPH_1MIN) { msg += ""; } else if (graph_type_ == GRAPH_1H) { msg += ""; } else if (graph_type_ == GRAPH_12H) { msg += ""; } else assert(0); // graphs msg += ""; msg += ""; msg += QString("
PID: ") + QString::number(pid_) + "RX: " + net + "
RX: ") + QString::number(st->rx_) + " KB/s
User: ") + pw->pw_name + "TX: " + net + "
TX: ") + QString::number(st->tx_) + " KB/s
CPU: ") + QString::number(st->cpu_) + "%Seccomp: "); if (pid_seccomp_) msg += "enabled"; else msg += "disabled"; msg += "
Memory: ") + QString::number((int) (st->rss_ + st->shared_)) + " KiB     Capabilities: ") + pid_caps_ + "
RSS " + QString::number((int) st->rss_) + ", shared " + QString::number((int) st->shared_)) + "User Namespace: "; if (pid_noroot_) msg += "enabled"; else msg += "disabled"; msg += "
CPU Cores: ") + pid_cpu_cores_ + "Protocols: ") + pid_protocol_ + "Protocols: disabled
X11 Dispaly: " + QString::number(pid_x11_) + "Memory deny exec: " + pid_mem_deny_exec_ + "
AppArmor: " + pid_apparmor_ + "
Stats: 1min 1h 12hStats: 1min 1h 12hStats: 1min 1h 12h
"+ graph(0, ptr, cycle, graph_type_) + "" + graph(1, ptr, cycle, graph_type_) + "

"); procView_->setHtml(msg); } void StatsDialog::cycleReady() { if (mode_ == MODE_TOP) updateTop(); else if (mode_ == MODE_FDNS) updateFdns(); else if (mode_ == MODE_FDNS_DUMP) updateFdnsDump(); else if (mode_ == MODE_PID) updatePid(); else if (mode_ == MODE_TREE) updateTree(); else if (mode_ == MODE_SECCOMP) updateSeccomp(); else if (mode_ == MODE_NETWORK) updateNetwork(); else if (mode_ == MODE_CAPS) updateCaps(); else if (mode_ == MODE_FIREWALL) updateFirewall(); } void StatsDialog::anchorClicked(const QUrl & link) { cleanStorage(); // full storage cleanup on any click QString linkstr = link.toString(); if (linkstr == "top") { mode_ = MODE_TOP; } else if (linkstr == "back") { if (mode_ == MODE_PID) mode_ = MODE_TOP; else if (mode_ == MODE_TREE) mode_ = MODE_PID; else if (mode_ == MODE_SECCOMP) mode_ = MODE_PID; else if (mode_ == MODE_NETWORK) mode_ = MODE_PID; else if (mode_ == MODE_CAPS) mode_ = MODE_PID; else if (mode_ == MODE_FIREWALL) mode_ = MODE_PID; else if (mode_ == MODE_TOP) ; else assert(0); } else if (linkstr == "tree") { mode_ = MODE_TREE; } else if (linkstr == "seccomp") { mode_ = MODE_SECCOMP; } else if (linkstr == "caps") { mode_ = MODE_CAPS; } else if (linkstr == "1h") { graph_type_ = GRAPH_1H; } else if (linkstr == "12h") { graph_type_ = GRAPH_12H; } else if (linkstr == "1min") { graph_type_ = GRAPH_1MIN; } else if (linkstr == "network") { mode_ = MODE_NETWORK; } else if (linkstr == "firewall") { mode_ = MODE_FIREWALL; } else if (linkstr == "shut") { QMessageBox msgBox; msgBox.setText(QString("Are you sure you want to shutdown PID ") + QString::number(pid_) + "?\n"); msgBox.setStandardButtons(QMessageBox::Ok | QMessageBox::Cancel); msgBox.setDefaultButton(QMessageBox::Cancel); int rv = msgBox.exec(); if (rv == QMessageBox::Ok) { // shutdown sandbox QApplication::setOverrideCursor(Qt::WaitCursor); char *cmd; if (asprintf(&cmd, "firejail --shutdown=%d", pid_) != -1) { int rv = system(cmd); (void) rv; free(cmd); } QApplication::restoreOverrideCursor(); mode_ = MODE_TOP; } } else if (linkstr == "join") { // join the process in a new xterm char *cmd; if (asprintf(&cmd, "xterm -T \"Firejail Sandbox %d\" -e firejail --join=%d&", pid_, pid_) != -1) { int rv = system(cmd); (void) rv; free(cmd); } } else if (linkstr == "fmgr") { char *cmd; if (asprintf(&cmd, PACKAGE_LIBDIR "/fmgr %d&", pid_) != -1) { int rv = system(cmd); (void) rv; free(cmd); } } else if (linkstr == "about") { QString msg = ""; msg += "
" + tr( "Firetools is a GUI application for Firejail. " "It offers a system tray launcher for sandboxed apps, " "sandbox editing, management, and statistics. " "The software package also includes a sandbox configuration wizard, firejail-ui.

" "Firejail is a SUID sandbox program that reduces the risk of security " "breaches by restricting the running environment of untrusted applications " "using Linux namespaces, Linux capabilities and seccomp-bpf.

") + tr("Firetools version:") + " " + PACKAGE_VERSION + "
" + tr("QT version: ") + " " + QT_VERSION_STR + "
" + tr("License:") + " GPL v2
" + tr("Homepage:") + " " + QString(PACKAGE_URL) + "


"; QMessageBox::about(this, tr("About"), msg); } else if (linkstr == "fdns") { if (mode_ != MODE_FDNS_DUMP) { if (shm_file_name_) free(shm_file_name_); shm_file_name_ = find_fdns_shm_file_name(); if (fdns_report_) fdns_report_ = 0; if (fdns_fd_) { ::close(fdns_fd_); sleep(1); // give the kernel some time to close the shared mem file in order to open another one } } mode_ = MODE_FDNS; } else if (linkstr == "dump") { fdns_dump_ = QString(""); mode_ = MODE_FDNS_DUMP; } else if (linkstr == "newsandbox") { // start firejail-ui as a separate process QProcess *process = new QProcess(); QStringList arguments; // arguments << "--nofiretools"; process->startDetached(QString("firejail-ui"), arguments); } else { // linstr == "home" pid_ = linkstr.toInt(); pid_initialized_ = false; pid_caps_ = QString(""); pid_name_ = QString(""); pid_x11_ = 0; mode_ = MODE_PID; } // reset fdns fdns_first_run_ = true; if (data_ready) cycleReady(); } static bool userNamespace(pid_t pid) { if (arg_debug) printf("Checking user namespace for pid %d\n", pid); // test user namespaces available in the kernel struct stat s1; struct stat s2; struct stat s3; if (stat("/proc/self/ns/user", &s1) == 0 && stat("/proc/self/uid_map", &s2) == 0 && stat("/proc/self/gid_map", &s3) == 0); else return false; pid = pid_find_child(pid); if (pid == -1) return false; // read uid map char *uidmap; if (asprintf(&uidmap, "/proc/%u/uid_map", pid) == -1) errExit("asprintf"); FILE *fp = fopen(uidmap, "r"); if (!fp) { free(uidmap); return false; } // check uid map int u1; int u2; bool found = false; if (fscanf(fp, "%d %d", &u1, &u2) == 2) { if (u1 != 0 || u2 != 0) found = true; } fclose(fp); free(uidmap); return found; } static QString getName(pid_t pid) { QString retval(""); char *fname; if (asprintf(&fname, "/run/firejail/name/%d", (int) pid) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { char name[250]; if (fgets(name, 250, fp)) retval = QString(name); fclose(fp); } free(fname); return retval; } static QString getProfile(pid_t pid) { QString retval(""); char *fname; if (asprintf(&fname, "/run/firejail/profile/%d", (int) pid) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { char name[250]; if (fgets(name, 250, fp)) retval = QString(name); fclose(fp); } free(fname); return retval; } static int getX11Display(pid_t pid) { int retval = 0; char *fname; if (asprintf(&fname, "/run/firejail/x11/%d", (int) pid) == -1) errExit("asprintf"); FILE *fp = fopen(fname, "r"); if (fp) { int val; if (fscanf(fp, "%d", &val) == 1) retval = val; fclose(fp); } free(fname); return retval; } ================================================ FILE: src/fstats/stats_dialog.h ================================================ /* * Copyright (C) 2015-2018 Firetools Authors * * This file is part of firetools project * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #ifndef STATS_DIALOG_H #define STATS_DIALOG_H #include #include #include #include #include #include #include "fstats.h" class QTextBrowser; class QUrl; class PidThread; extern "C" { typedef struct dns_report_t { volatile uint32_t seq; //sqence number used to detect data changes // proxy config unsigned pid; int log_timeout; int disable_local_doh; int nofilter; #define MAX_ENTRY_LEN 82 // a full line on a terminal screen, \n and \0 char fallback[MAX_ENTRY_LEN]; // resolvers #define RESOLVERS_CNT_MAX 10 int resolvers; int encrypted[RESOLVERS_CNT_MAX]; uint32_t peer_ip[RESOLVERS_CNT_MAX]; // header char header1[MAX_ENTRY_LEN]; char header2[MAX_ENTRY_LEN]; // queries int logindex; #define MAX_LOG_ENTRIES 512 // 18 lines on the screen in order to handle tab terminals time_t tstamp[MAX_LOG_ENTRIES]; char logentry[MAX_LOG_ENTRIES][MAX_ENTRY_LEN]; } DnsReport; } // extern "C" class StatsDialog: public QDialog { Q_OBJECT public: StatsDialog(); ~StatsDialog(); private slots: void main_quit(); public slots: void cycleReady(); void anchorClicked(const QUrl & link); void trayActivated(QSystemTrayIcon::ActivationReason); private: QString header(); void kernelSecuritySettings(); void updateTop(); void updateFdns(); inline QString printDump(int index); void updateFdnsDump(); void updatePid(); void updateTree(); void updateSeccomp(); void updateNetwork(); void updateCaps(); void updateFirewall(); void cleanStorage(); void createTrayActions(); private: DnsReport *fdns_report_; uint32_t fdns_seq_; int fdns_fd_; bool fdns_first_run_; QTextBrowser *procView_; #define MODE_TOP 0 #define MODE_PID 1 #define MODE_TREE 2 #define MODE_SECCOMP 3 #define MODE_NETWORK 4 #define MODE_CAPS 5 #define MODE_FIREWALL 6 #define MODE_FDNS 7 #define MODE_FDNS_DUMP 8 #define MODE_MAX 9 // always the last one int mode_; int pid_; // pid value for mode 1 uid_t uid_; bool lts_; // flag to detect LTS version of firejail // security settings bool pid_initialized_; bool pid_seccomp_; QString pid_caps_; bool pid_noroot_; QString pid_cpu_cores_; QString pid_protocol_; QString pid_name_; QString pid_mem_deny_exec_; QString pid_apparmor_; QString profile_; int pid_x11_; QString fdns_dump_; bool have_join_; int caps_cnt_; GraphType graph_type_; bool net_none_; PidThread *thread_; // storage for various sandbox settings QString storage_dns_; QString storage_caps_; QString storage_seccomp_; QString storage_intro_; QString storage_network_; QString storage_netfilter_; char *shm_file_name_; public: QAction *minimizeAction; QAction *restoreAction; QAction *quitAction; }; #endif ================================================ FILE: src/man/firejail-ui.txt ================================================ .TH FIREJAIL-UI 1 "MONTH YEAR" "VERSION" "firejail-ui man page" .SH NAME firejail-ui \- Firejail sandbox configuration wizard .SH SYNOPSIS firejail-ui [OPTIONS] .SH DESCRIPTION This manual page documents briefly firejail-ui, the sandbox configuration wizard for Firejail sandbox. .SH OPTIONS .TP \fB\-\-debug\fR Print debug messages. .TP \fB\-?\fR, \fB\-\-help\fR Print options end exit. .TP \fB\-\-version\fR Print software version and exit. .SH ABOUT FIREJAIL Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. .SH LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. .PP Homepage: http://firejail.wordpress.com .SH SEE ALSO \&\flfirejail\fR\|(1), \&\flfiretools\fR\|(1) ================================================ FILE: src/man/firetools.txt ================================================ .TH FIRETOOLS 1 "MONTH YEAR" "VERSION" "firetools man page" .SH NAME Firetools \- Graphical tools collection for Firejail security sandbox .SH SYNOPSIS firetools [OPTIONS] .SH DESCRIPTION Firetools is a GUI application for Firejail. It offers a system tray launcher for sandboxed apps, sandbox editing, management, and statistics. The software package also includes a sandbox configuration wizard, firejail-ui. The list of applications recognized automatically by Firetools is stored in /usr/lib/firetools/applist. To add more applications to the list drop a similar file in your home directory in ~/.config/firetools/uiapps. .SH OPTIONS .TP \fB\-\-autostart\fR Configure firetools to run automatically in system tray when X11 session is started. .TP \fB\-\-debug\fR Print debug messages. .TP \fB\-?\fR, \fB\-\-help\fR Print options end exit. .TP \fB\-\-version\fR Print software version and exit. .SH CONFIGURATION /usr/lib/firetools/uiapps file contains the default list of applications recognized by default. The user can add more applications by creating a simillar file in ~/.config/firetools/uiapps in user home directory. Each line describes an application as follows: .PP .RS executable; description; icon; (optional) firejail command .RE Some examples: .PP .RS inkscape;Inkscape SVG Editor;inkscape .br calibre;eBook Reader;/usr/share/calibre/images/lt.png .br mpv;MPV;mpv;firejail mpv --player-operation-mode=pseudo-gui .br .RE .SH ABOUT FIREJAIL Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. .SH LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. .PP Homepage: http://firejail.wordpress.com .SH SEE ALSO \&\flfirejail\fR\|(1), \&\flfirejail-ui\fR\|(1), ================================================ FILE: todo ================================================ 1. Documentation: packages needed on Debian Jessie: qt5-default, libqt5svg5, firejail, xterm 2. If a program is uninstalled, do not leave it in the launcher 3. On debian i386, open new xterm sandbox, join it, shut down the join process - it does not shut down! 4. Detecting sandbox features from command line params: --net detected in pid_thread.cpp (strstr(pids[pid].cmd, "--net")), it might pick it up from the params of the sandboxed program 5. Merge from firejail main Mar 10: fix --list reporting for sandboxes using --x11=none; 6. Update copyright years