Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add profile for checksum tools #4069

Merged
merged 1 commit into from
Mar 19, 2021
Merged

Add profile for checksum tools #4069

merged 1 commit into from
Mar 19, 2021

Conversation

rusty-snake
Copy link
Collaborator

@rusty-snake rusty-snake commented Mar 8, 2021
edited
Loading

Someone told me that md5 is insecure, so I decided it is better to sandbox it so that is can be used securely. 馃檭

hasher-common.profile is based on archiver-common.profile.

glitsj16
glitsj16 approved these changes Mar 8, 2021
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few occurences of archiver-common.local that need changing to hasher-common.local and this is good to go. Very nice additions!

@netblue30
Copy link
Owner

What if we put "quiet" at the top of all of them and add them to firecfg.config?

@rusty-snake
Copy link
Collaborator Author

quiet should be added in any way. I am unsure about firecfg, @glitsj16 what's your opinion?

@rusty-snake
Add profile for checksum tools
f7e232c 
 * Oops! Thanks for catching.

 * Add quiet
@netblue30
Copy link
Owner

netblue30 commented Mar 14, 2021
edited
Loading

I am unsure about firecfg

It could be a problem when they run it from scripts. It will slow down if they do it in a loop on large number of files, for example a package manager comparing checksums - we introduce about 50 ms to start each sandbox.

@glitsj16
Copy link
Collaborator

I am unsure about firecfg

It could be a problem when they run it from scripts. It will slow down if they do it in a loop on large number of files, for example a package manager comparing checksums - we introduce about 50 ms to start each sandbox.

Package management indeed poses a bit of a problem for these checksum tools, as do archivers (see #3095). I guess not all firejail users do a lot of manual/scripted package building, activities where this inherent slowing down factor quickly turns into a nuissance. Those that do are probably more aware of this and have the skills to work around it. By leaving them out of firecfg we tend to disfavour the first set of users. For the occasional checksumming outside of package management it would be nice to add them. What about adding a setting in firejail.config so users can have more control over their preference. That setting would have to be tied into firecfg to keep things from breaking, and in all honesty I haven't looked into the feasibility of doing that.

@glitsj16 glitsj16 closed this Mar 14, 2021
@glitsj16
Copy link
Collaborator

Oops, I didn't want to close this!

@glitsj16 glitsj16 reopened this Mar 14, 2021
@netblue30
Copy link
Owner

OK, let's grab it as is, I'll put quiet in all of them. Thanks!

@netblue30 netblue30 merged commit 63fc5d9 into netblue30:master Mar 19, 2021
@netblue30
Copy link
Owner

sorry, quiet was already there!

@rusty-snake rusty-snake deleted the hasher-profiles branch March 19, 2021 13:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glitsj16 glitsj16 glitsj16 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rusty-snake @netblue30 @glitsj16