Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • trisquel/package-helpers
  • aklis/package-helpers
  • leny2010/package-helpers
  • fr33domlover/package-helpers
  • Legimet/package-helpers
  • ralphtheninja/package-helpers
  • damo22/package-helpers
  • wherrfrye/package-helpers
  • habs/package-helpers
  • pehjota/package-helpers
  • kpengboy/package-helpers
  • alvaro/package-helpers
  • salman/package-helpers
  • pabloyoyoista/package-helpers
  • mixalis/package-helpers
  • jorgesumle/package-helpers
  • a_slacker_here/package-helpers
  • chaosmonk/package-helpers
  • Beformed/package-helpers
  • dknight/package-helpers
  • proninyaroslav/package-helpers
  • adfeno/package-helpers
  • snd/package-helpers
  • davidpgil/package-helpers
  • diopon/package-helpers
  • ruben/package-helpers
  • bandali/package-helpers
  • joshaspinall/package-helpers
  • GNUtoo/package-helpers
  • Ark74/package-helpers
  • dragestil/package-helpers
  • bill-auger/package-helpers
  • andi89gi/package-helpers
  • Fikar/package-helpers
  • davidl/package-helpers
  • jas/package-helpers
  • parodper/package-helpers
  • David_Hedlund/package-helpers
  • dinomug/package-helpers
  • bf/package-helpers
  • hartkemd/package-helpers
  • del111/package-helpers
  • jxself/package-helpers
  • JacobK/package-helpers
44 results
Show changes
Commits on Source (1369)
Showing
with 1698 additions and 357 deletions
# Contributing
# Contributing
Whether you've got a bugfix, documentation update, or new feature for us, these are the steps to follow to contribute code back into the main trisquel repo.
......@@ -6,34 +6,27 @@ Whether you've got a bugfix, documentation update, or new feature for us, these
1. Install needed packages for both, sources and binary builds
1. Install needed packages for running the helpers
```
sudo apt-get install dpkg-dev devscripts git pbuilder quilt patch sed rpl parsewiki
sudo apt-get install cdbs devscripts dpkg-dev git gnupg patch quilt rpl sed
```
1. Configure build environment for binary packages
1. Get the Trisquel build environment and follow the [README](https://gitlab.trisquel.org/trisquel/trisquel-builder/-/blob/master/README.md) to setup your system for building
```
git clone https://devel.trisquel.info/trisquel/trisquel-builder.git
ln -s $(readlink -f trisquel-builder/pbuilderrc) ~/.pbuilderrc
sudo ln -s $(readlink -f trisquel-builder/hooks) /var/cache/pbuilder/hooks.d
```
1. Create the build environment for each distribution/architecture you want to work with
```
sudo BUILDDIST=belenos BUILDARCH=amd64 pbuilder create
git clone https://gitlab.trisquel.org/trisquel/trisquel-builder.git
```
## 2. Get the latest code from gitlab
You'll need to understand a little bit about how git and gitlab work before this step (GitHub works the same way, but we like free software). In simple terms, log in [here](https://devel.trisquel.info/users/sign_in?redirect_to_referer=yes), visit the [trisquel/package-helpers project page](https://devel.trisquel.info/trisquel/package-helpers), and click the "fork" button to create your own copy of the repo. You will push your changes to this new repo under your own git account, and we will pull changes into the main repo from there.
You'll need to understand a little bit about how git and gitlab work before this step (GitHub works the same way, but we like free software). In simple terms, log in [here](https://gitlab.trisquel.org/users/sign_in?redirect_to_referer=yes), visit the [trisquel/package-helpers project page](https://gitlab.trisquel.org/trisquel/package-helpers), and click the "fork" button to create your own copy of the repo. You will push your changes to this new repo under your own git account, and we will pull changes into the main repo from there.
For the sake of the rest of the examples in this guide, we're going to assume your gitlab username is "**richardtorvalds**" and you will be working with the "**hello**" package, and use those in our examples.
Now, we want to grab the latest from this newly created repository and pull it down to your local machine. Getting the latest code from your repo is simple, just clone it:
```bash
git clone https://devel.trisquel.info/richardtorvalds/package-helpers.git
git clone https://gitlab.trisquel.org/richardtorvalds/package-helpers.git
cd package-helpers
```
......@@ -44,7 +37,7 @@ This will give you a directory called "package-helpers" on your local machine wi
One thing you'll need to do to make things easier to integrate and keep up to date in your fork is to add the main repo as a remote reference. This way you can fetch the latest code from the production version and integrate it. So, here's how to set that up:
```bash
git remote add upstream https://devel.trisquel.info/trisquel/package-helpers.git
git remote add upstream https://gitlab.trisquel.org/trisquel/package-helpers.git
git remote (this will list out your remotes, showing the new one we added)
```
......@@ -52,14 +45,14 @@ Then, when you need to pull the latest from the main trisquel repo, you just fet
```bash
git fetch upstream
git merge upstream/belenos
git merge upstream/nabia
```
You can also use *git pull upstream belenos* if you want it all in one step.
You can also use *git pull upstream nabia* if you want it all in one step.
## 4. Making a branch for your changes
When adding features or bug fixes, please create a separate branch for each changeset you want us to pull in, either with the issue number in the branch name or with an indication of what the feature is (feature, bugfix...).
When adding features or bug fixes, please create a separate branch for each changeset you want us to pull in, either with the issue number in the branch name or with an indication of what the feature is (feature, bugfix...).
```bash
git branch (lists your current branches)
......@@ -75,7 +68,7 @@ cd helpers
cp make-apache2 make-hello
```
For importing free packages from ppa's or other sources, check [make-toxcore](https://devel.trisquel.info/trisquel/package-helpers/blob/belenos/helpers/make-toxcore) and update the _EXTERNAL_ , _SIGNKEY_ and _changelog_ lines with your own values.
For importing free packages from ppa's or other sources, check [make-tor](https://gitlab.trisquel.org/trisquel/package-helpers/blob/nabia/helpers/make-tor) and update the _EXTERNAL_ , _SIGNKEY_ and _changelog_ lines with your own values.
Then, run the helper with
```
......@@ -86,12 +79,12 @@ If everything goes fine, you will have your new source package ready at _PACKAGE
## 6. Build and test the binary package
The last step generated a source package file, so we need to build the binary one:
The last step generated a source package file, so we need to build the binary one. Please make sure that you set or replace `CODENAME` and `ARCH` variables:
```
sudo BUILDDIST=belenos BUILDARCH=amd64 pbuilder build PACKAGES/hello/*.dsc
sbuild -v -A --dist $CODENAME --arch $ARCH PACKAGES/hello/*.dsc
```
The binary packages will be avaliable at _/var/cache/pbuilder/jenkins-repos/$BUILDDIST/_
The binary packages will be avaliable in the directory from which you ran the previous command.
## 7. Push your code and make a pull request
......@@ -107,6 +100,4 @@ This pushes everything in that branch up. Then you can go back to your forked pa
That lets us know that there's something new from you that needs to be pulled in. We'll review it and get back to you about it if we have any questions. Otherwise, we'll integrate it and let you know when it's in!
Hope this guide helps you get started in contributing to the trisquel project! If you still have questions, don't hesitate to join us on IRC - we're in #trisquel-dev on freenode -, or send a mail to the development mailing list trisquel-devel at listas.trisquel.info.
Hope this guide helps you get started in contributing to the trisquel project! If you still have questions, don't hesitate to join us on IRC - we're in #trisquel-dev on libera.chat -, or send a mail to the development mailing list trisquel-devel at listas.trisquel.info.
......@@ -11,9 +11,9 @@ derivative of your own, we suggest you to use Builder instead of this helpers.
Once a new package is added, it takes priority over the original one from Ubuntu,
so they never enter into the repo from upstream and need to be
compiled with this helpers and pushed into reprepro.
compiled with this helpers and pushed into reprepro.
To add a package to the list, follow the [CONTRIBUTING](https://devel.trisquel.info/trisquel/package-helpers/blob/belenos/CONTRIBUTING.md) guidelines.
To add a package to the list, follow the [CONTRIBUTING](https://gitlab.trisquel.org/trisquel/package-helpers/blob/nabia/CONTRIBUTING.md) guidelines.
## Steps
......@@ -26,11 +26,20 @@ Those are the steps done by the helpers:
5. Apply the changes described in the helper
6. Re-package it, adding "triquel$VERSION" version string
## Variables in helper scripts
* `VERSION` (required): The trisquel version for the helper.
* `EXTERNAL`: When building packages not coming from the upstream Ubuntu, the external `deb-src` in the same format as in `apt.sources.list`.
* `REPOKEY`: An additional GPG key to import for the helper. Mostly only used in conjunction with `EXTERNAL`.
* `BACKPORT(S)`: Must be set to `true` if the package is a backport.
* `QUILT`: If `skip`, avoids patches to be automatically applied. Only set this variables if you know what you are doing.
* `BUILD_UNTIL`: build this helper if the Trisquel REVISION number (e.g. Trisquel 10.0) is <= this number. To be used when we know that the helper will not be needed at a certain future release.
## Recommendations
* You don't need to use sudo in order to run those scripts, but some extra packages are needed:
`sudo apt-get install dpkg-dev sed git rpl devscripts quilt patch cdbs`
`sudo apt-get install cdbs devscripts dpkg-dev git gnupg gnupg2 patch python2 quilt rename rpl sed python3-jsonschema`
* Take care to use the right sourcePackageName, many source packages produce
several binary packages. `apt-cache showsrc binary-package` can help you.
......@@ -41,8 +50,26 @@ it at the `DATA/sourcePackageName` directory
would actually be shown to the user. Avoid replacing copyright statements!
* Try to write your replacements in a way they might work in future versions
of the upstream package. Well written regexps and sed will help with that.
* You can test your changes by doing them inside the _PACKAGES/sourcePackageName/source/_ directory,
* You can test your changes by doing them inside the _PACKAGES/sourcePackageName/source/_ directory,
and running `dpkg-source -b .`, before being added to the helper script
* You can check the status of failed build at https://jenkins.trisquel.org/job/build-watchdog/lastBuild/consoleText
## Debootstrap
On every new release we need to get compiled the very basic packages in order
to create a trisquel base builder.
Before that we currently relay on a upstream debootstrap image, so creating a
trisquel debootstrap is the starting point.
Every new release need the following packages taken care of first,
* `make-apt`
* `make-base-files`
* `make-bash`
* `make-debootstrap`
* `make-dpkg`
* `make-cdebconf`
* `trisquel-keyring` (not as helper)
* `trisquel-meta` (not as helper)
## Netinstall
......@@ -62,4 +89,3 @@ To generate the images, we run the following scripts:
Then we push the results into the Trisquel repository and run the script
`make-debian-installer` to build the final images.
--- src/akregator_part.cpp 2020-06-05 11:41:23.000000000 -0500
+++ src/akregator_part_trisquel.cpp 2020-06-05 12:46:05.914051386 -0500
@@ -189,6 +189,61 @@
wire.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("http://wire.kubuntu.org/?feed=rss2"));
kubuntuFolder.appendChild(wire);
+// Trisquel feeds
+ QDomElement trisquelFolder = doc.createElement(QStringLiteral("outline"));
+ trisquelFolder.setAttribute(QStringLiteral("text"), QStringLiteral("Trisquel GNU/Linux"));
+ body.appendChild(trisquelFolder);
+
+ QDomElement tnews = doc.createElement(QStringLiteral("outline"));
+ tnews.setAttribute(QStringLiteral("text"), i18n("News"));
+ tnews.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://trisquel.info/en/node/feed"));
+ trisquelFolder.appendChild(tnews);
+
+ QDomElement relAnnounce = doc.createElement(QStringLiteral("outline"));
+ relAnnounce.setAttribute(QStringLiteral("text"), i18n("Release announcements"));
+ relAnnounce.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://trisquel.info/en/taxonomy/term/700/0/feed"));
+ trisquelFolder.appendChild(relAnnounce);
+
+ QDomElement enForum = doc.createElement(QStringLiteral("outline"));
+ enForum.setAttribute(QStringLiteral("text"), i18n("Forum"));
+ enForum.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://trisquel.info/en/taxonomy/term/50/0/feed"));
+ trisquelFolder.appendChild(enForum);
+
+ QDomElement tReddit = doc.createElement(QStringLiteral("outline"));
+ tReddit.setAttribute(QStringLiteral("text"), i18n("Trisquel at Reddit"));
+ tReddit.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://www.reddit.com/r/trisquel/.rss"));
+ trisquelFolder.appendChild(tReddit);
+
+// Free Software feeds
+ QDomElement fsFolder = doc.createElement(QStringLiteral("outline"));
+ fsFolder.setAttribute(QStringLiteral("text"), QStringLiteral("Free Software"));
+ body.appendChild(fsFolder);
+
+ QDomElement newGNU = doc.createElement(QStringLiteral("outline"));
+ newGNU.setAttribute(QStringLiteral("text"), i18n("What's New at GNU"));
+ newGNU.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://www.reddit.com/r/trisquel/.rss"));
+ fsFolder.appendChild(newGNU);
+
+ QDomElement fsfNews = doc.createElement(QStringLiteral("outline"));
+ fsfNews.setAttribute(QStringLiteral("text"), i18n("FSF News"));
+ fsfNews.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://static.fsf.org/fsforg/rss/news.xml"));
+ fsFolder.appendChild(fsfNews);
+
+ QDomElement fsfEvents = doc.createElement(QStringLiteral("outline"));
+ fsfEvents.setAttribute(QStringLiteral("text"), i18n("FSF Events"));
+ fsfEvents.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://static.fsf.org/fsforg/rss/events.xml"));
+ fsFolder.appendChild(fsfEvents);
+
+ QDomElement fsfBlog = doc.createElement(QStringLiteral("outline"));
+ fsfBlog.setAttribute(QStringLiteral("text"), i18n("FSF Blogs"));
+ fsfBlog.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://static.fsf.org/fsforg/rss/blogs.xml"));
+ fsFolder.appendChild(fsfBlog);
+
+ QDomElement gnuReddit = doc.createElement(QStringLiteral("outline"));
+ gnuReddit.setAttribute(QStringLiteral("text"), i18n("GNU at Reddit"));
+ gnuReddit.setAttribute(QStringLiteral("xmlUrl"), QStringLiteral("https://www.reddit.com/r/gnu/.rss"));
+ fsFolder.appendChild(gnuReddit);
+
return doc;
}
}
#!/bin/sh -e
## 02_branding.dpatch by Adam Conrad <adconrad@0c3.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Changes apache's PLATFORM based on lsb_release output
BUILD_DIST="($(lsb_release -i -s) GNU/Linux)"
if [ $# -ne 1 ]; then
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
fi
case "$1" in
-patch)
if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then
echo >&2 "`basename $0`: patch already applied"
exit 1
else
# This is where we get our distribution-specific server signature from:
sed -i -e "s:(\" PLATFORM \"):${BUILD_DIST}:" server/core.c
fi
;;
-unpatch)
if grep -q "${BUILD_DIST}" server/core.c 2>/dev/null; then
sed -i -e "s:${BUILD_DIST}:(\" PLATFORM \"):" server/core.c
else
echo >&2 "`basename $0`: patch not yet applied, cannot unpatch"
exit 1
fi
;;
*)
echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
exit 1
;;
esac
Index: gnome-menus-2.28.0/layout/applications.menu
===================================================================
--- gnome-menus-2.28.0.orig/layout/applications.menu 2009-09-24 11:34:44.000000000 +0200
+++ gnome-menus-2.28.0/layout/applications.menu 2009-09-24 11:34:44.000000000 +0200
@@ -157,4 +157,29 @@
<Directory>Debian.directory</Directory>
</Menu>
+<Include>
+ <Filename>gnome-app-install.desktop</Filename>
+</Include>
+
+<!-- Separator between menus and gnome-app-install -->
+<Layout>
+ <Merge type="menus"/>
+ <Menuname>Internet</Menuname>
+ <Menuname>Office</Menuname>
+ <Menuname>Education</Menuname>
+ <Menuname>Development</Menuname>
+ <Menuname>Graphics</Menuname>
+ <Menuname>Multimedia</Menuname>
+ <Menuname>Games</Menuname>
+ <Menuname>Accessories</Menuname>
+ <Menuname>System</Menuname>
+ <Menuname>Universal Access</Menuname>
+ <Menuname>Debian</Menuname>
+ <Menuname>Other</Menuname>
+ <Menuname>wine-wine</Menuname>
+ <Merge type="files"/>
+ <Separator/>
+ <Filename>gnome-app-install.desktop</Filename>
+</Layout>
+
</Menu> <!-- End Applications -->
Index: gnome-menus-2.28.0/layout/settings.menu
===================================================================
--- gnome-menus-2.28.0.orig/layout/settings.menu 2009-09-24 11:34:47.000000000 +0200
+++ gnome-menus-2.28.0/layout/settings.menu 2009-09-24 11:35:22.000000000 +0200
@@ -43,6 +43,7 @@
<And>
<Category>Settings</Category>
<Category>System</Category>
+ <Not><Filename>gnome-app-install.desktop</Filename></Not>
</And>
</Include>
</Menu> <!-- End System Settings -->
From 70aed868a4ed76d74eecf3b210ce7bf3098ffab4 Mon Sep 17 00:00:00 2001
From: Jacob K <jacobk@disroot.org>
Date: Wed, 12 Feb 2025 12:19:24 -0600
Subject: [PATCH] Add some lines from Atril's profile to fix the screen reader
---
profiles/usr.bin.pidgin | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/profiles/usr.bin.pidgin b/profiles/usr.bin.pidgin
index 5e18702..085301c 100644
--- a/profiles/usr.bin.pidgin
+++ b/profiles/usr.bin.pidgin
@@ -8,6 +8,7 @@
#include <abstractions/bash>
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
+ #include <abstractions/dbus-accessibility>
#include <abstractions/dconf>
#include <abstractions/enchant>
#include <abstractions/gnome>
@@ -82,6 +83,13 @@
owner @{PROC}/@{pid}/auxv r,
owner @{PROC}/@{pid}/fd/ r,
+ # These lines were copied from Atril's profile to make the screen reader functional
+ owner /{,var/}run/user/*/at-spi2-*/ rw,
+ owner /{,var/}run/user/*/at-spi2-*/** rw,
+ # Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
+ # https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
+ owner /{,var/}run/user/*/at-spi/bus* rw,
+
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.pidgin>
}
--
2.25.1
From b5a7641dd3502fcfb897d3b96e197628b674ce3c Mon Sep 17 00:00:00 2001
From: Adrian Heine <mail@adrianheine.de>
Date: Mon, 23 Jan 2023 20:35:29 +0100
Subject: [PATCH] Add pipewire client.conf to audio abstractions
Fixes: https://bugs.launchpad.net/bugs/2003702
---
profiles/apparmor.d/abstractions/audio | 3 +++
1 file changed, 3 insertions(+)
diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio
index 01493260d..dd783992d 100644
--- a/profiles/apparmor.d/abstractions/audio
+++ b/profiles/apparmor.d/abstractions/audio
@@ -85,5 +85,8 @@ owner @{HOME}/.local/share/openal/hrtf/{,**} r,
# wildmidi
/etc/wildmidi/wildmidi.cfg r,
+# pipewire
+/usr/share/pipewire/client.conf r,
+
# Include additions to the abstraction
include if exists <abstractions/audio.d>
--
GitLab
......@@ -14,14 +14,14 @@ set _tilde 0
#
############# end config ##############
deb http://archive.trisquel.info/trisquel @CODENAME@ main
deb http://archive.trisquel.info/trisquel @CODENAME@-security main
deb http://archive.trisquel.info/trisquel @CODENAME@-updates main
deb http://archive.trisquel.info/trisquel @CODENAME@-backports main
deb http://archive.trisquel.org/trisquel @CODENAME@ main
deb http://archive.trisquel.org/trisquel @CODENAME@-security main
deb http://archive.trisquel.org/trisquel @CODENAME@-updates main
deb http://archive.trisquel.org/trisquel @CODENAME@-backports main
deb-src http://archive.trisquel.info/trisquel @CODENAME@ main
deb-src http://archive.trisquel.info/trisquel @CODENAME@-security main
deb-src http://archive.trisquel.info/trisquel @CODENAME@-updates main
deb-src http://archive.trisquel.info/trisquel @CODENAME@-backports main
deb-src http://archive.trisquel.org/trisquel @CODENAME@ main
deb-src http://archive.trisquel.org/trisquel @CODENAME@-security main
deb-src http://archive.trisquel.org/trisquel @CODENAME@-updates main
deb-src http://archive.trisquel.org/trisquel @CODENAME@-backports main
clean http://archive.trisquel.info/trisquel
clean http://archive.trisquel.org/trisquel
......@@ -4,17 +4,17 @@
<!ENTITY keyring-filename "<filename>/usr/share/keyrings/trisquel-archive-keyring.gpg</filename>">
<!ENTITY keyring-removed-filename "<filename>/usr/share/keyrings/trisquel-archive-removed-keys.gpg</filename>">
<!ENTITY keyring-master-filename "/usr/share/keyrings/trisquel-master-keyring.gpg">
<!ENTITY keyring-uri "http://archive.trisquel.info/trisquel/trisquel-archive-signkey.gpg">
<!ENTITY keyring-uri "http://archive.trisquel.org/trisquel/trisquel-archive-signkey.gpg">
<!ENTITY sourceslist-list-format "deb http://es.archive.trisquel.info/trisquel &trisquel-codename; main
deb http://es.archive.trisquel.info/trisquel &trisquel-codename;-security main
deb http://es.archive.trisquel.info/trisquel &trisquel-codename;-updates main">
<!ENTITY sourceslist-list-format "deb http://archive.trisquel.org/trisquel &trisquel-codename; main
deb http://archive.trisquel.org/trisquel &trisquel-codename;-security main
deb http://archive.trisquel.org/trisquel &trisquel-codename;-updates main">
<!ENTITY sourceslist-sources-format "Types: deb
URIs: http://es.archive.trisquel.info/trisquel
URIs: http://archive.trisquel.org/trisquel
Suites: &trisquel-codename; &trisquel-codename;-updates
Components: main
Types: deb
URIs: http://es.archive.trisquel.info/trisquel
URIs: http://archive.trisquel.org/trisquel
Suites: &trisquel-codename;-security
Components: main">
# See sources.list(5) manpage for more information
# Remember that CD-ROMs, DVDs and such are managed through the apt-cdrom tool.
deb http://es.archive.trisquel.info/trisquel &trisquel-codename; main
deb-src http://es.archive.trisquel.info/trisquel &trisquel-codename; main
deb http://archive.trisquel.org/trisquel &trisquel-codename; main
deb-src http://archive.trisquel.org/trisquel &trisquel-codename; main
deb http://es.archive.trisquel.info/trisquel &trisquel-codename;-security main
deb-src http://es.archive.trisquel.info/trisquel &trisquel-codename;-security main
deb http://archive.trisquel.org/trisquel &trisquel-codename;-security main
deb-src http://archive.trisquel.org/trisquel &trisquel-codename;-security main
deb http://es.archive.trisquel.info/trisquel &trisquel-codename;-updates main
deb-src http://es.archive.trisquel.info/trisquel &trisquel-codename;-updates main
deb http://archive.trisquel.org/trisquel &trisquel-codename;-updates main
deb-src http://archive.trisquel.org/trisquel &trisquel-codename;-updates main
helpers/DATA/arctica-greeter/badge.png

718 B

helpers/DATA/arctica-greeter/cof.png

2.58 KiB

helpers/DATA/arctica-greeter/logo-bare.png

3.01 KiB

helpers/DATA/arctica-greeter/logo.png

12 KiB

<?xml version="1.0" encoding="UTF-8"?>
<schemalist gettext-domain="arctica-greeter">
<schema id="org.ArcticaProject.arctica-greeter" path="/org/ArcticaProject/arctica-greeter/">
<key name="background" type="s">
<default>'/usr/share/backgrounds/aramo.jpg'</default>
<summary>Background file to use, either an image path or a color (e.g. #772953)</summary>
</key>
<key name="background-color" type="s">
<default>'#000000'</default>
<summary>Background color (e.g. #772953), set before wallpaper is seen</summary>
</key>
<key name="togglebox-font-fgcolor" type="s">
<default>'#A0A0A0'</default>
<summary>Font foreground color (e.g. #A0A0A0) for selected session names in session list</summary>
</key>
<key name="togglebox-button-bgcolor" type="s">
<default>'#2F70C6'</default>
<summary>Font foreground color (e.g. #202020) for selected session names in session list</summary>
</key>
<key name="draw-user-backgrounds" type="b">
<default>true</default>
<summary>Whether to draw user backgrounds</summary>
</key>
<key name="draw-grid" type="b">
<default>false</default>
<summary>Whether to draw an overlay grid</summary>
</key>
<key name="show-hostname" type="b">
<default>true</default>
<summary>Whether to show the hostname in the menubar</summary>
</key>
<key name="logo" type="s">
<default>'/usr/share/arctica-greeter/logo.png'</default>
<summary>Logo file to use</summary>
</key>
<key name="theme-name" type="s">
<default>'Trisquel-dark'</default>
<summary>GTK+ theme to use</summary>
</key>
<key name="icon-theme-name" type="s">
<default>'trisquel'</default>
<summary>Icon theme to use</summary>
</key>
<key name="font-name" type="s">
<default>'Sans 11'</default>
<summary>Font to use</summary>
</key>
<key name="xft-antialias" type="b">
<default>true</default>
<summary>Whether to antialias Xft fonts</summary>
</key>
<key name="xft-dpi" type="d">
<default>96</default>
<summary>Resolution for Xft in dots per inch</summary>
</key>
<key name="xft-hintstyle" type="s">
<choices>
<choice value='hintnone'/>
<choice value='hintslight'/>
<choice value='hintmedium'/>
<choice value='hintfull'/>
</choices>
<default>'hintslight'</default>
<summary>What degree of hinting to use</summary>
</key>
<key name="xft-rgba" type="s">
<choices>
<choice value='none'/>
<choice value='rgb'/>
<choice value='bgr'/>
<choice value='vrgb'/>
<choice value='vbgr'/>
</choices>
<default>'rgb'</default>
<summary>Type of subpixel antialiasing</summary>
</key>
<key name="onscreen-keyboard" type="b">
<default>false</default>
<summary>Whether to enable the onscreen keyboard</summary>
</key>
<key name="high-contrast" type="b">
<default>false</default>
<summary>Whether to use a high contrast theme</summary>
</key>
<key name="screen-reader" type="b">
<default>false</default>
<summary>Whether to enable the screen reader</summary>
</key>
<key name="play-ready-sound" type="b">
<default>true</default>
<summary>Whether to play sound when greeter is ready</summary>
</key>
<key name="indicators" type="as">
<default>['ug-accessibility', 'org.ayatana.indicator.keyboard', 'org.ayatana.indicator.session', 'org.ayatana.indicator.datetime', 'org.ayatana.indicator.power', 'org.ayatana.indicator.sound', 'ayatana-application']</default>
<summary>Which indicators to load</summary>
</key>
<key name="hidden-users" type="as">
<default>[]</default>
<summary>List of usernames that are hidden until a special key combination is hit</summary>
</key>
<key name="group-filter" type="as">
<default>[]</default>
<summary>List of groups that users must be part of to be shown (empty list shows all users)</summary>
</key>
<key name="idle-timeout" type="i">
<default>300</default>
<summary>Number of seconds of inactivity before blanking the screen. Set to 0 to never timeout.</summary>
</key>
<key name="enable-hidpi" type="s">
<choices>
<choice value='on'/>
<choice value='off'/>
<choice value='auto'/>
</choices>
<default>'auto'</default>
<summary>Whether to enable HiDPI support</summary>
</key>
<key name="remote-service-configure-uri" type="s">
<default>''</default>
<summary>Default FQDN for host offering Remote Logon Service</summary>
</key>
<key name="activate-numlock" type="b">
<default>false</default>
<summary>Whether to activate numlock. This features requires the installation of numlockx.</summary>
</key>
<key name="only-on-monitor" type="s">
<default>'auto'</default>
<summary>Monitor on which to show the Login GUI</summary>
</key>
</schema>
</schemalist>
File added
# vim:syntax=apparmor
# evince is not written with application confinement in mind and is designed to
# operate within a trusted desktop session where anything running within the
# user's session is trusted. That said, evince will often process untrusted
# input (PDFs, images, etc). Ideally evince would be written in such a way that
# image processing is separate from the main process and that processing
# happens in a restrictive sandbox, but unfortunately that is not currently the
# case. Because evince will process untrusted input, this profile aims to
# provide some hardening, but considering evince's design and other factors such
# as X, gsettings, accessibility, translations, DBus session and system
# services, etc, complete confinement is not possible.
#include <tunables/global>
/usr/bin/atril {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus-accessibility>
#include <abstractions/atril>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# allow atril to spawn browsers distributed as snaps (LP: #1794064)
#include <abstractions/snap_browsers>
# For now, let atril talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only atril is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
##include <abstractions/ubuntu-konsole>
/usr/bin/atril rmPx,
/usr/bin/atril-previewer Px,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# 'Show Containing Folder' (LP: #1022962)
/usr/bin/nautilus Cx -> sanitized_helper, # Gnome
/usr/bin/pcmanfm Cx -> sanitized_helper, # LXDE
/usr/bin/krusader Cx -> sanitized_helper, # KDE
/usr/bin/thunar Cx -> sanitized_helper, # XFCE
# Print Dialog
/usr/lib/@{multiarch}/libproxy/*/pxgsettings Cx -> sanitized_helper,
# For Xubuntu to launch the browser
#include <abstractions/exo-open>
# For text attachments
/usr/bin/gedit ixr,
# For Send to
/usr/bin/nautilus-sendto Cx -> sanitized_helper,
# GLib desktop launch helper (used under the hood by g_app_info_launch)
/usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,
/usr/bin/env ixr,
# allow directory listings (ie 'r' on directories) so browsing via the file
# dialog works
/ r,
/**/ r,
# This is need for saving files in your home directory without an extension.
# Changing this to '@{HOME}/** r' makes it require an extension and more
# secure (but with 'rw', we still have abstractions/private-files-strict in
# effect).
owner @{HOME}/** rw,
owner /media/** rw,
owner @{HOME}/.local/share/gvfs-metadata/** l,
owner /{,var/}run/user/*/gvfs-metadata/** l,
# Maybe add to an abstraction?
/etc/dconf/** r,
owner @{HOME}/.cache/dconf/user rw,
owner @{HOME}/.config/dconf/user r,
owner @{HOME}/.config/enchant/* rk,
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
owner /{,var/}run/user/*/dconf-service/keyfile/ w,
owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
owner /{,var/}run/user/*/at-spi2-*/ rw,
owner /{,var/}run/user/*/at-spi2-*/** rw,
# Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
# https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
owner /{,var/}run/user/*/at-spi/bus* rw,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read and write for all supported file formats
/**.[aA][iI] rw,
/**.[bB][mM][pP] rw,
/**.[dD][jJ][vV][uU] rw,
/**.[dD][vV][iI] rw,
/**.[gG][iI][fF] rw,
/**.[jJ][pP][gG] rw,
/**.[jJ][pP][eE][gG] rw,
/**.[oO][dD][pP] rw,
/**.[fFpP][dD][fF] rw,
/**.[pP][nN][mM] rw,
/**.[pP][nN][gG] rw,
/**.[pP][sS] rw,
/**.[eE][pP][sS] rw,
/**.[tT][iI][fF] rw,
/**.[tT][iI][fF][fF] rw,
/**.[xX][pP][mM] rw,
/**.[gG][zZ] rw,
/**.[bB][zZ]2 rw,
/**.[cC][bB][rRzZ7] rw,
/**.[xX][zZ] rw,
# atril creates a temporary stream file like '.goutputstream-XXXXXX' in the
# directory a file is saved. This allows that behavior.
owner /**/.goutputstream-* w,
# allow atril to spawn browsers distributed as snaps (LP: #1794064)
/{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrCx -> snap_browsers,
}
/usr/bin/atril-previewer {
#include <abstractions/audio>
#include <abstractions/bash>
#include <abstractions/cups-client>
#include <abstractions/dbus-accessibility>
#include <abstractions/atril>
#include <abstractions/ibus>
#include <abstractions/nameservice>
#include <abstractions/ubuntu-browsers>
#include <abstractions/ubuntu-console-browsers>
#include <abstractions/ubuntu-email>
#include <abstractions/ubuntu-console-email>
#include <abstractions/ubuntu-media-players>
# For now, let atril talk to any session services over dbus. We can
# blacklist any problematic ones (but note, evince uses libsecret :\)
#include <abstractions/dbus-session>
#include <abstractions/dbus-strict>
dbus (receive) bus=system,
# Allow getting information from various system services
dbus (send)
bus=system
member="Get*"
peer=(label=unconfined),
# Allow talking to avahi with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.Avahi{,.*}",
# Allow talking to colord with whatever polkit allows
dbus (send)
bus=system
interface="org.freedesktop.ColorManager{,.*}",
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrict access to what only atril is allowed to do
#include <abstractions/ubuntu-gnome-terminal>
# By default, we won't support launching a terminal program in Xterm or
# KDE's konsole. It opens up too many unnecessary files for most users.
# People who need this functionality can uncomment the following:
##include <abstractions/ubuntu-xterm>
/usr/bin/atril-previewer mr,
/usr/bin/yelp Cx -> sanitized_helper,
/usr/bin/bug-buddy px,
# Lenient, but remember we still have abstractions/private-files-strict in
# effect). Write is needed for 'print to file' from the previewer.
@{HOME}/ r,
@{HOME}/** rw,
# Maybe add to an abstraction?
owner /{,var/}run/user/*/dconf/ w,
owner /{,var/}run/user/*/dconf/user rw,
}
/usr/bin/atril-thumbnailer {
#include <abstractions/base>
#include <abstractions/private-files-strict>
#include <abstractions/fonts>
deny @{HOME}/.{,cache/}fontconfig/** wl,
deny @{HOME}/missfont.log wl,
#include <abstractions/dbus-session-strict>
dbus (receive) bus=session,
dbus (send)
bus=session
path="/org/gtk/vfs/mounttracker"
interface="org.gtk.vfs.MountTracker"
member="ListMountableInfo"
peer=(label=unconfined),
# updating gvfs-metadata for thumbnails is unneeded, so explicitly deny it
deny dbus (send)
bus=session
path="/org/gtk/vfs/metadata"
interface="org.gtk.vfs.Metadata"
member="GetTreeFromDevice"
peer=(label=unconfined),
deny @{HOME}/.local/share/gvfs-metadata/* r,
dbus (send)
bus=session
path="/org/gtk/vfs/Daemon"
interface="org.gtk.vfs.Daemon"
member="List*"
peer=(label=unconfined),
# The thumbnailer doesn't need access to everything in the nameservice
# abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
# logging denial of nsswitch.conf.
/etc/passwd r,
/etc/group r,
deny /etc/nsswitch.conf r,
# TCP/UDP network access for NFS
network inet stream,
network inet6 stream,
network inet dgram,
network inet6 dgram,
/etc/papersize r,
/usr/bin/atril-thumbnailer mr,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
/usr/bin/gs-esp ixr,
# Silence these denials since 'no new privs' drops transitions to
# sanitized_helper, we don't want all those perms in the thumbnailer
# and the thumbnailer generates thumbnails without these just fine.
deny /usr/bin/mktexpk x,
deny /usr/bin/mktextfm x,
deny /usr/bin/dvipdfm x,
deny /usr/bin/dvipdfmx x,
deny /usr/bin/mkofm x,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# miscellaneous access for the above
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
/sys/devices/system/cpu/ r,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/** r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRzZ7] r,
/**.[xX][zZ] r,
owner @{HOME}/.texlive*/** r,
owner @{HOME}/.texmf*/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
# With the network rules above, this allows data exfiltration for files
# not covered by private-files-strict.
@{HOME}/ r,
owner @{HOME}/[^.]** r,
owner /media/** r,
owner /tmp/.gnome_desktop_thumbnail* w,
owner /tmp/gnome-desktop-* rw,
owner /tmp/atril-thumbnailer*/{,**} rw,
# these happen post pivot_root
/ r,
deny /missfont.log w,
# Add apparmor rule for mate's caja - LP#1798091
owner /tmp/.mate_desktop_thumbnail* w,
owner /tmp/mate-desktop-thumbnailer* w,
# Fix thumbnail issue #915024
owner @{HOME}/.cache/thumbnails/** rw,
owner /tmp/atril-thumbnailer* rw,
}
# vim:syntax=apparmor
#
# abstraction used by atril binaries
#
#include <abstractions/gnome>
#include <abstractions/p11-kit>
#include <abstractions/ubuntu-helpers>
@{PROC}/[0-9]*/fd/ r,
@{PROC}/[0-9]*/mountinfo r,
owner @{PROC}/[0-9]*/auxv r,
owner @{PROC}/[0-9]*/status r,
# Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
# Possibly move to an abstraction if anything else needs it.
deny /run/udev/data/** r,
# move out to the gnome abstraction if anyone else needs these
/etc/udev/udev.conf r,
/sys/devices/**/block/**/uevent r,
# apport
/etc/default/apport r,
# XFCE
/etc/xfce4/defaults.list r,
# Lubuntu
/etc/xdg/lubuntu/applications/defaults.list r,
# atril specific
/etc/ r,
/etc/fstab r,
/etc/texmf/ r,
/etc/texmf/** r,
/etc/xpdf/* r,
owner @{HOME}/.config/atril/ rw,
owner @{HOME}/.config/atril/** rwkl,
/usr/bin/gs-esp ixr,
/usr/bin/mktexpk Cx -> sanitized_helper,
/usr/bin/mktextfm Cx -> sanitized_helper,
/usr/bin/dvipdfm Cx -> sanitized_helper,
/usr/bin/dvipdfmx Cx -> sanitized_helper,
# gio-launch-desktop was replaced by a very small shell script
/{usr/,}bin/{dash,bash} ixr,
# supported archivers
/{usr/,}bin/gzip ixr,
/{usr/,}bin/bzip2 ixr,
/usr/bin/unrar* ixr,
/usr/bin/unzip ixr,
/usr/bin/7zr ixr,
/usr/lib/p7zip/7zr ixr,
/usr/bin/7za ixr,
/usr/lib/p7zip/7za ixr,
/usr/bin/zipnote ixr,
/{usr/,}bin/tar ixr,
/usr/bin/xz ixr,
# allow read access to anything in /usr/share, for plugins and input methods
/usr/local/share/** r,
/usr/share/** r,
/usr/lib/ghostscript/** mr,
/var/lib/ghostscript/** r,
/var/lib/texmf/{,**} r,
# from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
# read for all supported file formats
/**.[aA][iI] r,
/**.[bB][mM][pP] r,
/**.[dD][jJ][vV][uU] r,
/**.[dD][vV][iI] r,
/**.[gG][iI][fF] r,
/**.[jJ][pP][gG] r,
/**.[jJ][pP][eE][gG] r,
/**.[oO][dD][pP] r,
/**.[fFpP][dD][fF] r,
/**.[pP][nN][mM] r,
/**.[pP][nN][gG] r,
/**.[pP][sS] r,
/**.[eE][pP][sS] r,
/**.[eE][pP][sS][fFiI23] r,
/**.[tT][iI][fF] r,
/**.[tT][iI][fF][fF] r,
/**.[xX][pP][mM] r,
/**.[gG][zZ] r,
/**.[bB][zZ]2 r,
/**.[cC][bB][rRzZ7] r,
/**.[xX][zZ] r,
# Use abstractions/private-files instead of abstractions/private-files-strict
# and add the sensitive files manually to work around LP: #451422. The goal
# is to disallow access to the .mozilla folder in general, but to allow
# access to the Cache directory, which the browser may tell atril to open
# from directly.
#include <abstractions/private-files>
audit deny @{HOME}/.gnupg/{,**} mrwkl,
audit deny @{HOME}/.ssh/{,**} mrwkl,
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
audit deny @{HOME}/.gnome2/ w,
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/apps/kwallet/{,**} mrwkl,
audit deny @{HOME}/.pki/{,nssdb/} w,
audit deny @{HOME}/.pki/nssdb/{,**} wl,
audit deny @{HOME}/.mozilla/{,**/} w,
audit deny @{HOME}/.mozilla/*/*/* mrwkl,
audit deny @{HOME}/.mozilla/**/bookmarkbackups/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/chrome/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/extensions/{,**} mrwkl,
audit deny @{HOME}/.mozilla/**/gm_scripts/{,**} mrwkl,
audit deny @{HOME}/.config/ w,
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
audit deny @{HOME}/.config/evolution/{,**} mrwkl,
audit deny @{HOME}/.evolution/{,**} mrwkl,
audit deny @{HOME}/.kde/{,share/,share/apps/} w,
audit deny @{HOME}/.kde/share/config/{,**} mrwkl,
audit deny @{HOME}/.kde/share/apps/kmail/{,**} mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/{,**/} w,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/{,**} mrwkl,