35b4cc779f
megapixels: switch to bwrap, to support Loupe image viewer
2024-02-18 18:46:37 +00:00
c7d111a318
megapixels: 1.7.0 -> 1.8.0
2024-02-18 18:27:47 +00:00
7e5eb6324d
megapixels: sandbox
...
it's iffy... 1.8.0 is released, which can be sandboxed w/o sys/dev/char or ~/.local/share/applications, but seems to be even flakier
2024-02-18 17:44:49 +00:00
95cb5624ca
modules/programs: sane-sandboxed: fix but that --sane-sandbox-path / wasnt being canonicalized
2024-02-18 13:53:53 +00:00
55c305812d
WIP: megapixels: sandbox
2024-02-18 13:53:18 +00:00
600f6eb56c
modules/programs: sane-sandboxed: remove all remaining forks/subshells
...
launchtime for firefox in bwrap is about 65ms; 35ms for --sane-sandbox-method none
2024-02-18 13:15:04 +00:00
fd6f8493a7
modules/programs: sane-sandboxed: remove all forking from normPath
...
reduces time for librewolf benchmark from 90ms -> 65ms. there's still _some_ forking in this script, but it's constant now.
2024-02-18 12:25:03 +00:00
f10f1ee7b1
modules/programs: sane-sandboxed: optimize "normPath" to not invoke subshells
...
each subshell causes like 5ms just on my laptop, which really adds up.
this implementation still forks internally, but doesn't exec.
runtime decreases from 150ms -> 90ms for
`time librewolf --sane-sandbox-replace-cli true`
2024-02-18 12:08:23 +00:00
67395bdcd3
programs: ship forkstat
2024-02-18 11:58:30 +00:00
90ceeede74
programs: flare-signal: disable (unused)
2024-02-18 07:07:29 +00:00
32a704b1b8
moby: disable unused "calls" program
...
i may have future use for it, but as-is currently it's not worth the difficulty of sandboxing
2024-02-18 07:07:29 +00:00
a591be98d4
programs: portfolio-filemanager: sandbox
2024-02-18 07:07:29 +00:00
82e028e37d
programs: nautilus: assign a mime priority
2024-02-18 07:07:29 +00:00
a531676d0d
mime: include an error message when two file associations have identical mime priority
2024-02-18 07:07:29 +00:00
7f7543ee78
programs: planify: sandbox
2024-02-18 07:07:29 +00:00
8d0e3e0db3
programs: notejot: sandbox
2024-02-18 07:07:29 +00:00
bf352d184c
programs: tangram: sandbox
2024-02-18 07:07:29 +00:00
81a6600f54
programs: xarchiver: sandbox
2024-02-18 07:07:29 +00:00
9fde167e71
firefox-extensions.open-in-mpv: build from source
...
this ensures that the extension and the native component stay in sync
2024-02-18 06:14:49 +00:00
4e180e11df
open-in-mpv: update the non-browser component to 2.2.0
...
i _suppose_ i should keep these in sync... hmm
2024-02-18 06:02:00 +00:00
902166e45a
sxmo-utils: 2024-01-01 -> 2024-02-05
2024-02-18 04:57:20 +00:00
797bc4e188
delfin: 0.3.0 -> 0.4.0
...
i can't upstream this until i figure out why both versions fail to open media for me (portal stuff?)
2024-02-18 04:54:35 +00:00
536f0aedc3
open-in-mpv: remove my patch which has been upstreamed, previously required to use xdg-open
2024-02-18 04:52:27 +00:00
b855df902f
firefox-extensions: metamask,open-in-mpv,sponsorblock,ublacklist: update to latest
2024-02-18 04:50:03 +00:00
80ce49c579
firefox-extensions.bypass-paywalls-clean: 3.5.3.0 -> 3.5.5.0
2024-02-18 04:49:18 +00:00
408059420d
snippets: prefer the repology link which specifically shows my outdated packages
2024-02-18 04:15:05 +00:00
a3102c9395
pkgs overlay: prefer my own packages, if theyre newer than whats in nixpkgs
...
this gives me an easier way to test updates for the packages i maintain than a workflow based on patching nixpkgs
2024-02-18 04:07:23 +00:00
6760fcf1f4
snippets: remove home-manager; add repology
2024-02-18 03:43:32 +00:00
a90898491e
flake: fix "preDeploy" action mishandling null
2024-02-18 01:24:05 +00:00
059940d8e7
nixpkgs: 2024-02-16 -> 2024-02-17
...
```
• Updated input 'nixpkgs-next-unpatched':
'github:nixos/nixpkgs/0ec5bef772dc12003df7a55f7be1f7b8809f8b48' (2024-02-16)
→ 'github:nixos/nixpkgs/6caa6affcc4774c81467ed08fa3ec35da40fd1d9' (2024-02-17)
• Updated input 'nixpkgs-unpatched':
'github:nixos/nixpkgs/1225df86908f6f5b23553e9d77da4df4bfdd58ef' (2024-02-16)
→ 'github:nixos/nixpkgs/28d6a724f54085377102db7c3278ba82a0a5255f' (2024-02-17)
```
2024-02-17 17:18:38 +00:00
98aafead94
programs: wob: add missing "coreutils" dep
...
it *should* be acquired via user's PATH, but wob-pulse can start before sway imports PATH to systemd
2024-02-17 16:38:22 +00:00
cef2591425
modules/programs: sane-sandboxed: capshonly/landlock: don't request capabilities we know won't be granted
2024-02-17 16:30:18 +00:00
f8663cd827
programs: monero-gui: sandbox
2024-02-17 16:06:58 +00:00
af1ee1734d
programs: wireguard-tools: sandbox
2024-02-17 15:54:16 +00:00
5375cab716
programs: ntfy-sh: sandbox
2024-02-17 15:47:47 +00:00
162b3f5674
imagemagick: don't add 'ghostscript' package to path
2024-02-17 15:45:50 +00:00
a729f91d21
programs: jq: add working sandbox criteria, but don't enable yet
...
i need to handle the extremely common `cat foo | jq .` without adding
`.` to the sandbox
2024-02-17 15:36:41 +00:00
a273b559e2
programs: gnome-disk-utility: sandbox
2024-02-17 15:36:28 +00:00
785b375671
programs: smartmontools (smartctl): sandbox
2024-02-17 15:36:13 +00:00
24cba0c856
programs: xq: remove
2024-02-17 15:30:23 +00:00
df1db5d01c
programs: sox: sandbox
2024-02-17 15:27:22 +00:00
6749b64bca
programs: nautilus: add mounted media to the sandbox
2024-02-17 15:26:49 +00:00
d3e4bdfcd5
programs: gdisk: fix sandboxing
2024-02-17 15:26:16 +00:00
799cd4373f
programs: socat: disable
2024-02-17 15:11:12 +00:00
2efa6d1e27
programs: mepo: sandbox
2024-02-17 15:08:21 +00:00
a1470956a5
programs: gdisk: sandbox
2024-02-17 14:57:33 +00:00
556c20bc04
programs: vulkan-tools: sandbox
2024-02-17 14:53:22 +00:00
cf5f58dda6
programs: nmap: sandbox
2024-02-17 14:51:26 +00:00
fd30f7abbc
dev-machines: disable broken ldd-aarch64 program
2024-02-17 14:47:28 +00:00
6f8c299c69
programs: xdg-desktop-portal: log more
2024-02-17 14:40:56 +00:00