#!/bin/sh -eu
printf 'data:%s;base64,%s' "$(file -bi "$1"|tr -d ' ')" "$(base64 -w 0 "$1")" #!/bin/sh
redo-ifchange $2.c
strace -e stat,stat64,fstat,fstat64,lstat,lstat64 -f 2>&1 >/dev/null\
gcc $2.c -o $3 -MD -MF $2.deps\
|grep '1 ENOENT'\
|grep '\.h'\
|cut -d'"' -f2 2>/dev/null\
>$2.deps_ne
read d <$2.deps
redo-ifchange ${d#*:}
while read -r d_ne; do
redo-ifcreate $d_ne
done <$2.deps_ne
chmod a+x $3
This approach is also used for building Liberation Circuit if strace is installed [2]. #include<stdio.h>
main() {
printf("hello, world\n");
return 0;
}
You can see a dependency graph I generated with redo here: http://news.dieweltistgarnichtso.net/posts/redo-gcc-automati... * Add Enhances: caja, tumbler (>= 0.1.92~), nautilus, nemo
These are some of the many file managers/thumbnailer programs that support
desktop thumbnailers like exe-thumbnailer, and I have verified (at some
point) that all of these work.
> Almost all popular applications on flathub come with filesystem=host, filesystem=home or device=all permissions, that is, write permissions to the user home directory (and more), this effectively means that all it takes to "escape the sandbox" is echo download_and_execute_evil >> ~/.bashrc. That's it.
> To make matters worse, the users are misled to believe the apps run sandboxed. For all these apps flatpak shows a reassuring "sandbox" icon when installing the app (things do not get much better even when installing in the command line - you need to know flatpak internals to understand the warnings).
I have not used flatpack. Is this description accurate? Also:
> Up until 0.8.7 all it took to get root on the host was to install a flatpak package that contains a suid binary (flatpaks are installed to /var/lib/flatpak on your host system). Again, could this be any easier? A high severity CVE-2017-9780 (CVSS Score 7.2) has indeed been assigned to this vulnerability. Flatpak developers consider this a minor security issue.