-
Notifications
You must be signed in to change notification settings - Fork 558
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor nodejs applications (npm & yarn) #3876
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 68e91a09b..41643657d 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc @@ -11,6 +11,15 @@ noblacklist ${HOME}/.git-credentials noblacklist ${HOME}/.gradle noblacklist ${HOME}/.java +# Node.js +noblacklist ${HOME}/.node-gyp +noblacklist ${HOME}/.npm +noblacklist ${HOME}/.npmrc +noblacklist ${HOME}/.yarn +noblacklist ${HOME}/.yarn-config +noblacklist ${HOME}/.yarncache +noblacklist ${HOME}/.yarnrc + # Python noblacklist ${HOME}/.pylint.d noblacklist ${HOME}/.python-history @@ -25,7 +34,3 @@ noblacklist ${HOME}/.cargo/registry noblacklist ${HOME}/.cargo/.crates.toml noblacklist ${HOME}/.cargo/.crates2.json noblacklist ${HOME}/.cargo/.package-cache - -# npm -noblacklist ${HOME}/.npm -noblacklist ${HOME}/.npmrc
Suggestion (untested):
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index d88506d90..0de539d57 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -310,6 +310,7 @@ read-only ${HOME}/.msmtprc
read-only ${HOME}/.mutt/muttrc
read-only ${HOME}/.muttrc
read-only ${HOME}/.nano
+read-only ${HOME}/.npmrc
read-only ${HOME}/.pythonrc.py
read-only ${HOME}/.reportbugrc
read-only ${HOME}/.tmux.conf
@@ -318,6 +319,7 @@ read-only ${HOME}/.viminfo
read-only ${HOME}/.vimrc
read-only ${HOME}/.xmonad
read-only ${HOME}/.xscreensaver
+read-only ${HOME}/.yarnrc
read-only ${HOME}/_exrc
read-only ${HOME}/_gvimrc
read-only ${HOME}/_vimrc
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile
index 29bab4cb9..50b7498e5 100644
--- a/etc/profile-m-z/npm.profile
+++ b/etc/profile-m-z/npm.profile
@@ -21,5 +21,8 @@ noblacklist ${HOME}/.npmrc
#whitelist ${HOME}/Projects
#include whitelist-common.inc
+ignore read-only ${HOME}/.npm-packages
+ignore read-only ${HOME}/.npmrc
+
# Redirect
include nodejs-common.profile
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile
index 06a5e0fc2..e507214d3 100644
--- a/etc/profile-m-z/yarn.profile
+++ b/etc/profile-m-z/yarn.profile
@@ -23,5 +23,7 @@ noblacklist ${HOME}/.yarnrc
#whitelist ${HOME}/Projects
#include whitelist-common.inc
+ignore read-only ${HOME}/.yarnrc
+
# Redirect
include nodejs-common.profile
Not sure about the rest of the paths.
Adding ignore read-only
instead of read-write
because it comes before
disable-common.inc (included in nodejs-common.profile), which uses read-only
and the last read-
wins.
Thanks to the [suggestion](#3876 (review)) from @kmk3.
As [suggested](#3876 (review)) by @kmk3.
As suggested in #3876 (review) by @kmk3.
@kmk3 Thanks for the suggestions! Added. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
npm.profile has no quiet
.
quiet should go into the caller profiles instead
Thanks @rusty-snake for the review.
@glitsj16 Thanks! Nitpick: I screwed up the entry location on the suggestion (I had just done
Suggestion: diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile
index 20d3d75d7..e95e875be 100644
--- a/etc/profile-m-z/npm.profile
+++ b/etc/profile-m-z/npm.profile
@@ -7,11 +7,12 @@ include npm.local
# Persistent global definitions
include globals.local
+ignore read-only ${HOME}/.npm-packages
+ignore read-only ${HOME}/.npmrc
+
noblacklist ${HOME}/.node-gyp
noblacklist ${HOME}/.npm
noblacklist ${HOME}/.npmrc
-ignore read-only ${HOME}/.npm-packages
-ignore read-only ${HOME}/.npmrc
# If you want whitelisting, change ${HOME}/Projects below to your npm projects directory
# and uncomment the lines below.
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile
index a67e76f9b..f20225050 100644
--- a/etc/profile-m-z/yarn.profile
+++ b/etc/profile-m-z/yarn.profile
@@ -6,11 +6,12 @@ include yarn.local
# Persistent global definitions
include globals.local
+ignore read-only ${HOME}/.yarnrc
+
noblacklist ${HOME}/.yarn
noblacklist ${HOME}/.yarn-config
noblacklist ${HOME}/.yarncache
noblacklist ${HOME}/.yarnrc
-ignore read-only ${HOME}/.yarnrc
# If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and uncomment the lines below.
#mkdir ${HOME}/.yarn Many profiles seem to use it this way as well. Example from
|
@kmk3 Indeed they do, so I'll move things around for consistency's sake, even though it makes more sense to me to follow the same (vertically trickling up/down) order in overrides as in what the profile includes. But I've been called neurotic before 👯 on several occasions by people close to me. |
To me inconsistency is usually a bigger distraction than the quality of the It makes me ponder whether the deviation is intentional or not, and if so, Anyways, if the structure ordering is bad enough (I have no opinion on this
I'm sure some people would say the same about me, but if no one cared about I think "neurotic" is a matter of how (personal/interpersonal) conflicts are |
firejail/etc/templates/profile.template Lines 25 to 26 in 37452ef
There is just no CI that raps you on the knuckles.
As long as the
If you have "an own logical block" which would split comments at (more then two) different places in the profile. Examples are thunderbird.profile or spectacle.profile firejail/etc/profile-m-z/spectacle.profile Lines 9 to 13 in 37452ef
|
This PR does the following: