feat(ujust harden-flatpak): rewrite script to check app ID and existing overrides#1069
Merged
RoyalOughtness merged 8 commits intosecureblue:livefrom Jun 4, 2025
Merged
Conversation
HastD
changed the title
ujust harden-flatpak to check app ID and existing overrides
HastD
changed the title
ujust harden-flatpak to check app ID and existing overrides
* Give an error if the app ID does not match an installed flatpak. * If hardened_malloc is applied globally, just remove the app's local overrides that block hardened_malloc instead of adding new overrides. * If hardened_malloc is not applied globally, inform the user of this and that it's recommended to enable it globally. Signed-off-by: Daniel Hast <[email protected]>
If the user-provided ID doesn't exactly match an installed flatpak, rather than just exiting, do a case-insensitive search for the string among installed flatpak apps, and prompt the user to select one if found. This means the user can just type part of the the ID instead of the whole ID (e.g. `ujust harden-flatpak libreoffice` will work). Signed-off-by: Daniel Hast <[email protected]>
RoyalOughtness
approved these changes
Jun 1, 2025
EsseLowNitro
approved these changes
Jun 3, 2025
RoyalOughtness
pushed a commit
to RoyalOughtness/secureblue-dev
that referenced
this pull request
Jun 12, 2025
…ng overrides (secureblue#1069) * fix: rewrite ujust harden-flatpak to check app ID and existing overrides * Give an error if the app ID does not match an installed flatpak. * If hardened_malloc is applied globally, just remove the app's local overrides that block hardened_malloc instead of adding new overrides. * If hardened_malloc is not applied globally, inform the user of this and that it's recommended to enable it globally. Signed-off-by: Daniel Hast <[email protected]> * feat: fallback prompt if invalid ID given in ujust harden-flatpak If the user-provided ID doesn't exactly match an installed flatpak, rather than just exiting, do a case-insensitive search for the string among installed flatpak apps, and prompt the user to select one if found. This means the user can just type part of the the ID instead of the whole ID (e.g. `ujust harden-flatpak libreoffice` will work). Signed-off-by: Daniel Hast <[email protected]> * fix(ujust): only allow app IDs, not runtime IDs, in harden-flatpak * remove warning message as suggested * refactor: simplify control flow, avoid unnecessary checks --------- Signed-off-by: Daniel Hast <[email protected]>
RoyalOughtness
pushed a commit
to RoyalOughtness/secureblue-dev
that referenced
this pull request
Aug 4, 2025
…ng overrides (secureblue#1069) * fix: rewrite ujust harden-flatpak to check app ID and existing overrides * Give an error if the app ID does not match an installed flatpak. * If hardened_malloc is applied globally, just remove the app's local overrides that block hardened_malloc instead of adding new overrides. * If hardened_malloc is not applied globally, inform the user of this and that it's recommended to enable it globally. Signed-off-by: Daniel Hast <[email protected]> * feat: fallback prompt if invalid ID given in ujust harden-flatpak If the user-provided ID doesn't exactly match an installed flatpak, rather than just exiting, do a case-insensitive search for the string among installed flatpak apps, and prompt the user to select one if found. This means the user can just type part of the the ID instead of the whole ID (e.g. `ujust harden-flatpak libreoffice` will work). Signed-off-by: Daniel Hast <[email protected]> * fix(ujust): only allow app IDs, not runtime IDs, in harden-flatpak * remove warning message as suggested * refactor: simplify control flow, avoid unnecessary checks --------- Signed-off-by: Daniel Hast <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ujust harden-flatpak libreofficeand it'll find the full app ID for you (and prompt you for confirmation).