scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-04 12:28:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: remove comments from harden-flatpak ujust command to fix just parsing

Browse Source
This commit is contained in:
qoijjj
2024-07-30 16:25:15 -07:00
parent a9be430e64
commit eea350af56
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
files/system/usr/share/ublue-os/just/60-custom.just
View File

@@ -60,10 +60,8 @@ remove-kargs-hardening:
harden-flatpak: harden-flatpak:
#!/usr/bin/bash #!/usr/bin/bash
flatpak override --user --filesystem=host-os:ro flatpak override --user --filesystem=host-os:ro
# `ld-linux-x86-64.so.2 --help` prints ld.so linker info, including detected hwcaps support. Grep those, then use cut and substring selection (:0:1) to isolate the 1st character after 'v', which will be 4, 3, or 2, corresponding to the system's highest supported hwcap. On x86_64-v1 systems, grep finds no matches, leaving our variables empty.
uarches="$(/usr/lib64/ld-linux-x86-64.so.2 --help | grep '(supported, searched)' | cut -d'v' -f2)" uarches="$(/usr/lib64/ld-linux-x86-64.so.2 --help | grep '(supported, searched)' | cut -d'v' -f2)"
bestuarch="${uarches:0:1}" bestuarch="${uarches:0:1}"
# If bestuarch is empty, set LD_PRELOAD to the x86-64-v1 arch. If not empty, set LD_PRELOAD to the supported hwcap in $bestuarch.
if [ -z "$bestuarch" ] ; then if [ -z "$bestuarch" ] ; then
echo "No microarchitecture support detected. Using default x86-64-v1 architecture." echo "No microarchitecture support detected. Using default x86-64-v1 architecture."
flatpak override --user --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so flatpak override --user --env=LD_PRELOAD=/var/run/host/usr/lib64/libhardened_malloc.so