Differences between revisions 1 and 2
Revision 1 as of 2018-09-02 20:13:22
Size: 11192
Editor: ?Average-User-Prototype
Comment: draft: page for info and guides on software/web development with Debian
Revision 2 as of 2018-09-03 03:29:29
Size: 11005
Editor: PaulWise
Comment: no need for firejail builds
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
 * Sandbox applications with firejail:<<BR>>{{{git clone https://github.com/netblue30/firejail.git}}}<<BR>>
{{{cd firejail}}}<<BR>>
{{{export CC=/usr/local/bin/gcc-6}}}<<BR>>
{{{./configure && make && sudo make install-strip}}}<<BR>>
 * Sandbox applications with DebianPackage:firejail

THIS PAGE IS A DRAFT

This page helps with web development under Debian. It lists and recommends tools (for being FOSS and/or efficient and/or secure) which could be used, describes how to set them up and how to properly configure and use them.

It aims to help with software development under Debian in general, with development of cross-platform (Debian compatible) software and to provide up to date step-by-step guides for optimal convenience, efficiency and security even for beginners. It is a continuously improving guide which indexes, evaluates and aggregates tools and information scattered across the web.

Sandboxing and software distribution

  • Sandbox applications with firejail

  • Learn about ?Flatpak and Flathub.
    Install Flatpak. There might also be a GUI frontend for Flatpak packages such as the Software Manager in Linux Mint which has a category dedicated to these packages.

  • There are also Snappy (snaps) and ?AppImage but those are not as good as Flatpak. For example ?AppImage does not sandbox and has larger application files; Snappy is run centrally by Canonical (parent company of Ubuntu).

Documentation

Issue management

Collaborative programming

  • Git such as GitLab:

  • See Tox under Tools

Desktop and mobile applications

  • You can use Electron to build cross platform desktop apps with ?JavaScript, HTML, and CSS

IDE

Eclipse


tar zxf eclipse-inst-linux64.tar.gz
sudo tar zxf eclipse-inst-linux64.tar.gz
cd eclipse-installer
./eclipse-inst

  • If the firejail profile sudo kate /etc/firejail/eclipse.profile looks like this:

include /etc/firejail/globals.local
noblacklist ${HOME}/yourprogrammingfolders/*
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.java
caps.drop all
netfilter
nogroups
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
shell none
private-dev
# private-tmp
# noexec /tmp breaks 'Eclipse'
#noexec /tmp
You can run eclipse like this: firejail --profile=/etc/firejail/eclipse.profile /eclipse/locationofeclipse

NetBeans

PhpStorm

  • Install snapd: sudo apt install snapd

  • Edit snap.profile: sudo kate /etc/firejail/snap.profile so it looks like this:

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
whitelist ${HOME}/snap
whitelist ${HOME}/.PhpStorm2018.2/
include /etc/firejail/whitelist-common.inc

  • Install ?PhpStorm: sudo firejail --profile=/etc/firejail/snap.profile snap install phpstorm --classic

  • Update it: sudo firejail snap refresh

  • Run it: firejail --profile=/etc/firejail/phpStorm.profile /snap/bin/phpstorm

  • Create a launch icon

Browser

  • Firefox-ESR is in Debian's repositories. Firejail has a pre-configured profile for it. You could add whitelist /home/USERNAME/node_modules/ to it.

  • Chromium is in Debian's repositories. It's firejail profile could look like this:

include /etc/firejail/chromium.local
include /etc/firejail/globals.local
noblacklist ${HOME}/.cache/chromium
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.config/chromium-flags.conf
noblacklist ${HOME}/.pki
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-programs.inc
mkdir ${HOME}/.cache/chromium
mkdir ${HOME}/.config/chromium
mkdir ${HOME}/.pki
whitelist ${DOWNLOADS}
whitelist /home/USERNAME/node_modules/
whitelist ${HOME}/.cache/chromium
whitelist ${HOME}/.config/chromium
whitelist ${HOME}/.config/chromium-flags.conf
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
caps.keep sys_chroot,sys_admin
netfilter
nogroups
shell none
#disable-mnt
# private-bin chromium,chromium-browser,chromedriver
private-dev
# private-tmp - problems with multiple browser sessions
noexec ${HOME}
noexec /tmp

NPM

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
command -v nvm
nvm install node
nvm use node

Web frameworks

Laravel

(Needs to be tested)

sudo wget https://github.com/laravel/laravel/archive/v5.5.28.zip
sha256sum v5.5.28.zip
unzip v5.5.28.zip
cd laravel-5.5.28/
sudo mkdir /var/www/html/laravel-5.5.28/vendor
sudo mkdir /var/www/html/laravel-5.5.28/vendor/symfony
sudo mkdir /var/www/html/laravel-5.5.28/vendor/symfony/thanks
chown -R www-data.www-data /var/www/html/laravel
sudo chmod -R 755 /var/www/html/laravel-5.5.28/
sudo su www-data
composer config
sudo chown -R username.username /var/www/html/laravel-5.5.28/
composer install
sudo chown -R www-data.www-data /var/www/html/laravel-5.5.28/
sudo chmod -R 755 /var/www/html/laravel-5.5.28/
sudo cp .env.example .env
sudo chown -R www-data.www-data .env
sudo php artisan key:generate
sudo service apache2 restart
sudo php artisan make:auth
php artisan migrate
sudo kate .env
sudo php artisan make:migration create_links_table --create=links
sudo php artisan migrate
php artisan serve
sudo mysqladmin -u root -p status
sudo mysql -u root
sudo php artisan migrate
sudo kate /var/www/html/laravel-5.5.28/app/Providers/AppServiceProvider.php
sudo php artisan migrate
php artisan tinker
sudo php artisan migrate
php artisan migrate:fresh
sudo php artisan make:model --factory Link
sudo kate /var/www/html/laravel-5.5.28/database/factories/LinkFactory.php
sudo php artisan make:seeder LinksTableSeeder
sudo kate /var/www/html/laravel-5.5.28/database/seeds/LinksTableSeeder.php
sudo kate /var/www/html/laravel-5.5.28/database/seeds/DatabaseSeeder.php
sudo php artisan migrate:fresh --seed
php artisan tinker
sudo kate /var/www/html/laravel-5.5.28/routes/web.php
sudo kate /var/www/html/laravel-5.5.28/resources/views/welcome.blade.php

VueJs

cd project-directory
npm install vue-cli vue vue-resource
vue init webpack my-project
npm run start

NTP

sudo apt-get install ntp
ntpq -p
add firewall rules
sudo dpkg-reconfigure tzdata
...

IDS, log-scanning, vulnerability-protection and server-management

Webmin

sudo kate /etc/apt/sources.list and add: deb https://download.webmin.com/download/repository sarge contrib

wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install webmin
sudo kate /etc/webmin/miniserv.conf
sudo service webmin restart

REST client

echo "deb https://dl.bintray.com/getinsomnia/Insomnia /"     | sudo tee -a /etc/apt/sources.list.d/insomnia.list
wget --quiet -O - https://insomnia.rest/keys/debian-public.key.asc     | sudo apt-key add -
sudo apt-get update
sudo apt-get install insomnia
sudo kate /etc/firejail/insomnia.profile
should look like this:
include /etc/firejail/globals.local
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
caps.drop all
netfilter
nogroups
noroot
seccomp
shell none
Then you can run: firejail insomnia
and add an application icon.

Tools

Tox

You can use it for screen sharing, instant messaging, voice calls, video calls, file sharing and groups.

GIMP

Image manipulation software that's a FOSS alternative to Photoshop.

Inkscape

For vector graphics, FOSS alternative to ?CorelDraw and Adobe Illustrator.

VirtualBox

deb http://download.virtualbox.org/virtualbox/debian stretch contrib

See also