|
⇤ ← Revision 1 as of 2018-09-02 20:13:22
Size: 11192
Comment: draft: page for info and guides on software/web development with Debian
|
Size: 11005
Comment: no need for firejail builds
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 12: | Line 12: |
| * Sandbox applications with firejail:<<BR>>{{{git clone https://github.com/netblue30/firejail.git}}}<<BR>> {{{cd firejail}}}<<BR>> {{{export CC=/usr/local/bin/gcc-6}}}<<BR>> {{{./configure && make && sudo make install-strip}}}<<BR>> |
* Sandbox applications with DebianPackage:firejail |
THIS PAGE IS A DRAFT
This page helps with web development under Debian. It lists and recommends tools (for being FOSS and/or efficient and/or secure) which could be used, describes how to set them up and how to properly configure and use them.
It aims to help with software development under Debian in general, with development of cross-platform (Debian compatible) software and to provide up to date step-by-step guides for optimal convenience, efficiency and security even for beginners. It is a continuously improving guide which indexes, evaluates and aggregates tools and information scattered across the web.
Contents
Sandboxing and software distribution
Sandbox applications with firejail
Learn about Flatpak and Flathub.
Install Flatpak. There might also be a GUI frontend for Flatpak packages such as the Software Manager in Linux Mint which has a category dedicated to these packages.There are also Snappy (snaps) and ?AppImage but those are not as good as Flatpak. For example ?AppImage does not sandbox and has larger application files; Snappy is run centrally by Canonical (parent company of Ubuntu).
Documentation
Issue management
Collaborative programming
Git such as GitLab:
See Tox under Tools
Desktop and mobile applications
IDE
Eclipse
tar zxf eclipse-inst-linux64.tar.gz
sudo tar zxf eclipse-inst-linux64.tar.gz
cd eclipse-installer
./eclipse-inst
If the firejail profile sudo kate /etc/firejail/eclipse.profile looks like this:
include /etc/firejail/globals.local
noblacklist ${HOME}/yourprogrammingfolders/*
noblacklist ${HOME}/.gitconfig
noblacklist ${HOME}/.java
caps.drop all
netfilter
nogroups
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
shell none
private-dev
# private-tmp
# noexec /tmp breaks 'Eclipse'
#noexec /tmp
You can run eclipse like this: firejail --profile=/etc/firejail/eclipse.profile /eclipse/locationofeclipse
- Create a launch icon
- Check for updates
https://stackoverflow.com/questions/5531402/newbie-in-eclipse-i-dont-have-dynamic-web-project-i-am-under-linux-ubuntu http://www.gulland.com/wp/?p=31
NetBeans
PhpStorm
Install snapd: sudo apt install snapd
Edit snap.profile: sudo kate /etc/firejail/snap.profile so it looks like this:
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
whitelist ${HOME}/snap
whitelist ${HOME}/.PhpStorm2018.2/
include /etc/firejail/whitelist-common.inc
Install ?PhpStorm: sudo firejail --profile=/etc/firejail/snap.profile snap install phpstorm --classic
Update it: sudo firejail snap refresh
Run it: firejail --profile=/etc/firejail/phpStorm.profile /snap/bin/phpstorm
- Create a launch icon
Browser
Firefox-ESR is in Debian's repositories. Firejail has a pre-configured profile for it. You could add whitelist /home/USERNAME/node_modules/ to it.
Chromium is in Debian's repositories. It's firejail profile could look like this:
include /etc/firejail/chromium.local
include /etc/firejail/globals.local
noblacklist ${HOME}/.cache/chromium
noblacklist ${HOME}/.config/chromium
noblacklist ${HOME}/.config/chromium-flags.conf
noblacklist ${HOME}/.pki
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-programs.inc
mkdir ${HOME}/.cache/chromium
mkdir ${HOME}/.config/chromium
mkdir ${HOME}/.pki
whitelist ${DOWNLOADS}
whitelist /home/USERNAME/node_modules/
whitelist ${HOME}/.cache/chromium
whitelist ${HOME}/.config/chromium
whitelist ${HOME}/.config/chromium-flags.conf
whitelist ${HOME}/.pki
include /etc/firejail/whitelist-common.inc
include /etc/firejail/whitelist-var-common.inc
caps.keep sys_chroot,sys_admin
netfilter
nogroups
shell none
#disable-mnt
# private-bin chromium,chromium-browser,chromedriver
private-dev
# private-tmp - problems with multiple browser sessions
noexec ${HOME}
noexec /tmp
NPM
Install the node package manager (NPM) with NVM using the install script:
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
command -v nvm
nvm install node
nvm use node
Web frameworks
Laravel
(Needs to be tested)
sudo wget https://github.com/laravel/laravel/archive/v5.5.28.zip
sha256sum v5.5.28.zip
unzip v5.5.28.zip
cd laravel-5.5.28/
sudo mkdir /var/www/html/laravel-5.5.28/vendor
sudo mkdir /var/www/html/laravel-5.5.28/vendor/symfony
sudo mkdir /var/www/html/laravel-5.5.28/vendor/symfony/thanks
chown -R www-data.www-data /var/www/html/laravel
sudo chmod -R 755 /var/www/html/laravel-5.5.28/
sudo su www-data
composer config
sudo chown -R username.username /var/www/html/laravel-5.5.28/
composer install
sudo chown -R www-data.www-data /var/www/html/laravel-5.5.28/
sudo chmod -R 755 /var/www/html/laravel-5.5.28/
sudo cp .env.example .env
sudo chown -R www-data.www-data .env
sudo php artisan key:generate
sudo service apache2 restart
sudo php artisan make:auth
php artisan migrate
sudo kate .env
sudo php artisan make:migration create_links_table --create=links
sudo php artisan migrate
php artisan serve
sudo mysqladmin -u root -p status
sudo mysql -u root
sudo php artisan migrate
sudo kate /var/www/html/laravel-5.5.28/app/Providers/AppServiceProvider.php
sudo php artisan migrate
php artisan tinker
sudo php artisan migrate
php artisan migrate:fresh
sudo php artisan make:model --factory Link
sudo kate /var/www/html/laravel-5.5.28/database/factories/LinkFactory.php
sudo php artisan make:seeder LinksTableSeeder
sudo kate /var/www/html/laravel-5.5.28/database/seeds/LinksTableSeeder.php
sudo kate /var/www/html/laravel-5.5.28/database/seeds/DatabaseSeeder.php
sudo php artisan migrate:fresh --seed
php artisan tinker
sudo kate /var/www/html/laravel-5.5.28/routes/web.php
sudo kate /var/www/html/laravel-5.5.28/resources/views/welcome.blade.php
VueJs
cd project-directory
npm install vue-cli vue vue-resource
vue init webpack my-project
npm run start
NTP
sudo apt-get install ntp
ntpq -p
add firewall rules
sudo dpkg-reconfigure tzdata
...
IDS, log-scanning, vulnerability-protection and server-management
Webmin
sudo kate /etc/apt/sources.list and add: deb https://download.webmin.com/download/repository sarge contrib
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install webmin
sudo kate /etc/webmin/miniserv.conf
sudo service webmin restart
REST client
echo "deb https://dl.bintray.com/getinsomnia/Insomnia /" | sudo tee -a /etc/apt/sources.list.d/insomnia.list
wget --quiet -O - https://insomnia.rest/keys/debian-public.key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install insomnia
sudo kate /etc/firejail/insomnia.profile
should look like this:
include /etc/firejail/globals.local
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
caps.drop all
netfilter
nogroups
noroot
seccomp
shell none
Then you can run: firejail insomnia
and add an application icon.
Tools
Tox
You can use it for screen sharing, instant messaging, voice calls, video calls, file sharing and groups.
GIMP
Image manipulation software that's a FOSS alternative to Photoshop.
Inkscape
For vector graphics, FOSS alternative to ?CorelDraw and Adobe Illustrator.
VirtualBox
deb http://download.virtualbox.org/virtualbox/debian stretch contrib
See also