search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.68k stars 557 forks source link

docs: non-ASCII hyphens in commands - copy pasting them fails on command line #5903

Open danielkrajnik opened 1 year ago

danielkrajnik commented 1 year ago

Description

Copying flags from man pages doesn't work - hyphens are encoded as e280 90 instead 2d.

They will look the same, but firejail will error (for example):

Error: invalid --writable‐run‐user command line option

Steps to Reproduce

  1. man firejail
  2. search for an option, e.g. / --writable‐run‐user
  3. select it, copy it, paste it into command line, e.g. firejail --writable‐run‐user
  4. run command *5. paste it into a hex editor:

image

Expected Behaviour

enter shell in firejail with /run/user/$UID/gnupg available

Actual Behaviour

Error: invalid --writable‐run‐user command line option

Environment

Compile time support:

Checklist

vinc17fr commented 11 months ago

This is due to the fact that some "-" characters are not escaped with a backslash.

glitsj16 commented 11 months ago

@danielkrajnik When doing the 4 steps to reproduce (in my preferred xfce4-terminal) it actually works fine for me:

$ ls /run/user/$UID/gnupg
S.dirmngr  S.gpg-agent  S.gpg-agent.browser  S.gpg-agent.extra  S.gpg-agent.ssh

Perhaps it's dependent on the terminal-emulator? Have you tried a different one than what you normally use yet?

rusty-snake commented 11 months ago

@glitsj16 even if it does not happen with all terminals/viewer/... the format is wrong. See @vinc17fr post which writes it down the first time.

with /run/user/$UID/gnupg available

Has nothing todo with writable-run-user.

danielkrajnik commented 11 months ago

it actually works fine for me

Strange, it is working for me now as well even though it's the same terminal (alacritty). Maybe switching from Wayland to X11? Or maybe something else changed since July.

glitsj16 commented 11 months ago

Has nothing todo with writable-run-user.

@glitsj16 even if it does not happen with all terminals/viewer/... the format is wrong. See @vinc17fr post which writes it down the first time.

@rusty-snake

The format might be wrong, but how do you explain it sometimes works and sometimes it doesn't? Or in other words, do you have an actionable thing in mind by which we could fix this?

Maybe switching from Wayland to X11?

@danielkrajnik

That's what I'm seeing as well. Not that I can explain the difference...

rusty-snake commented 11 months ago

https://github.com/netblue30/firejail/issues/5903#issuecomment-1735423058 proper escaping with a backslash.

glitsj16 commented 11 months ago

5903 (comment) proper escaping with a backslash.

That's already the case:

https://github.com/netblue30/firejail/blob/72edd9667b27ce0a2779f5000ca0a6a1eb0d67a2/src/man/firejail.1.in#L3116

danielkrajnik commented 11 months ago

Maybe switching from Wayland to X11?

I've just tried logging out of X11 and logging back into Wayland and it still worked (hyphens were again correctly copied as hex 2d). Both on KDE Plasma. Sorry, not sure what's caused it before.

kmk3 commented 11 months ago

I can confirm that this was a problem when the issue was opened, though I can't immediately reproduce it now either with man-db 2.11.2-1 on Artix.

I also had attempted a regex to fix this, but I didn't finish it.

This is what I had written (the examples are current):

2. search for an option, e.g. / --writable‐run‐user

Error: invalid --writable‐run‐user command line option

GNU man ("man-db" package on Arch Linux) converts - (hyphen-minus) into e28090 in the output, unless it's escaped as \- in the source and currently only the first ones are escaped in the man pages, such as in \-\-writable-run-user (it should be \-\-writable\-run\-user):

$ git grep -E 'writable\\?-run\\?-user' -- src/man/firejail.1.in
src/man/firejail.1.in:\fB\-\-writable-run-user
src/man/firejail.1.in:$ sudo firejail --writable-run-user

Most/all options are unfortunately also half-escaped:

$ git grep ' \\-\\-[^ ]*-' -- src/man/firejail.1.in | head
src/man/firejail.1.in:firejail {\-? | \-\-debug-caps | \-\-debug-errnos | \-\-debug-syscalls | \-\-debug-syscalls32 | \-\-debug-protocols | \-\-help | \-\-version}
src/man/firejail.1.in:$ firejail \-\-dbus-system=none
src/man/firejail.1.in:$ firejail \-\-dbus-user=none
src/man/firejail.1.in:$ firejail \-\-debug-blacklists firefox
src/man/firejail.1.in:$ firejail \-\-debug-caps
src/man/firejail.1.in:$ firejail \-\-debug-errnos
src/man/firejail.1.in:$ firejail \-\-debug-protocols
src/man/firejail.1.in:$ firejail \-\-debug-syscalls
src/man/firejail.1.in:$ firejail \-\-debug-whitelists firefox
src/man/firejail.1.in:$ firejail \-\-disable-mnt firefox

Note that mandoc does not convert them, so this seems to be a GNU-specific thing.

vinc17fr commented 11 months ago

5903 (comment) proper escaping with a backslash.

That's already the case:

https://github.com/netblue30/firejail/blob/72edd9667b27ce0a2779f5000ca0a6a1eb0d67a2/src/man/firejail.1.in#L3116

Here I can see

\fB\-\-writable-run-user

The first two are properly escaped, so that they appear correctly in the man page. The other two are not escaped, so that they appear as U+2010 HYPHEN in the man page. This confirms the issue.

vinc17fr commented 11 months ago

GNU man ("man-db" package on Arch Linux) converts - (hyphen-minus) into e28090 in the output, unless it's escaped as \- in the source and currently only the first ones are escaped in the man pages, such as in \-\-writable-run-user (it should be \-\-writable\-run\-user): [...] Note that mandoc does not convert them, so this seems to be a GNU-specific thing.

This actually comes from a recent change in groff. See the discussion in Debian bug 1041731.