build: reorganise build: abi4, fallback, prebuild cli

- ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives.
2024-10-02 16:22:46 +01:00 · 2024-10-02 16:22:46 +01:00 · 59ac54e2fc
commit 59ac54e2fc
parent d6b7bef89e
39 changed files with 473 additions and 440 deletions
--- a/pkg/prebuild/builder/abi.go
+++ b/pkg/prebuild/builder/abi.go
@ -5,25 +5,25 @@
 package builder

 import (
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )

 var (
-	regAbi4To3 = util.ToRegexRepl([]string{ // Currently Abi3 -> Abi4
-		`abi/3.0`, `abi/4.0`,
-		`# userns,`, `userns,`,
-		`# mqueue`, `mqueue`,
+	regAbi4To3 = util.ToRegexRepl([]string{
+		`abi/4.0`, `abi/3.0`,
+		`userns,`, `# userns,`,
+		`mqueue`, `# mqueue`,
 	})
 )

 type ABI3 struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&ABI3{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "abi3",
 			Msg:     "Convert all profiles from abi 4.0 to abi 3.0",
 		},
--- a/pkg/prebuild/builder/complain.go
+++ b/pkg/prebuild/builder/complain.go
@ -9,7 +9,7 @@ import (
 	"slices"
 	"strings"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 var (
@ -18,12 +18,12 @@ var (
 )

 type Complain struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&Complain{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "complain",
 			Msg:     "Set complain flag on all profiles",
 		},
--- a/pkg/prebuild/builder/core.go
+++ b/pkg/prebuild/builder/core.go
@ -8,7 +8,7 @@ import (
 	"fmt"

 	"github.com/roddhjav/apparmor.d/pkg/paths"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 var (
@ -21,7 +21,7 @@ var (

 // Main directive interface
 type Builder interface {
-	cfg.BaseInterface
+	prebuild.BaseInterface
 	Apply(opt *Option, profile string) (string, error)
 }

--- a/pkg/prebuild/builder/core_test.go
+++ b/pkg/prebuild/builder/core_test.go
@ -8,7 +8,7 @@ import (
 	"slices"
 	"testing"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 func TestBuilder_Apply(t *testing.T) {
@ -23,17 +23,17 @@ func TestBuilder_Apply(t *testing.T) {
 			name: "abi3",
 			b:    Builders["abi3"],
 			profile: `
-			  abi <abi/3.0>,
-			  profile test {
-			    # userns,
-			    # mqueue r type=posix /,
-			  }`,
-			want: `
 			  abi <abi/4.0>,
 			  profile test {
 			    userns,
 			    mqueue r type=posix /,
 			  }`,
+			want: `
+			  abi <abi/3.0>,
+			  profile test {
+			    # userns,
+			    # mqueue r type=posix /,
+			  }`,
 		},
 		{
 			name: "complain-1",
@ -234,7 +234,7 @@ func TestBuilder_Apply(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			opt := &Option{File: cfg.RootApparmord.Join(tt.name)}
+			opt := &Option{File: prebuild.RootApparmord.Join(tt.name)}
 			got, err := tt.b.Apply(opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Builder.Apply() error = %v, wantErr %v", err, tt.wantErr)
--- a/pkg/prebuild/builder/dev.go
+++ b/pkg/prebuild/builder/dev.go
@ -5,7 +5,7 @@
 package builder

 import (
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )

@ -19,12 +19,12 @@ var (
 )

 type Dev struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&Dev{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "dev",
 			Msg:     "Apply test development changes",
 		},
--- a/pkg/prebuild/builder/enforce.go
+++ b/pkg/prebuild/builder/enforce.go
@ -8,16 +8,16 @@ import (
 	"slices"
 	"strings"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 type Enforce struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&Enforce{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "enforce",
 			Msg:     "All profiles have been enforced",
 		},
--- a/pkg/prebuild/builder/fsp.go
+++ b/pkg/prebuild/builder/fsp.go
@ -5,7 +5,7 @@
 package builder

 import (
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )

@ -16,12 +16,12 @@ var (
 )

 type FullSystemPolicy struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&FullSystemPolicy{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "fsp",
 			Msg:     "Prevent unconfined transitions in profile rules",
 		},
--- a/pkg/prebuild/builder/userspace.go
+++ b/pkg/prebuild/builder/userspace.go
@ -10,7 +10,7 @@ import (
 	"strings"

 	"github.com/roddhjav/apparmor.d/pkg/aa"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 const tokATTACHMENT = "@{exec_path}"
@ -20,12 +20,12 @@ var (
 )

 type Userspace struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterBuilder(&Userspace{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "userspace",
 			Msg:     "Bypass userspace tools restriction",
 		},
@ -33,10 +33,10 @@ func init() {
 }

 func (b Userspace) Apply(opt *Option, profile string) (string, error) {
-	if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("abstractions")); ok {
+	if ok, _ := opt.File.IsInsideDir(prebuild.RootApparmord.Join("abstractions")); ok {
 		return profile, nil
 	}
-	if ok, _ := opt.File.IsInsideDir(cfg.RootApparmord.Join("tunables")); ok {
+	if ok, _ := opt.File.IsInsideDir(prebuild.RootApparmord.Join("tunables")); ok {
 		return profile, nil
 	}