build: reorganise build: abi4, fallback, prebuild cli

- ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives.
2024-10-02 16:22:46 +01:00 · 2024-10-02 16:22:46 +01:00 · 59ac54e2fc
commit 59ac54e2fc
parent d6b7bef89e
39 changed files with 473 additions and 440 deletions
--- a/pkg/prebuild/directive/core.go
+++ b/pkg/prebuild/directive/core.go
@ -10,7 +10,7 @@ import (
 	"strings"

 	"github.com/roddhjav/apparmor.d/pkg/paths"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 var (
@ -25,10 +25,20 @@ var (

 // Main directive interface
 type Directive interface {
-	cfg.BaseInterface
+	prebuild.BaseInterface
 	Apply(opt *Option, profile string) (string, error)
 }

+func Usage() string {
+	res := fmt.Sprintf("Directive:\n")
+	for _, d := range Directives {
+		for _, h := range d.Usage() {
+			res += fmt.Sprintf("    %s%s %s\n", Keyword, d.Name(), h)
+		}
+	}
+	return res
+}
+
 // Directive options
 type Option struct {
 	Name    string
--- a/pkg/prebuild/directive/dbus.go
+++ b/pkg/prebuild/directive/dbus.go
@ -18,7 +18,7 @@ import (
 	"strings"

 	"github.com/roddhjav/apparmor.d/pkg/aa"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 var defaultInterfaces = []string{
@ -27,12 +27,12 @@ var defaultInterfaces = []string{
 }

 type Dbus struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterDirective(&Dbus{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "dbus",
 			Msg:     "Dbus directive applied",
 			Help: []string{
--- a/pkg/prebuild/directive/exec.go
+++ b/pkg/prebuild/directive/exec.go
@ -12,17 +12,17 @@ import (
 	"strings"

 	"github.com/roddhjav/apparmor.d/pkg/aa"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )

 type Exec struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterDirective(&Exec{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "exec",
 			Msg:     "Exec directive applied",
 			Help:    []string{"[P|U|p|u|PU|pu|] profiles..."},
@ -44,7 +44,7 @@ func (d Exec) Apply(opt *Option, profileRaw string) (string, error) {

 	rules := aa.Rules{}
 	for name := range opt.ArgMap {
-		profiletoTransition := util.MustReadFile(cfg.RootApparmord.Join(name))
+		profiletoTransition := util.MustReadFile(prebuild.RootApparmord.Join(name))
 		dstProfile := aa.DefaultTunables()
 		if _, err := dstProfile.Parse(profiletoTransition); err != nil {
 			return "", err
--- a/pkg/prebuild/directive/exec_test.go
+++ b/pkg/prebuild/directive/exec_test.go
@ -8,7 +8,7 @@ import (
 	"testing"

 	"github.com/roddhjav/apparmor.d/pkg/paths"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 func TestExec_Apply(t *testing.T) {
@ -51,7 +51,7 @@ func TestExec_Apply(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg.RootApparmord = tt.rootApparmord
+			prebuild.RootApparmord = tt.rootApparmord
 			got, err := Directives["exec"].Apply(tt.opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Exec.Apply() error = %v, wantErr %v", err, tt.wantErr)
--- a/pkg/prebuild/directive/filter.go
+++ b/pkg/prebuild/directive/filter.go
@ -5,31 +5,32 @@
 package directive

 import (
+	"fmt"
 	"regexp"
 	"slices"
 	"strings"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 type FilterOnly struct {
-	cfg.Base
+	prebuild.Base
 }

 type FilterExclude struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterDirective(&FilterOnly{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "only",
 			Msg:     "Only directive applied",
 			Help:    []string{"filters..."},
 		},
 	})
 	RegisterDirective(&FilterExclude{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "exclude",
 			Msg:     "Exclude directive applied",
 			Help:    []string{"filters..."},
@ -38,7 +39,11 @@ func init() {
 }

 func filterRuleForUs(opt *Option) bool {
-	return slices.Contains(opt.ArgList, cfg.Distribution) || slices.Contains(opt.ArgList, cfg.Family)
+	abiStr := fmt.Sprintf("abi%d", prebuild.ABI)
+	if slices.Contains(opt.ArgList, abiStr) {
+		return true
+	}
+	return slices.Contains(opt.ArgList, prebuild.Distribution) || slices.Contains(opt.ArgList, prebuild.Family)
 }

 func filter(only bool, opt *Option, profile string) (string, error) {
--- a/pkg/prebuild/directive/filter_test.go
+++ b/pkg/prebuild/directive/filter_test.go
@ -7,7 +7,7 @@ package directive
 import (
 	"testing"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 func TestFilterOnly_Apply(t *testing.T) {
@ -78,8 +78,8 @@ func TestFilterOnly_Apply(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg.Distribution = tt.dist
-			cfg.Family = tt.family
+			prebuild.Distribution = tt.dist
+			prebuild.Family = tt.family
 			got, err := Directives["only"].Apply(tt.opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("FilterOnly.Apply() error = %v, wantErr %v", err, tt.wantErr)
@ -133,8 +133,8 @@ func TestFilterExclude_Apply(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg.Distribution = tt.dist
-			cfg.Family = tt.family
+			prebuild.Distribution = tt.dist
+			prebuild.Family = tt.family
 			got, err := Directives["exclude"].Apply(tt.opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("FilterExclude.Apply() error = %v, wantErr %v", err, tt.wantErr)
--- a/pkg/prebuild/directive/stack.go
+++ b/pkg/prebuild/directive/stack.go
@ -10,7 +10,7 @@ import (
 	"slices"
 	"strings"

-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 	"github.com/roddhjav/apparmor.d/pkg/util"
 )

@ -25,12 +25,12 @@ var (
 )

 type Stack struct {
-	cfg.Base
+	prebuild.Base
 }

 func init() {
 	RegisterDirective(&Stack{
-		Base: cfg.Base{
+		Base: prebuild.Base{
 			Keyword: "stack",
 			Msg:     "Stack directive applied",
 			Help:    []string{"[X] profiles..."},
@ -55,7 +55,7 @@ func (s Stack) Apply(opt *Option, profile string) (string, error) {

 	res := ""
 	for name := range opt.ArgMap {
-		stackedProfile := util.MustReadFile(cfg.RootApparmord.Join(name))
+		stackedProfile := util.MustReadFile(prebuild.RootApparmord.Join(name))
 		m := regRules.FindStringSubmatch(stackedProfile)
 		if len(m) < 2 {
 			return "", fmt.Errorf("No profile found in %s", name)
--- a/pkg/prebuild/directive/stack_test.go
+++ b/pkg/prebuild/directive/stack_test.go
@ -8,7 +8,7 @@ import (
 	"testing"

 	"github.com/roddhjav/apparmor.d/pkg/paths"
-	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )

 func TestStack_Apply(t *testing.T) {
@ -68,7 +68,7 @@ profile parent @{exec_path} {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			cfg.RootApparmord = tt.rootApparmord
+			prebuild.RootApparmord = tt.rootApparmord
 			got, err := Directives["stack"].Apply(tt.opt, tt.profile)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("Stack.Apply() error = %v, wantErr %v", err, tt.wantErr)