build: reorganise build: abi4, fallback, prebuild cli
- ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives.
This commit is contained in:
Alexandre Pujol
parent
d6b7bef89e
commit
59ac54e2fc
39 changed files with 473 additions and 440 deletions
|
|
@ -6,62 +6,95 @@ package prepare
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
type Configure struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
OneFile bool
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&Configure{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "configure",
|
||||
Msg: "Set distribution specificities",
|
||||
},
|
||||
OneFile: false,
|
||||
})
|
||||
}
|
||||
|
||||
func (p Configure) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
switch cfg.Distribution {
|
||||
case "arch", "opensuse":
|
||||
if cfg.Overwrite {
|
||||
if err := cfg.Overwrite.Apply(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
if prebuild.ABI == 4 {
|
||||
if err := OverwriteUpstreamProfile(p.OneFile); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
switch prebuild.Distribution {
|
||||
case "arch", "opensuse":
|
||||
|
||||
case "ubuntu":
|
||||
if err := cfg.DebianHide.Init(); err != nil {
|
||||
if err := prebuild.DebianHide.Init(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
if cfg.Overwrite {
|
||||
if err := cfg.Overwrite.Apply(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
} else {
|
||||
if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
|
||||
if prebuild.ABI == 3 {
|
||||
if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
case "debian", "whonix":
|
||||
if err := cfg.DebianHide.Init(); err != nil {
|
||||
if err := prebuild.DebianHide.Init(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Copy Debian specific abstractions
|
||||
if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
|
||||
if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
default:
|
||||
return []string{}, fmt.Errorf("%s is not a supported distribution", cfg.Distribution)
|
||||
return []string{}, fmt.Errorf("%s is not a supported distribution", prebuild.Distribution)
|
||||
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// Overwrite upstream profile: disable upstream & rename ours
|
||||
func OverwriteUpstreamProfile(oneFile bool) error {
|
||||
const ext = ".apparmor.d"
|
||||
disableDir := prebuild.RootApparmord.Join("disable")
|
||||
if err := disableDir.Mkdir(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
path := prebuild.DistDir.Join("overwrite")
|
||||
if !path.Exist() {
|
||||
return fmt.Errorf("%s not found", path)
|
||||
}
|
||||
for _, name := range util.MustReadFileAsLines(path) {
|
||||
origin := prebuild.RootApparmord.Join(name)
|
||||
dest := prebuild.RootApparmord.Join(name + ext)
|
||||
if !dest.Exist() && oneFile {
|
||||
continue
|
||||
}
|
||||
if err := origin.Rename(dest); err != nil {
|
||||
|
||||
return err
|
||||
}
|
||||
originRel, err := origin.RelFrom(dest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := os.Symlink(originRel.String(), disableDir.Join(name).String()); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ package prepare
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -20,7 +20,7 @@ var (
|
|||
|
||||
// Main directive interface
|
||||
type Task interface {
|
||||
cfg.BaseInterface
|
||||
prebuild.BaseInterface
|
||||
Apply() ([]string, error)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ import (
|
|||
"testing"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/paths"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
)
|
||||
|
||||
func chdirGitRoot() {
|
||||
|
|
@ -39,7 +39,7 @@ func TestTask_Apply(t *testing.T) {
|
|||
name: "synchronise",
|
||||
task: Tasks["synchronise"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{cfg.RootApparmord.Join("/groups/_full/systemd")},
|
||||
wantFiles: paths.PathList{prebuild.RootApparmord.Join("/groups/_full/systemd")},
|
||||
},
|
||||
{
|
||||
name: "ignore",
|
||||
|
|
@ -51,7 +51,7 @@ func TestTask_Apply(t *testing.T) {
|
|||
name: "merge",
|
||||
task: Tasks["merge"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{cfg.RootApparmord.Join("aa-log")},
|
||||
wantFiles: paths.PathList{prebuild.RootApparmord.Join("aa-log")},
|
||||
},
|
||||
{
|
||||
name: "configure",
|
||||
|
|
@ -68,23 +68,23 @@ func TestTask_Apply(t *testing.T) {
|
|||
name: "systemd-default",
|
||||
task: Tasks["systemd-default"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{cfg.Root.Join("systemd/system/dbus.service")},
|
||||
wantFiles: paths.PathList{prebuild.Root.Join("systemd/system/dbus.service")},
|
||||
},
|
||||
{
|
||||
name: "systemd-early",
|
||||
task: Tasks["systemd-early"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{cfg.Root.Join("systemd/system/pcscd.service")},
|
||||
wantFiles: paths.PathList{prebuild.Root.Join("systemd/system/pcscd.service")},
|
||||
},
|
||||
{
|
||||
name: "fsp",
|
||||
task: Tasks["fsp"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{cfg.RootApparmord.Join("systemd")},
|
||||
wantFiles: paths.PathList{prebuild.RootApparmord.Join("systemd")},
|
||||
},
|
||||
}
|
||||
chdirGitRoot()
|
||||
_ = cfg.Root.RemoveAll()
|
||||
_ = prebuild.Root.RemoveAll()
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := tt.task.Apply()
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
|
|
@ -19,12 +19,12 @@ var (
|
|||
)
|
||||
|
||||
type SetFlags struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&SetFlags{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "setflags",
|
||||
Msg: "Set flags on some profiles",
|
||||
},
|
||||
|
|
@ -33,9 +33,9 @@ func init() {
|
|||
|
||||
func (p SetFlags) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
for _, name := range []string{"main", cfg.Distribution} {
|
||||
for profile, flags := range cfg.Flags.Read(name) {
|
||||
file := cfg.RootApparmord.Join(profile)
|
||||
for _, name := range []string{"main", prebuild.Distribution} {
|
||||
for profile, flags := range prebuild.Flags.Read(name) {
|
||||
file := prebuild.RootApparmord.Join(profile)
|
||||
if !file.Exist() {
|
||||
res = append(res, fmt.Sprintf("Profile %s not found, ignoring", profile))
|
||||
continue
|
||||
|
|
@ -57,7 +57,7 @@ func (p SetFlags) Apply() ([]string, error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
res = append(res, cfg.FlagDir.Join(name+".flags").String())
|
||||
res = append(res, prebuild.FlagDir.Join(name+".flags").String())
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,17 +8,17 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/paths"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
type FullSystemPolicy struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&FullSystemPolicy{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "fsp",
|
||||
Msg: "Configure AppArmor for full system policy",
|
||||
},
|
||||
|
|
@ -29,12 +29,12 @@ func (p FullSystemPolicy) Apply() ([]string, error) {
|
|||
res := []string{}
|
||||
|
||||
// Install full system policy profiles
|
||||
if err := util.CopyTo(paths.New("apparmor.d/groups/_full/"), cfg.Root.Join("apparmor.d")); err != nil {
|
||||
if err := util.CopyTo(paths.New("apparmor.d/groups/_full/"), prebuild.Root.Join("apparmor.d")); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
// Set systemd profile name
|
||||
path := cfg.RootApparmord.Join("tunables/multiarch.d/system")
|
||||
path := prebuild.RootApparmord.Join("tunables/multiarch.d/system")
|
||||
out, err := util.ReadFile(path)
|
||||
if err != nil {
|
||||
return res, err
|
||||
|
|
@ -46,7 +46,7 @@ func (p FullSystemPolicy) Apply() ([]string, error) {
|
|||
}
|
||||
|
||||
// Fix conflicting x modifiers in abstractions - FIXME: Temporary solution
|
||||
path = cfg.RootApparmord.Join("abstractions/gstreamer")
|
||||
path = prebuild.RootApparmord.Join("abstractions/gstreamer")
|
||||
out, err = util.ReadFile(path)
|
||||
if err != nil {
|
||||
return res, err
|
||||
|
|
@ -58,5 +58,5 @@ func (p FullSystemPolicy) Apply() ([]string, error) {
|
|||
}
|
||||
|
||||
// Set systemd unit drop-in files
|
||||
return res, util.CopyTo(cfg.SystemdDir.Join("full"), cfg.Root.Join("systemd"))
|
||||
return res, util.CopyTo(prebuild.SystemdDir.Join("full"), prebuild.Root.Join("systemd"))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,16 +6,16 @@ package prepare
|
|||
|
||||
import (
|
||||
"github.com/roddhjav/apparmor.d/pkg/paths"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
)
|
||||
|
||||
type Ignore struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&Ignore{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "ignore",
|
||||
Msg: "Ignore profiles and files from:",
|
||||
},
|
||||
|
|
@ -24,11 +24,11 @@ func init() {
|
|||
|
||||
func (p Ignore) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
for _, name := range []string{"main", cfg.Distribution} {
|
||||
for _, ignore := range cfg.Ignore.Read(name) {
|
||||
profile := cfg.Root.Join(ignore)
|
||||
for _, name := range []string{"main", prebuild.Distribution} {
|
||||
for _, ignore := range prebuild.Ignore.Read(name) {
|
||||
profile := prebuild.Root.Join(ignore)
|
||||
if profile.NotExist() {
|
||||
files, err := cfg.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterNames(ignore))
|
||||
files, err := prebuild.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterNames(ignore))
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
|
@ -43,7 +43,7 @@ func (p Ignore) Apply() ([]string, error) {
|
|||
}
|
||||
}
|
||||
}
|
||||
res = append(res, cfg.IgnoreDir.Join(name+".ignore").String())
|
||||
res = append(res, prebuild.IgnoreDir.Join(name+".ignore").String())
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,16 +9,16 @@ import (
|
|||
"path/filepath"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/paths"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
)
|
||||
|
||||
type Merge struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&Merge{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "merge",
|
||||
Msg: "Merge all profiles into a unified apparmor.d directory",
|
||||
},
|
||||
|
|
@ -35,18 +35,18 @@ func (p Merge) Apply() ([]string, error) {
|
|||
idx := 0
|
||||
for idx < len(dirToMerge)-1 {
|
||||
dirMoved, dirRemoved := dirToMerge[idx], dirToMerge[idx+1]
|
||||
files, err := filepath.Glob(cfg.RootApparmord.Join(dirMoved).String())
|
||||
files, err := filepath.Glob(prebuild.RootApparmord.Join(dirMoved).String())
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
for _, file := range files {
|
||||
err := os.Rename(file, cfg.RootApparmord.Join(filepath.Base(file)).String())
|
||||
err := os.Rename(file, prebuild.RootApparmord.Join(filepath.Base(file)).String())
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
files, err = filepath.Glob(cfg.RootApparmord.Join(dirRemoved).String())
|
||||
files, err = filepath.Glob(prebuild.RootApparmord.Join(dirRemoved).String())
|
||||
if err != nil {
|
||||
return []string{}, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,35 +6,53 @@ package prepare
|
|||
|
||||
import (
|
||||
"github.com/roddhjav/apparmor.d/pkg/paths"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
type Synchronise struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
Path string
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&Synchronise{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "synchronise",
|
||||
Msg: "Initialize a new clean apparmor.d build directory",
|
||||
},
|
||||
Path: "",
|
||||
})
|
||||
}
|
||||
|
||||
func (p Synchronise) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
dirs := paths.PathList{cfg.RootApparmord, cfg.Root.Join("root"), cfg.Root.Join("systemd")}
|
||||
dirs := paths.PathList{prebuild.RootApparmord, prebuild.Root.Join("root"), prebuild.Root.Join("systemd")}
|
||||
for _, dir := range dirs {
|
||||
if err := dir.RemoveAll(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
for _, name := range []string{"apparmor.d", "root"} {
|
||||
if err := util.CopyTo(paths.New(name), cfg.Root.Join(name)); err != nil {
|
||||
if p.Path == "" {
|
||||
for _, name := range []string{"apparmor.d", "root"} {
|
||||
if err := util.CopyTo(paths.New(name), prebuild.Root.Join(name)); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
file := paths.New(p.Path)
|
||||
destination, err := file.RelFrom(paths.New("apparmor.d"))
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
destination = prebuild.RootApparmord.JoinPath(destination)
|
||||
if err := destination.Parent().MkdirAll(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
if err := file.CopyTo(destination); err != nil {
|
||||
return res, err
|
||||
}
|
||||
res = append(res, destination.String())
|
||||
}
|
||||
return res, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,27 +5,27 @@
|
|||
package prepare
|
||||
|
||||
import (
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
type SystemdDefault struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
type SystemdEarly struct {
|
||||
cfg.Base
|
||||
prebuild.Base
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&SystemdDefault{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "systemd-default",
|
||||
Msg: "Configure systemd unit drop in files to a profile for some units",
|
||||
},
|
||||
})
|
||||
RegisterTask(&SystemdEarly{
|
||||
Base: cfg.Base{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "systemd-early",
|
||||
Msg: "Configure systemd unit drop in files to ensure some service start after apparmor",
|
||||
},
|
||||
|
|
@ -33,9 +33,9 @@ func init() {
|
|||
}
|
||||
|
||||
func (p SystemdDefault) Apply() ([]string, error) {
|
||||
return []string{}, util.CopyTo(cfg.SystemdDir.Join("default"), cfg.Root.Join("systemd"))
|
||||
return []string{}, util.CopyTo(prebuild.SystemdDir.Join("default"), prebuild.Root.Join("systemd"))
|
||||
}
|
||||
|
||||
func (p SystemdEarly) Apply() ([]string, error) {
|
||||
return []string{}, util.CopyTo(cfg.SystemdDir.Join("early"), cfg.Root.Join("systemd"))
|
||||
return []string{}, util.CopyTo(prebuild.SystemdDir.Join("early"), prebuild.Root.Join("systemd"))
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue