felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build: fully replace make by just.

Browse source
This commit is contained in:
Alexandre Pujol 2025-07-22 23:18:00 +02:00 committed by Alex
parent 4a3a98c77d
commit 7d2229cd05
22 changed files with 113 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/main.yml vendored
View file

@ -9,9 +9,14 @@ jobs:
- name: Check out repository code - name: Check out repository code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Install linter dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y just
- name: Run basic profile linter check - name: Run basic profile linter check
run: | run: |
make check just check
build: build:
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
@ -32,13 +37,13 @@ jobs:
sudo apt-get update -q sudo apt-get update -q
sudo apt-get install -y \ sudo apt-get install -y \
devscripts debhelper config-package-dev \ devscripts debhelper config-package-dev \
auditd apparmor-profiles apparmor-utils auditd apparmor-profiles apparmor-utils just
sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real
- name: Build the apparmor.d package - name: Build the apparmor.d package
run: | run: |
if [[ ${{ matrix.mode }} == full-system-policy ]]; then if [[ ${{ matrix.mode }} == full-system-policy ]]; then
echo -e "\noverride_dh_auto_build:\n\tmake fsp" >> debian/rules sed -e "s/just complain/just fsp-complain/" -i debian/rules
fi fi
if [[ ${{ matrix.os }} == ubuntu-24.04 ]] && [[ ${{ matrix.mode }} == default ]]; then if [[ ${{ matrix.os }} == ubuntu-24.04 ]] && [[ ${{ matrix.mode }} == default ]]; then
# Test with Re-attach disconnected path # Test with Re-attach disconnected path
@ -95,7 +100,7 @@ jobs:
sudo apt-get update -q sudo apt-get update -q
sudo apt-get install -y \ sudo apt-get install -y \
apparmor-profiles apparmor-utils \ apparmor-profiles apparmor-utils \
bats bats-support bats bats-support just
- name: Install apparmor.d - name: Install apparmor.d
run: | run: |
@ -127,12 +132,12 @@ jobs:
- name: Install integration dependencies - name: Install integration dependencies
run: | run: |
bash tests/requirements.sh just init
find /usr/sbin/ -type f find /usr/sbin/ -type f
- name: Run the integration tests - name: Run the integration tests
run: | run: |
make integration just integration
- name: Show final AppArmor logs - name: Show final AppArmor logs
if: always() if: always()

11
.gitlab-ci.yml
View file

@ -66,7 +66,7 @@ check:
stage: test stage: test
image: registry.gitlab.com/roddhjav/builders/archlinux image: registry.gitlab.com/roddhjav/builders/archlinux
script: script:
- make check - just check
# Package Build # Package Build
# ------------- # -------------
@ -84,13 +84,12 @@ archlinux:
debian: debian:
stage: build stage: build
image: registry.gitlab.com/roddhjav/builders/debian:12 image: registry.gitlab.com/roddhjav/builders/debian:trixie
script: script:
- sudo chown -R build:build /builds/ - sudo chown -R build:build /builds/
- git config --global --add safe.directory $CI_PROJECT_DIR - git config --global --add safe.directory $CI_PROJECT_DIR
- mkdir -p "$PKGDEST" - mkdir -p "$PKGDEST"
- sudo apt-get update -q && sudo apt-get install -y config-package-dev lsb-release - sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
- sudo apt-get install -y -t bookworm-backports golang-go
- bash dists/build.sh dpkg - bash dists/build.sh dpkg
artifacts: artifacts:
expire_in: 1 day expire_in: 1 day
@ -105,7 +104,7 @@ ubuntu:
script: script:
- git config --global --add safe.directory $CI_PROJECT_DIR - git config --global --add safe.directory $CI_PROJECT_DIR
- mkdir -p "$PKGDEST" - mkdir -p "$PKGDEST"
- sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release - sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
- bash dists/build.sh dpkg - bash dists/build.sh dpkg
artifacts: artifacts:
expire_in: 1 day expire_in: 1 day
@ -117,7 +116,7 @@ whonix:
variables: variables:
DISTRIBUTION: whonix DISTRIBUTION: whonix
before_script: before_script:
- echo "\noverride_dh_auto_build:\n\tmake fsp" >> debian/rules - sed -e "s/just complain/just fsp-complain/" -i debian/rules
opensuse: opensuse:
stage: build stage: build

6
Justfile
View file

@ -157,7 +157,7 @@ dpkg:
[doc('Build & install apparmor.d on OpenSUSE based systems')] [doc('Build & install apparmor.d on OpenSUSE based systems')]
rpm: rpm:
@bash dists/build.sh rpm @bash dists/build.sh rpm
@sudo rpm -ivh --force {{pkgdest}}/{{pkgname}}-*.rpm @sudo rpm -ivh --force {{pkgdest}}/{{pkgname}}-*.rpm
[group('tests')] [group('tests')]
[doc('Run the unit tests')] [doc('Run the unit tests')]
@ -213,8 +213,8 @@ package dist:
if [[ $dist =~ ubuntu([0-9]+) ]]; then if [[ $dist =~ ubuntu([0-9]+) ]]; then
version="${BASH_REMATCH[1]}.04" version="${BASH_REMATCH[1]}.04"
dist="ubuntu" dist="ubuntu"
elif [[ $dist =~ debian([0-9]+) ]]; then elif [[ $dist == debian ]]; then
version="${BASH_REMATCH[1]}" version="trixie"
dist="debian" dist="debian"
fi fi
bash dists/docker.sh $dist $version bash dists/docker.sh $dist $version

100
Makefile
View file

@ -1,100 +0,0 @@
#!/usr/bin/make -f
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
DESTDIR ?= /
BUILD ?= .build
PKGDEST ?= ${PWD}/.pkg
PKGNAME := apparmor.d
PROFILES = $(filter-out dpkg,$(notdir $(wildcard ${BUILD}/apparmor.d/*)))
.PHONY: all
all: build
@./${BUILD}/prebuild --complain
.PHONY: build
build:
@go build -o ${BUILD}/ ./cmd/aa-log
@go build -o ${BUILD}/ ./cmd/prebuild
.PHONY: enforce
enforce: build
@./${BUILD}/prebuild
.PHONY: fsp
fsp: build
@./${BUILD}/prebuild --full
.PHONY: fsp-complain
fsp-complain: build
@./${BUILD}/prebuild --complain --full
.PHONY: install
install:
@install -Dm0755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@for file in $(shell find "${BUILD}/share" -type f -not -name "*.md" -printf "%P\n"); do \
install -Dm0644 "${BUILD}/share/$${file}" "${DESTDIR}/usr/share/$${file}"; \
done;
@for file in $(shell find "${BUILD}/apparmor.d" -type f -printf "%P\n"); do \
install -Dm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@for file in $(shell find "${BUILD}/apparmor.d" -type l -printf "%P\n"); do \
mkdir -p "${DESTDIR}/etc/apparmor.d/disable"; \
cp -d "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@for file in ${BUILD}/systemd/system/*; do \
service="$$(basename "$$file")"; \
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/system/$${service}.d/apparmor.conf"; \
done;
@for file in ${BUILD}/systemd/user/*; do \
service="$$(basename "$$file")"; \
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
done
.PHONY: $(PROFILES)
$(PROFILES):
@install -Dm0755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@for file in $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n"); do \
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
done;
@for file in $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n"); do \
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
done;
@echo "Warning: profile dependencies fallback to unconfined."
@for file in ${@}; do \
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@systemctl restart apparmor || sudo journalctl -xeu apparmor.service
.PHONY: dev
name ?=
dev:
@go run ./cmd/prebuild --complain --file $(shell find apparmor.d -iname ${name})
@sudo install -Dm644 ${BUILD}/apparmor.d/${name} /etc/apparmor.d/${name}
@sudo systemctl restart apparmor || sudo journalctl -xeu apparmor.service
.PHONY: pkg
pkg:
@makepkg --syncdeps --install --cleanbuild --force --noconfirm
.PHONY: dpkg
dpkg:
@bash dists/build.sh dpkg
@sudo dpkg -i ${PKGDEST}/${PKGNAME}_*.deb
.PHONY: rpm
rpm:
@bash dists/build.sh rpm
@sudo rpm -ivh --force ${PKGDEST}/${PKGNAME}-*.rpm
.PHONY: check
check:
@bash tests/check.sh
.PHONY: integration
integration:
@bats --recursive --timing --print-output-on-failure tests/integration/

2
debian/apparmor.d.hide vendored
View file

@ -1 +1 @@
# This file is generated by "make", all edit will be lost. # This file is generated by "just", all edit will be lost.

1
debian/control vendored
View file

@ -6,6 +6,7 @@ Build-Depends: debhelper (>= 13.4),
debhelper-compat (= 13), debhelper-compat (= 13),
golang-any, golang-any,
config-package-dev, config-package-dev,
just,
Homepage: https://github.com/roddhjav/apparmor.d Homepage: https://github.com/roddhjav/apparmor.d
Vcs-Browser: https://github.com/roddhjav/apparmor.d Vcs-Browser: https://github.com/roddhjav/apparmor.d
Vcs-Git: https://github.com/roddhjav/apparmor.d.git Vcs-Git: https://github.com/roddhjav/apparmor.d.git

8
debian/rules vendored
View file

@ -9,5 +9,9 @@
# golang/1.19 compresses debug symbols itself. # golang/1.19 compresses debug symbols itself.
override_dh_dwz: override_dh_dwz:
# do not run 'make check' by default as it can be long for dev package override_dh_auto_build:
override_dh_auto_test: just complain
override_dh_auto_install:
just destdir="${CURDIR}/debian/apparmor.d" install

5
dists/apparmor.d.spec
View file

@ -15,6 +15,7 @@ URL: https://github.com/roddhjav/apparmor.d
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Requires: apparmor-profiles Requires: apparmor-profiles
BuildRequires: distribution-release BuildRequires: distribution-release
BuildRequires: just
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: apparmor-profiles BuildRequires: apparmor-profiles
@ -25,10 +26,10 @@ AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most
%autosetup %autosetup
%build %build
%make_build just complain
%install %install
%make_install just destdir="%{buildroot}" install
%posttrans %posttrans
rm -f /var/cache/apparmor/* 2>/dev/null rm -f /var/cache/apparmor/* 2>/dev/null

2
dists/build.sh
View file

@ -3,7 +3,7 @@
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
# Usage: make [ dpkg | pkg | rpm ] # Usage: just [ dpkg | pkg | rpm ]
set -eu -o pipefail set -eu -o pipefail

2
dists/ignore/main.ignore
View file

@ -2,7 +2,7 @@
# File format: one ignore by line, it can be a profile name or a directory to ignore # File format: one ignore by line, it can be a profile name or a directory to ignore
# Contains profiles and configuration for full system confinement, only included # Contains profiles and configuration for full system confinement, only included
# when built with 'make full' # when built with 'just fsp'
apparmor.d/groups/_full apparmor.d/groups/_full
# Provided by other packages # Provided by other packages

2
docs/development/build.md
View file

@ -2,7 +2,7 @@
title: Building the profiles title: Building the profiles
--- ---
The profiles in `apparmor.d` must not be used directly. They need to be prebuilt (by running `make`). This page documents all possibles prebuild tasks. It is not intended to be read by end user, and it is only targeted at developers and maintainers. The profiles in `apparmor.d` must not be used directly. They need to be prebuilt (by running `just complain`). This page documents all possibles prebuild tasks. It is not intended to be read by end user, and it is only targeted at developers and maintainers.
The build system is fully configurable, general usage can be seen with: The build system is fully configurable, general usage can be seen with:
```sh ```sh

2
docs/development/roadmap.md
View file

@ -29,7 +29,7 @@ This is the current list of features that must be implemented to get to a stable
- [ ] Provide packages repo for ubuntu/debian - [ ] Provide packages repo for ubuntu/debian
- [ ] Provide complain/enforced packages version - [ ] Provide complain/enforced packages version
- [x] Add a `just` target to install the profiles in the right place - [x] Add a `just` target to install the profiles in the right place
- [ ] Fully drop the Makefile in favor of `just` - [x] Fully drop the Makefile in favor of `just`
## Next features ## Next features

6
docs/development/tests.md
View file

@ -6,12 +6,12 @@ Misconfigured AppArmor profiles is one of the most effective ways to break someo
**Current** **Current**
- [x] **[Build:](https://gitlab.com/roddhjav/apparmor.d/-/pipelines)** `make` - [x] **[Build:](https://gitlab.com/roddhjav/apparmor.d/-/pipelines)** `just complain`
- Build the profiles for all supported distributions. - Build the profiles for all supported distributions.
- All CI jobs validate the profiles syntax and ensure they can be safely loaded into a kernel. - All CI jobs validate the profiles syntax and ensure they can be safely loaded into a kernel.
- Ensure the profile entry point (`@{exec_path}`) is defined. - Ensure the profile entry point (`@{exec_path}`) is defined.
- [x] **[Checks:](https://github.com/roddhjav/apparmor.d/blob/main/tests/check.sh)** `make check` checks basic style of profiles: - [x] **[Checks:](https://github.com/roddhjav/apparmor.d/blob/main/tests/check.sh)** `just check` checks basic style of profiles:
- Ensure apparmor.d header & licence - Ensure apparmor.d header & licence
- Ensure 2 spaces indentation - Ensure 2 spaces indentation
- Ensure local include for profile and subprofiles - Ensure local include for profile and subprofiles
@ -19,7 +19,7 @@ Misconfigured AppArmor profiles is one of the most effective ways to break someo
- Ensure modern profile naming - Ensure modern profile naming
- Ensure `vim:syntax=apparmor` - Ensure `vim:syntax=apparmor`
- [x] **[Integration Tests:](integration.md)** `just integration <dist> <flavor>` - [x] **[Integration Tests:](integration.md)** `just test-run <dist> <flavor>`
- Run simple CLI commands to ensure no logs are raised. - Run simple CLI commands to ensure no logs are raised.
- Uses the [bats](https://github.com/bats-core/bats-core) test system. - Uses the [bats](https://github.com/bats-core/bats-core) test system.
- Run in the Github Action as well as in all local [test VM](vm.md). - Run in the Github Action as well as in all local [test VM](vm.md).

14
docs/development/workflow.md
View file

@ -57,7 +57,7 @@ profile foo @{exec_path} {
## Development Install ## Development Install
It is not recommended installing the full project *"manually"* (with `make`, `sudo make install`). The distribution specific packages are intended to be used in development as they include additional rule to ensure compatibility with upstream (see `debian/`, `PKGBUILD` and `dists/apparmor.d.spec`). It is not recommended installing the full project *"manually"* (with `just complain`, `sudo just install`). The distribution specific packages are intended to be used in development as they include additional rule to ensure compatibility with upstream (see `debian/`, `PKGBUILD` and `dists/apparmor.d.spec`).
Instead, install an individual profile or the development package, the following way. Instead, install an individual profile or the development package, the following way.
@ -66,25 +66,25 @@ Instead, install an individual profile or the development package, the following
=== ":material-arch: Archlinux" === ":material-arch: Archlinux"
```sh ```sh
make pkg just pkg
``` ```
=== ":material-ubuntu: Ubuntu" === ":material-ubuntu: Ubuntu"
```sh ```sh
make dpkg just dpkg
``` ```
=== ":material-debian: Debian" === ":material-debian: Debian"
```sh ```sh
make dpkg just dpkg
``` ```
=== ":simple-suse: openSUSE" === ":simple-suse: openSUSE"
```sh ```sh
make rpm just rpm
``` ```
=== ":material-docker: Docker" === ":material-docker: Docker"
@ -102,7 +102,7 @@ Instead, install an individual profile or the development package, the following
**Format** **Format**
```sh ```sh
make dev name=<profile-name> just dev <profile-name>
``` ```
**Exampe** **Exampe**
@ -110,7 +110,7 @@ make dev name=<profile-name>
: Testing the profile `pass` : Testing the profile `pass`
``` ```
make dev name=pass just dev pass
``` ```
This: This:

44
docs/enforce.md
View file

@ -13,50 +13,56 @@ The default package configuration installs all profiles in *complain* mode. This
=== ":material-arch: Archlinux" === ":material-arch: Archlinux"
In the `PKGBUILD`, replace `make` by `make enforce`: In the `PKGBUILD`, replace `just complain` by `just enforce`:
```diff ```diff
- make DISTRIBUTION=arch - just complain
+ make enforce DISTRIBUTION=arch + just enforce
``` ```
Then, build the package with: `make pkg` Then, build the package with: `just pkg`
=== ":material-ubuntu: Ubuntu" === ":material-ubuntu: Ubuntu"
In `debian/rules`, add the following lines: In `debian/rules`, replace `just complain` by `just enforce`:
```make ```diff
override_dh_auto_build: override_dh_auto_build:
make enforce - just complain
override_dh_auto_build:
+ just enforce
``` ```
Then, build the package with: `make dpkg` Then, build the package with: `just dpkg`
=== ":material-debian: Debian" === ":material-debian: Debian"
In `debian/rules`, add the following lines: In `debian/rules`, replace `just complain` by `just enforce`:
```make ```diff
override_dh_auto_build: override_dh_auto_build:
make enforce - just complain
override_dh_auto_build:
+ just enforce
``` ```
Then, build the package with: `make dpkg` Then, build the package with: `just dpkg`
=== ":simple-suse: openSUSE" === ":simple-suse: openSUSE"
In `dists/apparmor.d.spec`, replace `%make_build` by `%make_build enforce` In `dists/apparmor.d.spec`, replace `just complain` by `just enforce`:
```diff ```diff
- %make_build %build
+ %make_build enforce - just complain
%build
+ just enforce
``` ```
Then, build the package with: `make rpm` Then, build the package with: `just rpm`
=== ":material-home: Partial Install" === ":material-home: Partial Install"
Use the `make enforce` command to build instead of `make` Use the `just enforce` command to build instead of `just complain`
[aur]: https://aur.archlinux.org/packages/apparmor.d-git [aur]: https://aur.archlinux.org/packages/apparmor.d-git

42
docs/full-system-policy.md
View file

@ -35,7 +35,7 @@ Particularly:
## Installation ## Installation
This feature is only enabled when the project is built with `make full`. [Early policy](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorInSystemd#early-policy-loads) load **must** also be enabled. Once `apparmor.d` has been installed in FSP mode, it is required to reboot to apply the changes. This feature is only enabled when the project is built with `just fsp`. [Early policy](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorInSystemd#early-policy-loads) load **must** also be enabled. Once `apparmor.d` has been installed in FSP mode, it is required to reboot to apply the changes.
In `/etc/apparmor/parser.conf` ensure you have: In `/etc/apparmor/parser.conf` ensure you have:
``` ```
@ -46,51 +46,57 @@ Optimize=compress-fast
=== ":material-arch: Archlinux" === ":material-arch: Archlinux"
In `PKGBUILD`, replace `make` by `make fsp`: In `PKGBUILD`, replace `just complain` by `just fsp-complain`:
```diff ```diff
- make - just complain
+ make fsp + just fsp-complain
``` ```
Then, build the package with: `make pkg` Then, build the package with: `just pkg`
=== ":material-ubuntu: Ubuntu" === ":material-ubuntu: Ubuntu"
In `debian/rules`, add the following lines: In `debian/rules`, replace `just complain` by `just fsp-complain`:
```make ```make
override_dh_auto_build: override_dh_auto_build:
make fsp - just complain
override_dh_auto_build:
+ just fsp-complain
``` ```
Then, build the package with: `make dpkg` Then, build the package with: `just dpkg`
=== ":material-debian: Debian" === ":material-debian: Debian"
In `debian/rules`, add the following lines: In `debian/rules`, replace `just complain` by `just fsp-complain`:
```make ```make
override_dh_auto_build: override_dh_auto_build:
make fsp - just complain
override_dh_auto_build:
+ just fsp-complain
``` ```
Then, build the package with: `make dpkg` Then, build the package with: `just dpkg`
=== ":simple-suse: openSUSE" === ":simple-suse: openSUSE"
In `dists/apparmor.d.spec`, replace `%make_build` by `%make_build fsp` In `dists/apparmor.d.spec`, replace `just complain` by `just fsp-complain`:
```diff ```diff
- %make_build %build
+ %make_build fsp - just complain
%build
+ just fsp-complain
``` ```
Then, build the package with: `make rpm` Then, build the package with: `just rpm`
=== ":material-home: Partial Install" === ":material-home: Partial Install"
Use the `make fsp` command to build instead of `make` Use the `just fsp-complain` command to build instead of `just complain`
## Structure ## Structure

19
docs/install.md
View file

@ -84,7 +84,7 @@ echo 'Optimize=compress-fast' | sudo tee -a /etc/apparmor/parser.conf
If you have `devscripts` installed, you can use the one liner: If you have `devscripts` installed, you can use the one liner:
```sh ```sh
make dpkg just dpkg
``` ```
!!! warning !!! warning
@ -110,19 +110,26 @@ echo 'Optimize=compress-fast' | sudo tee -a /etc/apparmor/parser.conf
If you have `devscripts` installed, you can use the one liner: If you have `devscripts` installed, you can use the one liner:
```sh ```sh
make dpkg just dpkg
``` ```
!!! note !!! note
You may need golang from the backports repository to build: **Debian 12 user will need to:**
1. Install Golang from the backports repository:
```sh ```sh
echo 'deb http://deb.debian.org/debian bookworm-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list echo 'deb http://deb.debian.org/debian bookworm-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list
sudo apt update sudo apt update
sudo apt install -t bookworm-backports golang-go sudo apt install -t bookworm-backports golang-go
``` ```
2. Install [just](https://github.com/casey/just) locally, and ignore the dependence. E.g:
```sh
pipx install rust-just
sed '/just/d' -i debian/control
```
!!! warning !!! warning
**Beware**: do not install a `.deb` made for Ubuntu on Debian as the packages are different. **Beware**: do not install a `.deb` made for Ubuntu on Debian as the packages are different.
@ -144,15 +151,15 @@ echo 'Optimize=compress-fast' | sudo tee -a /etc/apparmor/parser.conf
For test purposes, you can install specific profiles with the following commands. Abstractions, tunable, and most of the OS dependent post-processing is managed. For test purposes, you can install specific profiles with the following commands. Abstractions, tunable, and most of the OS dependent post-processing is managed.
```sh ```sh
make just complain
sudo make profile-names... sudo just local profile-names...
``` ```
!!! warning !!! warning
Partial installation is discouraged because profile dependencies are not fetched. To prevent some AppArmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77)) Partial installation is discouraged because profile dependencies are not fetched. To prevent some AppArmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
For instance, `sudo make pass` gives: For instance, `sudo just local pass` gives:
```sh ```sh
Warning: profile dependencies fallback to unconfined. Warning: profile dependencies fallback to unconfined.
@{bin}/wl-{copy,paste} rPx, @{bin}/wl-{copy,paste} rPx,

2
tests/check.sh
View file

@ -3,7 +3,7 @@
# Copyright (C) 2024-2025 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2024-2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
# Usage: make check # Usage: just check
# shellcheck disable=SC2044 # shellcheck disable=SC2044
set -eu -o pipefail set -eu -o pipefail

1
tests/cloud-init/archlinux-cosmic.user-data.yml
View file

@ -10,6 +10,7 @@ packages:
# Install usefull core packages # Install usefull core packages
- bash-completion - bash-completion
- just
- git - git
- htop - htop
- man - man

1
tests/cloud-init/archlinux-xfce.user-data.yml
View file

@ -11,6 +11,7 @@ packages:
# Install usefull core packages # Install usefull core packages
- bash-completion - bash-completion
- git - git
- just
- htop - htop
- man - man
- pass - pass

2
tests/cloud-init/opensuse.yml
View file

@ -9,7 +9,7 @@ core-packages: &core-packages
- go - go
- golang-packaging - golang-packaging
- htop - htop
- make - just
- rpmbuild - rpmbuild
- rsync - rsync
- vim - vim

6
tests/packer/src/aa-update
View file

@ -13,15 +13,15 @@ DISTRIBUTION="$(_lsb_release)"
cd "$HOME/Projects/apparmor.d" cd "$HOME/Projects/apparmor.d"
case "$DISTRIBUTION" in case "$DISTRIBUTION" in
arch) arch)
make pkg just pkg
;; ;;
debian | ubuntu | whonix) debian | ubuntu | whonix)
sudo rm -rf debian/.debhelper/ sudo rm -rf debian/.debhelper/
make dpkg just dpkg
sudo rm -rf debian/.debhelper/ sudo rm -rf debian/.debhelper/
;; ;;
opensuse*) opensuse*)
make rpm just rpm
;; ;;
*) ;; *) ;;
esac esac