felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build: ensure the justfile could fully replace the makefile.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-28 20:13:00 +01:00
parent fbb71fb47b
commit 8e2a7e8068
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
3 changed files with 163 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

176
Justfile
View file

@ -17,12 +17,49 @@
# just available # just available
# just clean # just clean
base_dir := home_dir() / ".libvirt/base" # Admin username
username := "user"
# Default admin password
password := "user"
# Disk size of the VM to build
disk_size := "40G"
# Virtual machine CPU
vcpus := "6"
# Virtual machine RAM
ram := "4096"
# Path to the ssh key
ssh_keyname := "id_ed25519"
ssh_privatekey := home_dir() / ".ssh/" + ssh_keyname
ssh_publickey := ssh_privatekey + ".pub"
# Where the VM are stored
vm := home_dir() / ".vm" vm := home_dir() / ".vm"
output := base_dir / "packer"
prefix := "aa-" # Where the VM images are stored
base_dir := home_dir() / ".libvirt/base"
# Where the packer temporary output is stored
output_dir := base_dir / "packer"
# SSH options
sshopt := "-i " + ssh_privatekey + " -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
# Libvirt connection address
c := "--connect=qemu:///system" c := "--connect=qemu:///system"
sshopt := "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
# VM prefix
prefix := "aa-"
# Build setings
destdir := "/"
build := ".build"
pkgdest := `pwd` / ".pkg/dist"
pkgname := "apparmor.d"
[doc('Show this help message')] [doc('Show this help message')]
default: default:
@ -30,6 +67,100 @@ default:
@just --list --unsorted @just --list --unsorted
@echo -e "\nSee https://apparmor.pujol.io/development/vm/ for more information." @echo -e "\nSee https://apparmor.pujol.io/development/vm/ for more information."
[doc('Build the go programs')]
build:
@go build -o {{build}}/ ./cmd/aa-log
@go build -o {{build}}/ ./cmd/prebuild
[doc('Prebuild the profiles in enforced mode')]
enforce: build
@./{{build}}/prebuild
[doc('Prebuild the profiles in complain mode')]
complain: build
@./{{build}}/prebuild --complain
[doc('Prebuild the profiles in FSP mode')]
fsp: build
@./{{build}}/prebuild --complain --full
[doc('Install the profiles')]
install:
#!/usr/bin/env bash
set -eu -o pipefail
install -Dm0755 {{build}}/aa-log {{destdir}}/usr/bin/aa-log
install -Dm0644 systemd/aa-fix.service {{destdir}}/usr/lib/systemd/system/aa-fix.service
for file in $(find "{{build}}/share" -type f -not -name "*.md" -printf "%P\n"); do
install -Dm0644 "{{build}}/share/$file" "{{destdir}}/usr/share/$file"
done
for file in $(find "{{build}}/apparmor.d" -type f -printf "%P\n"); do
install -Dm0644 "{{build}}/apparmor.d/$file" "{{destdir}}/etc/apparmor.d/$file"
done
for file in $(find "{{build}}/apparmor.d" -type l -printf "%P\n"); do
mkdir -p "{{destdir}}/etc/apparmor.d/disable"
cp -d "{{build}}/apparmor.d/$file" "{{destdir}}/etc/apparmor.d/$file"
done
for file in "{{build}}/systemd/system/"*; do
service="$(basename "$file")"
install -Dm0644 "$file" "{{destdir}}/usr/lib/systemd/system/$service.d/apparmor.conf"
done
for file in "{{build}}/systemd/user/"*; do
service="$(basename "$file")"
install -Dm0644 "$file" "{{destdir}}/usr/lib/systemd/user/$service.d/apparmor.conf"
done
[doc('Build & install apparmor.d on Arch based systems')]
pkg:
@makepkg --syncdeps --install --cleanbuild --force --noconfirm
[doc('Build & install apparmor.d on Debian based systems')]
dpkg:
@bash dists/build.sh dpkg
@sudo dpkg -i {{pkgdest}}/{{pkgname}}_*.deb
[doc('Build & install apparmor.d on OpenSUSE based systems')]
rpm:
@bash dists/build.sh rpm
@sudo rpm -ivh --force {{pkgdest}}/{{pkgname}}-*.rpm
[doc('Run the unit tests')]
tests:
@go test ./cmd/... -v -cover -coverprofile=coverage.out
@go test ./pkg/... -v -cover -coverprofile=coverage.out
@go tool cover -func=coverage.out
[doc('Run the linters')]
lint:
golangci-lint run
packer fmt tests/packer/
packer validate --syntax-only tests/packer/
shellcheck --shell=bash \
PKGBUILD dists/build.sh dists/docker.sh tests/check.sh \
tests/packer/init.sh tests/packer/src/aa-update tests/packer/clean.sh \
debian/{{pkgname}}.postinst debian/{{pkgname}}.postrm
[doc('Run style checks on the profiles')]
check:
@bash tests/check.sh
[doc('Generate the man pages')]
man:
@pandoc -t man -s -o share/man/man8/aa-log.8 share/man/man8/aa-log.md
[doc('Build the documentation')]
docs:
@ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=true mkdocs build --strict
[doc('Serve the documentation')]
serve:
@ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=false mkdocs serve
[doc('Remove all build artifacts')]
clean:
@rm -rf \
debian/.debhelper debian/debhelper* debian/*.debhelper debian/{{pkgname}} \
.pkg/{{pkgname}}* {{build}} coverage.out
[doc('Build the apparmor.d package')] [doc('Build the apparmor.d package')]
package dist: package dist:
#!/usr/bin/env bash #!/usr/bin/env bash
@ -37,7 +168,7 @@ package dist:
dist="{{dist}}" dist="{{dist}}"
[[ $dist =~ ubuntu* ]] && dist=ubuntu [[ $dist =~ ubuntu* ]] && dist=ubuntu
[[ $dist =~ debian* ]] && dist=debian [[ $dist =~ debian* ]] && dist=debian
make package dist=$dist bash dists/docker.sh $dist
[doc('Build the image')] [doc('Build the image')]
img dist flavor: (package dist) img dist flavor: (package dist)
@ -46,18 +177,24 @@ img dist flavor: (package dist)
-var dist={{dist}} \ -var dist={{dist}} \
-var flavor={{flavor}} \ -var flavor={{flavor}} \
-var prefix={{prefix}} \ -var prefix={{prefix}} \
-var username={{username}} \
-var password={{password}} \
-var ssh_publickey={{ssh_publickey}} \
-var disk_size={{disk_size}} \
-var cpus={{vcpus}} \
-var ram={{ram}} \
-var base_dir={{base_dir}} \ -var base_dir={{base_dir}} \
-var output={{output}} \ -var output_dir={{output_dir}} \
tests/packer/ tests/packer/
[doc('Create the machine')] [doc('Create the machine')]
vm dist flavor: create dist flavor:
@cp -f {{base_dir}}/{{prefix}}{{dist}}-{{flavor}}.qcow2 {{vm}}/{{prefix}}{{dist}}-{{flavor}}.qcow2 @cp -f {{base_dir}}/{{prefix}}{{dist}}-{{flavor}}.qcow2 {{vm}}/{{prefix}}{{dist}}-{{flavor}}.qcow2
virt-install {{c}} \ @virt-install {{c}} \
--import \ --import \
--name {{prefix}}{{dist}}-{{flavor}} \ --name {{prefix}}{{dist}}-{{flavor}} \
--vcpus 6 \ --vcpus {{vcpus}} \
--ram 4096 \ --ram {{ram}} \
--machine q35 \ --machine q35 \
--boot uefi \ --boot uefi \
--memorybacking source.type=memfd,access.mode=shared \ --memorybacking source.type=memfd,access.mode=shared \
@ -77,6 +214,10 @@ up dist flavor:
halt dist flavor: halt dist flavor:
@virsh {{c}} shutdown {{prefix}}{{dist}}-{{flavor}} @virsh {{c}} shutdown {{prefix}}{{dist}}-{{flavor}}
[doc('Reboot the machine')]
reboot dist flavor:
@virsh {{c}} reboot {{prefix}}{{dist}}-{{flavor}}
[doc('Destroy the machine')] [doc('Destroy the machine')]
destroy dist flavor: destroy dist flavor:
@virsh {{c}} destroy {{prefix}}{{dist}}-{{flavor}} || true @virsh {{c}} destroy {{prefix}}{{dist}}-{{flavor}} || true
@ -85,14 +226,14 @@ destroy dist flavor:
[doc('Connect to the machine')] [doc('Connect to the machine')]
ssh dist flavor: ssh dist flavor:
@ssh {{sshopt}} user@`just get_ip {{dist}} {{flavor}}` @ssh {{sshopt}} {{username}}@`just get_ip {{dist}} {{flavor}}`
[doc('List the machines')] [doc('List the machines')]
list: list:
@echo -e '\033[1m Id Name State\033[0m' @echo -e '\033[1m Id Distribution Flavor State\033[0m'
@virsh {{c}} list --all | grep {{prefix}} @virsh {{c}} list --all | grep {{prefix}} | sed 's/{{prefix}}//g'
[doc('List the machine images')] [doc('List the images')]
images: images:
#!/usr/bin/env bash #!/usr/bin/env bash
set -eu -o pipefail set -eu -o pipefail
@ -133,14 +274,7 @@ integration dist flavor:
@ssh {{sshopt}} user@`just get_ip {{dist}} {{flavor}}` \ @ssh {{sshopt}} user@`just get_ip {{dist}} {{flavor}}` \
@bats --recursive --timing --print-output-on-failure Projects/integration/ @bats --recursive --timing --print-output-on-failure Projects/integration/
[doc('Run the linters')]
lint:
@packer fmt tests/packer/
@packer validate --syntax-only tests/packer/
[doc('Remove the machine images')]
clean:
@rm -fv {{base_dir}}/{{prefix}}*.qcow2
get_ip dist flavor: get_ip dist flavor:
@virsh --quiet --readonly {{c}} domifaddr {{prefix}}{{dist}}-{{flavor}} | \ @virsh --quiet --readonly {{c}} domifaddr {{prefix}}{{dist}}-{{flavor}} | \

4
tests/packer/builds.pkr.hcl
View file

@ -24,7 +24,7 @@ source "qemu" "default" {
disk_compression = true disk_compression = true
disk_detect_zeroes = "unmap" disk_detect_zeroes = "unmap"
disk_discard = "unmap" disk_discard = "unmap"
output_directory = pathexpand(var.output) output_directory = pathexpand(var.output_dir)
vm_name = "${local.name}.qcow2" vm_name = "${local.name}.qcow2"
boot_wait = "10s" boot_wait = "10s"
firmware = pathexpand(var.firmware) firmware = pathexpand(var.firmware)
@ -85,7 +85,7 @@ build {
post-processor "shell-local" { post-processor "shell-local" {
inline = [ inline = [
"mv ${var.output}/${local.name}.qcow2 ${var.base_dir}/${local.name}.qcow2", "mv ${var.output_dir}/${local.name}.qcow2 ${var.base_dir}/${local.name}.qcow2",
] ]
} }

12
tests/packer/variables.pkr.hcl
View file

@ -52,18 +52,18 @@ variable "base_dir" {
default = "~/.libvirt/base" default = "~/.libvirt/base"
} }
variable "output_dir" {
description = "Output build directory"
type = string
default = "~/.libvirt/base/packer"
}
variable "firmware" { variable "firmware" {
description = "Path to the UEFI firmware" description = "Path to the UEFI firmware"
type = string type = string
default = "/usr/share/edk2/x64/OVMF.4m.fd" default = "/usr/share/edk2/x64/OVMF.4m.fd"
} }
variable "output" {
description = "Output build directory"
type = string
default = "/tmp/packer"
}
variable "prefix" { variable "prefix" {
description = "Image name prefix" description = "Image name prefix"
type = string type = string