From b2910ae59329af14143c384c307cbe7f42a47665 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Mon, 21 Jul 2025 22:22:13 +0200 Subject: [PATCH] tests(check): add support for '#aa:lint ignore' inline directive to disable linting. --- pkg/prebuild/directive/core.go | 3 +++ tests/check.sh | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/pkg/prebuild/directive/core.go b/pkg/prebuild/directive/core.go index 6138eec0c..cde9470dc 100644 --- a/pkg/prebuild/directive/core.go +++ b/pkg/prebuild/directive/core.go @@ -106,6 +106,9 @@ func Run(file *paths.Path, profile string) (string, error) { opt := NewOption(file, match) drtv, ok := Directives[opt.Name] if !ok { + if opt.Name == "lint" { + continue + } return "", fmt.Errorf("unknown directive '%s' in %s", opt.Name, opt.File) } profile, err = drtv.Apply(opt, profile) diff --git a/tests/check.sh b/tests/check.sh index 8b847db6f..39d7f8158 100644 --- a/tests/check.sh +++ b/tests/check.sh @@ -51,12 +51,24 @@ _wait() { fi } +readonly _IGNORE_LINT="#aa:lint ignore" +_ignore_lint() { + local line="$1" + if [[ "$line" == *"$_IGNORE_LINT"* ]]; then + return 0 + fi + return 1 +} + _check() { local file="$1" local line_number=0 while IFS= read -r line; do line_number=$((line_number + 1)) + if _ignore_lint "$line"; then + continue + fi # Rules checks _check_abstractions @@ -339,7 +351,10 @@ check_sbin() { jobs=0 for name in "${sbin[@]}"; do ( - mapfile -t files < <(grep --line-number --recursive -E "(^|[[:space:]])@{bin}/$name([[:space:]]|$)" apparmor.d | cut -d: -f1,2) + mapfile -t files < <( + grep --line-number --recursive -P "(^|[[:space:]])@{bin}/$name([[:space:]]|$)(?!.*$_IGNORE_LINT)" apparmor.d | + cut -d: -f1,2 + ) for file in "${files[@]}"; do _err compatibility "$file" "contains '@{bin}/$name' instead of '@{sbin}/$name'" done