build: generalise the use of apparmor version during the build.
This commit is contained in:
Alexandre Pujol
parent
d3e9a7ec70
commit
baa3f8f639
5 changed files with 39 additions and 15 deletions
|
|
@ -18,6 +18,9 @@ func init() {
|
|||
// Define the default ABI
|
||||
prebuild.ABI = 4
|
||||
|
||||
// Define the default version
|
||||
prebuild.Version = 4.0
|
||||
|
||||
// Define the tasks applied by default
|
||||
prepare.Register(
|
||||
"synchronise", // Initialize a new clean apparmor.d build directory
|
||||
|
|
@ -40,15 +43,31 @@ func init() {
|
|||
case "arch":
|
||||
|
||||
case "ubuntu":
|
||||
if !slices.Contains([]string{"noble"}, prebuild.Release["VERSION_CODENAME"]) {
|
||||
switch prebuild.Release["VERSION_CODENAME"] {
|
||||
case "jammy":
|
||||
prebuild.ABI = 3
|
||||
prebuild.Version = 3.0
|
||||
case "noble", "oracular":
|
||||
prebuild.ABI = 4
|
||||
prebuild.Version = 4.0
|
||||
case "plucky":
|
||||
prebuild.ABI = 4
|
||||
prebuild.Version = 4.1
|
||||
}
|
||||
|
||||
case "debian":
|
||||
prebuild.ABI = 3
|
||||
switch prebuild.Release["VERSION_CODENAME"] {
|
||||
case "bookworm":
|
||||
prebuild.ABI = 3
|
||||
prebuild.Version = 3.0
|
||||
case "trixie", "sid":
|
||||
prebuild.ABI = 4
|
||||
prebuild.Version = 4.1
|
||||
}
|
||||
|
||||
case "whonix":
|
||||
prebuild.ABI = 3
|
||||
prebuild.Version = 3.0
|
||||
|
||||
// Hide rewrittem Whonix profiles
|
||||
prebuild.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
nilABI uint = 0
|
||||
nilVer = "4.0"
|
||||
usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] [--version V] [--file FILE]
|
||||
nilABI uint = 0
|
||||
nilVer float64 = 0.0
|
||||
usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] [--version V] [--file FILE]
|
||||
|
||||
Prebuild apparmor.d profiles for a given distribution and apply
|
||||
internal built-in directives.
|
||||
|
|
@ -42,7 +42,7 @@ var (
|
|||
enforce bool
|
||||
full bool
|
||||
abi uint
|
||||
version string
|
||||
version float64
|
||||
file string
|
||||
)
|
||||
|
||||
|
|
@ -57,8 +57,8 @@ func init() {
|
|||
flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.")
|
||||
flag.UintVar(&abi, "a", nilABI, "Target apparmor ABI.")
|
||||
flag.UintVar(&abi, "abi", nilABI, "Target apparmor ABI.")
|
||||
flag.StringVar(&version, "v", nilVer, "Target apparmor version.")
|
||||
flag.StringVar(&version, "version", nilVer, "Target apparmor version.")
|
||||
flag.Float64Var(&version, "v", nilVer, "Target apparmor version.")
|
||||
flag.Float64Var(&version, "version", nilVer, "Target apparmor version.")
|
||||
flag.StringVar(&file, "F", "", "Only prebuild a given file.")
|
||||
flag.StringVar(&file, "file", "", "Only prebuild a given file.")
|
||||
}
|
||||
|
|
@ -115,6 +115,9 @@ func Configure() {
|
|||
|
||||
func Prebuild() {
|
||||
logging.Step("Building apparmor.d profiles for %s on ABI%d.", prebuild.Distribution, prebuild.ABI)
|
||||
if prebuild.Version != nilVer {
|
||||
logging.Success("AppArmor version targeted: %.1f", prebuild.Version)
|
||||
}
|
||||
if err := Prepare(); err != nil {
|
||||
logging.Fatal("%s", err.Error())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ func filterRuleForUs(opt *Option) bool {
|
|||
if slices.Contains(opt.ArgList, abiStr) {
|
||||
return true
|
||||
}
|
||||
versionStr := fmt.Sprintf("apparmor%s", prebuild.Version)
|
||||
versionStr := fmt.Sprintf("apparmor%.1f", prebuild.Version)
|
||||
if slices.Contains(opt.ArgList, versionStr) {
|
||||
return true
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ var (
|
|||
ABI uint = 0
|
||||
|
||||
// AppArmor version
|
||||
Version string = "4.0"
|
||||
Version float64 = 4.0
|
||||
|
||||
// Pkgname is the name of the package
|
||||
Pkgname string = "apparmor.d"
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ func (p Configure) Apply() ([]string, error) {
|
|||
return res, err
|
||||
}
|
||||
|
||||
if prebuild.ABI == 3 {
|
||||
if prebuild.Version < 3.0 {
|
||||
if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
|
@ -46,9 +46,11 @@ func (p Configure) Apply() ([]string, error) {
|
|||
return res, err
|
||||
}
|
||||
|
||||
// Copy Debian specific abstractions
|
||||
if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
|
||||
return res, err
|
||||
if prebuild.Version < 4.1 {
|
||||
// Copy Debian specific abstractions
|
||||
if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
default:
|
||||
|
|
@ -56,7 +58,7 @@ func (p Configure) Apply() ([]string, error) {
|
|||
|
||||
}
|
||||
|
||||
if prebuild.Version == "4.1" {
|
||||
if prebuild.Version == 4.1 {
|
||||
// Remove files upstreamed in 4.1
|
||||
remove := []string{
|
||||
"abstractions/devices-usb-read",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue