felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build: generalise the use of apparmor version during the build.

Browse source
This commit is contained in:
Alexandre Pujol 2025-03-30 17:06:00 +02:00
parent d3e9a7ec70
commit baa3f8f639
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
5 changed files with 39 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

23
cmd/prebuild/main.go
View file

@ -18,6 +18,9 @@ func init() {
// Define the default ABI // Define the default ABI
prebuild.ABI = 4 prebuild.ABI = 4
// Define the default version
prebuild.Version = 4.0
// Define the tasks applied by default // Define the tasks applied by default
prepare.Register( prepare.Register(
"synchronise", // Initialize a new clean apparmor.d build directory "synchronise", // Initialize a new clean apparmor.d build directory
@ -40,15 +43,31 @@ func init() {
case "arch": case "arch":
case "ubuntu": case "ubuntu":
if !slices.Contains([]string{"noble"}, prebuild.Release["VERSION_CODENAME"]) { switch prebuild.Release["VERSION_CODENAME"] {
case "jammy":
prebuild.ABI = 3 prebuild.ABI = 3
prebuild.Version = 3.0
case "noble", "oracular":
prebuild.ABI = 4
prebuild.Version = 4.0
case "plucky":
prebuild.ABI = 4
prebuild.Version = 4.1
} }
case "debian": case "debian":
prebuild.ABI = 3 switch prebuild.Release["VERSION_CODENAME"] {
case "bookworm":
prebuild.ABI = 3
prebuild.Version = 3.0
case "trixie", "sid":
prebuild.ABI = 4
prebuild.Version = 4.1
}
case "whonix": case "whonix":
prebuild.ABI = 3 prebuild.ABI = 3
prebuild.Version = 3.0
// Hide rewrittem Whonix profiles // Hide rewrittem Whonix profiles
prebuild.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure prebuild.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure

15
pkg/prebuild/cli/cli.go
View file

@ -18,9 +18,9 @@ import (
) )
const ( const (
nilABI uint = 0 nilABI uint = 0
nilVer = "4.0" nilVer float64 = 0.0
usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] [--version V] [--file FILE] usage = `aa-prebuild [-h] [--complain | --enforce] [--full] [--abi 3|4] [--version V] [--file FILE]
Prebuild apparmor.d profiles for a given distribution and apply Prebuild apparmor.d profiles for a given distribution and apply
internal built-in directives. internal built-in directives.
@ -42,7 +42,7 @@ var (
enforce bool enforce bool
full bool full bool
abi uint abi uint
version string version float64
file string file string
) )
@ -57,8 +57,8 @@ func init() {
flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.") flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.")
flag.UintVar(&abi, "a", nilABI, "Target apparmor ABI.") flag.UintVar(&abi, "a", nilABI, "Target apparmor ABI.")
flag.UintVar(&abi, "abi", nilABI, "Target apparmor ABI.") flag.UintVar(&abi, "abi", nilABI, "Target apparmor ABI.")
flag.StringVar(&version, "v", nilVer, "Target apparmor version.") flag.Float64Var(&version, "v", nilVer, "Target apparmor version.")
flag.StringVar(&version, "version", nilVer, "Target apparmor version.") flag.Float64Var(&version, "version", nilVer, "Target apparmor version.")
flag.StringVar(&file, "F", "", "Only prebuild a given file.") flag.StringVar(&file, "F", "", "Only prebuild a given file.")
flag.StringVar(&file, "file", "", "Only prebuild a given file.") flag.StringVar(&file, "file", "", "Only prebuild a given file.")
} }
@ -115,6 +115,9 @@ func Configure() {
func Prebuild() { func Prebuild() {
logging.Step("Building apparmor.d profiles for %s on ABI%d.", prebuild.Distribution, prebuild.ABI) logging.Step("Building apparmor.d profiles for %s on ABI%d.", prebuild.Distribution, prebuild.ABI)
if prebuild.Version != nilVer {
logging.Success("AppArmor version targeted: %.1f", prebuild.Version)
}
if err := Prepare(); err != nil { if err := Prepare(); err != nil {
logging.Fatal("%s", err.Error()) logging.Fatal("%s", err.Error())
} }

2
pkg/prebuild/directive/filter.go
View file

@ -43,7 +43,7 @@ func filterRuleForUs(opt *Option) bool {
if slices.Contains(opt.ArgList, abiStr) { if slices.Contains(opt.ArgList, abiStr) {
return true return true
} }
versionStr := fmt.Sprintf("apparmor%s", prebuild.Version) versionStr := fmt.Sprintf("apparmor%.1f", prebuild.Version)
if slices.Contains(opt.ArgList, versionStr) { if slices.Contains(opt.ArgList, versionStr) {
return true return true
} }

2
pkg/prebuild/directories.go
View file

@ -11,7 +11,7 @@ var (
ABI uint = 0 ABI uint = 0
// AppArmor version // AppArmor version
Version string = "4.0" Version float64 = 4.0
// Pkgname is the name of the package // Pkgname is the name of the package
Pkgname string = "apparmor.d" Pkgname string = "apparmor.d"

12
pkg/prebuild/prepare/configure.go
View file

@ -35,7 +35,7 @@ func (p Configure) Apply() ([]string, error) {
return res, err return res, err
} }
if prebuild.ABI == 3 { if prebuild.Version < 3.0 {
if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil { if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
return res, err return res, err
} }
@ -46,9 +46,11 @@ func (p Configure) Apply() ([]string, error) {
return res, err return res, err
} }
// Copy Debian specific abstractions if prebuild.Version < 4.1 {
if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil { // Copy Debian specific abstractions
return res, err if err := paths.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
return res, err
}
} }
default: default:
@ -56,7 +58,7 @@ func (p Configure) Apply() ([]string, error) {
} }
if prebuild.Version == "4.1" { if prebuild.Version == 4.1 {
// Remove files upstreamed in 4.1 // Remove files upstreamed in 4.1
remove := []string{ remove := []string{
"abstractions/devices-usb-read", "abstractions/devices-usb-read",