diff --git a/debian/apparmor.d.displace b/debian/apparmor.d.displace deleted file mode 100644 index ae7c01c7d..000000000 --- a/debian/apparmor.d.displace +++ /dev/null @@ -1,5 +0,0 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2021-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -# This file is automatically edited by `make`, all edit will be lost. diff --git a/debian/apparmor.d.displace-extension b/debian/apparmor.d.displace-extension deleted file mode 100644 index 84490da11..000000000 --- a/debian/apparmor.d.displace-extension +++ /dev/null @@ -1 +0,0 @@ -.apparmor.d \ No newline at end of file diff --git a/debian/apparmor.d.hide b/debian/apparmor.d.hide index c6a309e73..20725a133 100644 --- a/debian/apparmor.d.hide +++ b/debian/apparmor.d.hide @@ -1,8 +1 @@ -# apparmor.d - Full set of apparmor profiles -# Copyright (C) 2021-2024 Alexandre Pujol -# SPDX-License-Identifier: GPL-2.0-only - -/etc/apparmor.d/usr.bin.firefox -/etc/apparmor.d/usr.sbin.cups-browsed -/etc/apparmor.d/usr.sbin.cupsd -/etc/apparmor.d/usr.sbin.rsyslogd +# This file is generated by "make", all edit will be lost. diff --git a/dists/displace b/dists/overwrite similarity index 96% rename from dists/displace rename to dists/overwrite index b8e98ec69..fae2102a9 100644 --- a/dists/displace +++ b/dists/overwrite @@ -3,7 +3,7 @@ # them by our own. # File format: one profile name by line. -# This is managed globally in this file and not in debian/apparmor.d.displace as +# This is managed globally in this file and not in debian/apparmor.d.hide as # it applies to all distributions using apparmor 4.0+ brave diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go index 1e211a96e..619255275 100644 --- a/pkg/prebuild/prepare.go +++ b/pkg/prebuild/prepare.go @@ -131,19 +131,17 @@ func Configure() ([]string, error) { case "arch", "opensuse": case "ubuntu": - debianDisplaceClean() - if needDisplace { - filesToDisplace := overwriteProfile(DistDir.Join("displace")) - if err := displaceFiles(filesToDisplace); err != nil { - return res, err - } + debianOverwriteClean() + if overwrite { + profiles := getOverwriteProfiles() + debianOverwrite(profiles) } else { if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil { return res, err } } case "debian", "whonix": - debianDisplaceClean() + debianOverwriteClean() // Copy Debian specific abstractions if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil { diff --git a/pkg/prebuild/tools.go b/pkg/prebuild/tools.go index 058d54455..0844c971c 100644 --- a/pkg/prebuild/tools.go +++ b/pkg/prebuild/tools.go @@ -91,36 +91,44 @@ func copyTo(src *paths.Path, dst *paths.Path) error { return nil } -// Displace files in the package sources -func displaceFiles(files []string) error { +// Overwrite upstream profile: rename our profile & hide upstream +func debianOverwrite(files []string) { const ext = ".apparmor.d" + file, err := paths.New("debian/apparmor.d.hide").Append() + if err != nil { + panic(err) + } for _, name := range files { origin := RootApparmord.Join(name) dest := RootApparmord.Join(name + ext) if err := origin.Rename(dest); err != nil { - return err + panic(err) } - file, err := paths.New("debian/apparmor.d.displace").Append() - if err != nil { - return err - } - if _, err := file.WriteString("/etc/apparmor.d/" + name + ext + "\n"); err != nil { - return err + if _, err := file.WriteString("/etc/apparmor.d/" + name + "\n"); err != nil { + panic(err) } } - return nil } -// Clean the debian/displace file -func debianDisplaceClean() { - if _, err := paths.New("debian/apparmor.d.displace").Create(); err != nil { +// Clean the debian/apparmor.d.hide file +func debianOverwriteClean() { + const debianHide = `# This file is generated by "make", all edit will be lost. + +/etc/apparmor.d/usr.bin.firefox +/etc/apparmor.d/usr.sbin.cups-browsed +/etc/apparmor.d/usr.sbin.cupsd +/etc/apparmor.d/usr.sbin.rsyslogd +` + path := paths.New("debian/apparmor.d.hide") + if err := path.WriteFile([]byte(debianHide)); err != nil { panic(err) } } -func overwriteProfile(path *paths.Path) []string { +// Get the list of upstream profiles to overwrite from dist/overwrite +func getOverwriteProfiles() []string { res := []string{} - lines, err := path.ReadFileAsLines() + lines, err := DistDir.Join("overwrite").ReadFileAsLines() if err != nil { panic(err) }