apparmor.d/cmd/prebuild/main.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package main

import (
	"flag"
	"fmt"
	"os"

	"github.com/roddhjav/apparmor.d/pkg/logging"
	oss "github.com/roddhjav/apparmor.d/pkg/os"
	"github.com/roddhjav/apparmor.d/pkg/prebuild"
	"github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
)

const usage = `prebuild [-h] [--full] [--complain | --enforce] [profiles...]

    Prebuild apparmor.d profiles for a given distribution and apply
    internal built-in directives.

Options:
    -h, --help      Show this help message and exit.
    -f, --full      Set AppArmor for full system policy.
    -c, --complain  Set complain flag on all profiles.
    -e, --enforce   Set enforce flag on all profiles.
        --abi4      Convert the profiles to Apparmor abi/4.0.

Directives:
`

var (
	help     bool
	full     bool
	complain bool
	enforce  bool
	abi4     bool
)

func init() {
	flag.BoolVar(&help, "h", false, "Show this help message and exit.")
	flag.BoolVar(&help, "help", false, "Show this help message and exit.")
	flag.BoolVar(&full, "f", false, "Set AppArmor for full system policy.")
	flag.BoolVar(&full, "full", false, "Set AppArmor for full system policy.")
	flag.BoolVar(&complain, "c", false, "Set complain flag on all profiles.")
	flag.BoolVar(&complain, "complain", false, "Set complain flag on all profiles.")
	flag.BoolVar(&enforce, "e", false, "Set enforce flag on all profiles.")
	flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.")
	flag.BoolVar(&abi4, "abi4", false, "Convert the profiles to Apparmor abi/4.0.")
}

func aaPrebuild() error {
	logging.Step("Building apparmor.d profiles for %s.", oss.Distribution)

	if full {
		prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)
		prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)
	} else {
		prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)
	}

	if complain {
		prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)
	} else if enforce {
		prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)
	}

	if abi4 {
		prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)
	}

	if err := prebuild.Prepare(); err != nil {
		return err
	}
	return prebuild.Build()
}

func main() {
	flag.Usage = func() {
		res := usage
		for _, d := range directive.Directives {
			res += `    ` + d.Usage() + "\n"
		}
		fmt.Print(res)
	}
	flag.Parse()
	if help {
		flag.Usage()
		os.Exit(0)
	}
	if err := aaPrebuild(); err != nil {
		logging.Fatal(err.Error())
	}
}
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`// apparmor.d - Full set of apparmor profiles`
chore: add missing and update copyright year. 2024-02-07 00:16:21 +01:00			`// Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`// SPDX-License-Identifier: GPL-2.0-only`

			`package main`

			`import (`
			`"flag"`
			`"fmt"`
			`"os"`

			`"github.com/roddhjav/apparmor.d/pkg/logging"`
refractor(build): move os logic to its own module. 2024-03-21 19:58:32 +01:00			`oss "github.com/roddhjav/apparmor.d/pkg/os"`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`"github.com/roddhjav/apparmor.d/pkg/prebuild"`
build: prepare new structure for directives. 2024-03-21 21:36:41 +01:00			`"github.com/roddhjav/apparmor.d/pkg/prebuild/directive"`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`)`

build: prepare new structure for directives. 2024-03-21 21:36:41 +01:00			const usage = `prebuild [-h] [--full] [--complain \| --enforce] [profiles...]
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00
build: prepare new structure for directives. 2024-03-21 21:36:41 +01:00			`Prebuild apparmor.d profiles for a given distribution and apply`
			`internal built-in directives.`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00
			`Options:`
			`-h, --help Show this help message and exit.`
			`-f, --full Set AppArmor for full system policy.`
			`-c, --complain Set complain flag on all profiles.`
build: add the ability to set enforce all profiles. Do not do that!!! It forces ALL profiles in enforce mode. 2023-09-05 20:44:36 +02:00			`-e, --enforce Set enforce flag on all profiles.`
build: add a --abi4 build flags. convert the profiles to Apparmor abi/4.0 2023-12-16 00:34:32 +01:00			`--abi4 Convert the profiles to Apparmor abi/4.0.`
build: prepare new structure for directives. 2024-03-21 21:36:41 +01:00
			`Directives:`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`

			`var (`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`help bool`
			`full bool`
			`complain bool`
build: add the ability to set enforce all profiles. Do not do that!!! It forces ALL profiles in enforce mode. 2023-09-05 20:44:36 +02:00			`enforce bool`
build: add a --abi4 build flags. convert the profiles to Apparmor abi/4.0 2023-12-16 00:34:32 +01:00			`abi4 bool`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`)`

			`func init() {`
			`flag.BoolVar(&help, "h", false, "Show this help message and exit.")`
			`flag.BoolVar(&help, "help", false, "Show this help message and exit.")`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`flag.BoolVar(&full, "f", false, "Set AppArmor for full system policy.")`
			`flag.BoolVar(&full, "full", false, "Set AppArmor for full system policy.")`
			`flag.BoolVar(&complain, "c", false, "Set complain flag on all profiles.")`
			`flag.BoolVar(&complain, "complain", false, "Set complain flag on all profiles.")`
build: add the ability to set enforce all profiles. Do not do that!!! It forces ALL profiles in enforce mode. 2023-09-05 20:44:36 +02:00			`flag.BoolVar(&enforce, "e", false, "Set enforce flag on all profiles.")`
			`flag.BoolVar(&enforce, "enforce", false, "Set enforce flag on all profiles.")`
build: add a --abi4 build flags. convert the profiles to Apparmor abi/4.0 2023-12-16 00:34:32 +01:00			`flag.BoolVar(&abi4, "abi4", false, "Convert the profiles to Apparmor abi/4.0.")`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`}`

			`func aaPrebuild() error {`
refractor(build): move os logic to its own module. 2024-03-21 19:58:32 +01:00			`logging.Step("Building apparmor.d profiles for %s.", oss.Distribution)`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`if full {`
			`prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy)`
build: enforce the use on the default profile on full mode. 2023-11-22 21:52:25 +01:00			`prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy)`
refractor: move default systemd drop in files. 2023-11-19 15:20:14 +01:00			`} else {`
build: split systemd drop file in function of their purpose. default: ensure a service use a given profile early: ensure a service start after apparmor. 2024-03-15 17:17:19 +01:00			`prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd)`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`}`
build: split systemd drop file in function of their purpose. default: ensure a service use a given profile early: ensure a service start after apparmor. 2024-03-15 17:17:19 +01:00
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`if complain {`
			`prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain)`
build: add the ability to set enforce all profiles. Do not do that!!! It forces ALL profiles in enforce mode. 2023-09-05 20:44:36 +02:00			`} else if enforce {`
			`prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce)`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`}`
build: split systemd drop file in function of their purpose. default: ensure a service use a given profile early: ensure a service start after apparmor. 2024-03-15 17:17:19 +01:00
build: add a --abi4 build flags. convert the profiles to Apparmor abi/4.0 2023-12-16 00:34:32 +01:00			`if abi4 {`
			`prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3)`
			`}`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00
			`if err := prebuild.Prepare(); err != nil {`
			`return err`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`}`
build: cleanup build output. 2023-12-16 00:22:01 +01:00			`return prebuild.Build()`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`}`

			`func main() {`
build: prepare new structure for directives. 2024-03-21 21:36:41 +01:00			`flag.Usage = func() {`
			`res := usage`
			`for _, d := range directive.Directives {`
			res += ` ` + d.Usage() + "\n"
			`}`
			`fmt.Print(res)`
			`}`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`flag.Parse()`
			`if help {`
			`flag.Usage()`
			`os.Exit(0)`
			`}`
feat(prebuild): make prebuild available as an external package. Usefull for downstream repo. 2023-05-06 14:01:07 +02:00			`if err := aaPrebuild(); err != nil {`
build(prebuild): add new prebuild command. Fix #146, #136 2023-04-19 18:40:40 +02:00			`logging.Fatal(err.Error())`
			`}`
			`}`