apparmor.d/Makefile

122 lines
4 KiB
Makefile
Raw Normal View History

2022-10-05 00:17:52 +02:00
#!/usr/bin/make -f
# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
2022-10-05 00:17:52 +02:00
DESTDIR ?= /
BUILD := .build
2024-03-18 00:20:05 +01:00
PKGDEST := /tmp/pkg
2022-10-05 00:17:52 +02:00
PKGNAME := apparmor.d
2023-04-19 19:58:50 +02:00
P = $(filter-out dpkg,$(notdir $(wildcard ${BUILD}/apparmor.d/*)))
2022-10-05 00:17:52 +02:00
.PHONY: all build enforce full install local $(P) dev package pkg dpkg rpm tests lint man docs serve clean
2022-10-05 00:17:52 +02:00
all: build
@./${BUILD}/prebuild --complain
build:
@go build -o ${BUILD}/ ./cmd/aa-log
2023-04-19 19:53:54 +02:00
@go build -o ${BUILD}/ ./cmd/prebuild
2022-10-05 00:17:52 +02:00
enforce: build
@./${BUILD}/prebuild
full: build
@./${BUILD}/prebuild --complain --full
2024-09-26 00:17:44 +02:00
ROOT = $(shell find "${BUILD}/root" -type f -not -name "*.md" -printf "%P\n")
PROFILES = $(shell find "${BUILD}/apparmor.d" -type f -printf "%P\n")
DISABLES = $(shell find "${BUILD}/apparmor.d" -type l -printf "%P\n")
2022-10-05 00:17:52 +02:00
install:
@install -Dm0755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@for file in ${ROOT}; do \
install -Dm0644 "${BUILD}/root/$${file}" "${DESTDIR}/$${file}"; \
done;
@for file in ${PROFILES}; do \
install -Dm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@for file in ${DISABLES}; do \
mkdir -p "${DESTDIR}/etc/apparmor.d/disable"; \
cp -d "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
2023-11-19 15:34:42 +01:00
@for file in ${BUILD}/systemd/system/*; do \
service="$$(basename "$$file")"; \
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/system/$${service}.d/apparmor.conf"; \
done;
2023-11-19 15:34:42 +01:00
@for file in ${BUILD}/systemd/user/*; do \
service="$$(basename "$$file")"; \
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
done
2022-10-05 00:17:52 +02:00
local:
@make
@sudo make install
@sudo systemctl restart apparmor || sudo systemctl status apparmor
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
$(P):
2024-09-26 00:17:44 +02:00
@install -Dm0755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@for file in ${ABSTRACTIONS}; do \
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
done;
@for file in ${TUNABLES}; do \
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
done;
@echo "Warning: profile dependencies fallback to unconfined."
@for file in ${@}; do \
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@systemctl restart apparmor || systemctl status apparmor
name ?=
dev:
@go run ./cmd/prebuild --complain --file $(shell find apparmor.d -iname ${name})
@sudo install -Dm644 ${BUILD}/${name} /etc/apparmor.d/${name}
@sudo systemctl restart apparmor || systemctl status apparmor
dist ?= archlinux
package:
@bash dists/docker.sh ${dist}
2022-10-05 00:17:52 +02:00
pkg:
@makepkg --syncdeps --install --cleanbuild --force --noconfirm
2022-10-05 00:17:52 +02:00
dpkg:
2023-09-19 20:04:12 +02:00
@bash dists/build.sh dpkg
2024-03-18 00:20:05 +01:00
@sudo dpkg -i ${PKGDEST}/${PKGNAME}_*.deb
2022-10-05 00:17:52 +02:00
rpm:
2023-09-19 20:04:12 +02:00
@bash dists/build.sh rpm
2024-03-18 00:20:05 +01:00
@sudo rpm -ivh --force ${PKGDEST}/${PKGNAME}-*.rpm
2022-10-05 00:17:52 +02:00
2023-04-20 00:16:53 +02:00
tests:
@go test ./cmd/... -v -cover -coverprofile=coverage.out
@go test ./pkg/... -v -cover -coverprofile=coverage.out
2023-04-20 00:16:53 +02:00
@go tool cover -func=coverage.out
lint:
2023-08-19 22:55:48 +02:00
@golangci-lint run
2023-09-19 19:35:24 +02:00
@make --directory=tests lint
@shellcheck --shell=bash \
2023-09-19 19:35:24 +02:00
PKGBUILD dists/build.sh dists/docker.sh \
2023-04-24 16:28:33 +02:00
tests/packer/init/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh \
debian/${PKGNAME}.postinst debian/${PKGNAME}.postrm
2022-10-05 00:17:52 +02:00
2024-09-26 00:17:44 +02:00
man:
pandoc -t man -s -o root/usr/share/man/man8/aa-log.8 root/usr/share/man/man8/aa-log.md
docs:
ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=true mkdocs build --strict
serve:
ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=false mkdocs serve
2022-10-05 00:17:52 +02:00
clean:
@rm -rf \
debian/.debhelper debian/debhelper* debian/*.debhelper debian/${PKGNAME} \
2023-03-29 01:19:44 +02:00
${PKGNAME}-*.pkg.tar.zst.sig ${PKGNAME}-*.pkg.tar.zst coverage.out \
2023-09-19 20:04:12 +02:00
${PKGNAME}_*.* ${PKGNAME}-*.rpm ${BUILD}