2022-10-05 00:17:52 +02:00
|
|
|
#!/usr/bin/make -f
|
2022-10-16 00:11:31 +02:00
|
|
|
# apparmor.d - Full set of apparmor profiles
|
2024-02-07 00:16:21 +01:00
|
|
|
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
|
2022-10-16 00:11:31 +02:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2022-10-16 00:11:31 +02:00
|
|
|
DESTDIR ?= /
|
2024-10-06 16:39:21 +02:00
|
|
|
BUILD ?= .build
|
2024-10-09 14:31:57 +02:00
|
|
|
PKGDEST ?= ${PWD}/.pkg
|
2022-10-05 00:17:52 +02:00
|
|
|
PKGNAME := apparmor.d
|
2024-10-23 15:52:53 +02:00
|
|
|
PROFILE = $(filter-out dpkg,$(notdir $(wildcard ${BUILD}/apparmor.d/*)))
|
|
|
|
PROFILES = profiles-apparmor.d profiles-other $(patsubst dists/packages/%,profiles-%,$(basename $(wildcard dists/packages/*.conf)))
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: all
|
2023-04-16 22:25:52 +02:00
|
|
|
all: build
|
2024-06-04 20:52:06 +02:00
|
|
|
@./${BUILD}/prebuild --complain
|
2023-04-16 22:25:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: build
|
2023-04-16 22:25:52 +02:00
|
|
|
build:
|
2022-10-16 00:11:31 +02:00
|
|
|
@go build -o ${BUILD}/ ./cmd/aa-log
|
2023-04-19 19:53:54 +02:00
|
|
|
@go build -o ${BUILD}/ ./cmd/prebuild
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: enforce
|
2023-04-16 22:25:52 +02:00
|
|
|
enforce: build
|
|
|
|
@./${BUILD}/prebuild
|
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: full
|
2023-04-16 22:25:52 +02:00
|
|
|
full: build
|
|
|
|
@./${BUILD}/prebuild --complain --full
|
|
|
|
|
2024-10-23 15:52:53 +02:00
|
|
|
.PHONY: packages
|
|
|
|
packages: clean build
|
|
|
|
@./${BUILD}/prebuild --complain --packages
|
|
|
|
|
|
|
|
# Install apparmor.d
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: install
|
2024-10-23 15:52:53 +02:00
|
|
|
install: install-bin install-share install-systemd profiles-apparmor.d
|
|
|
|
|
|
|
|
# Install apparmor.d.base
|
|
|
|
.PHONY: install-base
|
|
|
|
install-base: install-bin install-share install-systemd profiles-base
|
|
|
|
|
|
|
|
.PHONY: install-bin
|
|
|
|
install-bin:
|
2024-03-17 22:34:06 +01:00
|
|
|
@install -Dm0755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
2024-10-23 15:52:53 +02:00
|
|
|
|
|
|
|
.PHONY: install-share
|
|
|
|
install-share:
|
2024-10-22 14:27:18 +02:00
|
|
|
@for file in $(shell find "${BUILD}/share" -type f -not -name "*.md" -printf "%P\n"); do \
|
2024-10-11 23:31:06 +02:00
|
|
|
install -Dm0644 "${BUILD}/share/$${file}" "${DESTDIR}/usr/share/$${file}"; \
|
2022-10-16 00:11:31 +02:00
|
|
|
done;
|
2024-10-23 15:52:53 +02:00
|
|
|
|
|
|
|
.PHONY: install-systemd
|
|
|
|
install-systemd:
|
2023-11-19 15:34:42 +01:00
|
|
|
@for file in ${BUILD}/systemd/system/*; do \
|
2024-10-23 15:52:53 +02:00
|
|
|
service="$$(basename "$${file}")"; \
|
2022-10-16 00:11:31 +02:00
|
|
|
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/system/$${service}.d/apparmor.conf"; \
|
|
|
|
done;
|
2023-11-19 15:34:42 +01:00
|
|
|
@for file in ${BUILD}/systemd/user/*; do \
|
2024-10-23 15:52:53 +02:00
|
|
|
service="$$(basename "$${file}")"; \
|
2022-10-16 00:11:31 +02:00
|
|
|
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
|
|
|
|
done
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-23 15:52:53 +02:00
|
|
|
# Install all profiles for a given (sub)package
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: $(PROFILES)
|
|
|
|
$(PROFILES):
|
2024-10-23 15:52:53 +02:00
|
|
|
@for file in $(shell find "${BUILD}/$(patsubst profiles-%,%,$@)" -type f -printf "%P\n"); do \
|
|
|
|
install -Dm0644 "${BUILD}/$(patsubst profiles-%,%,$@)/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
|
|
|
done;
|
|
|
|
@for file in $(shell find "${BUILD}/$(patsubst profiles-%,%,$@)" -type l -printf "%P\n"); do \
|
|
|
|
mkdir -p "${DESTDIR}/etc/apparmor.d/disable"; \
|
|
|
|
cp -d "${BUILD}/$(patsubst profiles-%,%,$@)/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
|
|
|
done;
|
|
|
|
|
|
|
|
# Partial install (not recommended)
|
|
|
|
.PHONY: $(PROFILE)
|
|
|
|
$(PROFILE): install-bin
|
2024-10-22 14:27:18 +02:00
|
|
|
@for file in $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n"); do \
|
2023-01-28 23:29:33 +01:00
|
|
|
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
|
|
|
|
done;
|
2024-10-22 14:27:18 +02:00
|
|
|
@for file in $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n"); do \
|
2023-01-28 23:29:33 +01:00
|
|
|
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
|
|
|
|
done;
|
2023-02-11 19:59:08 +01:00
|
|
|
@echo "Warning: profile dependencies fallback to unconfined."
|
2023-01-28 23:29:33 +01:00
|
|
|
@for file in ${@}; do \
|
2023-02-11 19:59:08 +01:00
|
|
|
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
|
|
|
|
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
|
2023-01-28 23:29:33 +01:00
|
|
|
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
|
|
|
done;
|
2024-10-22 14:27:18 +02:00
|
|
|
@systemctl restart apparmor || sudo journalctl -xeu apparmor.service
|
2023-01-28 23:29:33 +01:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: dev
|
2024-10-02 20:49:21 +02:00
|
|
|
name ?=
|
|
|
|
dev:
|
|
|
|
@go run ./cmd/prebuild --complain --file $(shell find apparmor.d -iname ${name})
|
2024-10-02 22:25:01 +02:00
|
|
|
@sudo install -Dm644 ${BUILD}/apparmor.d/${name} /etc/apparmor.d/${name}
|
2024-10-22 14:27:18 +02:00
|
|
|
@sudo systemctl restart apparmor || sudo journalctl -xeu apparmor.service
|
2024-10-02 20:49:21 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: package
|
2023-04-16 22:25:52 +02:00
|
|
|
dist ?= archlinux
|
|
|
|
package:
|
2023-09-18 18:26:28 +02:00
|
|
|
@bash dists/docker.sh ${dist}
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: pkg
|
2023-04-16 22:25:52 +02:00
|
|
|
pkg:
|
|
|
|
@makepkg --syncdeps --install --cleanbuild --force --noconfirm
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: dpkg
|
2023-04-16 22:25:52 +02:00
|
|
|
dpkg:
|
2023-09-19 20:04:12 +02:00
|
|
|
@bash dists/build.sh dpkg
|
2024-03-18 00:20:05 +01:00
|
|
|
@sudo dpkg -i ${PKGDEST}/${PKGNAME}_*.deb
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: rpm
|
2023-04-16 22:25:52 +02:00
|
|
|
rpm:
|
2023-09-19 20:04:12 +02:00
|
|
|
@bash dists/build.sh rpm
|
2024-03-18 00:20:05 +01:00
|
|
|
@sudo rpm -ivh --force ${PKGDEST}/${PKGNAME}-*.rpm
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: tests
|
2023-04-20 00:16:53 +02:00
|
|
|
tests:
|
2023-06-18 12:40:32 +02:00
|
|
|
@go test ./cmd/... -v -cover -coverprofile=coverage.out
|
|
|
|
@go test ./pkg/... -v -cover -coverprofile=coverage.out
|
2023-04-20 00:16:53 +02:00
|
|
|
@go tool cover -func=coverage.out
|
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: lint
|
2023-04-16 22:25:52 +02:00
|
|
|
lint:
|
2023-08-19 22:55:48 +02:00
|
|
|
@golangci-lint run
|
2023-09-19 19:35:24 +02:00
|
|
|
@make --directory=tests lint
|
2023-04-16 22:25:52 +02:00
|
|
|
@shellcheck --shell=bash \
|
2024-10-06 16:39:21 +02:00
|
|
|
PKGBUILD dists/build.sh dists/docker.sh tests/check.sh \
|
2023-04-24 16:28:33 +02:00
|
|
|
tests/packer/init/init.sh tests/packer/src/aa-update tests/packer/init/clean.sh \
|
2023-04-16 22:25:52 +02:00
|
|
|
debian/${PKGNAME}.postinst debian/${PKGNAME}.postrm
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: check
|
2024-10-06 16:39:21 +02:00
|
|
|
check:
|
|
|
|
@bash tests/check.sh
|
|
|
|
|
2024-10-21 20:07:47 +02:00
|
|
|
.PHONY: bats
|
|
|
|
bats:
|
|
|
|
@bats --print-output-on-failure tests/bats/
|
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: manual
|
2024-10-06 16:39:21 +02:00
|
|
|
manual:
|
|
|
|
@pandoc -t man -s -o root/usr/share/man/man8/aa-log.8 root/usr/share/man/man8/aa-log.md
|
2024-09-26 00:17:44 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: docs
|
2024-09-26 00:17:44 +02:00
|
|
|
docs:
|
2024-10-06 16:39:21 +02:00
|
|
|
@ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=true mkdocs build --strict
|
2024-09-26 00:17:44 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: serve
|
2024-09-26 00:17:44 +02:00
|
|
|
serve:
|
2024-10-06 16:39:21 +02:00
|
|
|
@ENABLED_GIT_REVISION_DATE=false MKDOCS_OFFLINE=false mkdocs serve
|
2024-09-26 00:17:44 +02:00
|
|
|
|
2024-10-22 14:27:18 +02:00
|
|
|
.PHONY: clean
|
2022-10-05 00:17:52 +02:00
|
|
|
clean:
|
|
|
|
@rm -rf \
|
2023-01-28 23:29:33 +01:00
|
|
|
debian/.debhelper debian/debhelper* debian/*.debhelper debian/${PKGNAME} \
|
2024-10-07 15:05:40 +02:00
|
|
|
.pkg/${PKGNAME}* ${BUILD} coverage.out
|