apparmor.d/pkg/prebuild/prepare/configure.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package prepare

import (
	"fmt"
	"strings"

	"github.com/arduino/go-paths-helper"
	"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
	"github.com/roddhjav/apparmor.d/pkg/util"
)

type Configure struct {
	cfg.Base
}

func init() {
	RegisterTask(&Configure{
		Base: cfg.Base{
			Keyword: "configure",
			Msg:     "Set distribution specificities",
		},
	})
}

func (p Configure) Apply() ([]string, error) {
	res := []string{}
	switch cfg.Distribution {
	case "arch", "opensuse":

	case "ubuntu":
		debianOverwriteClean()
		if cfg.Overwrite {
			profiles := getOverwriteProfiles()
			debianOverwrite(profiles)
		} else {
			if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
				return res, err
			}
		}

	case "debian", "whonix":
		debianOverwriteClean()

		// Copy Debian specific abstractions
		if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {
			return res, err
		}

	default:
		return []string{}, fmt.Errorf("%s is not a supported distribution", cfg.Distribution)

	}
	return res, nil
}

// Overwrite upstream profile: rename our profile & hide upstream
func debianOverwrite(files []string) {
	const ext = ".apparmor.d"
	file, err := paths.New("debian/apparmor.d.hide").Append()
	if err != nil {
		panic(err)
	}
	for _, name := range files {
		origin := cfg.RootApparmord.Join(name)
		dest := cfg.RootApparmord.Join(name + ext)
		if err := origin.Rename(dest); err != nil {
			panic(err)
		}
		if _, err := file.WriteString("/etc/apparmor.d/" + name + "\n"); err != nil {
			panic(err)
		}
	}
}

// Clean the debian/apparmor.d.hide file
func debianOverwriteClean() {
	const debianHide = `# This file is generated by "make", all edit will be lost.

/etc/apparmor.d/usr.bin.firefox
/etc/apparmor.d/usr.sbin.cups-browsed
/etc/apparmor.d/usr.sbin.cupsd
/etc/apparmor.d/usr.sbin.rsyslogd
`
	path := paths.New("debian/apparmor.d.hide")
	if err := path.WriteFile([]byte(debianHide)); err != nil {
		panic(err)
	}
}

// Get the list of upstream profiles to overwrite from dist/overwrite
func getOverwriteProfiles() []string {
	res := []string{}
	lines, err := cfg.DistDir.Join("overwrite").ReadFileAsLines()
	if err != nil {
		panic(err)
	}
	for _, line := range lines {
		if strings.HasPrefix(line, "#") || line == "" {
			continue
		}
		res = append(res, line)
	}
	return res
}
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package prepare`

			`import (`
			`"fmt"`
			`"strings"`

			`"github.com/arduino/go-paths-helper"`
			`"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"`
			`"github.com/roddhjav/apparmor.d/pkg/util"`
			`)`

			`type Configure struct {`
			`cfg.Base`
			`}`

			`func init() {`
			`RegisterTask(&Configure{`
			`Base: cfg.Base{`
			`Keyword: "configure",`
			`Msg: "Set distribution specificities",`
			`},`
			`})`
			`}`

			`func (p Configure) Apply() ([]string, error) {`
			`res := []string{}`
			`switch cfg.Distribution {`
			`case "arch", "opensuse":`

			`case "ubuntu":`
			`debianOverwriteClean()`
			`if cfg.Overwrite {`
			`profiles := getOverwriteProfiles()`
			`debianOverwrite(profiles)`
			`} else {`
			`if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {`
			`return res, err`
			`}`
			`}`

			`case "debian", "whonix":`
			`debianOverwriteClean()`

			`// Copy Debian specific abstractions`
			`if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {`
			`return res, err`
			`}`

			`default:`
			`return []string{}, fmt.Errorf("%s is not a supported distribution", cfg.Distribution)`

			`}`
			`return res, nil`
			`}`

			`// Overwrite upstream profile: rename our profile & hide upstream`
			`func debianOverwrite(files []string) {`
			`const ext = ".apparmor.d"`
			`file, err := paths.New("debian/apparmor.d.hide").Append()`
			`if err != nil {`
			`panic(err)`
			`}`
			`for _, name := range files {`
			`origin := cfg.RootApparmord.Join(name)`
			`dest := cfg.RootApparmord.Join(name + ext)`
			`if err := origin.Rename(dest); err != nil {`
			`panic(err)`
			`}`
			`if _, err := file.WriteString("/etc/apparmor.d/" + name + "\n"); err != nil {`
			`panic(err)`
			`}`
			`}`
			`}`

			`// Clean the debian/apparmor.d.hide file`
			`func debianOverwriteClean() {`
			const debianHide = `# This file is generated by "make", all edit will be lost.

			`/etc/apparmor.d/usr.bin.firefox`
			`/etc/apparmor.d/usr.sbin.cups-browsed`
			`/etc/apparmor.d/usr.sbin.cupsd`
			`/etc/apparmor.d/usr.sbin.rsyslogd`
			`
			`path := paths.New("debian/apparmor.d.hide")`
			`if err := path.WriteFile([]byte(debianHide)); err != nil {`
			`panic(err)`
			`}`
			`}`

			`// Get the list of upstream profiles to overwrite from dist/overwrite`
			`func getOverwriteProfiles() []string {`
			`res := []string{}`
			`lines, err := cfg.DistDir.Join("overwrite").ReadFileAsLines()`
			`if err != nil {`
			`panic(err)`
			`}`
			`for _, line := range lines {`
			`if strings.HasPrefix(line, "#") \|\| line == "" {`
			`continue`
			`}`
			`res = append(res, line)`
			`}`
			`return res`
			`}`