apparmor.d/pkg/prebuild/prepare/configure.go

// apparmor.d - Full set of apparmor profiles
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
// SPDX-License-Identifier: GPL-2.0-only

package prepare

import (
	"fmt"
	"os"

	"github.com/roddhjav/apparmor.d/pkg/prebuild"
	"github.com/roddhjav/apparmor.d/pkg/util"
)

type Configure struct {
	prebuild.Base
	OneFile bool
}

func init() {
	RegisterTask(&Configure{
		Base: prebuild.Base{
			Keyword: "configure",
			Msg:     "Set distribution specificities",
		},
		OneFile: false,
	})
}

func (p Configure) Apply() ([]string, error) {
	res := []string{}

	if prebuild.ABI == 4 {
		if err := OverwriteUpstreamProfile(p.OneFile); err != nil {
			return res, err
		}
	}
	switch prebuild.Distribution {
	case "arch", "opensuse":

	case "ubuntu":
		if err := prebuild.DebianHide.Init(); err != nil {
			return res, err
		}

		if prebuild.ABI == 3 {
			if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
				return res, err
			}
		}

	case "debian", "whonix":
		if err := prebuild.DebianHide.Init(); err != nil {
			return res, err
		}

		// Copy Debian specific abstractions
		if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {
			return res, err
		}

	default:
		return []string{}, fmt.Errorf("%s is not a supported distribution", prebuild.Distribution)

	}
	return res, nil
}

// Overwrite upstream profile: disable upstream & rename ours
func OverwriteUpstreamProfile(oneFile bool) error {
	const ext = ".apparmor.d"
	disableDir := prebuild.RootApparmord.Join("disable")
	if err := disableDir.Mkdir(); err != nil {
		return err
	}

	path := prebuild.DistDir.Join("overwrite")
	if !path.Exist() {
		return fmt.Errorf("%s not found", path)
	}
	for _, name := range util.MustReadFileAsLines(path) {
		origin := prebuild.RootApparmord.Join(name)
		dest := prebuild.RootApparmord.Join(name + ext)
		if !dest.Exist() && oneFile {
			continue
		}
		if err := origin.Rename(dest); err != nil {

			return err
		}
		originRel, err := origin.RelFrom(dest)
		if err != nil {
			return err
		}
		if err := os.Symlink(originRel.String(), disableDir.Join(name).String()); err != nil {
			return err
		}
	}
	return nil
}
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`// apparmor.d - Full set of apparmor profiles`
			`// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>`
			`// SPDX-License-Identifier: GPL-2.0-only`

			`package prepare`

			`import (`
			`"fmt"`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`"os"`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`"github.com/roddhjav/apparmor.d/pkg/prebuild"`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`"github.com/roddhjav/apparmor.d/pkg/util"`
			`)`

			`type Configure struct {`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`prebuild.Base`
			`OneFile bool`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`}`

			`func init() {`
			`RegisterTask(&Configure{`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`Base: prebuild.Base{`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`Keyword: "configure",`
			`Msg: "Set distribution specificities",`
			`},`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`OneFile: false,`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`})`
			`}`

			`func (p Configure) Apply() ([]string, error) {`
			`res := []string{}`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00
			`if prebuild.ABI == 4 {`
			`if err := OverwriteUpstreamProfile(p.OneFile); err != nil {`
			`return res, err`
build: use the same technique to disable upstream profile on all distribution. Only enabled on Ubuntu & opensuse 2024-06-04 20:52:06 +02:00			`}`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`}`
			`switch prebuild.Distribution {`
			`case "arch", "opensuse":`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00
			`case "ubuntu":`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`if err := prebuild.DebianHide.Init(); err != nil {`
build: better way to handle debian hide file. only needed as whonix needs special addition. 2024-06-04 20:55:53 +02:00			`return res, err`
			`}`

build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`if prebuild.ABI == 3 {`
			`if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`return res, err`
			`}`
			`}`

			`case "debian", "whonix":`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`if err := prebuild.DebianHide.Init(); err != nil {`
build: better way to handle debian hide file. only needed as whonix needs special addition. 2024-06-04 20:55:53 +02:00			`return res, err`
			`}`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00
			`// Copy Debian specific abstractions`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`if err := util.CopyTo(prebuild.DistDir.Join("ubuntu"), prebuild.RootApparmord); err != nil {`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00			`return res, err`
			`}`

			`default:`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00			`return []string{}, fmt.Errorf("%s is not a supported distribution", prebuild.Distribution)`
refractor(build): move prepare tasks to the prepare sub package. 2024-03-26 00:34:14 +01:00
			`}`
			`return res, nil`
			`}`
build: reorganise build: abi4, fallback, prebuild cli - ABI4 by default, fallback to abi 3. - aa-prebuild cli that can be used by other project shipping profiles. - --file option to cli to only build one dev profile. - add abi version filter to only & exclude directives. 2024-10-02 17:22:46 +02:00
			`// Overwrite upstream profile: disable upstream & rename ours`
			`func OverwriteUpstreamProfile(oneFile bool) error {`
			`const ext = ".apparmor.d"`
			`disableDir := prebuild.RootApparmord.Join("disable")`
			`if err := disableDir.Mkdir(); err != nil {`
			`return err`
			`}`

			`path := prebuild.DistDir.Join("overwrite")`
			`if !path.Exist() {`
			`return fmt.Errorf("%s not found", path)`
			`}`
			`for _, name := range util.MustReadFileAsLines(path) {`
			`origin := prebuild.RootApparmord.Join(name)`
			`dest := prebuild.RootApparmord.Join(name + ext)`
			`if !dest.Exist() && oneFile {`
			`continue`
			`}`
			`if err := origin.Rename(dest); err != nil {`

			`return err`
			`}`
			`originRel, err := origin.RelFrom(dest)`
			`if err != nil {`
			`return err`
			`}`
			`if err := os.Symlink(originRel.String(), disableDir.Join(name).String()); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`