2022-10-05 00:17:52 +02:00
|
|
|
#!/usr/bin/make -f
|
2022-10-16 00:11:31 +02:00
|
|
|
# apparmor.d - Full set of apparmor profiles
|
|
|
|
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
|
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2022-10-16 00:11:31 +02:00
|
|
|
DESTDIR ?= /
|
|
|
|
BUILD := .build
|
2022-10-05 00:17:52 +02:00
|
|
|
PKGNAME := apparmor.d
|
2023-02-11 19:59:08 +01:00
|
|
|
DISTRIBUTION := $(shell lsb_release --id --short)
|
|
|
|
VERSION := 0.$(shell git rev-list --count HEAD)-1
|
2023-01-28 23:29:33 +01:00
|
|
|
P = $(notdir $(wildcard ${BUILD}/apparmor.d/*))
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2023-02-11 19:59:08 +01:00
|
|
|
.PHONY: all install auto local $(P) lint archlinux debian ubuntu whonix clean
|
2022-10-05 00:17:52 +02:00
|
|
|
|
|
|
|
all:
|
2022-10-16 00:11:31 +02:00
|
|
|
@go build -o ${BUILD}/ ./cmd/aa-log
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2022-10-16 00:11:31 +02:00
|
|
|
ROOT = $(shell find "${BUILD}/root" -type f -printf "%P\n")
|
|
|
|
PROFILES = $(shell find "${BUILD}/apparmor.d" -type f -printf "%P\n")
|
2022-10-05 00:17:52 +02:00
|
|
|
install:
|
2022-10-16 00:11:31 +02:00
|
|
|
@install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
|
|
|
@for file in ${ROOT}; do \
|
|
|
|
install -Dm0644 "${BUILD}/root/$${file}" "${DESTDIR}/$${file}"; \
|
|
|
|
done;
|
|
|
|
@for file in ${PROFILES}; do \
|
|
|
|
install -Dm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
|
|
|
done;
|
|
|
|
@for file in systemd/system/*; do \
|
|
|
|
service="$$(basename "$$file")"; \
|
|
|
|
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/system/$${service}.d/apparmor.conf"; \
|
|
|
|
done;
|
|
|
|
@for file in systemd/user/*; do \
|
|
|
|
service="$$(basename "$$file")"; \
|
|
|
|
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
|
|
|
|
done
|
2022-10-05 00:17:52 +02:00
|
|
|
|
2023-02-19 22:19:35 +01:00
|
|
|
auto:
|
|
|
|
@[ ${DISTRIBUTION} = Arch ] || exit 0; \
|
2023-03-29 01:19:44 +02:00
|
|
|
makepkg --syncdeps --install --cleanbuild --force --noconfirm
|
2023-02-19 22:19:35 +01:00
|
|
|
@[ ${DISTRIBUTION} = Ubuntu ] || exit 0; \
|
|
|
|
dch --newversion="${VERSION}" --urgency=medium --distribution=stable --controlmaint "Release ${VERSION}"; \
|
|
|
|
dpkg-buildpackage -b -d --no-sign; \
|
|
|
|
sudo dpkg -i "../apparmor.d_${VERSION}_all.deb"; \
|
|
|
|
make clean
|
|
|
|
@[ ${DISTRIBUTION} = openSUSE ] || exit 0; \
|
|
|
|
make local
|
2023-02-11 19:59:08 +01:00
|
|
|
|
|
|
|
local:
|
|
|
|
@./configure --complain
|
|
|
|
@make
|
|
|
|
@sudo make install
|
|
|
|
@sudo systemctl restart apparmor || sudo systemctl status apparmor
|
|
|
|
|
2023-01-28 23:29:33 +01:00
|
|
|
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
|
|
|
|
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
|
|
|
|
$(P):
|
2023-02-11 19:59:08 +01:00
|
|
|
@[ -f ${BUILD}/aa-log ] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
2023-01-28 23:29:33 +01:00
|
|
|
@for file in ${ABSTRACTIONS}; do \
|
|
|
|
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
|
|
|
|
done;
|
|
|
|
@for file in ${TUNABLES}; do \
|
|
|
|
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
|
|
|
|
done;
|
2023-02-11 19:59:08 +01:00
|
|
|
@echo "Warning: profile dependencies fallback to unconfined."
|
2023-01-28 23:29:33 +01:00
|
|
|
@for file in ${@}; do \
|
2023-02-11 19:59:08 +01:00
|
|
|
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
|
|
|
|
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
|
2023-01-28 23:29:33 +01:00
|
|
|
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
|
|
|
done;
|
|
|
|
@systemctl restart apparmor || systemctl status apparmor
|
|
|
|
|
2022-10-05 00:17:52 +02:00
|
|
|
lint:
|
|
|
|
@shellcheck --shell=bash \
|
2023-03-29 01:19:44 +02:00
|
|
|
PKGBUILD configure dists/build.sh \
|
2022-10-05 00:17:52 +02:00
|
|
|
debian/${PKGNAME}.postinst debian/${PKGNAME}.postrm
|
|
|
|
|
|
|
|
archlinux:
|
2023-03-29 01:19:44 +02:00
|
|
|
@bash dists/build.sh archlinux
|
2022-10-05 00:17:52 +02:00
|
|
|
|
|
|
|
debian:
|
2023-03-29 01:19:44 +02:00
|
|
|
@bash dists/build.sh debian
|
2022-10-05 00:17:52 +02:00
|
|
|
|
|
|
|
ubuntu:
|
2023-03-29 01:19:44 +02:00
|
|
|
@bash dists/build.sh ubuntu
|
2022-10-05 00:17:52 +02:00
|
|
|
|
|
|
|
whonix:
|
2023-03-29 01:19:44 +02:00
|
|
|
@bash dists/build.sh whonix
|
2022-10-05 00:17:52 +02:00
|
|
|
|
|
|
|
clean:
|
|
|
|
@rm -rf \
|
2023-01-28 23:29:33 +01:00
|
|
|
debian/.debhelper debian/debhelper* debian/*.debhelper debian/${PKGNAME} \
|
2023-03-29 01:19:44 +02:00
|
|
|
${PKGNAME}-*.pkg.tar.zst.sig ${PKGNAME}-*.pkg.tar.zst coverage.out \
|
2022-10-16 00:11:31 +02:00
|
|
|
${PKGNAME}_*.* ${BUILD}
|