mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-18 00:48:10 +01:00
build: add rpm packaging files.
This commit is contained in:
parent
a53f10e431
commit
0797debd1d
4 changed files with 148 additions and 19 deletions
12
Makefile
12
Makefile
|
@ -73,14 +73,12 @@ pkg:
|
|||
@makepkg --syncdeps --install --cleanbuild --force --noconfirm
|
||||
|
||||
dpkg:
|
||||
@dch --newversion="0.$(shell git rev-list --count HEAD)-1" --urgency=medium \
|
||||
--distribution=stable --controlmaint "Release 0.$(shell git rev-list --count HEAD)-1"
|
||||
@dpkg-buildpackage -b -d --no-sign
|
||||
@sudo dpkg -i "../apparmor.d_0.$(shell git rev-list --count HEAD)-1_all.deb"
|
||||
@sudo make clean
|
||||
@bash dists/build.sh dpkg
|
||||
@sudo dpkg -i ${PKGNAME}_*.deb
|
||||
|
||||
rpm:
|
||||
@make local
|
||||
@bash dists/build.sh rpm
|
||||
@sudo rpm -i ${PKGNAME}-*.rpm
|
||||
|
||||
tests:
|
||||
@go test ./cmd/... -v -cover -coverprofile=coverage.out
|
||||
|
@ -99,4 +97,4 @@ clean:
|
|||
@rm -rf \
|
||||
debian/.debhelper debian/debhelper* debian/*.debhelper debian/${PKGNAME} \
|
||||
${PKGNAME}-*.pkg.tar.zst.sig ${PKGNAME}-*.pkg.tar.zst coverage.out \
|
||||
${PKGNAME}_*.* ${BUILD}
|
||||
${PKGNAME}_*.* ${PKGNAME}-*.rpm ${BUILD}
|
||||
|
|
66
dists/apparmor.d.spec
Normal file
66
dists/apparmor.d.spec
Normal file
|
@ -0,0 +1,66 @@
|
|||
# apparmor.d - Full set of apparmor profiles
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2023 Christian Boltz
|
||||
# Copyright (C) 2023 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
# Warning: for development only, use https://build.opensuse.org/package/show/home:cboltz/apparmor.d for production use.
|
||||
|
||||
Name: apparmor.d
|
||||
Version: 0.0001
|
||||
Release: 1%{?dist}
|
||||
Summary: Set of over 1500 AppArmor profiles
|
||||
License: GPL-2.0-only
|
||||
URL: https://github.com/roddhjav/apparmor.d
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRequires: distribution-release
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: rsync
|
||||
|
||||
%description
|
||||
AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes.
|
||||
|
||||
%prep
|
||||
%autosetup
|
||||
|
||||
%build
|
||||
%make_build
|
||||
|
||||
%install
|
||||
%make_install
|
||||
|
||||
%posttrans
|
||||
rm -f /var/cache/apparmor/* 2>/dev/null
|
||||
systemctl is-active -q apparmor && systemctl reload apparmor ||:
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc README.md
|
||||
%exclude /etc/apparmor.d/libvirtd
|
||||
%exclude /etc/apparmor.d/virt-aa-helper
|
||||
%config(noreplace) /etc/apparmor.d/
|
||||
/usr/bin/aa-log
|
||||
|
||||
%dir /usr/lib/systemd/system/haveged.service.d
|
||||
%dir /usr/lib/systemd/system/multipathd.service.d
|
||||
%dir /usr/lib/systemd/system/pcscd.service.d
|
||||
%dir /usr/lib/systemd/system/systemd-journald.service.d
|
||||
%dir /usr/lib/systemd/system/systemd-networkd.service.d
|
||||
%dir /usr/lib/systemd/system/systemd-timesyncd.service.d
|
||||
%dir /usr/lib/systemd/system/systemd-userdbd.service.d
|
||||
%dir /usr/lib/systemd/user/org.freedesktop.IBus.session.GNOME.service.d
|
||||
%dir /usr/share/zsh
|
||||
%dir /usr/share/zsh/site-functions
|
||||
|
||||
/usr/lib/systemd/system/haveged.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/multipathd.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/pcscd.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/systemd-journald.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/systemd-networkd.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/systemd-timesyncd.service.d/apparmor.conf
|
||||
/usr/lib/systemd/system/systemd-userdbd.service.d/apparmor.conf
|
||||
/usr/lib/systemd/user/org.freedesktop.IBus.session.GNOME.service.d/apparmor.conf
|
||||
/usr/share/bash-completion/completions/aa-log
|
||||
/usr/share/zsh/site-functions/_aa-log.zsh
|
||||
|
||||
%changelog
|
49
dists/build.sh
Normal file
49
dists/build.sh
Normal file
|
@ -0,0 +1,49 @@
|
|||
#!/usr/bin/env bash
|
||||
# Build the package for Archlinux/openSUSE/Debian/Ubuntu
|
||||
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
# Usage: make [ dpkg | pkg | rpm ]
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly COMMAND="$1"
|
||||
readonly PKGNAME=apparmor.d
|
||||
VERSION="0.$(git rev-list --count HEAD)"
|
||||
readonly VERSION
|
||||
|
||||
main() {
|
||||
case "$COMMAND" in
|
||||
pkg)
|
||||
PKGDEST=. makepkg --syncdeps --force --cleanbuild --noconfirm --noprogressbar
|
||||
;;
|
||||
|
||||
dpkg)
|
||||
dch --newversion="$VERSION-1" --urgency=medium --distribution=stable --controlmaint "Release $VERSION-1"
|
||||
dpkg-buildpackage -b -d --no-sign
|
||||
mv ../"${PKGNAME}_${VERSION}-1"_*.deb .
|
||||
;;
|
||||
|
||||
rpm)
|
||||
RPMBUILD_ROOT=$(mktemp -d)
|
||||
OUTPUT_DIR=$(pwd)
|
||||
ARCH=$(uname -m)
|
||||
readonly RPMBUILD_ROOT ARCH OUTPUT_DIR
|
||||
|
||||
mkdir -p "$RPMBUILD_ROOT"/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS/tmp}
|
||||
cp -p "dists/$PKGNAME.spec" "$RPMBUILD_ROOT/SPECS"
|
||||
tar -czf "$RPMBUILD_ROOT/SOURCES/$PKGNAME-$VERSION.tar.gz" --transform "s,^,$PKGNAME-$VERSION/," ./*
|
||||
|
||||
cd "$RPMBUILD_ROOT"
|
||||
sed -i "s/^Version:.*/Version: $VERSION/" "SPECS/$PKGNAME.spec"
|
||||
rpmbuild -bb --define "_topdir $RPMBUILD_ROOT" "SPECS/$PKGNAME.spec"
|
||||
|
||||
cp "$RPMBUILD_ROOT/RPMS/$ARCH/"*.rpm "$OUTPUT_DIR"
|
||||
rm -rf "$RPMBUILD_ROOT"
|
||||
;;
|
||||
|
||||
*) ;;
|
||||
esac
|
||||
}
|
||||
|
||||
main "$@"
|
|
@ -1,11 +1,11 @@
|
|||
#!/usr/bin/env bash
|
||||
# Build the package in a clean Archlinux/Debian/Ubuntu container
|
||||
# Build the package in a clean Archlinux/openSUSE/Debian/Ubuntu container
|
||||
# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
|
||||
# SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
# Usage: make package dist=<distribution>
|
||||
|
||||
set -eu
|
||||
set -eu -o pipefail
|
||||
|
||||
readonly BASEIMAGE="${BASEIMAGE:-registry.gitlab.com/roddhjav/builders}"
|
||||
readonly PREFIX="builder-"
|
||||
|
@ -13,7 +13,7 @@ readonly PKGNAME=apparmor.d
|
|||
readonly VOLUME=/tmp/build
|
||||
readonly BUILDIR=/home/build/tmp
|
||||
readonly COMMAND="$1"
|
||||
VERSION="0.$(git rev-list --count HEAD)-1"
|
||||
VERSION="0.$(git rev-list --count HEAD)"
|
||||
PACKAGER="$(git config user.name) <$(git config user.email)>"
|
||||
readonly VERSION PACKAGER
|
||||
|
||||
|
@ -55,14 +55,14 @@ build_in_docker_makepkg() {
|
|||
fi
|
||||
else
|
||||
docker pull "$BASEIMAGE/$dist"
|
||||
docker run -tid --name "$img" --volume "$PWD:$BUILDIR" \
|
||||
docker run -tid --name "$img" --volume "$VOLUME:$BUILDIR" \
|
||||
--env MAKEFLAGS="-j$(nproc)" --env PACKAGER="$PACKAGER" \
|
||||
--env BUILDDIR=/tmp/build --env PKGDEST="$BUILDIR" \
|
||||
--env DIST="$dist" \
|
||||
"$BASEIMAGE/$dist"
|
||||
fi
|
||||
|
||||
docker exec --workdir="$BUILDIR/" "$img" makepkg -sfC --noconfirm --noprogressbar
|
||||
docker exec --workdir="$BUILDIR/$PKGNAME" "$img" bash dists/build.sh pkg
|
||||
mv "$VOLUME/$PKGNAME"-*.pkg.* .
|
||||
}
|
||||
|
||||
|
@ -85,12 +85,27 @@ build_in_docker_dpkg() {
|
|||
docker exec "$img" sudo apt-get install -y "${aptopt[@]}" golang-go
|
||||
fi
|
||||
|
||||
docker exec --workdir="$BUILDIR/$PKGNAME" "$img" \
|
||||
dch --newversion="$VERSION" --urgency=medium --distribution=stable --controlmaint "Release $VERSION"
|
||||
docker exec --workdir="$BUILDIR/$PKGNAME" "$img" \
|
||||
dpkg-buildpackage -b -d --no-sign
|
||||
cp "$VOLUME/${PKGNAME}_${VERSION}_all.deb" "/tmp/${PKGNAME}_all.deb"
|
||||
mv "$VOLUME/${PKGNAME}_${VERSION}"_*.* .
|
||||
docker exec --workdir="$BUILDIR/$PKGNAME" "$img" bash dists/build.sh dpkg
|
||||
mv "$VOLUME/$PKGNAME/${PKGNAME}_${VERSION}-1"_*.* .
|
||||
}
|
||||
|
||||
build_in_docker_rpm() {
|
||||
local dist="$1"
|
||||
local img="$PREFIX$dist"
|
||||
|
||||
if _exist "$img"; then
|
||||
if ! _is_running "$img"; then
|
||||
_start "$img"
|
||||
fi
|
||||
else
|
||||
docker pull "$BASEIMAGE/$dist"
|
||||
docker run -tid --name "$img" --volume "$VOLUME:$BUILDIR" \
|
||||
"$BASEIMAGE/$dist"
|
||||
docker exec "$img" sudo zypper install -y distribution-release golang-packaging rsync
|
||||
fi
|
||||
|
||||
docker exec --workdir="$BUILDIR/$PKGNAME" "$img" bash dists/build.sh rpm
|
||||
mv "$VOLUME/$PKGNAME/$PKGNAME-$VERSION-"*.rpm .
|
||||
}
|
||||
|
||||
main() {
|
||||
|
@ -106,7 +121,8 @@ main() {
|
|||
;;
|
||||
|
||||
opensuse)
|
||||
echo "Work in progress"
|
||||
sync
|
||||
build_in_docker_rpm "$COMMAND"
|
||||
;;
|
||||
|
||||
*) ;;
|
||||
|
|
Loading…
Reference in a new issue