mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 08:58:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

build: better way to handle debian hide file.

Browse source 
only needed as whonix needs special addition.
This commit is contained in:
Alexandre Pujol 2024-06-04 19:55:53 +01:00
parent 13d3b23a04
commit 41c0e57eca
Failed to generate hash of commit
4 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/prebuild/cfg/directories.go
View file

@ -33,6 +33,8 @@ var (
// counterpart // counterpart
Overwrite Overwriter = false Overwrite Overwriter = false
// DebianHide is the path to the debian/apparmor.d.hide file
DebianHide = DebianHider{path: DebianDir.Join("apparmor.d.hide")}
Ignore = Ignorer{} Ignore = Ignorer{}
Flags = Flagger{} Flags = Flagger{}

16
pkg/prebuild/cfg/files.go
View file

@ -5,11 +5,15 @@
package cfg package cfg
import ( import (
"fmt"
"os"
"strings" "strings"
"github.com/roddhjav/apparmor.d/pkg/paths"
"github.com/roddhjav/apparmor.d/pkg/util" "github.com/roddhjav/apparmor.d/pkg/util"
) )
// Default content of debian/apparmor.d.hide. Whonix has special addition.
var Hide = `# This file is generated by "make", all edit will be lost. var Hide = `# This file is generated by "make", all edit will be lost.
/etc/apparmor.d/usr.bin.firefox /etc/apparmor.d/usr.bin.firefox
@ -81,4 +85,16 @@ func (o Overwriter) Apply() error {
return nil return nil
} }
type DebianHider struct {
path *paths.Path
}
// Initialize the file with content from Hide
func (d DebianHider) Init() error {
return d.path.WriteFile([]byte(Hide))
}
// Initialize the file with content from Hide
func (d DebianHider) Clean() error {
return d.path.WriteFile([]byte("# This file is generated by \"make\", all edit will be lost.\n"))
} }

6
pkg/prebuild/prebuild.go
View file

@ -45,14 +45,14 @@ func init() {
case "whonix": case "whonix":
cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure cfg.Hide += `/etc/apparmor.d/abstractions/base.d/kicksecure
/etc/apparmor.d/home.tor-browser.firefox /etc/apparmor.d/home.tor-browser.firefox
/etc/apparmor.d/tunables/home.d/anondist /etc/apparmor.d/tunables/homsanitycheck
/etc/apparmor.d/usr.bin.url_e.d/anondist
/etc/apparmor.d/tunables/home.d/live-mode /etc/apparmor.d/tunables/home.d/live-mode
/etc/apparmor.d/tunables/home.d/qubes-whonix-anondist /etc/apparmor.d/tunables/home.d/qubes-whonix-anondist
/etc/apparmor.d/usr.bin.hexchat /etc/apparmor.d/usr.bin.hexchat
/etc/apparmor.d/usr.bin.sdwdate /etc/apparmor.d/usr.bin.sdwdate
/etc/apparmor.d/usr.bin.systemcheck /etc/apparmor.d/usr.bin.systemcheck
/etc/apparmor.d/usr.bin.timesanitycheck /etc/apparmor.d/usr.bin.timeto_unixtime
/etc/apparmor.d/usr.bin.url_to_unixtime
/etc/apparmor.d/whonix-firewall /etc/apparmor.d/whonix-firewall
` `
} }

8
pkg/prebuild/prepare/configure.go
View file

@ -35,6 +35,10 @@ func (p Configure) Apply() ([]string, error) {
} }
case "ubuntu": case "ubuntu":
if err := cfg.DebianHide.Clean(); err != nil {
return res, err
}
if cfg.Overwrite { if cfg.Overwrite {
if err := cfg.Overwrite.Apply(); err != nil { if err := cfg.Overwrite.Apply(); err != nil {
return res, err return res, err
@ -46,7 +50,9 @@ func (p Configure) Apply() ([]string, error) {
} }
case "debian", "whonix": case "debian", "whonix":
cfg.Overwrite.AptClean() if err := cfg.DebianHide.Init(); err != nil {
return res, err
}
// Copy Debian specific abstractions // Copy Debian specific abstractions
if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil { if err := util.CopyTo(cfg.DistDir.Join("ubuntu"), cfg.RootApparmord); err != nil {