mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2024-11-14 23:43:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

refractor(build): update prebuild logic to the new interface structure.

Browse Source
This commit is contained in:
Alexandre Pujol 2024-03-25 23:37:13 +00:00
parent 2dea78a59c
commit 69f2f46c46
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
4 changed files with 80 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
cmd/prebuild/main.go
View File

@ -10,12 +10,14 @@ import (
"os" "os"
"github.com/roddhjav/apparmor.d/pkg/logging" "github.com/roddhjav/apparmor.d/pkg/logging"
oss "github.com/roddhjav/apparmor.d/pkg/os"
"github.com/roddhjav/apparmor.d/pkg/prebuild" "github.com/roddhjav/apparmor.d/pkg/prebuild"
"github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
"github.com/roddhjav/apparmor.d/pkg/prebuild/directive" "github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
) )
const usage = `prebuild [-h] [--full] [--complain | --enforce] [profiles...] const usage = `prebuild [-h] [--full] [--complain | --enforce]
Prebuild apparmor.d profiles for a given distribution and apply Prebuild apparmor.d profiles for a given distribution and apply
internal built-in directives. internal built-in directives.
@ -27,7 +29,6 @@ Options:
-e, --enforce Set enforce flag on all profiles. -e, --enforce Set enforce flag on all profiles.
--abi4 Convert the profiles to Apparmor abi/4.0. --abi4 Convert the profiles to Apparmor abi/4.0.
Directives:
` `
var ( var (
@ -51,23 +52,23 @@ func init() {
} }
func aaPrebuild() error { func aaPrebuild() error {
logging.Step("Building apparmor.d profiles for %s.", oss.Distribution) logging.Step("Building apparmor.d profiles for %s.", cfg.Distribution)
if full { if full {
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy) prepare.Register("fsp")
prebuild.Builds = append(prebuild.Builds, prebuild.BuildFullSystemPolicy) builder.Register("fsp")
} else { } else {
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetEarlySystemd) prepare.Register("systemd-early")
} }
if complain { if complain {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain) builder.Register("complain")
} else if enforce { } else if enforce {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildEnforce) builder.Register("enforce")
} }
if abi4 { if abi4 {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildABI3) builder.Register("abi3")
} }
if err := prebuild.Prepare(); err != nil { if err := prebuild.Prepare(); err != nil {
@ -78,11 +79,11 @@ func aaPrebuild() error {
func main() { func main() {
flag.Usage = func() { flag.Usage = func() {
res := usage fmt.Printf("%s%s\n%s\n%s", usage,
for _, d := range directive.Directives { cfg.Help("Prepare", prepare.Tasks),
res += ` ` + d.Usage() + "\n" cfg.Help("Build", builder.Builders),
} cfg.Usage("Directives", directive.Directives),
fmt.Print(res) )
} }
flag.Parse() flag.Parse()
if help { if help {

12
cmd/prebuild/main_test.go
View File

@ -9,8 +9,9 @@ import (
"os/exec" "os/exec"
"testing" "testing"
oss "github.com/roddhjav/apparmor.d/pkg/os" "github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
"github.com/roddhjav/apparmor.d/pkg/prebuild" "github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
) )
func chdirGitRoot() { func chdirGitRoot() {
@ -72,12 +73,13 @@ func Test_AAPrebuild(t *testing.T) {
chdirGitRoot() chdirGitRoot()
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
oss.Distribution = tt.dist cfg.Distribution = tt.dist
if tt.full { if tt.full {
prebuild.Prepares = append(prebuild.Prepares, prebuild.SetFullSystemPolicy) prepare.Register("fsp")
builder.Register("fsp")
} }
if tt.complain { if tt.complain {
prebuild.Builds = append(prebuild.Builds, prebuild.BuildComplain) builder.Register("complain")
} }
if err := aaPrebuild(); (err != nil) != tt.wantErr { if err := aaPrebuild(); (err != nil) != tt.wantErr {
t.Errorf("aaPrebuild() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("aaPrebuild() error = %v, wantErr %v", err, tt.wantErr)

100
pkg/prebuild/prebuild.go
View File

@ -5,75 +5,61 @@
package prebuild package prebuild
import ( import (
"reflect"
"runtime"
"strings" "strings"
"github.com/arduino/go-paths-helper" "github.com/arduino/go-paths-helper"
"github.com/roddhjav/apparmor.d/pkg/logging" "github.com/roddhjav/apparmor.d/pkg/logging"
oss "github.com/roddhjav/apparmor.d/pkg/os" "github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
"github.com/roddhjav/apparmor.d/pkg/prebuild/directive" "github.com/roddhjav/apparmor.d/pkg/prebuild/directive"
) "github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
var (
overwrite bool = false
DistDir *paths.Path
Root *paths.Path
RootApparmord *paths.Path
FlagDir *paths.Path
) )
func init() { func init() {
DistDir = paths.New("dists") // Define the tasks applied by default
Root = paths.New(".build") prepare.Register(
FlagDir = DistDir.Join("flags") "synchronise",
RootApparmord = Root.Join("apparmor.d") "ignore",
if oss.Distribution == "ubuntu" { "merge",
if oss.Release["VERSION_CODENAME"] == "noble" { "configure",
Builds = append(Builds, BuildABI3) "setflags",
overwrite = true "systemd-default",
)
// Build tasks applied by default
builder.Register("userspace")
switch cfg.Distribution {
case "ubuntu":
if cfg.Release["VERSION_CODENAME"] == "noble" {
builder.Register("abi3")
cfg.Overwrite = true
} }
} }
} }
func getFctName(i any) string {
tmp := runtime.FuncForPC(reflect.ValueOf(i).Pointer()).Name()
res := strings.Split(tmp, ".")
return res[len(res)-1]
}
func printPrepareMessage(name string, msg []string) {
logging.Success("%v", PrepareMsg[name])
logging.Indent = " "
for _, line := range msg {
logging.Bullet("%s", line)
}
logging.Indent = ""
}
func printBuildMessage() {
for _, fct := range Builds {
name := getFctName(fct)
logging.Success("%v", BuildMsg[name])
}
for _, dir := range directive.Directives {
logging.Success("%v", dir.Message())
}
}
func Prepare() error { func Prepare() error {
for _, fct := range Prepares { for _, task := range prepare.Prepares {
msg, err := fct() msg, err := task.Apply()
if err != nil { if err != nil {
return err return err
} }
printPrepareMessage(getFctName(fct), msg) logging.Success("%s", task.Message())
logging.Indent = " "
for _, line := range msg {
if strings.Contains(line, "not found") {
logging.Warning("%s", line)
} else {
logging.Bullet("%s", line)
}
}
logging.Indent = ""
} }
return nil return nil
} }
func Build() error { func Build() error {
files, _ := RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories()) files, _ := cfg.RootApparmord.ReadDirRecursiveFiltered(nil, paths.FilterOutDirectories())
for _, file := range files { for _, file := range files {
if !file.Exist() { if !file.Exist() {
continue continue
@ -83,14 +69,26 @@ func Build() error {
return err return err
} }
profile := string(content) profile := string(content)
for _, fct := range Builds { for _, b := range builder.Builds {
profile = fct(profile) profile = b.Apply(profile)
} }
profile = directive.Run(file, profile) profile = directive.Run(file, profile)
if err := file.WriteFile([]byte(profile)); err != nil { if err := file.WriteFile([]byte(profile)); err != nil {
return err return err
} }
} }
printBuildMessage()
logging.Success("Build tasks:")
logging.Indent = " "
for _, task := range builder.Builds {
logging.Bullet("%s", task.Message())
}
logging.Indent = ""
logging.Success("Directives processed:")
logging.Indent = " "
for _, dir := range directive.Directives {
logging.Bullet("%s", dir.Name())
}
logging.Indent = ""
return nil return nil
} }

21
pkg/prebuild/prebuild_test.go
View File

@ -9,7 +9,9 @@ import (
"os/exec" "os/exec"
"testing" "testing"
oss "github.com/roddhjav/apparmor.d/pkg/os" "github.com/roddhjav/apparmor.d/pkg/prebuild/builder"
"github.com/roddhjav/apparmor.d/pkg/prebuild/cfg"
"github.com/roddhjav/apparmor.d/pkg/prebuild/prepare"
) )
func chdirGitRoot() { func chdirGitRoot() {
@ -65,27 +67,20 @@ func Test_PreBuild(t *testing.T) {
enforce: false, enforce: false,
dist: "opensuse", dist: "opensuse",
}, },
// {
// name: "Build for Fedora",
// wantErr: true,
// full: false,
// complain: false,
// dist: "fedora",
// },
} }
chdirGitRoot() chdirGitRoot()
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
oss.Distribution = tt.dist cfg.Distribution = tt.dist
if tt.full { if tt.full {
Prepares = append(Prepares, SetFullSystemPolicy) prepare.Register("fsp")
Builds = append(Builds, BuildFullSystemPolicy) builder.Register("fsp")
} }
if tt.complain { if tt.complain {
Builds = append(Builds, BuildComplain) builder.Register("complain")
} }
if tt.enforce { if tt.enforce {
Builds = append(Builds, BuildEnforce) builder.Register("enforce")
} }
if err := Prepare(); (err != nil) != tt.wantErr { if err := Prepare(); (err != nil) != tt.wantErr {
t.Errorf("Prepare() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("Prepare() error = %v, wantErr %v", err, tt.wantErr)