From 937171d40cb72cfce97111297717a33789b7b663 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 19 Sep 2021 20:39:13 +0100 Subject: [PATCH] Improve Debian support. --- configure | 90 +++++++++++++++------------- debian/apparmor.d.displace | 5 ++ debian/apparmor.d.displace-extension | 1 + debian/apparmor.d.postinst | 4 +- debian/apparmor.d.postrm | 4 +- 5 files changed, 60 insertions(+), 44 deletions(-) create mode 100644 debian/apparmor.d.displace create mode 100644 debian/apparmor.d.displace-extension diff --git a/configure b/configure index dc4ed84c..f8320b65 100755 --- a/configure +++ b/configure @@ -4,52 +4,28 @@ # SPDX-License-Identifier: GPL-2.0-only readonly ROOT=.build -declare -a REMOVE_LIST _die() { printf '%s\n' "$*" >&2 && exit 1; } -_warning() { printf 'Warning: %s\n' "$*" >&2; } -_init() { rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT"; } +_warning() { printf ' Warning: %s\n' "$*" >&2; } -# Remove files or directories in the package -remove_files() { - msg="Remove unneeded profiles/resources:" - for path in "${REMOVE_LIST[@]}"; do - [[ ! -e "${ROOT:?}/$path" ]] && continue - msg+=$'\n'" $(stat -c '%A %u:%g' "${ROOT:?}/$path") $path" - done - echo "$msg" - - for path in "${REMOVE_LIST[@]}"; do - rm -rf "${ROOT:?}/$path" +# Displace files in the package sources +# $@ List of files to displace +_displace_files() { + for path in "$@"; do + mv "${ROOT:?}/$path" "${ROOT:?}/$path.apparmor.d" done } -# Set the distribution, flavor & groups +# Initialise a new clean apparmor.d build directory +initialise() { + rm -rf "${ROOT:?}" && rsync -a --exclude=.git . "$ROOT" +} + +# Set the distribution specificities configure() { echo "Set the configuration for $DISTRIBUTION." - if [[ "$DISTRIBUTION" == archlinux ]]; then - REMOVE_LIST+=( - apparmor.d/abstractions/apt-common - apparmor.d/groups/apt - apparmor.d/groups/cron - ) - elif [[ "$DISTRIBUTION" == debian ]]; then - REMOVE_LIST+=( - apparmor.d/groups/pacman - root/usr/share/libalpm/hooks/apparmor.hook - ) - - fi - -} - -# Initialise the apparmor.d with the selected configuration. -initialise() { - _init - remove_files - - echo "Ignore profiles in profiles.ignore." + echo " Ignore profiles in profiles.ignore." while read -r profile; do [[ "$profile" =~ ^\# ]] && continue if [[ "$profile" == */ ]]; then @@ -59,6 +35,39 @@ initialise() { fi done ,;;" {} \; + + echo " Debian does not have etc tunable." + sed -i -e '/etc/d' "$ROOT/apparmor.d/tunables/global" + + echo " Displace overwritten files." + _displace_files apparmor.d/tunables/global apparmor.d/tunables/xdg-user-dirs + + ;; + + *) _die "$DISTRIBUTION is not a supported distribution." ;; + esac +} + +# Synchronise all profile in a new apparmor.d directory. +synchronise() { echo "Synchronise all profiles." mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/" rm -rf "${ROOT:?}/apparmor.d/groups/" @@ -75,7 +84,7 @@ setflags() { IFS=' ' read -r -a manifest <<< "$profile" profile="${manifest[0]}" flags="${manifest[1]}" - [[ "$profile" =~ ^\# ]] && continue + [[ "$profile" =~ ^\# || -z "$profile" ]] && continue path="${ROOT:?}/apparmor.d/$profile" if [[ ! -f "$path" ]]; then _warning "Profile $profile not found" @@ -99,7 +108,7 @@ cmd_help() { ./configure [options] - Configure the apparmor.d package Options: - --distribution=DIST Set the target Linux distribution (Archlinux, Debian) + --distribution=DIST Set the target Linux distribution: archlinux, debian --help Print this help message and exit. _EOF } @@ -117,8 +126,9 @@ main() { [[ $err -ne 0 ]] && { cmd_help; exit 1; } - configure initialise + configure + synchronise setflags exit 0 diff --git a/debian/apparmor.d.displace b/debian/apparmor.d.displace new file mode 100644 index 00000000..2c734c2e --- /dev/null +++ b/debian/apparmor.d.displace @@ -0,0 +1,5 @@ +# Copyright (C) 2021 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +/etc/apparmor.d/tunables/global.apparmor.d +/etc/apparmor.d/tunables/xdg-user-dirs.apparmor.d diff --git a/debian/apparmor.d.displace-extension b/debian/apparmor.d.displace-extension new file mode 100644 index 00000000..84490da1 --- /dev/null +++ b/debian/apparmor.d.displace-extension @@ -0,0 +1 @@ +.apparmor.d \ No newline at end of file diff --git a/debian/apparmor.d.postinst b/debian/apparmor.d.postinst index 0f8a1b34..b24ac465 100644 --- a/debian/apparmor.d.postinst +++ b/debian/apparmor.d.postinst @@ -3,8 +3,8 @@ # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -systemctl reload apparmor.service >/dev/null 2>&1 || true - #DEBHELPER# +systemctl reload apparmor.service >/dev/null 2>&1 || true + exit 0 \ No newline at end of file diff --git a/debian/apparmor.d.postrm b/debian/apparmor.d.postrm index 8b6c6597..04729b4c 100644 --- a/debian/apparmor.d.postrm +++ b/debian/apparmor.d.postrm @@ -3,8 +3,8 @@ # Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only -systemctl reload apparmor.service >/dev/null 2>&1 || true - #DEBHELPER# +systemctl reload apparmor.service >/dev/null 2>&1 || true + exit 0