mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-06 02:05:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

test(packer): make image builder simplier.
Some checks are pending
Ubuntu / check (push) Waiting to run
Details
Ubuntu / build (default, ubuntu-22.04) (push) Blocked by required conditions
Details
Ubuntu / build (default, ubuntu-24.04) (push) Blocked by required conditions
Details
Ubuntu / build (full-system-policy, ubuntu-22.04) (push) Blocked by required conditions
Details
Ubuntu / build (full-system-policy, ubuntu-24.04) (push) Blocked by required conditions
Details
Ubuntu / tests (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
Alexandre Pujol 2025-01-24 23:32:24 +01:00
parent 5b9c1a8fea
commit aae36aa4e0
Failed to generate hash of commit
15 changed files with 65 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
tests/Makefile
View file

@ -12,14 +12,13 @@
flavor ?= flavor ?=
disk ?= 10G disk ?= 10G
VERSION := 0.$(shell git rev-list --count HEAD) BASE = archlinux debian ubuntu22 ubuntu24 opensuse fedora
BASE = archlinux debian ubuntu opensuse fedora
.PHONY: ${BASE} lint .PHONY: ${BASE} lint
$(BASE): $(BASE):
@make --directory=../ package dist=${@} @make --directory=../ package dist=${@}
@packer build -force -var version=${VERSION} \ @packer build -force \
-var disk_size=${disk} -var flavor="${flavor}" \ -var disk_size=${disk} -var flavor="${flavor}" \
-only=qemu.${@} packer/ -only=qemu.${@} packer/

4
tests/cloud-init/debian-gnome.user-data.yml
View file

@ -24,10 +24,10 @@ packages:
- devscripts - devscripts
- htop - htop
- qemu-guest-agent - qemu-guest-agent
- spice-vdagent
- rsync - rsync
- vim - spice-vdagent
- task-gnome-desktop - task-gnome-desktop
- vim
runcmd: runcmd:
- apt-get update -y - apt-get update -y

2
tests/cloud-init/debian-kde.user-data.yml
View file

@ -24,8 +24,8 @@ packages:
- devscripts - devscripts
- htop - htop
- qemu-guest-agent - qemu-guest-agent
- spice-vdagent
- rsync - rsync
- spice-vdagent
- vim - vim
- task-kde-desktop - task-kde-desktop

8
tests/cloud-init/opensuse-gnome.user-data.yml
View file

@ -20,19 +20,15 @@ packages:
- bash-completion - bash-completion
- distribution-release - distribution-release
- git - git
- go
- golang-packaging - golang-packaging
- htop - htop
- make - make
- rpmbuild - rpmbuild
- rsync
- vim - vim
write_files: write_files:
# Set some bash aliases
- path: /home/${username}/.bashrc
append: true
content: |
[[ -f ~/.bash_aliases ]] && source ~/.bash_aliases
# Setup shared directory # Setup shared directory
- path: /etc/fstab - path: /etc/fstab
append: true append: true

8
tests/cloud-init/opensuse-kde.user-data.yml
View file

@ -20,19 +20,15 @@ packages:
- bash-completion - bash-completion
- distribution-release - distribution-release
- git - git
- go
- golang-packaging - golang-packaging
- htop - htop
- make - make
- rpmbuild - rpmbuild
- rsync
- vim - vim
write_files: write_files:
# Set some bash aliases
- path: /home/${username}/.bashrc
append: true
content: |
[[ -f ~/.bash_aliases ]] && source ~/.bash_aliases
# Setup shared directory # Setup shared directory
- path: /etc/fstab - path: /etc/fstab
append: true append: true

11
tests/cloud-init/ubuntu22-desktop.user-data.yml
View file

@ -18,18 +18,19 @@ package_update: true
package_upgrade: true package_upgrade: true
package_reboot_if_required: false package_reboot_if_required: false
packages: packages:
- ubuntu-desktop
- linux-generic-hwe-22.04
- qemu-guest-agent
- spice-vdagent
- terminator
- apparmor-profiles - apparmor-profiles
- build-essential - build-essential
- config-package-dev - config-package-dev
- debhelper - debhelper
- devscripts - devscripts
- golang-go - golang-go
- linux-generic-hwe-22.04
- qemu-guest-agent
- rsync - rsync
- spice-vdagent
- terminator
- ubuntu-desktop
- vim
snap: snap:
commands: commands:

11
tests/cloud-init/ubuntu24-desktop.user-data.yml
View file

@ -20,18 +20,19 @@ package_update: true
package_upgrade: true package_upgrade: true
package_reboot_if_required: false package_reboot_if_required: false
packages: packages:
- ubuntu-desktop
- linux-generic-hwe-24.04
- qemu-guest-agent
- spice-vdagent
- terminator
- apparmor-profiles - apparmor-profiles
- build-essential - build-essential
- config-package-dev - config-package-dev
- debhelper - debhelper
- devscripts - devscripts
- golang-go - golang-go
- linux-generic-hwe-24.04
- qemu-guest-agent
- rsync - rsync
- spice-vdagent
- terminator
- ubuntu-desktop
- vim
snap: snap:
commands: commands:

2
tests/packer/archlinux.pkr.hcl
View file

@ -27,7 +27,7 @@ source "qemu" "archlinux" {
cd_label = "cidata" cd_label = "cidata"
cd_content = { cd_content = {
"meta-data" = "" "meta-data" = ""
"user-data" = templatefile("${path.cwd}/packer/init/${source.name}-${var.flavor}.user-data.yml", "user-data" = templatefile("${path.cwd}/cloud-init/${source.name}-${var.flavor}.user-data.yml",
{ {
username = "${var.username}" username = "${var.username}"
password = "${var.password}" password = "${var.password}"

49
tests/packer/builds.pkr.hcl
View file

@ -12,51 +12,36 @@ build {
"source.qemu.ubuntu24", "source.qemu.ubuntu24",
] ]
# Upload local files # Upload artifacts
provisioner "file" { provisioner "file" {
destination = "/tmp" destination = "/tmp/"
sources = ["${path.cwd}/packer/src"]
}
provisioner "file" {
only = ["qemu.archlinux"]
destination = "/tmp/src/"
sources = [ sources = [
"${path.cwd}/../.pkg/apparmor.d-${var.version}-1-x86_64.pkg.tar.zst", "${path.cwd}/packer/src/",
"${path.cwd}/packer/init.sh",
"${path.cwd}/packer/clean.sh",
"${path.cwd}/../.pkg/",
] ]
} }
provisioner "file" { # Full system provisioning
only = ["qemu.opensuse"]
destination = "/tmp/src/"
sources = ["${path.cwd}/../.pkg/apparmor.d-${var.version}-1.x86_64.rpm"]
}
provisioner "file" {
only = ["qemu.debian", "qemu.ubuntu22", "qemu.ubuntu24"]
destination = "/tmp/src/"
sources = ["${path.cwd}/../.pkg/apparmor.d_${var.version}-1_amd64.deb"]
}
# Wait for cloud-init to finish
provisioner "shell" { provisioner "shell" {
execute_command = "echo '${var.password}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'" execute_command = "echo '${var.password}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
inline = [ inline = [
# Wait for cloud-init to finish
"while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for Cloud-Init...'; sleep 20; done", "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for Cloud-Init...'; sleep 20; done",
"cloud-init clean", # Remove logs and artifacts so cloud-init can re-run
] # Ensure cloud-init is successful
} "cloud-init status",
# Remove logs and artifacts so cloud-init can re-run
"cloud-init clean",
# Install local files and config # Install local files and config
provisioner "shell" { "bash /tmp/init.sh",
script = "${path.cwd}/packer/init/init.sh"
execute_command = "echo '${var.password}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
}
# Minimize the image # Minimize the image
provisioner "shell" { "bash /tmp/clean.sh",
script = "${path.cwd}/packer/init/clean.sh" ]
execute_command = "echo '${var.password}' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'"
} }
post-processor "vagrant" { post-processor "vagrant" {

31
tests/packer/clean.sh
View file

@ -3,7 +3,7 @@
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io> # Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only # SPDX-License-Identifier: GPL-2.0-only
set -u set -eu -o pipefail
# shellcheck source=/dev/null # shellcheck source=/dev/null
_lsb_release() { _lsb_release() {
@ -46,23 +46,15 @@ _sshdgenkeys() {
_EOF _EOF
} }
clean_debian() { clean_apt() {
_msg "Apt clean configuration" _msg "Cleaning the apt cache"
_msg "Full system upgrade"
apt-get update -y
apt-get -qq -y --no-install-recommends upgrade
apt-get -qq -y --no-install-recommends dist-upgrade
_msg "Clean the apt cache"
apt-get -y autoremove --purge apt-get -y autoremove --purge
apt-get -y autoclean apt-get -y autoclean
apt-get -y clean apt-get -y clean
} }
clean_arch() { clean_pacman() {
_msg "Pacman clean configuration" _msg "Cleaning pacman cache"
pacman -Syu --noconfirm pacman -Syu --noconfirm
pacman -Qdtq | while IFS='' read -r pkg; do pacman -Qdtq | while IFS='' read -r pkg; do
pacman -Rsccn --noconfirm "$pkg" pacman -Rsccn --noconfirm "$pkg"
@ -70,16 +62,15 @@ clean_arch() {
pacman -Scc --noconfirm pacman -Scc --noconfirm
} }
clean_opensuse() { clean_zypper() {
_msg "zypper clean configuration" _msg "Cleaning zypper cache"
zypper update -y zypper update -y
zypper clean -y zypper clean -y
} }
# Make the image as impersonal as possible. # Make the image as impersonal as possible.
impersonalize() { impersonalize() {
_msg "Make the image as impersonal as possible." _msg "Making the image as impersonal as possible."
# Remove remaining pkg file, docs and caches # Remove remaining pkg file, docs and caches
dirs=( dirs=(
@ -159,16 +150,16 @@ main() {
begin=$(_diskused) begin=$(_diskused)
case "$DISTRIBUTION" in case "$DISTRIBUTION" in
debian | ubuntu) debian | ubuntu)
clean_debian clean_apt
_sshdgenkeys _sshdgenkeys
;; ;;
opensuse*) opensuse*)
clean_opensuse clean_zypper
;; ;;
arch) arch)
clean_arch clean_pacman
;; ;;
esac esac
impersonalize impersonalize

4
tests/packer/debian.pkr.hcl
View file

@ -6,7 +6,7 @@ source "qemu" "debian" {
disk_image = true disk_image = true
iso_url = "https://cdimage.debian.org/images/cloud/${var.release.debian.codename}/latest/debian-${var.release.debian.version}-genericcloud-amd64.qcow2" iso_url = "https://cdimage.debian.org/images/cloud/${var.release.debian.codename}/latest/debian-${var.release.debian.version}-genericcloud-amd64.qcow2"
iso_checksum = "file:https://cdimage.debian.org/images/cloud/${var.release.debian.codename}/latest/SHA512SUMS" iso_checksum = "file:https://cdimage.debian.org/images/cloud/${var.release.debian.codename}/latest/SHA512SUMS"
iso_target_path = "${var.iso_dir}/debian-cloudimg-amd64.img" iso_target_path = "${var.iso_dir}/debian-${var.release.debian.codename}-cloudimg-amd64.img"
cpu_model = "host" cpu_model = "host"
cpus = 6 cpus = 6
memory = 4096 memory = 4096
@ -28,7 +28,7 @@ source "qemu" "debian" {
cd_label = "cidata" cd_label = "cidata"
cd_content = { cd_content = {
"meta-data" = "" "meta-data" = ""
"user-data" = templatefile("${path.cwd}/packer/init/${source.name}-${var.flavor}.user-data.yml", "user-data" = templatefile("${path.cwd}/cloud-init/${source.name}-${var.flavor}.user-data.yml",
{ {
username = "${var.username}" username = "${var.username}"
password = "${var.password}" password = "${var.password}"

11
tests/packer/init.sh
View file

@ -11,7 +11,7 @@ _lsb_release() {
echo "$ID" echo "$ID"
} }
DISTRIBUTION="$(_lsb_release)" DISTRIBUTION="$(_lsb_release)"
readonly SRC=/tmp/src readonly SRC=/tmp/
readonly DISTRIBUTION readonly DISTRIBUTION
main() { main() {
@ -28,23 +28,22 @@ main() {
case "$DISTRIBUTION" in case "$DISTRIBUTION" in
arch) arch)
pacman --noconfirm -U $SRC/*.pkg.tar.zst pacman --noconfirm -U $SRC/*.pkg.tar.zst
systemctl start apparmor.service
;; ;;
debian | ubuntu) debian | ubuntu)
apt-get update -y
apt-get install -y apparmor-profiles build-essential config-package-dev \
debhelper devscripts htop rsync vim
dpkg -i $SRC/*.deb dpkg -i $SRC/*.deb
;; ;;
opensuse*) opensuse*)
mv "/home/$SUDO_USER/.bash_aliases" "/home/$SUDO_USER/.alias" mv "/home/$SUDO_USER/.bash_aliases" "/home/$SUDO_USER/.alias"
zypper install -y bash-completion git go htop make rsync vim
rpm -i $SRC/*.rpm rpm -i $SRC/*.rpm
;; ;;
esac esac
rm -rf /var/cache/apparmor/*
rm -rf /etc/apparmor/earlypolicy/
systemctl reload apparmor.service
} }
main "$@" main "$@"

2
tests/packer/opensuse.pkr.hcl
View file

@ -30,7 +30,7 @@ source "qemu" "opensuse" {
cd_label = "cidata" cd_label = "cidata"
cd_content = { cd_content = {
"meta-data" = "" "meta-data" = ""
"user-data" = templatefile("${path.cwd}/packer/init/${source.name}-${var.flavor}.user-data.yml", "user-data" = templatefile("${path.cwd}/cloud-init/${source.name}-${var.flavor}.user-data.yml",
{ {
username = "${var.username}" username = "${var.username}"
password = "${var.password}" password = "${var.password}"

8
tests/packer/ubuntu.pkr.hcl
View file

@ -6,7 +6,7 @@ source "qemu" "ubuntu22" {
disk_image = true disk_image = true
iso_url = "https://cloud-images.ubuntu.com/${var.release.ubuntu22.codename}/current/${var.release.ubuntu22.codename}-server-cloudimg-amd64.img" iso_url = "https://cloud-images.ubuntu.com/${var.release.ubuntu22.codename}/current/${var.release.ubuntu22.codename}-server-cloudimg-amd64.img"
iso_checksum = "file:https://cloud-images.ubuntu.com/${var.release.ubuntu22.codename}/current/SHA256SUMS" iso_checksum = "file:https://cloud-images.ubuntu.com/${var.release.ubuntu22.codename}/current/SHA256SUMS"
iso_target_path = "${var.iso_dir}/ubuntu22-cloudimg-amd64.img" iso_target_path = "${var.iso_dir}/ubuntu-${var.release.ubuntu22.codename}-cloudimg-amd64.img"
cpu_model = "host" cpu_model = "host"
cpus = 6 cpus = 6
memory = 4096 memory = 4096
@ -28,7 +28,7 @@ source "qemu" "ubuntu22" {
cd_label = "cidata" cd_label = "cidata"
cd_content = { cd_content = {
"meta-data" = "" "meta-data" = ""
"user-data" = templatefile("${path.cwd}/packer/init/${source.name}-${var.flavor}.user-data.yml", "user-data" = templatefile("${path.cwd}/cloud-init/${source.name}-${var.flavor}.user-data.yml",
{ {
username = "${var.username}" username = "${var.username}"
password = "${var.password}" password = "${var.password}"
@ -43,7 +43,7 @@ source "qemu" "ubuntu24" {
disk_image = true disk_image = true
iso_url = "https://cloud-images.ubuntu.com/${var.release.ubuntu24.codename}/current/${var.release.ubuntu24.codename}-server-cloudimg-amd64.img" iso_url = "https://cloud-images.ubuntu.com/${var.release.ubuntu24.codename}/current/${var.release.ubuntu24.codename}-server-cloudimg-amd64.img"
iso_checksum = "file:https://cloud-images.ubuntu.com/${var.release.ubuntu24.codename}/current/SHA256SUMS" iso_checksum = "file:https://cloud-images.ubuntu.com/${var.release.ubuntu24.codename}/current/SHA256SUMS"
iso_target_path = "${var.iso_dir}/ubuntu24-cloudimg-amd64.img" iso_target_path = "${var.iso_dir}/ubuntu-${var.release.ubuntu24.codename}-cloudimg-amd64.img"
cpu_model = "host" cpu_model = "host"
cpus = 6 cpus = 6
memory = 4096 memory = 4096
@ -65,7 +65,7 @@ source "qemu" "ubuntu24" {
cd_label = "cidata" cd_label = "cidata"
cd_content = { cd_content = {
"meta-data" = "" "meta-data" = ""
"user-data" = templatefile("${path.cwd}/packer/init/${source.name}-${var.flavor}.user-data.yml", "user-data" = templatefile("${path.cwd}/cloud-init/${source.name}-${var.flavor}.user-data.yml",
{ {
username = "${var.username}" username = "${var.username}"
password = "${var.password}" password = "${var.password}"

6
tests/packer/variables.pkr.hcl
View file

@ -58,12 +58,6 @@ variable "prefix" {
default = "aa-" default = "aa-"
} }
variable "version" {
description = "apparmor.d version"
type = string
default = "0.001"
}
variable "flavor" { variable "flavor" {
description = "Distribution flavor to use (server, desktop, gnome, kde...)" description = "Distribution flavor to use (server, desktop, gnome, kde...)"
type = string type = string