From ae9f7e74427f32d2a46e3b646b934a02bd19426c Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 28 Feb 2024 17:35:14 +0000
Subject: [PATCH] build: add initial build support for ubuntu 24.04

---
 dists/displace           | 20 ++++++++++
 pkg/prebuild/prebuild.go |  8 ++++
 pkg/prebuild/prepare.go  | 18 ++++++++-
 pkg/prebuild/tools.go    | 79 +++++++++++++++++++++++++++++++---------
 4 files changed, 106 insertions(+), 19 deletions(-)
 create mode 100644 dists/displace

diff --git a/dists/displace b/dists/displace
new file mode 100644
index 00000000..23cdb10d
--- /dev/null
+++ b/dists/displace
@@ -0,0 +1,20 @@
+# Apparmor ships some unconfined profiles that allow everything and set the
+# userns rules. This file keeps track of them and allow apparmor.d to replace
+# them by our own.
+# File format: one profile name by line.
+
+# This is managed globally in this file and not in debian/apparmor.d.displace as
+# it applies to all distributions using apparmor 4.0+
+
+brave
+chrome
+element-desktop
+epiphany
+flatpak
+opera
+plasmashell
+slirp4netns
+systemd-coredump
+thunderbird
+virtiofsd
+firefox
diff --git a/pkg/prebuild/prebuild.go b/pkg/prebuild/prebuild.go
index 1bcfd2c9..ed064b9a 100644
--- a/pkg/prebuild/prebuild.go
+++ b/pkg/prebuild/prebuild.go
@@ -14,6 +14,7 @@ import (
 )
 
 var (
+	needDisplace  bool = false
 	Distribution  string
 	DistDir       *paths.Path
 	Root          *paths.Path
@@ -27,6 +28,13 @@ func init() {
 	FlagDir = DistDir.Join("flags")
 	RootApparmord = Root.Join("apparmor.d")
 	Distribution = getSupportedDistribution()
+	if Distribution == "ubuntu" {
+		os := NewOSRelease()
+		if os["VERSION_CODENAME"] == "noble" {
+			Builds = append(Builds, BuildABI3)
+			needDisplace = true
+		}
+	}
 }
 
 func getFctName(i any) string {
diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go
index d16f38f7..94e0f02c 100644
--- a/pkg/prebuild/prepare.go
+++ b/pkg/prebuild/prepare.go
@@ -130,8 +130,22 @@ func Configure() ([]string, error) {
 	switch Distribution {
 	case "arch", "opensuse":
 
-	case "debian", "ubuntu", "whonix":
-		// Copy Ubuntu specific profiles
+	case "ubuntu":
+		if needDisplace {
+			if _, err := paths.New("debian/apparmor.d.displace").Create(); err != nil {
+				return res, err
+			}
+			filesToDisplace := overwriteProfile(DistDir.Join("displace"))
+			if err := displaceFiles(filesToDisplace); err != nil {
+				return res, err
+			}
+		} else {
+			if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil {
+				return res, err
+			}
+		}
+	case "debian", "whonix":
+		// Copy Debian specific abstractions
 		if err := copyTo(DistDir.Join("ubuntu"), RootApparmord); err != nil {
 			return res, err
 		}
diff --git a/pkg/prebuild/tools.go b/pkg/prebuild/tools.go
index 542d1833..9c548e15 100644
--- a/pkg/prebuild/tools.go
+++ b/pkg/prebuild/tools.go
@@ -21,7 +21,29 @@ var (
 		"opensuse": {"suse"},
 		"whonix":   {},
 	}
-)
+
+func NewOSRelease() map[string]string {
+	var lines []string
+	var err error
+	for _, name := range []string{osReleaseFile, "/usr/lib/os-release"} {
+		path := paths.New(name)
+		if path.Exist() {
+			lines, err = path.ReadFileAsLines()
+			if err != nil {
+				panic(err)
+			}
+			break
+		}
+	}
+	os := map[string]string{}
+	for _, line := range lines {
+		item := strings.Split(line, "=")
+		if len(item) == 2 {
+			os[item[0]] = strings.Trim(item[1], "\"")
+		}
+	}
+	return os
+}
 
 func getSupportedDistribution() string {
 	dist, present := os.LookupEnv("DISTRIBUTION")
@@ -29,25 +51,12 @@ func getSupportedDistribution() string {
 		return dist
 	}
 
-	lines, err := paths.New(osReleaseFile).ReadFileAsLines()
-	if err != nil {
-		panic(err)
-	}
-
-	id := ""
-	id_like := ""
-	for _, line := range lines {
-		item := strings.Split(line, "=")
-		if item[0] == "ID" {
-			id = strings.Split(strings.Trim(item[1], "\""), " ")[0]
-		} else if item[0] == "ID_LIKE" {
-			id_like = strings.Split(strings.Trim(item[1], "\""), " ")[0]
-		}
-	}
-
+	os := NewOSRelease()
+	id := os["ID"]
 	if id == "ubuntu" {
 		return id
 	}
+	id_like := os["ID_LIKE"]
 	for main, based := range supportedDists {
 		if main == id || main == id_like {
 			return main
@@ -80,3 +89,39 @@ func copyTo(src *paths.Path, dst *paths.Path) error {
 	}
 	return nil
 }
+
+// Displace files in the package sources
+func displaceFiles(files []string) error {
+	const ext = ".apparmor.d"
+	for _, name := range files {
+		origin := RootApparmord.Join(name)
+		dest := RootApparmord.Join(name + ext)
+		if err := origin.Rename(dest); err != nil {
+			return err
+		}
+		file, err := paths.New("debian/apparmor.d.displace").Append()
+		if err != nil {
+			return err
+		}
+		if _, err := file.WriteString("/etc/apparmor.d/" + name + ext + "\n"); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func overwriteProfile(path *paths.Path) []string {
+	res := []string{}
+	lines, err := path.ReadFileAsLines()
+	if err != nil {
+		panic(err)
+	}
+	for _, line := range lines {
+		if strings.HasPrefix(line, "#") || line == "" {
+			continue
+		}
+		res = append(res, line)
+	}
+	return res
+}
+