diff --git a/debian/control b/debian/control index a93c5628..3d15800b 100644 --- a/debian/control +++ b/debian/control @@ -18,6 +18,7 @@ Depends: apparmor-profiles, ${shlibs:Depends} Conflicts: apparmor-profiles-extra +Provides: apparmor-profiles-extra Description: Full set of AppArmor profiles (~ 1500 profiles) apparmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes. diff --git a/dists/apparmor.d.spec b/dists/apparmor.d.spec index 06eee451..c0706641 100644 --- a/dists/apparmor.d.spec +++ b/dists/apparmor.d.spec @@ -16,6 +16,7 @@ Source0: %{name}-%{version}.tar.gz Requires: apparmor-profiles BuildRequires: distribution-release BuildRequires: golang-packaging +BuildRequires: apparmor-profiles %description AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine most Linux based applications and processes. diff --git a/dists/docker.sh b/dists/docker.sh index d62d469e..19a8737a 100644 --- a/dists/docker.sh +++ b/dists/docker.sh @@ -80,7 +80,7 @@ build_in_docker_dpkg() { --env DISTRIBUTION="$target" "$BASEIMAGE/$dist" docker exec "$img" sudo apt-get update -q docker exec "$img" sudo apt-get install -y config-package-dev rsync - [[ "$COMMAND" == debian ]] && aptopt=(-t bookworm-backports) + [[ "$dist" == debian ]] && aptopt=(-t bookworm-backports) docker exec "$img" sudo apt-get install -y "${aptopt[@]}" golang-go fi diff --git a/dists/ignore/opensuse.ignore b/dists/ignore/opensuse.ignore index a4c63bd3..0d393c6c 100644 --- a/dists/ignore/opensuse.ignore +++ b/dists/ignore/opensuse.ignore @@ -11,3 +11,7 @@ apparmor.d/groups/ubuntu # Whonix specific definition apparmor.d/groups/whonix apparmor.d/tunables/home.d/whonix + +# Profiles provided by they own package +libvirt +virt-aa-helper diff --git a/dists/overwrite b/dists/overwrite index 37db232d..bea6d574 100644 --- a/dists/overwrite +++ b/dists/overwrite @@ -1,12 +1,8 @@ -# Apparmor ships some unconfined profiles that allow everything and set the -# userns rules. This file keeps track of them and allow apparmor.d to replace +# Apparmor 4.0 ships several profiles that allow userns and are otherwise +# unconfined. This file keeps track of them and allow apparmor.d to replace # them by our own. # File format: one profile name by line. -# This is managed globally in this file and not in debian/apparmor.d.hide as -# it applies to all distributions using apparmor 4.0+. When needed, it is -# automatically enabled during prebuild. - brave chrome element-desktop diff --git a/pkg/prebuild/cfg/files.go b/pkg/prebuild/cfg/files.go index c716235c..6f81d25b 100644 --- a/pkg/prebuild/cfg/files.go +++ b/pkg/prebuild/cfg/files.go @@ -93,8 +93,3 @@ type DebianHider struct { func (d DebianHider) Init() error { return d.path.WriteFile([]byte(Hide)) } - -// Initialize the file with content from Hide -func (d DebianHider) Clean() error { - return d.path.WriteFile([]byte("# This file is generated by \"make\", all edit will be lost.\n")) -} diff --git a/pkg/prebuild/prepare/configure.go b/pkg/prebuild/prepare/configure.go index c7f9330a..df4daaeb 100644 --- a/pkg/prebuild/prepare/configure.go +++ b/pkg/prebuild/prepare/configure.go @@ -35,7 +35,7 @@ func (p Configure) Apply() ([]string, error) { } case "ubuntu": - if err := cfg.DebianHide.Clean(); err != nil { + if err := cfg.DebianHide.Init(); err != nil { return res, err } diff --git a/pkg/util/tools.go b/pkg/util/tools.go index c7d91a8d..96cffb36 100644 --- a/pkg/util/tools.go +++ b/pkg/util/tools.go @@ -71,11 +71,11 @@ func DecodeHexInString(str string) string { func RemoveDuplicate[T comparable](inlist []T) []T { var empty T list := []T{} - keys := map[T]bool{} - keys[empty] = true + seen := map[T]bool{} + seen[empty] = true for _, item := range inlist { - if _, ok := keys[item]; !ok { - keys[item] = true + if _, ok := seen[item]; !ok { + seen[item] = true list = append(list, item) } }