mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2025-01-24 20:08:11 +01:00
build: move upstream overwrite to its own build tasks.
It allow us to controll when we want to do it and either or not it should be enabled.
This commit is contained in:
Alexandre Pujol
parent
896254c2ec
commit
de21ff07a6
5 changed files with 76 additions and 43 deletions
|
|
@ -25,6 +25,7 @@ func init() {
|
|||
"merge",
|
||||
"configure",
|
||||
"setflags",
|
||||
"overwrite",
|
||||
"systemd-default",
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -106,8 +106,8 @@ func Prebuild() {
|
|||
if file != "" {
|
||||
sync, _ := prepare.Tasks["synchronise"].(*prepare.Synchronise)
|
||||
sync.Path = file
|
||||
configure, _ := prepare.Tasks["configure"].(*prepare.Configure)
|
||||
configure.OneFile = true
|
||||
overwrite, _ := prepare.Tasks["overwrite"].(*prepare.Overwrite)
|
||||
overwrite.OneFile = true
|
||||
}
|
||||
|
||||
logging.Step("Building apparmor.d profiles for %s on ABI%d.", prebuild.Distribution, prebuild.ABI)
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ package prepare
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
|
|
@ -14,7 +13,6 @@ import (
|
|||
|
||||
type Configure struct {
|
||||
prebuild.Base
|
||||
OneFile bool
|
||||
}
|
||||
|
||||
func init() {
|
||||
|
|
@ -23,18 +21,12 @@ func init() {
|
|||
Keyword: "configure",
|
||||
Msg: "Set distribution specificities",
|
||||
},
|
||||
OneFile: false,
|
||||
})
|
||||
}
|
||||
|
||||
func (p Configure) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
|
||||
if prebuild.ABI == 4 {
|
||||
if err := OverwriteUpstreamProfile(p.OneFile); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
switch prebuild.Distribution {
|
||||
case "arch", "opensuse":
|
||||
|
||||
|
|
@ -65,36 +57,3 @@ func (p Configure) Apply() ([]string, error) {
|
|||
}
|
||||
return res, nil
|
||||
}
|
||||
|
||||
// Overwrite upstream profile: disable upstream & rename ours
|
||||
func OverwriteUpstreamProfile(oneFile bool) error {
|
||||
const ext = ".apparmor.d"
|
||||
disableDir := prebuild.RootApparmord.Join("disable")
|
||||
if err := disableDir.Mkdir(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
path := prebuild.DistDir.Join("overwrite")
|
||||
if !path.Exist() {
|
||||
return fmt.Errorf("%s not found", path)
|
||||
}
|
||||
for _, name := range util.MustReadFileAsLines(path) {
|
||||
origin := prebuild.RootApparmord.Join(name)
|
||||
dest := prebuild.RootApparmord.Join(name + ext)
|
||||
if !dest.Exist() && oneFile {
|
||||
continue
|
||||
}
|
||||
if err := origin.Rename(dest); err != nil {
|
||||
|
||||
return err
|
||||
}
|
||||
originRel, err := origin.RelFrom(dest)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := os.Symlink(originRel.String(), disableDir.Join(name).String()); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -64,6 +64,12 @@ func TestTask_Apply(t *testing.T) {
|
|||
wantErr: false,
|
||||
want: "dists/flags/main.flags",
|
||||
},
|
||||
{
|
||||
name: "overwrite",
|
||||
task: Tasks["overwrite"],
|
||||
wantErr: false,
|
||||
wantFiles: paths.PathList{prebuild.RootApparmord.Join("flatpak.apparmor.d")},
|
||||
},
|
||||
{
|
||||
name: "systemd-default",
|
||||
task: Tasks["systemd-default"],
|
||||
|
|
|
|||
67
pkg/prebuild/prepare/overwrite.go
Normal file
67
pkg/prebuild/prepare/overwrite.go
Normal file
|
|
@ -0,0 +1,67 @@
|
|||
// apparmor.d - Full set of apparmor profiles
|
||||
// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
|
||||
package prepare
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/roddhjav/apparmor.d/pkg/prebuild"
|
||||
"github.com/roddhjav/apparmor.d/pkg/util"
|
||||
)
|
||||
|
||||
const ext = ".apparmor.d"
|
||||
|
||||
type Overwrite struct {
|
||||
prebuild.Base
|
||||
OneFile bool
|
||||
}
|
||||
|
||||
func init() {
|
||||
RegisterTask(&Overwrite{
|
||||
Base: prebuild.Base{
|
||||
Keyword: "overwrite",
|
||||
Msg: "Overwrite dummy upstream profiles",
|
||||
},
|
||||
OneFile: false,
|
||||
})
|
||||
}
|
||||
|
||||
func (p Overwrite) Apply() ([]string, error) {
|
||||
res := []string{}
|
||||
if prebuild.ABI == 3 {
|
||||
return res, nil
|
||||
}
|
||||
|
||||
disableDir := prebuild.RootApparmord.Join("disable")
|
||||
if err := disableDir.Mkdir(); err != nil {
|
||||
return res, err
|
||||
}
|
||||
|
||||
path := prebuild.DistDir.Join("overwrite")
|
||||
if !path.Exist() {
|
||||
return res, fmt.Errorf("%s not found", path)
|
||||
}
|
||||
for _, name := range util.MustReadFileAsLines(path) {
|
||||
origin := prebuild.RootApparmord.Join(name)
|
||||
dest := prebuild.RootApparmord.Join(name + ext)
|
||||
if !dest.Exist() && p.OneFile {
|
||||
continue
|
||||
}
|
||||
if err := origin.Rename(dest); err != nil {
|
||||
|
||||
return res, err
|
||||
}
|
||||
originRel, err := origin.RelFrom(dest)
|
||||
if err != nil {
|
||||
return res, err
|
||||
}
|
||||
if err := os.Symlink(originRel.String(), disableDir.Join(name).String()); err != nil {
|
||||
return res, err
|
||||
}
|
||||
}
|
||||
|
||||
return res, nil
|
||||
}
|
||||
Loading…
Reference in a new issue