mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-23 21:46:44 +01:00
build: improve install process.
- Add make local - Warn on local partial install regarding missing deps.
This commit is contained in:
parent
ef4ed8ba95
commit
f40a2ef457
2 changed files with 32 additions and 10 deletions
16
Makefile
16
Makefile
|
@ -6,9 +6,11 @@
|
|||
DESTDIR ?= /
|
||||
BUILD := .build
|
||||
PKGNAME := apparmor.d
|
||||
DISTRIBUTION := $(shell lsb_release --id --short)
|
||||
VERSION := 0.$(shell git rev-list --count HEAD)-1
|
||||
P = $(notdir $(wildcard ${BUILD}/apparmor.d/*))
|
||||
|
||||
.PHONY: all install $(P) lint archlinux debian ubuntu whonix clean
|
||||
.PHONY: all install auto local $(P) lint archlinux debian ubuntu whonix clean
|
||||
|
||||
all:
|
||||
@go build -o ${BUILD}/ ./cmd/aa-log
|
||||
|
@ -32,17 +34,27 @@ install:
|
|||
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
|
||||
done
|
||||
|
||||
|
||||
local:
|
||||
@./configure --complain
|
||||
@make
|
||||
@sudo make install
|
||||
@sudo systemctl restart apparmor || sudo systemctl status apparmor
|
||||
|
||||
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
|
||||
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
|
||||
$(P):
|
||||
@[[ -f ${BUILD}/aa-log ]] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
||||
@[ -f ${BUILD}/aa-log ] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
||||
@for file in ${ABSTRACTIONS}; do \
|
||||
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
|
||||
done;
|
||||
@for file in ${TUNABLES}; do \
|
||||
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
|
||||
done;
|
||||
@echo "Warning: profile dependencies fallback to unconfined."
|
||||
@for file in ${@}; do \
|
||||
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
|
||||
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
|
||||
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
||||
done;
|
||||
@systemctl restart apparmor || systemctl status apparmor
|
||||
|
|
|
@ -84,14 +84,7 @@ sudo systemctl restart apparmor
|
|||
|
||||
## Partial install
|
||||
|
||||
!!! warning
|
||||
|
||||
Partial installation is discouraged because profile dependencies are
|
||||
not fetched. You may need to either switch desired `rPx` rules to `rPUx`
|
||||
(fallback to unconfined) or install these related profiles.
|
||||
(PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
|
||||
|
||||
For test purposes, you can install a specific profile with the following commands.
|
||||
For test purposes, you can install specific profiles with the following commands.
|
||||
Abstractions, tunables, and most of the OS dependent post-processing is managed.
|
||||
|
||||
```sh
|
||||
|
@ -100,6 +93,23 @@ make
|
|||
sudo make profile-names...
|
||||
```
|
||||
|
||||
!!! warning
|
||||
|
||||
Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
|
||||
|
||||
For instance, `sudo make pass` gives:
|
||||
```sh
|
||||
Warning: profile dependencies fallback to unconfined.
|
||||
/{usr/,}bin/wl-{copy,paste} rPx,
|
||||
/{usr/,}bin/xclip rPx,
|
||||
/{usr/,}bin/python3.[0-9]* rPx -> pass-import, # pass-import
|
||||
/{usr/,}bin/pager rPx -> child-pager,
|
||||
/{usr/,}bin/less rPx -> child-pager,
|
||||
/{usr/,}bin/more rPx -> child-pager,
|
||||
'.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
|
||||
```
|
||||
So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.
|
||||
|
||||
[aur]: https://aur.archlinux.org/packages/apparmor.d-git
|
||||
[repo]: https://repo.pujol.io/
|
||||
[keys]: https://repo.pujol.io/gpgkey
|
||||
|
|
Loading…
Reference in a new issue