mirror of
https://github.com/roddhjav/apparmor.d.git
synced 2024-12-24 14:06:47 +01:00
build: improve install process.
- Add make local - Warn on local partial install regarding missing deps.
This commit is contained in:
parent
ef4ed8ba95
commit
f40a2ef457
2 changed files with 32 additions and 10 deletions
16
Makefile
16
Makefile
|
@ -6,9 +6,11 @@
|
||||||
DESTDIR ?= /
|
DESTDIR ?= /
|
||||||
BUILD := .build
|
BUILD := .build
|
||||||
PKGNAME := apparmor.d
|
PKGNAME := apparmor.d
|
||||||
|
DISTRIBUTION := $(shell lsb_release --id --short)
|
||||||
|
VERSION := 0.$(shell git rev-list --count HEAD)-1
|
||||||
P = $(notdir $(wildcard ${BUILD}/apparmor.d/*))
|
P = $(notdir $(wildcard ${BUILD}/apparmor.d/*))
|
||||||
|
|
||||||
.PHONY: all install $(P) lint archlinux debian ubuntu whonix clean
|
.PHONY: all install auto local $(P) lint archlinux debian ubuntu whonix clean
|
||||||
|
|
||||||
all:
|
all:
|
||||||
@go build -o ${BUILD}/ ./cmd/aa-log
|
@go build -o ${BUILD}/ ./cmd/aa-log
|
||||||
|
@ -32,17 +34,27 @@ install:
|
||||||
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
|
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
|
local:
|
||||||
|
@./configure --complain
|
||||||
|
@make
|
||||||
|
@sudo make install
|
||||||
|
@sudo systemctl restart apparmor || sudo systemctl status apparmor
|
||||||
|
|
||||||
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
|
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
|
||||||
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
|
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
|
||||||
$(P):
|
$(P):
|
||||||
@[[ -f ${BUILD}/aa-log ]] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
@[ -f ${BUILD}/aa-log ] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
|
||||||
@for file in ${ABSTRACTIONS}; do \
|
@for file in ${ABSTRACTIONS}; do \
|
||||||
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
|
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
|
||||||
done;
|
done;
|
||||||
@for file in ${TUNABLES}; do \
|
@for file in ${TUNABLES}; do \
|
||||||
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
|
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
|
||||||
done;
|
done;
|
||||||
|
@echo "Warning: profile dependencies fallback to unconfined."
|
||||||
@for file in ${@}; do \
|
@for file in ${@}; do \
|
||||||
|
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
|
||||||
|
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
|
||||||
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
|
||||||
done;
|
done;
|
||||||
@systemctl restart apparmor || systemctl status apparmor
|
@systemctl restart apparmor || systemctl status apparmor
|
||||||
|
|
|
@ -84,14 +84,7 @@ sudo systemctl restart apparmor
|
||||||
|
|
||||||
## Partial install
|
## Partial install
|
||||||
|
|
||||||
!!! warning
|
For test purposes, you can install specific profiles with the following commands.
|
||||||
|
|
||||||
Partial installation is discouraged because profile dependencies are
|
|
||||||
not fetched. You may need to either switch desired `rPx` rules to `rPUx`
|
|
||||||
(fallback to unconfined) or install these related profiles.
|
|
||||||
(PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
|
|
||||||
|
|
||||||
For test purposes, you can install a specific profile with the following commands.
|
|
||||||
Abstractions, tunables, and most of the OS dependent post-processing is managed.
|
Abstractions, tunables, and most of the OS dependent post-processing is managed.
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
@ -100,6 +93,23 @@ make
|
||||||
sudo make profile-names...
|
sudo make profile-names...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
!!! warning
|
||||||
|
|
||||||
|
Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
|
||||||
|
|
||||||
|
For instance, `sudo make pass` gives:
|
||||||
|
```sh
|
||||||
|
Warning: profile dependencies fallback to unconfined.
|
||||||
|
/{usr/,}bin/wl-{copy,paste} rPx,
|
||||||
|
/{usr/,}bin/xclip rPx,
|
||||||
|
/{usr/,}bin/python3.[0-9]* rPx -> pass-import, # pass-import
|
||||||
|
/{usr/,}bin/pager rPx -> child-pager,
|
||||||
|
/{usr/,}bin/less rPx -> child-pager,
|
||||||
|
/{usr/,}bin/more rPx -> child-pager,
|
||||||
|
'.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
|
||||||
|
```
|
||||||
|
So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.
|
||||||
|
|
||||||
[aur]: https://aur.archlinux.org/packages/apparmor.d-git
|
[aur]: https://aur.archlinux.org/packages/apparmor.d-git
|
||||||
[repo]: https://repo.pujol.io/
|
[repo]: https://repo.pujol.io/
|
||||||
[keys]: https://repo.pujol.io/gpgkey
|
[keys]: https://repo.pujol.io/gpgkey
|
||||||
|
|
Loading…
Reference in a new issue