build: improve install process.

- Add make local
- Warn on local partial install regarding missing deps.
This commit is contained in:
Alexandre Pujol 2023-02-11 18:59:08 +00:00
parent ef4ed8ba95
commit f40a2ef457
Failed to generate hash of commit
2 changed files with 32 additions and 10 deletions

View file

@ -6,9 +6,11 @@
DESTDIR ?= /
BUILD := .build
PKGNAME := apparmor.d
DISTRIBUTION := $(shell lsb_release --id --short)
VERSION := 0.$(shell git rev-list --count HEAD)-1
P = $(notdir $(wildcard ${BUILD}/apparmor.d/*))
.PHONY: all install $(P) lint archlinux debian ubuntu whonix clean
.PHONY: all install auto local $(P) lint archlinux debian ubuntu whonix clean
all:
@go build -o ${BUILD}/ ./cmd/aa-log
@ -32,17 +34,27 @@ install:
install -Dm0644 "$${file}" "${DESTDIR}/usr/lib/systemd/user/$${service}.d/apparmor.conf"; \
done
local:
@./configure --complain
@make
@sudo make install
@sudo systemctl restart apparmor || sudo systemctl status apparmor
ABSTRACTIONS = $(shell find ${BUILD}/apparmor.d/abstractions/ -type f -printf "%P\n")
TUNABLES = $(shell find ${BUILD}/apparmor.d/tunables/ -type f -printf "%P\n")
$(P):
@[[ -f ${BUILD}/aa-log ]] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@[ -f ${BUILD}/aa-log ] || exit 0; install -Dm755 ${BUILD}/aa-log ${DESTDIR}/usr/bin/aa-log
@for file in ${ABSTRACTIONS}; do \
install -Dm0644 "${BUILD}/apparmor.d/abstractions/$${file}" "${DESTDIR}/etc/apparmor.d/abstractions/$${file}"; \
done;
@for file in ${TUNABLES}; do \
install -Dm0644 "${BUILD}/apparmor.d/tunables/$${file}" "${DESTDIR}/etc/apparmor.d/tunables/$${file}"; \
done;
@echo "Warning: profile dependencies fallback to unconfined."
@for file in ${@}; do \
grep 'rPx' "${BUILD}/apparmor.d/$${file}"; \
sed -i -e "s/rPx/rPUx/g" "${BUILD}/apparmor.d/$${file}"; \
install -Dvm0644 "${BUILD}/apparmor.d/$${file}" "${DESTDIR}/etc/apparmor.d/$${file}"; \
done;
@systemctl restart apparmor || systemctl status apparmor

View file

@ -84,14 +84,7 @@ sudo systemctl restart apparmor
## Partial install
!!! warning
Partial installation is discouraged because profile dependencies are
not fetched. You may need to either switch desired `rPx` rules to `rPUx`
(fallback to unconfined) or install these related profiles.
(PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
For test purposes, you can install a specific profile with the following commands.
For test purposes, you can install specific profiles with the following commands.
Abstractions, tunables, and most of the OS dependent post-processing is managed.
```sh
@ -100,6 +93,23 @@ make
sudo make profile-names...
```
!!! warning
Partial installation is discouraged because profile dependencies are not fetched. To prevent some apparmor issues, the dependencies are automatically switched to unconfined (`rPx` -> `rPUx`). The installation process warns on the missing profiles so that you can easily install them if desired. (PR is welcome see [#77](https://github.com/roddhjav/apparmor.d/issues/77))
For instance, `sudo make pass` gives:
```sh
Warning: profile dependencies fallback to unconfined.
/{usr/,}bin/wl-{copy,paste} rPx,
/{usr/,}bin/xclip rPx,
/{usr/,}bin/python3.[0-9]* rPx -> pass-import, # pass-import
/{usr/,}bin/pager rPx -> child-pager,
/{usr/,}bin/less rPx -> child-pager,
/{usr/,}bin/more rPx -> child-pager,
'.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
```
So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.
[aur]: https://aur.archlinux.org/packages/apparmor.d-git
[repo]: https://repo.pujol.io/
[keys]: https://repo.pujol.io/gpgkey