mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-05 17:01:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/profiles/Makefile

124 lines
4.4 KiB
Makefile
Raw Normal View History

Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
# ------------------------------------------------------------------
#
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
# Copyright (C) 2002-2009 Novell/SUSE
build: make documentation at tarball creation time, not during build The latex based techdoc in the parser/ tree adds a number of build dependencies for downstreams to create it; it also is the primary element to make the builds unrepeatable. Creating the techdoc and other documentation when generating a tarball for distribution avoids all that. * Makefile: build documentation as part of the tarball creation. Skip the libraries/libapparmor directory as it needs to have configure run before the manpages can be made. * changehat/mod_apparmor/Makefile, changehat/mod_apparmor/Makefile, utils/Makefile, profiles/Makefile: create separate docs target, some of them dummies. * parser/Makefile: pull the techdoc out of the default build target, add an extra_docs target to create it. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2016-12-10 10:25:31 -08:00
# Copyright (C) 2010-2016 Canonical Ltd.
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, contact Novell, Inc.
#
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
# ------------------------------------------------------------------
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
# Makefile for LSM-based AppArmor profiles
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
NAME=apparmor-profiles
build: make documentation at tarball creation time, not during build The latex based techdoc in the parser/ tree adds a number of build dependencies for downstreams to create it; it also is the primary element to make the builds unrepeatable. Creating the techdoc and other documentation when generating a tarball for distribution avoids all that. * Makefile: build documentation as part of the tarball creation. Skip the libraries/libapparmor directory as it needs to have configure run before the manpages can be made. * changehat/mod_apparmor/Makefile, changehat/mod_apparmor/Makefile, utils/Makefile, profiles/Makefile: create separate docs target, some of them dummies. * parser/Makefile: pull the techdoc out of the default build target, add an extra_docs target to create it. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2016-12-10 10:25:31 -08:00
all: local docs
Update svn:keywords properties. Fix makefile to find new common/ location.
2006-04-12 20:35:41 +00:00
COMMONDIR=../common/
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
Entire tree: makefile cruft removal - drop the symlink magic of the common/ directory, and just include files directly from there. - update comments indicating required steps to take when including common/Make.rules - drop make clean steps that refer to no longer generated tarballs, specfiles, and symlinks to the common directory/Make.rules. - don't silence clean steps if VERBOSE is set Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian "Ghostbuster" Boltz <apparmor@cboltz.de>
2015-01-23 15:52:09 -08:00
include $(COMMONDIR)/Make.rules
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
DESTDIR=/
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
PROFILES_DEST=${DESTDIR}/etc/apparmor.d
Install extra profiles in /usr/share/apparmor/extra-profiles/ instead of /etc/apparmor/profiles/extras/, and update the path at various places. Also update the mailinglist address in extra-profiles README and recommend cp instead of mv. Note: if you want to have a symlink /etc/apparmor/profiles/extras -> /usr/share/apparmor/extra-profiles/ for backward compability, you'll have to create it yourself (for example in the .spec file) This also fixes https://bugzilla.novell.com/show_bug.cgi?id=713647 Acked-by: John Johansen <john.johansen@canonical.com>
2012-09-27 23:57:21 +02:00
EXTRAS_DEST=${DESTDIR}/usr/share/apparmor/extra-profiles/
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
PROFILES_SOURCE=./apparmor.d
profiles/Makefile: test abstractions against apparmor_parser Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues.
2018-10-13 15:41:15 +03:00
ABSTRACTIONS_SOURCE=./apparmor.d/abstractions
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
EXTRAS_SOURCE=./apparmor/profiles/extras/
This patch fixes an existing install failure in the profiles tree, due to the apparmor_api subtree not getting added in the Makefile. Rather Rather than require every sub-directory that gets added to be enumerated, it uses find to determine what directories and files to install, to avoid future breakage. It is admittedly slower than the original code because install(1) is being invoked for every file in the apparmor.d tree, rather than acting on wildcard globs. That said, I think it's an acceptable tradeoff. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-by: John Johansen <john.johansen@canonical.com>
2012-11-21 07:39:40 -08:00
SUBDIRS=$(shell find ${PROFILES_SOURCE} -type d -print)
TOPLEVEL_PROFILES=$(filter-out ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*))
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
Fix $(PWD) when using "make -C profiles" By default, it stays at the "calling directory" instead of the directory of the Makefile, which breaks "make -C profiles check". Explicitely set it in the Makefile to get the right directory.
2018-03-18 17:13:18 +01:00
# $(PWD) is wrong when using "make -C profiles" - explicitely set it here to get the right value
PWD=$(shell pwd)
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
local:
This patch fixes an existing install failure in the profiles tree, due to the apparmor_api subtree not getting added in the Makefile. Rather Rather than require every sub-directory that gets added to be enumerated, it uses find to determine what directories and files to install, to avoid future breakage. It is admittedly slower than the original code because install(1) is being invoked for every file in the apparmor.d tree, rather than acting on wildcard globs. That said, I think it's an acceptable tradeoff. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-by: John Johansen <john.johansen@canonical.com>
2012-11-21 07:39:40 -08:00
for profile in ${TOPLEVEL_PROFILES}; do \
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
fn=$$(basename $$profile); \
echo "# Site-specific additions and overrides for '$$fn'" > ${PROFILES_SOURCE}/local/$$fn; \
profiles/Makefile: grep: use [[:space:]] instead of \s \s is a new feature of GNU grep 2.6 (released on 2010-03-23) and it does not work in older versions. By using [[:space:]] instead, AppArmor can compile on systems with older versions of grep. Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk> Acked-by: Steve Beattie <steve@nxnw.org>
2014-03-25 10:45:20 -07:00
grep "include[[:space:]]\\+<local/$$fn>" "$$profile" >/dev/null || { echo "$$profile doesn't contain #include <local/$$fn>" ; exit 1; } ; \
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
done; \
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
.PHONY: install
adjust profiles/Makefile for local files
2010-08-05 15:10:33 -05:00
install: local
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 755 -d ${PROFILES_DEST}
This patch fixes an existing install failure in the profiles tree, due to the apparmor_api subtree not getting added in the Makefile. Rather Rather than require every sub-directory that gets added to be enumerated, it uses find to determine what directories and files to install, to avoid future breakage. It is admittedly slower than the original code because install(1) is being invoked for every file in the apparmor.d tree, rather than acting on wildcard globs. That said, I think it's an acceptable tradeoff. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-by: John Johansen <john.johansen@canonical.com>
2012-11-21 07:39:40 -08:00
install -m 755 -d ${PROFILES_DEST}/disable
for dir in ${SUBDIRS} ; do \
install -m 755 -d "${PROFILES_DEST}/$${dir#${PROFILES_SOURCE}}" ; \
done
for file in $$(find ${PROFILES_SOURCE} -type f -print) ; do \
install -m 644 "$${file}" "${PROFILES_DEST}/$$(dirname $${file#${PROFILES_SOURCE}})" ; \
done
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
install -m 755 -d ${EXTRAS_DEST}
install -m 644 ${EXTRAS_SOURCE}/* ${EXTRAS_DEST}
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
profiles/Makefile: use LOCAL_ADDITIONS using filter-out in clean target, which is much cleaner.
2010-08-05 16:00:23 -05:00
LOCAL_ADDITIONS=$(filter-out ${PROFILES_SOURCE}/local/README, $(wildcard ${PROFILES_SOURCE}/local/*))
Import the rest of the core functionality of the internal apparmor development tree (trunk branch). From svn repo version 6381.
2006-04-11 21:52:54 +00:00
.PHONY: clean
clean:
Entire tree: makefile cruft removal - drop the symlink magic of the common/ directory, and just include files directly from there. - update comments indicating required steps to take when including common/Make.rules - drop make clean steps that refer to no longer generated tarballs, specfiles, and symlinks to the common directory/Make.rules. - don't silence clean steps if VERBOSE is set Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian "Ghostbuster" Boltz <apparmor@cboltz.de>
2015-01-23 15:52:09 -08:00
-rm -f ${LOCAL_ADDITIONS}
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
ifndef VERBOSE
Q=@
else
Q=
endif
ifndef PARSER
# use system parser
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
PARSER=../parser/apparmor_parser
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
endif
ifndef LOGPROF
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
# use ../utils logprof
profiles: update make check-logprof for python tools The check-logprof target was not updated to use the python tools, when they were merged in. This patch fixes the issue. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Christian Boltz <apparmor@cboltz.de>
2014-12-02 08:03:09 -08:00
LOGPROF=PYTHONPATH=../utils $(PYTHON) ../utils/aa-logprof
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
endif
build: make documentation at tarball creation time, not during build The latex based techdoc in the parser/ tree adds a number of build dependencies for downstreams to create it; it also is the primary element to make the builds unrepeatable. Creating the techdoc and other documentation when generating a tarball for distribution avoids all that. * Makefile: build documentation as part of the tarball creation. Skip the libraries/libapparmor directory as it needs to have configure run before the manpages can be made. * changehat/mod_apparmor/Makefile, changehat/mod_apparmor/Makefile, utils/Makefile, profiles/Makefile: create separate docs target, some of them dummies. * parser/Makefile: pull the techdoc out of the default build target, add an extra_docs target to create it. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: John Johansen <john.johansen@canonical.com> Acked-by: Christian Boltz <apparmor@cboltz.de>
2016-12-10 10:25:31 -08:00
.PHONY: docs
# docs: should we have some here?
docs:
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
IGNORE_FILES=${EXTRAS_SOURCE}/README
Subject: profiles - fix make check When I corrected the profiles/Makefile to automatically find files to install, I converted one variable name but missed a later location where that variable was used, which broke the 'make check' target, because directories would be handed to the apparmor parser. This patch corrects that and also makes the VERBOSE flag report each profile name as it's being handed to the parser. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Jamie Strandboge <jamie@canonical.com> Acked-By: Seth Arnold <seth.arnold@canonical.com>
2012-12-21 22:43:11 -08:00
CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SOURCE}/*) $(wildcard ${EXTRAS_SOURCE}/*))
profiles/Makefile: test abstractions against apparmor_parser Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues.
2018-10-13 15:41:15 +03:00
# use find because Make wildcard is not recursive:
CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print)
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
.PHONY: check
add test to ensure abstractions have '#include if exists <*.d>' Exceptions are - ubuntu-browsers (because we already have ubuntu-browsers.d with different usage) - ubuntu-helpers (which includes the sanitized_helper subprofile, so adding something in the global area wouldn't make much sense) Also adjust abstractions/postfix-common to use the style all abstractions use.
2019-01-27 19:13:50 +01:00
check: check-parser check-logprof check-abstractions.d
Subject: profiles - separate out logprof checks from parser checks This patch separates out make check in the profiles/ directory into two sub targets, for checking profiles against the built parser and aa-logprof respectively. The logprof check currently makes some assumptions about the environment that make it difficult to run in a minimal chroot environment. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Jamie Strandboge <jamie@canonical.com>
2013-01-02 14:33:12 -08:00
.PHONY: check-parser
profiles/Makefile check-parser depends on local/* files Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2015-06-19 21:05:49 +02:00
check-parser: local
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
@echo "*** Checking profiles from ${PROFILES_SOURCE} and ${EXTRAS_SOURCE} against apparmor_parser"
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
$(Q)for profile in ${CHECK_PROFILES} ; do \
Subject: profiles - fix make check When I corrected the profiles/Makefile to automatically find files to install, I converted one variable name but missed a later location where that variable was used, which broke the 'make check' target, because directories would be handed to the apparmor parser. This patch corrects that and also makes the VERBOSE flag report each profile name as it's being handed to the parser. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Jamie Strandboge <jamie@canonical.com> Acked-By: Seth Arnold <seth.arnold@canonical.com>
2012-12-21 22:43:11 -08:00
[ -n "${VERBOSE}" ] && echo "Testing $${profile}" ; \
Use parser/tst/parser.conf in profiles 'make check' This avoids problems if the system-wide parser.conf has caching enabled, and the cache location is not writeable for the user running 'make check'.
2018-09-16 22:06:46 +02:00
${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d $${profile} > /dev/null || exit 1; \
This patch adds two new make targets to the profiles package: 'check' and 'check-install'. The 'check' target will attempt to run the profiles in the working subversion directory (both in enabled/ and extras/ directories) through the apparmor_parser as a means of sanity checking the profiles. The 'check-install' target will also run the 'check' target, only against the installed location, modifiable by DESTDIR and EXTRASDIR (to match the behavior of the 'install' target). It also will run logprof (with an empty logfile) on the installation location, as logprof and the parser have differing ideas of what is a valid profile :-( . Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path' will install the profiles into a location and cycle the parser and logprof over the profiles in that The 'check' target cannot run logprof as the subversion layout does not conform to a hierarchy logprof can deal with. The limitations also mean that logprof will not check the profiles in the extras/ directory. There are other passable variables that impact the 'check' and 'check-install' targets: VERBOSE - setting this variable will emit the actual commands run, mostly useful for debugging where the implementation of 'check' has gone wrong. PARSER, LOGPROF - setting these with a path to a different parser or logprof location will have the check targets use those version rather than the system utilities; e.g. "make check-install LOGPROF=../utils/logprof" to test a modified logprof in our current forge svn layout.
2006-06-05 16:39:29 +00:00
done
Subject: profiles - separate out logprof checks from parser checks This patch separates out make check in the profiles/ directory into two sub targets, for checking profiles against the built parser and aa-logprof respectively. The logprof check currently makes some assumptions about the environment that make it difficult to run in a minimal chroot environment. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Jamie Strandboge <jamie@canonical.com>
2013-01-02 14:33:12 -08:00
profiles/Makefile: test abstractions against apparmor_parser Update Makefile to test abstractions by generating temporary profile, to check for missing (not backported) abstractions or other issues.
2018-10-13 15:41:15 +03:00
@echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser"
$(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \
[ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \
echo "#include <tunables/global> profile test { #include <$${abstraction}> }" \
| ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \
|| exit 1; \
done
Subject: profiles - separate out logprof checks from parser checks This patch separates out make check in the profiles/ directory into two sub targets, for checking profiles against the built parser and aa-logprof respectively. The logprof check currently makes some assumptions about the environment that make it difficult to run in a minimal chroot environment. Signed-off-by: Steve Beattie <sbeattie@ubuntu.com> Acked-By: Jamie Strandboge <jamie@canonical.com>
2013-01-02 14:33:12 -08:00
.PHONY: check-logprof
check-logprof needs local/* files check-logprof in profiles/Makefile needs the local/* files. Add a dependency to make sure they are generated. Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
2015-06-18 22:58:59 +02:00
check-logprof: local
Grand profile repository re-organization. Move directories around to make the final install layout match the layout in the repository (at long last :) -- now we can use a single 'make check' target to check the profiles in the repository against both apparmor_parser and logprof.
2007-05-16 18:51:46 +00:00
@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"
profiles/Makefile: fix 'check' target to iterate over the profiles in the extras directory as intended and fail the make if a parse failure occurs. Also, set the default parser and logprof to be the intree ones; the system ones can still be used by setting environment variables. Finally, have the 'all' target generate the local files. Also, set the parser base directory to the apparmor.d directory (rather than as an added include, to avoid outside contamination from system profiles and includes). With these changes, make && make check should verify the profile set is compilable and mostly consistent. (Alas, the current profiles are not quite consistent).
2011-03-18 22:31:26 -07:00
$(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1
add test to ensure abstractions have '#include if exists <*.d>' Exceptions are - ubuntu-browsers (because we already have ubuntu-browsers.d with different usage) - ubuntu-helpers (which includes the sanitized_helper subprofile, so adding something in the global area wouldn't make much sense) Also adjust abstractions/postfix-common to use the style all abstractions use.
2019-01-27 19:13:50 +01:00
.PHONY: check-abstractions.d
check-abstractions.d:
@echo "*** Checking if all abstractions (with a few exceptions) contain #include if exists <abstractions/*.d>"
$(Q)cd apparmor.d/abstractions && for file in * ; do \
test -d "$$file" && continue ; \
Make check-abstractions.d compatible with more shells
2020-01-27 23:44:59 +01:00
test "$$file" = 'ubuntu-browsers' && continue ; \
test "$$file" = 'ubuntu-helpers' && continue ; \
add test to ensure abstractions have '#include if exists <*.d>' Exceptions are - ubuntu-browsers (because we already have ubuntu-browsers.d with different usage) - ubuntu-helpers (which includes the sanitized_helper subprofile, so adding something in the global area wouldn't make much sense) Also adjust abstractions/postfix-common to use the style all abstractions use.
2019-01-27 19:13:50 +01:00
grep -q "^ #include if exists <abstractions/$${file}.d>$$" $$file || { echo "$$file does not contain '#include if exists <abstractions/$${file}.d>'"; exit 1; } ; \
done
Reference in a new issue Copy permalink