the extras directory as intended and fail the make if a parse failure
occurs. Also, set the default parser and logprof to be the intree ones;
the system ones can still be used by setting environment variables.
Finally, have the 'all' target generate the local files. Also, set the
parser base directory to the apparmor.d directory (rather than as an
added include, to avoid outside contamination from system profiles and
includes).
With these changes, make && make check should verify the profile set is
compilable and mostly consistent. (Alas, the current profiles are not
quite consistent).
make the final install layout match the layout in the repository (at
long last :) -- now we can use a single 'make check' target to check the
profiles in the repository against both apparmor_parser and logprof.
and 'check-install'. The 'check' target will attempt to run the profiles
in the working subversion directory (both in enabled/ and extras/
directories) through the apparmor_parser as a means of sanity checking
the profiles.
The 'check-install' target will also run the 'check' target, only
against the installed location, modifiable by DESTDIR and EXTRASDIR (to
match the behavior of the 'install' target). It also will run logprof
(with an empty logfile) on the installation location, as logprof and the
parser have differing ideas of what is a valid profile :-( .
Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path'
will install the profiles into a location and cycle the parser and
logprof over the profiles in that
The 'check' target cannot run logprof as the subversion layout does not
conform to a hierarchy logprof can deal with. The limitations also mean
that logprof will not check the profiles in the extras/ directory.
There are other passable variables that impact the 'check' and
'check-install' targets:
VERBOSE - setting this variable will emit the actual commands run,
mostly useful for debugging where the implementation of 'check'
has gone wrong.
PARSER, LOGPROF - setting these with a path to a different parser or
logprof location will have the check targets use those version
rather than the system utilities; e.g.
"make check-install LOGPROF=../utils/logprof" to test a modified
logprof in our current forge svn layout.
