Update Makefile to test abstractions by generating temporary profile, to
check for missing (not backported) abstractions or other issues.
This is backport of dc7ae28de0 for
2.10..2.12 series (without --config-file option).
Fix $(PWD) when using "make -C profiles"
See merge request apparmor/apparmor!80
Acked-by: John Johansen <john.johansen@canonical.com>
(cherry picked from commit 14096cb3a7)
20893382 Fix $(PWD) when using "make -C profiles"
The latex based techdoc in the parser/ tree adds a number of build
dependencies for downstreams to create it; it also is the primary
element to make the builds unrepeatable. Creating the techdoc and other
documentation when generating a tarball for distribution avoids all
that.
* Makefile: build documentation as part of the tarball creation. Skip
the libraries/libapparmor directory as it needs to have configure run
before the manpages can be made.
* changehat/mod_apparmor/Makefile, changehat/mod_apparmor/Makefile,
utils/Makefile, profiles/Makefile: create separate docs target,
some of them dummies.
* parser/Makefile: pull the techdoc out of the default build target, add
an extra_docs target to create it.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
aa-logprof is able to parse all profiles, so there is no longer a
reason to skip this test.
This patch reverts r2097 and r2098 from 2013-01-02.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
Acked-by: John Johansen <john.johansen@canonical.com>
(and now that the tests work even if logprof.conf doesn't exist,
Steve's NACK is no longer valid)
check-logprof in profiles/Makefile needs the local/* files.
Add a dependency to make sure they are generated.
Acked-by: Kshitij Gupta <kgupta8592@gmail.com>
- drop the symlink magic of the common/ directory, and just include
files directly from there.
- update comments indicating required steps to take when including
common/Make.rules
- drop make clean steps that refer to no longer generated tarballs,
specfiles, and symlinks to the common directory/Make.rules.
- don't silence clean steps if VERBOSE is set
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian "Ghostbuster" Boltz <apparmor@cboltz.de>
The check-logprof target was not updated to use the python tools, when
they were merged in. This patch fixes the issue.
Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Christian Boltz <apparmor@cboltz.de>
\s is a new feature of GNU grep 2.6 (released on 2010-03-23) and
it does not work in older versions. By using [[:space:]] instead,
AppArmor can compile on systems with older versions of grep.
Signed-off-by: Alban Crequy <alban.crequy@collabora.co.uk>
Acked-by: Steve Beattie <steve@nxnw.org>
target in the profiles Makefile, for future archaeological spelunking.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: Christian Boltz <apparmor@cboltz.de>
This patch separates out make check in the profiles/ directory into
two sub targets, for checking profiles against the built parser
and aa-logprof respectively. The logprof check currently makes some
assumptions about the environment that make it difficult to run in
a minimal chroot environment.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
When I corrected the profiles/Makefile to automatically find files to
install, I converted one variable name but missed a later location where
that variable was used, which broke the 'make check' target, because
directories would be handed to the apparmor parser. This patch corrects
that and also makes the VERBOSE flag report each profile name as it's
being handed to the parser.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
to the apparmor_api subtree not getting added in the Makefile. Rather
Rather than require every sub-directory that gets added to be
enumerated, it uses find to determine what directories and files to
install, to avoid future breakage. It is admittedly slower than the
original code because install(1) is being invoked for every file in
the apparmor.d tree, rather than acting on wildcard globs. That said,
I think it's an acceptable tradeoff.
Signed-off-by: Steve Beattie <sbeattie@ubuntu.com>
Acked-by: John Johansen <john.johansen@canonical.com>
/etc/apparmor/profiles/extras/, and update the path at various places.
Also update the mailinglist address in extra-profiles README and
recommend cp instead of mv.
Note: if you want to have a symlink
/etc/apparmor/profiles/extras -> /usr/share/apparmor/extra-profiles/
for backward compability, you'll have to create it yourself (for example
in the .spec file)
This also fixes https://bugzilla.novell.com/show_bug.cgi?id=713647
Acked-by: John Johansen <john.johansen@canonical.com>
the extras directory as intended and fail the make if a parse failure
occurs. Also, set the default parser and logprof to be the intree ones;
the system ones can still be used by setting environment variables.
Finally, have the 'all' target generate the local files. Also, set the
parser base directory to the apparmor.d directory (rather than as an
added include, to avoid outside contamination from system profiles and
includes).
With these changes, make && make check should verify the profile set is
compilable and mostly consistent. (Alas, the current profiles are not
quite consistent).
make the final install layout match the layout in the repository (at
long last :) -- now we can use a single 'make check' target to check the
profiles in the repository against both apparmor_parser and logprof.
and 'check-install'. The 'check' target will attempt to run the profiles
in the working subversion directory (both in enabled/ and extras/
directories) through the apparmor_parser as a means of sanity checking
the profiles.
The 'check-install' target will also run the 'check' target, only
against the installed location, modifiable by DESTDIR and EXTRASDIR (to
match the behavior of the 'install' target). It also will run logprof
(with an empty logfile) on the installation location, as logprof and the
parser have differing ideas of what is a valid profile :-( .
Thus 'make install check-install DESTDIR=/some/path EXTRASDIR=/other/path'
will install the profiles into a location and cycle the parser and
logprof over the profiles in that
The 'check' target cannot run logprof as the subversion layout does not
conform to a hierarchy logprof can deal with. The limitations also mean
that logprof will not check the profiles in the extras/ directory.
There are other passable variables that impact the 'check' and
'check-install' targets:
VERBOSE - setting this variable will emit the actual commands run,
mostly useful for debugging where the implementation of 'check'
has gone wrong.
PARSER, LOGPROF - setting these with a path to a different parser or
logprof location will have the check targets use those version
rather than the system utilities; e.g.
"make check-install LOGPROF=../utils/logprof" to test a modified
logprof in our current forge svn layout.
