From f33e452b044af0b651784a43e6981078eb0c0540 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 5 Feb 2023 08:43:07 -0300 Subject: [PATCH] build: deb: enable apparmor by default & remove deb-apparmor The official .deb package is always built with apparmor support, so use `--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in order to reduce redundancy. Note that custom configure options may be specified by calling ./mkdeb.sh directly. For example, to build the .deb package without apparmor support, instead of running `make deb`, the following commands can be used: make dist ./mkdeb.sh --disable-apparmor Also, change the `build_apparmor` GitLab CI job into `build_no_apparmor`, which is intended to check that building without apparmor still works. Note: This commit makes the resulting .deb package not have an "-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid redundancy (as having apparmor support becomes the default). Misc: This is a follow-up to #5654. Relates to #5154 #5176 #5547. --- .gitlab-ci.yml | 12 ++++++------ Makefile | 4 ---- README | 2 +- contrib/update_deb.sh | 2 +- mkdeb.sh | 2 +- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b0af96cf999..6dcb40e6773 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ build_ubuntu_package: image: ubuntu:rolling script: - apt-get update -qq - - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk + - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc @@ -18,7 +18,7 @@ build_debian_package: image: debian:stretch script: - apt-get update -qq - - apt-get install -y -qq build-essential lintian pkg-config gawk + - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version @@ -49,14 +49,14 @@ build_src_package: - command -V firejail && firejail --version # - python3 contrib/sort.py etc/*.{profile,inc} -build_apparmor: +build_no_apparmor: image: ubuntu:latest script: - apt-get update -qq - - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - - ./configure && make deb-apparmor && dpkg -i firejail*.deb + - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk + - ./configure && make dist && ./mkdeb.sh --disable-apparmor && dpkg -i firejail*.deb - command -V firejail && firejail --version - - firejail --version | grep -F 'AppArmor support is enabled' + - firejail --version | grep -F 'AppArmor support is disabled' debian_ci: image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest diff --git a/Makefile b/Makefile index 396313fe9ce..261de04e002 100644 --- a/Makefile +++ b/Makefile @@ -339,10 +339,6 @@ asc: config.mk deb: dist config.sh ./mkdeb.sh -.PHONY: deb-apparmor -deb-apparmor: dist config.sh - env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor - .PHONY: test-compile test-compile: dist config.mk cd test/compile; ./compile.sh $(TARNAME)-$(VERSION) diff --git a/README b/README index 762668a8822..fcd0e24376e 100644 --- a/README +++ b/README @@ -34,7 +34,7 @@ $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). We build our release firejail.tar.xz and firejail.deb packages using the following command: -$ make distclean && ./configure && make deb-apparmor +$ make distclean && ./configure && make deb Maintainer: diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh index 4ee65202466..ad6e728f168 100755 --- a/contrib/update_deb.sh +++ b/contrib/update_deb.sh @@ -15,7 +15,7 @@ cd firejail sed -i "s/# restricted-network .*/restricted-network yes/" \ etc/firejail.config -make deb-apparmor +make deb sudo dpkg -i firejail*.deb echo "Firejail updated." cd .. diff --git a/mkdeb.sh b/mkdeb.sh index a0fc0123475..6d7f8b2099f 100755 --- a/mkdeb.sh +++ b/mkdeb.sh @@ -25,7 +25,7 @@ echo "*****************************************" tar -xJvf "$CODE_ARCHIVE" #mkdir -p "$INSTALL_DIR" cd "$CODE_DIR" -./configure --prefix=/usr "$@" +./configure --prefix=/usr --enable-apparmor "$@" make -j2 mkdir debian DESTDIR=debian make install-strip