Configure Debian package with AA and SELinux options #3414
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Configure Debian package with AA and SELinux options if they are enabled.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 17, 2022
The "build_apparmor" job was added on commit 342e71c ("Add deb-apparmor build to Gitlab CI", 2019-01-26). It would call `./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor` directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to the linker. Later, commit 87e7b31 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR netblue30#3414 merged mkdeb.sh and mkdeb-apparmor.sh into mkdeb.sh.in, which does not always pass `--enable-apparmor` to ./configure directly. Instead, it adds `--enable-apparmor` depending on whether the `$HAVE_APPARMOR` environment variable is set, which would be done by a previous run of ./configure with `--enable-apparmor`. Since on "build_apparmor" ./configure is not run the first time with `--enable-apparmor`, neither is it on the second time and thus `-lapparmor` is never passed to the linker. This commit adds `--enable-apparmor` to the first ./configure run on the ci job, so that it gets passed to the one being executed on mkdeb.sh as well.
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 27, 2022
PACKAGE_TARNAME was added on commit 87e7b31 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR netblue30#3414. TOP was added on commit ed4a24c ("porting make deb-apparmor from LTS build", 2019-01-26).
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 27, 2022
PACKAGE_TARNAME was added on commit 87e7b31 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR netblue30#3414. TOP was added on commit ed4a24c ("porting make deb-apparmor from LTS build", 2019-01-26).
kmk3
added a commit
to kmk3/firejail
that referenced
this pull request
May 29, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables). To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh. For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:
$ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel
To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:
$ make distclean && ./configure && make dist &&
./mkdeb.sh "" --disable-firetunnel
Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure). Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore. With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.
Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:
$ make distclean && ./configure && make deb
Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.
Should fully fix netblue30#772.
Relates to netblue30#1205 netblue30#3414 netblue30#5148.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Configure Debian package with AA and SELinux options if they are
enabled.