Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure Debian package with AA and SELinux options #3414

Merged
merged 1 commit into from
May 14, 2020

Conversation

topimiettinen
Copy link
Collaborator

Configure Debian package with AA and SELinux options if they are
enabled.

Configure Debian package with AA and SELinux options if they are
enabled.
@topimiettinen topimiettinen merged commit 87e7b31 into netblue30:master May 14, 2020
@topimiettinen topimiettinen deleted the mkdeb-configure branch May 14, 2020 13:10
kmk3 added a commit to kmk3/firejail that referenced this pull request May 17, 2022
The "build_apparmor" job was added on commit 342e71c ("Add
deb-apparmor build to Gitlab CI", 2019-01-26).  It would call
`./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor`
directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to
the linker.

Later, commit 87e7b31 ("Configure Debian package with AA and SELinux
options", 2020-05-13) / PR netblue30#3414 merged mkdeb.sh and mkdeb-apparmor.sh
into mkdeb.sh.in, which does not always pass `--enable-apparmor` to
./configure directly.  Instead, it adds `--enable-apparmor` depending on
whether the `$HAVE_APPARMOR` environment variable is set, which would be
done by a previous run of ./configure with `--enable-apparmor`.  Since
on "build_apparmor" ./configure is not run the first time with
`--enable-apparmor`, neither is it on the second time and thus
`-lapparmor` is never passed to the linker.  This commit adds
`--enable-apparmor` to the first ./configure run on the ci job, so that
it gets passed to the one being executed on mkdeb.sh as well.
kmk3 added a commit to kmk3/firejail that referenced this pull request May 27, 2022
PACKAGE_TARNAME was added on commit 87e7b31 ("Configure Debian package
with AA and SELinux options", 2020-05-13) / PR netblue30#3414.

TOP was added on commit ed4a24c ("porting make deb-apparmor from LTS
build", 2019-01-26).
kmk3 added a commit to kmk3/firejail that referenced this pull request May 27, 2022
PACKAGE_TARNAME was added on commit 87e7b31 ("Configure Debian package
with AA and SELinux options", 2020-05-13) / PR netblue30#3414.

TOP was added on commit ed4a24c ("porting make deb-apparmor from LTS
build", 2019-01-26).
kmk3 added a commit to kmk3/firejail that referenced this pull request May 29, 2022
Currently, mkdeb.sh (which is used to make a .deb package) runs
./configure with hardcoded options (some of which are automatically
detected based on configure-time variables).  To work around the
hardcoding, contrib/fj-mkdeb.py is used to add additional options by
rewriting the actual call to ./configure on mkdeb.sh.  For example, the
following invocation adds --disable-firetunnel to mkdeb.sh:

    $ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel

To avoid depending on another script and to avoid re-generating
mkdeb.sh, just let the latter pass the remaining arguments (the first
one is an optional package filename suffix) to ./configure directly.
Example:

    $ make distclean && ./configure && make dist &&
      ./mkdeb.sh "" --disable-firetunnel

Additionally, change contrib/fj-mkdeb.py to do roughly the same as the
above example, by simply forwarding the arguments that it receives to
./mkdeb.sh (which then forwards them to ./configure).  Also, remove the
--only-fix-mkdeb option, since the script does not change mkdeb.sh
anymore.  With these changes, the script's usage (other than when using
--only-fix-mkdeb) should remain the same.

Note: To clean the generated files and then make a .deb package using
the default configuration, the invocation is still the same:

    $ make distclean && ./configure && make deb

Note2: Running ./configure in the above examples is only needed for
generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running
distclean, so that running `make` / `./mkdeb.sh` afterwards works.

Should fully fix netblue30#772.

Relates to netblue30#1205 netblue30#3414 netblue30#5148.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant