From 5247a6c7b5820197d26e19064d4ef0ff4edc41a1 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 25 May 2022 11:42:54 -0300 Subject: [PATCH 1/3] mkdeb.sh.in: remove unused PACKAGE_TARNAME/TOP vars PACKAGE_TARNAME was added on commit 87e7b3139 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR #3414. TOP was added on commit ed4a24ce7 ("porting make deb-apparmor from LTS build", 2019-01-26). --- mkdeb.sh.in | 2 -- 1 file changed, 2 deletions(-) diff --git a/mkdeb.sh.in b/mkdeb.sh.in index 6d6981417fc..a18ff80212c 100755 --- a/mkdeb.sh.in +++ b/mkdeb.sh.in @@ -9,7 +9,6 @@ set -e NAME=@PACKAGE_NAME@ VERSION=@PACKAGE_VERSION@ -PACKAGE_TARNAME=@PACKAGE_TARNAME@ HAVE_APPARMOR=@HAVE_APPARMOR@ HAVE_SELINUX=@HAVE_SELINUX@ EXTRA_VERSION=$1 @@ -22,7 +21,6 @@ if [ -n "$HAVE_SELINUX" ]; then CONFIG_ARGS="$CONFIG_ARGS --enable-selinux" fi -TOP="$PWD" CODE_ARCHIVE="$NAME-$VERSION.tar.xz" CODE_DIR="$NAME-$VERSION" INSTALL_DIR="${INSTALL_DIR}${CODE_DIR}/debian" From b4d0b24c533c8aebb8961bf658e3b41580b073e2 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 27 May 2022 15:10:46 -0300 Subject: [PATCH 2/3] fj-mkdeb.py: run distclean before ./configure This (mostly) restores the behavior from before commit 1fb814e51 ("Makefile.in: stop running distclean on dist", 2022-05-13) / PR #5142. ./configure still has to be called before calling ./contrib/fj-mkdeb.py (to generate Makefile from Makefile.in before calling `make distclean`). --- contrib/fj-mkdeb.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 60e25fd14a6..75fb6cbc8fc 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py @@ -29,6 +29,12 @@ def run(srcdir, args): else: escaped_args.append(shlex.quote(a)) + # Remove generated files. + if not dry_run: + distclean = subprocess.call(['make', 'distclean']) + if distclean != 0: + return distclean + # Run configure to generate mkdeb.sh. first_config = subprocess.call(['./configure', '--prefix=/usr'] + args) if first_config != 0: From 9a0fbbd719b6d6c6fe46ae0f4b2e0ccd7988edcc Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 13 May 2022 23:33:20 -0300 Subject: [PATCH 3/3] mkdeb.sh.in: pass remaining arguments to ./configure Currently, mkdeb.sh (which is used to make a .deb package) runs ./configure with hardcoded options (some of which are automatically detected based on configure-time variables). To work around the hardcoding, contrib/fj-mkdeb.py is used to add additional options by rewriting the actual call to ./configure on mkdeb.sh. For example, the following invocation adds --disable-firetunnel to mkdeb.sh: $ ./configure && ./contrib/fj-mkdeb.py --disable-firetunnel To avoid depending on another script and to avoid re-generating mkdeb.sh, just let the latter pass the remaining arguments (the first one is an optional package filename suffix) to ./configure directly. Example: $ make distclean && ./configure && make dist && ./mkdeb.sh "" --disable-firetunnel Additionally, change contrib/fj-mkdeb.py to do roughly the same as the above example, by simply forwarding the arguments that it receives to ./mkdeb.sh (which then forwards them to ./configure). Also, remove the --only-fix-mkdeb option, since the script does not change mkdeb.sh anymore. With these changes, the script's usage (other than when using --only-fix-mkdeb) should remain the same. Note: To clean the generated files and then make a .deb package using the default configuration, the invocation is still the same: $ make distclean && ./configure && make deb Note2: Running ./configure in the above examples is only needed for generating Makefile/mkdeb.sh from Makefile.in/mkdeb.sh.in after running distclean, so that running `make` / `./mkdeb.sh` afterwards works. Should fully fix #772. Relates to #1205 #3414 #5148. --- .gitlab-ci.yml | 2 +- Makefile.in | 2 +- contrib/fj-mkdeb.py | 40 ++++++++++++++-------------------------- mkdeb.sh.in | 12 ++---------- 4 files changed, 18 insertions(+), 38 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4871ef03134..af590e2e17b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,7 +54,7 @@ build_apparmor: script: - apt-get update -qq - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - - ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb + - ./configure && make deb-apparmor && dpkg -i firejail*.deb - command -V firejail && firejail --version - firejail --version | grep -F 'AppArmor support is enabled' diff --git a/Makefile.in b/Makefile.in index 0e80fb43a5c..7d961213a94 100644 --- a/Makefile.in +++ b/Makefile.in @@ -222,7 +222,7 @@ deb: dist ./mkdeb.sh deb-apparmor: dist - ./mkdeb.sh -apparmor + ./mkdeb.sh -apparmor --enable-apparmor test-compile: dist cd test/compile; ./compile.sh $(NAME)-$(VERSION) diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 75fb6cbc8fc..f6611bee8db 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py @@ -3,9 +3,10 @@ # Copyright (C) 2014-2022 Firejail Authors # License GPL v2 -# This script automates the workaround for https://github.com/netblue30/firejail/issues/772 +# This script automates the creation of a .deb package. It was originally +# created to work around https://github.com/netblue30/firejail/issues/772 -import os, shlex, subprocess, sys +import os, subprocess, sys def run(srcdir, args): @@ -15,41 +16,29 @@ def run(srcdir, args): print('Error: Not a firejail source tree? Exiting.') return 1 - dry_run = False - escaped_args = [] - # We need to modify the list as we go. So be sure to copy the list to be iterated! + # Ignore unsupported arguments. for a in args[:]: if a.startswith('--prefix'): # prefix should ALWAYS be /usr here. Discard user-set values args.remove(a) - elif a == '--only-fix-mkdeb': - # for us, not configure - dry_run = True - args.remove(a) - else: - escaped_args.append(shlex.quote(a)) # Remove generated files. - if not dry_run: - distclean = subprocess.call(['make', 'distclean']) - if distclean != 0: - return distclean + distclean = subprocess.call(['make', 'distclean']) + if distclean != 0: + return distclean # Run configure to generate mkdeb.sh. first_config = subprocess.call(['./configure', '--prefix=/usr'] + args) if first_config != 0: return first_config - # Fix up dynamically-generated mkdeb.sh to include custom configure options. - with open('mkdeb.sh', 'rb') as f: - sh = str(f.read(), 'utf_8') - with open('mkdeb.sh', 'wb') as f: - f.write(bytes(sh.replace('./configure $CONFIG_ARGS', - './configure $CONFIG_ARGS ' + (' '.join(escaped_args))), 'utf_8')) - - if dry_run: return 0 + # Create the dist file used by mkdeb.sh. + make_dist = subprocess.call(['make', 'dist']) + if make_dist != 0: + return make_dist - return subprocess.call(['make', 'deb']) + # Run mkdeb.sh with the custom configure options. + return subprocess.call(['./mkdeb.sh'] + args) if __name__ == '__main__': @@ -57,13 +46,12 @@ def run(srcdir, args): print('''Build a .deb of firejail with custom configure options usage: -{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]] +{script} [--fj-src=SRCDIR] [CONFIGURE_OPTIONS [...]] --fj-src=SRCDIR: manually specify the location of firejail source tree as SRCDIR. If not specified, looks in the parent directory of the directory where this script is located, and then the current working directory, in that order. - --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh CONFIGURE_OPTIONS: arguments for configure '''.format(script=sys.argv[0])) sys.exit(0) diff --git a/mkdeb.sh.in b/mkdeb.sh.in index a18ff80212c..79f8d748cf2 100755 --- a/mkdeb.sh.in +++ b/mkdeb.sh.in @@ -9,17 +9,9 @@ set -e NAME=@PACKAGE_NAME@ VERSION=@PACKAGE_VERSION@ -HAVE_APPARMOR=@HAVE_APPARMOR@ -HAVE_SELINUX=@HAVE_SELINUX@ EXTRA_VERSION=$1 -CONFIG_ARGS="--prefix=/usr" -if [ -n "$HAVE_APPARMOR" ]; then - CONFIG_ARGS="$CONFIG_ARGS --enable-apparmor" -fi -if [ -n "$HAVE_SELINUX" ]; then - CONFIG_ARGS="$CONFIG_ARGS --enable-selinux" -fi +test "$#" -gt 0 && shift CODE_ARCHIVE="$NAME-$VERSION.tar.xz" CODE_DIR="$NAME-$VERSION" @@ -36,7 +28,7 @@ echo "*****************************************" tar -xJvf "$CODE_ARCHIVE" #mkdir -p "$INSTALL_DIR" cd "$CODE_DIR" -./configure $CONFIG_ARGS +./configure --prefix=/usr "$@" make -j2 mkdir debian DESTDIR=debian make install-strip