diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-01-25 01:37:40 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-01-27 23:58:30 -0300 |
commit | c7c4f57d13b0e5720ee672a1761663d739d0bffa (patch) | |
tree | 11d8692f19391c2df62a573531f2e6b2d859dab6 /Makefile | |
parent | build: move syntax files to contrib/syntax/files (diff) | |
download | firejail-c7c4f57d13b0e5720ee672a1761663d739d0bffa.tar.gz firejail-c7c4f57d13b0e5720ee672a1761663d739d0bffa.tar.zst firejail-c7c4f57d13b0e5720ee672a1761663d739d0bffa.zip |
build: auto-generate syntax lists
Changes:
* Use the commands from contrib/vim/syntax/firejail.vim to create
makefile targets to generate syntax lists in contrib/syntax/lists
* Add contrib/syntax/files/example.in as an example of how to generate
syntax files
* Generate and add the syntax lists, to make it easier to spot if they
are properly updated when a new command is added or if their recipes
also need changes
* Add "syntax" and "contrib" makefile targets
Note: The generation commands are executed mostly silently to avoid
generating too much noise when also making other targets.
Note2: In some generation commands, a `$$` escape is used to pass `$` to
the shell, to avoid being interpreted by make as the start of a macro.
Note3: `@make_input@` is used in example.in to make it clear that the
file is generated (and that it is generated by make rather than
configure), similarly to how `@configure_input@` is used in configure
input files. See also apparmor.vim:
$ head -n 2 /usr/share/vim/vimfiles/syntax/apparmor.vim
" generated from apparmor.vim.in by create-apparmor.vim.py
" do not edit this file - edit apparmor.vim.in or create-apparmor.vim.py instead
Environment: apparmor 3.1.2-1 on Artix Linux.
Relates to #2679 #5502 #5577 #5612.
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 70 |
1 files changed, 70 insertions, 0 deletions
@@ -19,6 +19,22 @@ MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so s | |||
19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | 19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion |
20 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 | 20 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 |
21 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 | 21 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 |
22 | |||
23 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) | ||
24 | |||
25 | # Lists of keywords used in profiles; used for generating syntax files. | ||
26 | SYNTAX_LISTS = \ | ||
27 | contrib/syntax/lists/profile_commands_arg0.list \ | ||
28 | contrib/syntax/lists/profile_commands_arg1.list \ | ||
29 | contrib/syntax/lists/profile_conditionals.list \ | ||
30 | contrib/syntax/lists/profile_macros.list \ | ||
31 | contrib/syntax/lists/syscall_groups.list \ | ||
32 | contrib/syntax/lists/syscalls.list \ | ||
33 | contrib/syntax/lists/system_errnos.list | ||
34 | |||
35 | SYNTAX_FILES_IN := $(sort $(wildcard contrib/syntax/files/*.in)) | ||
36 | SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | ||
37 | |||
22 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 38 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
23 | 39 | ||
24 | .PHONY: all | 40 | .PHONY: all |
@@ -65,6 +81,59 @@ $(MANPAGES): src/man config.mk | |||
65 | 81 | ||
66 | man: $(MANPAGES) | 82 | man: $(MANPAGES) |
67 | 83 | ||
84 | # Makes all targets in contrib/ | ||
85 | .PHONY: contrib | ||
86 | contrib: syntax | ||
87 | |||
88 | .PHONY: syntax | ||
89 | syntax: $(SYNTAX_FILES) | ||
90 | |||
91 | # TODO: include/rlimit are false positives | ||
92 | contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c | ||
93 | @sed -En 's/.*strn?cmp\(ptr, "([^ "]*[^ ])".*/\1/p' $< | \ | ||
94 | grep -Ev '^(include|rlimit)$$' | sed 's/\./\\./' | sort -u >$@ | ||
95 | |||
96 | # TODO: private-lib is special-cased in the code and doesn't match the regex | ||
97 | contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c | ||
98 | @{ sed -En 's/.*strn?cmp\(ptr, "([^"]+) ".*/\1/p' $<; echo private-lib; } | \ | ||
99 | sort -u >$@ | ||
100 | |||
101 | contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c | ||
102 | @awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \ | ||
103 | /\t*\{"[^"]+".*/ \ | ||
104 | { if (process) {print gensub(/^\t*\{"([^"]+)".*$$/, "\\1", 1);} } \ | ||
105 | /^\t\{ NULL, NULL \}$$/ {process=0;}' \ | ||
106 | $< | sort -u >$@ | ||
107 | |||
108 | contrib/syntax/lists/profile_macros.list: src/firejail/macros.c | ||
109 | @sed -En 's/.*\$$\{([^}]+)\}.*/\1/p' $< | sort -u >$@ | ||
110 | |||
111 | contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c | ||
112 | @sed -En 's/.*"@([^",]+).*/\1/p' $< | sort -u >$@ | ||
113 | |||
114 | contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS) | ||
115 | @sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) | \ | ||
116 | sort -u >$@ | ||
117 | |||
118 | contrib/syntax/lists/system_errnos.list: src/lib/errno.c | ||
119 | @sed -En 's/.*"(E[^"]+).*/\1/p' $< | sort -u >$@ | ||
120 | |||
121 | pipe_fromlf = { tr '\n' '|' | sed 's/|$$//'; } | ||
122 | space_fromlf = { tr '\n' ' ' | sed 's/ $$//'; } | ||
123 | edit_syntax_file = sed \ | ||
124 | -e "s/@make_input@/$$(basename $@). Generated from $$(basename $<) by make./" \ | ||
125 | -e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \ | ||
126 | -e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \ | ||
127 | -e "s/@FJ_PROFILE_CONDITIONALS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \ | ||
128 | -e "s/@FJ_PROFILE_MACROS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_macros.list)/" \ | ||
129 | -e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \ | ||
130 | -e "s/@FJ_SYSCALL_GROUPS@/$$($(pipe_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \ | ||
131 | -e "s/@FJ_SYSTEM_ERRNOS@/$$($(pipe_fromlf) <contrib/syntax/lists/system_errnos.list)/" | ||
132 | |||
133 | contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS) | ||
134 | @printf 'Generating %s from %s\n' $@ $< | ||
135 | @$(edit_syntax_file) $< >$@ | ||
136 | |||
68 | .PHONY: clean | 137 | .PHONY: clean |
69 | clean: | 138 | clean: |
70 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | 139 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ |
@@ -73,6 +142,7 @@ clean: | |||
73 | $(MAKE) -C test clean | 142 | $(MAKE) -C test clean |
74 | rm -f $(SECCOMP_FILTERS) | 143 | rm -f $(SECCOMP_FILTERS) |
75 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | 144 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm |
145 | rm -f $(SYNTAX_FILES) | ||
76 | rm -f test/utils/index.html* | 146 | rm -f test/utils/index.html* |
77 | rm -f test/utils/wget-log | 147 | rm -f test/utils/wget-log |
78 | rm -f test/utils/firejail-test-file* | 148 | rm -f test/utils/firejail-test-file* |