From 1f671ab6cc1473e6d2a3354bced3a25ab4cb34df Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 15 May 2022 12:23:14 -0300 Subject: gitlab-ci: actually link libapparmor on build_apparmor The "build_apparmor" job was added on commit 342e71cd8 ("Add deb-apparmor build to Gitlab CI", 2019-01-26). It would call `./mkdeb-apparmor.sh`, which would run `./configure --enable-apparmor` directly, adding `-lapparmor` to `EXTRA_LDFLAGS` and thus passing it to the linker. Later, commit 87e7b3139 ("Configure Debian package with AA and SELinux options", 2020-05-13) / PR #3414 merged mkdeb.sh and mkdeb-apparmor.sh into mkdeb.sh.in, which does not always pass `--enable-apparmor` to ./configure directly. Instead, it adds `--enable-apparmor` depending on whether the `$HAVE_APPARMOR` environment variable is set, which would be done by a previous run of ./configure with `--enable-apparmor`. Since on "build_apparmor" ./configure is not run the first time with `--enable-apparmor`, neither is it on the second time and thus `-lapparmor` is never passed to the linker. This commit adds `--enable-apparmor` to the first ./configure run on the ci job, so that it gets passed to the one being executed on mkdeb.sh as well. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.gitlab-ci.yml') diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 06b3367e6..4871ef031 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,7 +54,7 @@ build_apparmor: script: - apt-get update -qq - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - - ./configure --prefix=/usr && make deb-apparmor && dpkg -i firejail*.deb + - ./configure --prefix=/usr --enable-apparmor && make deb-apparmor && dpkg -i firejail*.deb - command -V firejail && firejail --version - firejail --version | grep -F 'AppArmor support is enabled' -- cgit v1.2.3-54-g00ecf