From 983716184093a8f87e63735e743dde2309749e1e Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 14 Feb 2023 16:52:20 -0300 Subject: ci: move --prefix configure arg first In the `build_and_test` job, to match the common usage. Added on commit 300efec35 ("let github CI run tests", 2020-10-24). --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f075ec493..7591e885e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -62,7 +62,7 @@ jobs: - name: install dependencies run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec - name: configure - run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr + run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux - name: make run: make - name: make install -- cgit v1.2.3-70-g09d2 From 89d45e6cf246037cfe097d7bd3dddef1687d684b Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Tue, 14 Feb 2023 16:55:04 -0300 Subject: ci: deb: remove redundant --prefix arguments The "deb" target depends on the "dist" target, which creates an archive from DISTFILES. The arguments to ./configure are misleading, as they do not affect the archive that is used by `make deb`. That is the case because the configure output files (config.mk and config.sh) are not copied into the dist archive, only their input files (config.mk.in and config.sh.in). In order to affect the .deb package, the configure arguments have to be passed to mkdeb.sh, which then forwards them to ./configure itself. Note: This does not apply to the rpm-based jobs, as `make rpms` uses the files directly rather than using the dist archive. Relates to #5154. --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index af590e2e1..b0af96cf9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,7 +10,7 @@ build_ubuntu_package: script: - apt-get update -qq - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk - - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb + - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc @@ -19,7 +19,7 @@ build_debian_package: script: - apt-get update -qq - apt-get install -y -qq build-essential lintian pkg-config gawk - - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb + - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version build_redhat_package: -- cgit v1.2.3-70-g09d2 From f33e452b044af0b651784a43e6981078eb0c0540 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 5 Feb 2023 08:43:07 -0300 Subject: build: deb: enable apparmor by default & remove deb-apparmor The official .deb package is always built with apparmor support, so use `--enable-apparmor` in mkdeb.sh and remove the "deb-apparmor" target in order to reduce redundancy. Note that custom configure options may be specified by calling ./mkdeb.sh directly. For example, to build the .deb package without apparmor support, instead of running `make deb`, the following commands can be used: make dist ./mkdeb.sh --disable-apparmor Also, change the `build_apparmor` GitLab CI job into `build_no_apparmor`, which is intended to check that building without apparmor still works. Note: This commit makes the resulting .deb package not have an "-apparmor" suffix (see `EXTRA_VERSION` in mkdeb.sh), to avoid redundancy (as having apparmor support becomes the default). Misc: This is a follow-up to #5654. Relates to #5154 #5176 #5547. --- .gitlab-ci.yml | 12 ++++++------ Makefile | 4 ---- README | 2 +- contrib/update_deb.sh | 2 +- mkdeb.sh | 2 +- 5 files changed, 9 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b0af96cf9..6dcb40e67 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,7 +9,7 @@ build_ubuntu_package: image: ubuntu:rolling script: - apt-get update -qq - - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk + - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc @@ -18,7 +18,7 @@ build_debian_package: image: debian:stretch script: - apt-get update -qq - - apt-get install -y -qq build-essential lintian pkg-config gawk + - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - ./configure && make deb && dpkg -i firejail*.deb - command -V firejail && firejail --version @@ -49,14 +49,14 @@ build_src_package: - command -V firejail && firejail --version # - python3 contrib/sort.py etc/*.{profile,inc} -build_apparmor: +build_no_apparmor: image: ubuntu:latest script: - apt-get update -qq - - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk - - ./configure && make deb-apparmor && dpkg -i firejail*.deb + - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk + - ./configure && make dist && ./mkdeb.sh --disable-apparmor && dpkg -i firejail*.deb - command -V firejail && firejail --version - - firejail --version | grep -F 'AppArmor support is enabled' + - firejail --version | grep -F 'AppArmor support is disabled' debian_ci: image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest diff --git a/Makefile b/Makefile index 396313fe9..261de04e0 100644 --- a/Makefile +++ b/Makefile @@ -339,10 +339,6 @@ asc: config.mk deb: dist config.sh ./mkdeb.sh -.PHONY: deb-apparmor -deb-apparmor: dist config.sh - env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor - .PHONY: test-compile test-compile: dist config.mk cd test/compile; ./compile.sh $(TARNAME)-$(VERSION) diff --git a/README b/README index 762668a88..fcd0e2437 100644 --- a/README +++ b/README @@ -34,7 +34,7 @@ $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). We build our release firejail.tar.xz and firejail.deb packages using the following command: -$ make distclean && ./configure && make deb-apparmor +$ make distclean && ./configure && make deb Maintainer: diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh index 4ee652024..ad6e728f1 100755 --- a/contrib/update_deb.sh +++ b/contrib/update_deb.sh @@ -15,7 +15,7 @@ cd firejail sed -i "s/# restricted-network .*/restricted-network yes/" \ etc/firejail.config -make deb-apparmor +make deb sudo dpkg -i firejail*.deb echo "Firejail updated." cd .. diff --git a/mkdeb.sh b/mkdeb.sh index a0fc01234..6d7f8b209 100755 --- a/mkdeb.sh +++ b/mkdeb.sh @@ -25,7 +25,7 @@ echo "*****************************************" tar -xJvf "$CODE_ARCHIVE" #mkdir -p "$INSTALL_DIR" cd "$CODE_DIR" -./configure --prefix=/usr "$@" +./configure --prefix=/usr --enable-apparmor "$@" make -j2 mkdir debian DESTDIR=debian make install-strip -- cgit v1.2.3-70-g09d2