[tor-commits] [Git][tpo/applications/tor-browser-build][maint-14.0] Bug 41243: Add apparmor profile to deb package

Wed Oct 30 16:47:47 UTC 2024


boklm pushed to branch maint-14.0 at The Tor Project / Applications / tor-browser-build


Commits:
6d8e1d6f by Nicolas Vigier at 2024-10-30T17:46:21+01:00
Bug 41243: Add apparmor profile to deb package

- - - - -


4 changed files:

- projects/linux-packages/config
- + projects/linux-packages/debian/apparmor.in
- projects/linux-packages/debian/control.in
- projects/linux-packages/debian/rules.in


Changes:

=====================================
projects/linux-packages/config
=====================================
@@ -36,6 +36,7 @@ targets:
         - dpkg-dev
         - debhelper
         - dh-exec
+        - dh-apparmor
         # Packages needed to generate dependencies for the deb package
         - linux-libc-dev
         - libasound2-dev
@@ -148,6 +149,10 @@ input_files:
     enable: '[% c("var/build_deb_pkg") || c("var/build_rpm_pkg") %]'
 
   # Debian Package
+  - filename: debian/apparmor
+    content: "[% INCLUDE 'debian/apparmor.in' %]"
+    refresh_input: 1
+    enable: '[% c("var/build_deb_pkg") %]'
   - filename: debian/changelog
     content: "[% INCLUDE 'debian/changelog.in' %]"
     refresh_input: 1


=====================================
projects/linux-packages/debian/apparmor.in
=====================================
@@ -0,0 +1,14 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# AppArmor policy for [% c("var/system_pkg/pkg_name") %]
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile [% c("var/system_pkg/pkg_name") %] /[% c('var/system_pkg/install_path') %]/[% c("var/projectname") %].real flags=(unconfined) {
+  userns,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/[% c("var/system_pkg/pkg_name") %]>
+}


=====================================
projects/linux-packages/debian/control.in
=====================================
@@ -2,7 +2,7 @@ Source: [% c("var/system_pkg/pkg_name") %]
 Maintainer: [% c("var/Project_Name") %] Developers <torbrowser at torproject.org>
 Priority: optional
 Section: web
-Build-Depends: debhelper (>= 9)
+Build-Depends: debhelper (>= 9), dh-apparmor
 
 Package: [% c("var/system_pkg/pkg_name") %]
 Architecture: [% c("var_p/system_pkg/deb_archs").join(" ") %]


=====================================
projects/linux-packages/debian/rules.in
=====================================
@@ -12,3 +12,8 @@ override_dh_strip:
 
 override_dh_shlibdeps:
 	dh_shlibdeps -Xabicheck[% IF c("var/tor-browser") %] -l$(CURDIR)/debian/[% c("var/system_pkg/pkg_name") %]/[% c('var/system_pkg/install_path') %]/TorBrowser/Tor[% END %]
+
+override_dh_install:
+	mkdir -p debian/[% c("var/system_pkg/pkg_name") %]/etc/apparmor.d
+	cp debian/apparmor debian/[% c("var/system_pkg/pkg_name") %]/etc/apparmor.d/[% c("var/system_pkg/pkg_name") %]
+	dh_apparmor --profile-name=[% c("var/system_pkg/pkg_name") %] -p[% c("var/system_pkg/pkg_name") %]



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6d8e1d6f3f570ac10f5a118aadb0955b33d3d7c8

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/6d8e1d6f3f570ac10f5a118aadb0955b33d3d7c8
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20241030/072c5287/attachment-0001.htm>
