Merge pull request #5668 from kmk3/build-deb-apparmor-default

build: deb: enable apparmor by default & remove deb-apparmor

.github/workflows/build.yml

@@ -62,7 +62,7 @@ jobs:
     - name: install dependencies
       run: sudo apt-get install gcc-12 libapparmor-dev libselinux1-dev expect xzdec whois
     - name: configure
-      run: CC=gcc-12 ./configure --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux --prefix=/usr
+      run: CC=gcc-12 ./configure --prefix=/usr --enable-fatal-warnings --enable-analyzer --enable-apparmor --enable-selinux
     - name: make
       run: make
     - name: make install

.gitlab-ci.yml

@@ -9,8 +9,8 @@ build_ubuntu_package:
     image: ubuntu:rolling
     script:
         - apt-get update -qq
-        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config python3 gawk
-        - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb
+        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config python3 gawk
+        - ./configure && make deb && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
         - python3 contrib/sort.py etc/profile-*/*.profile etc/inc/*.inc
 
@@ -18,8 +18,8 @@ build_debian_package:
     image: debian:stretch
     script:
         - apt-get update -qq
-        - apt-get install -y -qq build-essential lintian pkg-config gawk
-        - ./configure --prefix=/usr && make deb && dpkg -i firejail*.deb
+        - apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
+        - ./configure && make deb && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
 
 build_redhat_package:
@@ -49,14 +49,14 @@ build_src_package:
         - command -V firejail && firejail --version
         # - python3 contrib/sort.py etc/*.{profile,inc}
 
-build_apparmor:
+build_no_apparmor:
     image: ubuntu:latest
     script:
         - apt-get update -qq
-        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian libapparmor-dev pkg-config gawk
-        - ./configure && make deb-apparmor && dpkg -i firejail*.deb
+        - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq build-essential lintian pkg-config gawk
+        - ./configure && make dist && ./mkdeb.sh --disable-apparmor && dpkg -i firejail*.deb
         - command -V firejail && firejail --version
-        - firejail --version | grep -F 'AppArmor support is enabled'
+        - firejail --version | grep -F 'AppArmor support is disabled'
 
 debian_ci:
     image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest

Makefile

@@ -340,10 +340,6 @@ asc: config.mk
 deb: dist config.sh
 	./mkdeb.sh
 
-.PHONY: deb-apparmor
-deb-apparmor: dist config.sh
-	env EXTRA_VERSION=-apparmor ./mkdeb.sh --enable-apparmor
-
 .PHONY: test-compile
 test-compile: dist config.mk
 	cd test/compile; ./compile.sh $(TARNAME)-$(VERSION)

README

@@ -34,7 +34,7 @@ $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk
 For --selinux option, add libselinux1-dev (libselinux-devel for Fedora).
 
 We build our release firejail.tar.xz and firejail.deb packages using the following command:
-$ make distclean && ./configure && make deb-apparmor
+$ make distclean && ./configure && make deb
 
 
 Maintainer:

contrib/update_deb.sh

@@ -15,7 +15,7 @@ cd firejail
 sed -i "s/# restricted-network .*/restricted-network yes/" \
     etc/firejail.config
 
-make deb-apparmor
+make deb
 sudo dpkg -i firejail*.deb
 echo "Firejail updated."
 cd ..

mkdeb.sh

@@ -25,7 +25,7 @@ echo "*****************************************"
 tar -xJvf "$CODE_ARCHIVE"
 #mkdir -p "$INSTALL_DIR"
 cd "$CODE_DIR"
-./configure --prefix=/usr "$@"
+./configure --prefix=/usr --enable-apparmor "$@"
 make -j2
 mkdir debian
 DESTDIR=debian make install-strip