From 19af7450371f64b9ad6e1d84afdce184680785fd Mon Sep 17 00:00:00 2001 From: Christian Affolter Date: Mon, 16 Oct 2017 18:19:32 +0200 Subject: [PATCH 1/4] Makefile: Fix install-app-config The `install-app-config` target missed all userparameter configurations where the app names differs from the userparameter configuration file patterns (for example due to upper vs. lower case characters). We've missed to address this fact during the naming convention update (#19 and #15). This fixes the following errors: ``` install: cannot stat 'app/MD-RAID/userparameters/*MD-RAID.conf': No such file or directory install: cannot stat 'app/LVM/userparameters/*LVM.conf': No such file or directory install: cannot stat 'app/CARP/userparameters/*CARP.conf': No such file or directory install: cannot stat 'app/chrony/userparameters/*chrony.conf': No such file or directory install: cannot stat 'app/zabbix-agent/userparameters/*zabbix-agent.conf': No such file or directory ``` --- Makefile | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index d73dea3c..a1819a1b 100644 --- a/Makefile +++ b/Makefile @@ -110,14 +110,11 @@ install-app-selinux: ) install -p -m 644 rabe.lst $(SELINUXDIR)/targeted -# install a userparameters config file per app that matches the .conf config file naming policy -# allowed to fail for apps without such a config +# install a userparameters config file per app that matches the *.conf files .PHONY: install-app-config install-app-config: install -d $(AGENTDDIR) - $(foreach app,$(APPS), \ - install -p -m 644 app/$(app)/userparameters/*$(app).conf $(AGENTDDIR) || :; \ - ) + install -p -m 644 app/*/userparameters/*.conf $(AGENTDDIR) # install any scripts found in a */scripts/* subdir # they all get put into /var/libexec/zabbix/rabe and you need to take care not to From bffed3ec6418f5e10ef6a4bc81ebf122aada5e9d Mon Sep 17 00:00:00 2001 From: Christian Affolter Date: Mon, 16 Oct 2017 21:19:52 +0200 Subject: [PATCH 2/4] Makefile: Fix build-app-selinux and install-app-selinux The `build-app-selinux` and `install-app-selinux` targets missed all SELinux type enforcement and policy module files where the app names differs from the SELinux TE and pp file name (for example due to upper vs. lower case characters). We've missed to address this fact during the naming convention update (#19 and #15). Apart from that, the PREFIX needs to be reset as otherwise /usr/share/selinux/devel/include/Makefile fails to call the checkmodule command: make[1]: /bin/checkmodule: Command not found --- Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index a1819a1b..d12a9ece 100644 --- a/Makefile +++ b/Makefile @@ -75,11 +75,12 @@ update-all: update-app-doc update-impi-doc update: update-all ## Update buildable docs from xml and docs/ directories. build-app-selinux: - $(foreach app,$(APPS), \ - make -C app/$(app)/selinux NAME=rabezbx$(subst -,,$(app)) -f ${SELINUX_MAKEFILE} || :; \ - ) - $(foreach app,$(APPS), \ - [[ -d app/$(app)/selinux ]] && echo -n 'rabezbx$(subst -,,$(app)) ' >> rabe.lst; \ +# SELinux type enforcement files are named rabezbx.te and will result +# in a SELinux module name of rabezbx + $(foreach teFile,$(wildcard app/*/selinux/rabezbx*.te), \ + make -C $(dir $(teFile)) -f $(SELINUX_MAKEFILE) \ + PREFIX=/usr NAME=$(notdir $(basename $(teFile))) && \ + echo -n "$(notdir $(basename $(teFile))) " >> rabe.lst; \ ) .PHONY: build-app @@ -100,14 +101,11 @@ test-app: .PHONY: test test: all test-app -# install a policy per app that matches the rabezbx naming policy -# allowed to fail since not all apps have such a policy +# install a SELinux policy per app that matches the rabezbx*.pp files .PHONY: install-app-selinux install-app-selinux: install -d $(SELINUXDIR)/targeted - $(foreach app,$(APPS), \ - install -p -m 644 app/$(app)/selinux/rabezbx$(subst -,,$(app)).pp $(SELINUXDIR)/targeted || :; \ - ) + install -p -m 644 app/*/selinux/rabezbx*.pp $(SELINUXDIR)/targeted install -p -m 644 rabe.lst $(SELINUXDIR)/targeted # install a userparameters config file per app that matches the *.conf files From 66e97ffa3e2fee2ac61da44f7ed0faa61b5d8978 Mon Sep 17 00:00:00 2001 From: Christian Affolter Date: Mon, 16 Oct 2017 21:48:45 +0200 Subject: [PATCH 3/4] Makefile: Makeified install-scripts target loop --- Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index d12a9ece..df95c3e0 100644 --- a/Makefile +++ b/Makefile @@ -115,14 +115,14 @@ install-app-config: install -p -m 644 app/*/userparameters/*.conf $(AGENTDDIR) # install any scripts found in a */scripts/* subdir -# they all get put into /var/libexec/zabbix/rabe and you need to take care not to -# clash with existing scripts when adding new ones +# they all get put into /var/libexec/zabbix/rabe and you need to take care not +# to clash with existing scripts when adding new ones .PHONY: install-scripts install-scripts: install -d $(AGENTEXECDIR) - for script in `find -path '*/scripts/*' -type f`; do \ - install -p -m 755 $$script $(AGENTEXECDIR); \ - done + $(foreach script,$(wildcard */*/scripts/*), \ + install -p -m 755 $(script) $(AGENTEXECDIR); \ + ) # install sudoers config droplets per app that matches the sudoers.d file # naming policy prefix From 6c201ba19ec592548018e60eb7d1e87964e172f6 Mon Sep 17 00:00:00 2001 From: Christian Affolter Date: Thu, 26 Oct 2017 16:39:04 +0200 Subject: [PATCH 4/4] Makefile: Changed indenting to enhance readability --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index df95c3e0..d45efb8b 100644 --- a/Makefile +++ b/Makefile @@ -79,8 +79,8 @@ build-app-selinux: # in a SELinux module name of rabezbx $(foreach teFile,$(wildcard app/*/selinux/rabezbx*.te), \ make -C $(dir $(teFile)) -f $(SELINUX_MAKEFILE) \ - PREFIX=/usr NAME=$(notdir $(basename $(teFile))) && \ - echo -n "$(notdir $(basename $(teFile))) " >> rabe.lst; \ + PREFIX=/usr NAME=$(notdir $(basename $(teFile))) \ + && echo -n "$(notdir $(basename $(teFile))) " >> rabe.lst; \ ) .PHONY: build-app