[apparmor] fun when building without awk
John Johansen
john.johansen at canonical.com
Thu Jun 21 01:14:55 UTC 2012
On 06/17/2012 02:35 PM, Christian Boltz wrote:
> Hello,
>
> because of some breakage in update-alternatives in the openSUSE build
> system, a build of AppArmor started with gawk installed, but without the
> /bin/awk symlink.
>
> The result is quite funny[tm] - for example, the generated apparmor.vim
> contains things like:
>
> syn keyword sdCapKey /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> /bin/sh: awk: command not found
> [...]
> syn match sdCap
> /\v^\s*(audit\s+)?(deny\s+)?capability\s+(/bin/sh:|awk:|command|not|found
> /bin/sh:|awk:|command|not|found
> /bin/sh:|awk:|command|not|found
> /bin/sh:|awk:|command|not|found
> /bin/sh:|awk:|command|not|found
> /bin/sh:|awk:|command|not|found
> [...]
> syn match sdNetwork
> /\v^\s*(audit\s+)?(deny\s+)?network(\s+(/bin/sh:|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atms»vc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(stream|dgram|seqpacket|rdm|packet))?(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*»$|(\s*#.*$)\@=)/
> contains=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
> " network rules containing 'raw'
> syn match sdNetworkDanger
> /\v^\s*(audit\s+)?(deny\s+)?network(\s+(/bin/sh:|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econe»t|atmsvc|rds|sna|irda|pppox|wanpipe|llc|can|tipc|bluetooth|iucv|rxrpc|isdn|phonet|ieee802154|caif|alg|nfc))?(\s+(raw))(\s+tcp|\s+udp|\s+icmp)?\s*,(\s*$|(\s*#.*$)\@=)/
> contains»=sdComment nextgroup=@sdEntry,sdComment,sdError,sdInclude
>
> (notice the "/bin/sh:" in the sdNetwork and sdNetworkDanger line)
>
> Can someone please add a check in the build process that errors out if
> /bin/awk is not available?
>
> I'm attaching the build log for reference so that you can check the details.
>
Alright the following patch seems to work for me
---
=== modified file 'common/Make.rules'
--- common/Make.rules 2012-04-11 16:16:47 +0000
+++ common/Make.rules 2012-06-21 01:12:44 +0000
@@ -27,6 +27,11 @@
DISTRIBUTION=AppArmor
VERSION=$(shell cat common/Version)
+AWK:=$(shell which awk)
+ifndef AWK
+$(error awk utility required for build but not available)
+endif
+
# OVERRIDABLE variables
# Set these variables before including Make.rules to change its behavior
# SPECFILE - for packages that have a non-standard specfile name
More information about the AppArmor
mailing list