/usr/bin/dh_apparmor is in dh-apparmor 2.10.95-0ubuntu2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | #!/usr/bin/perl -w
=head1 NAME
dh_apparmor - reload AppArmor profile and create local include
=cut
use strict;
use Debian::Debhelper::Dh_Lib;
=head1 SYNOPSIS
B<dh_apparmor> [B<--manifest=>I<manifestfile>] B<--profile-name=>I<profilename>
=head1 DESCRIPTION
dh_apparmor is a debhelper program that will create/remove the
/etc/apparmor.d/local/<profilename> include file in maintainer scripts. It
also reloads the specified AppArmor profile in postinst using:
=over 4
apparmor_parser -r -W -T /etc/apparmor.d/<profilename>
=back
By using '-W -T' we ensure that any abstraction updates are also pulled in.
=head1 OPTIONS
=over 4
=item B<--profile-name=><profilename>
Specify the profile name. Eg:
dh_apparmor --profile-name=bin.foo
dh_apparmor --profile-name=bin.foo -p foo
=back
=over 4
=item B<--manifest=><manifestfile>
Optionally specify a manifest file. When specified, a profile is generated by
calling B<aa-easyprof(8)> with the specified manifest file and putting the
resulting profile in debian/apparmor/<profilename>. Eg, if there is a valid
manifest in debian/manifest.json, then the following command will create
debian/apparmor/bin.bar for the 'bar' package (you will need to clean this up
via override_dh_clean or similar).
dh_apparmor --manifest=manifest.json --profile-name=bin.bar -p bar
Because not all build enviroments support the apparmor kernel interface,
B<aa-easyprof(8)> is called with the --no-verify option. Use of this option
requires that apparmor-easyprof is installed.
=back
=head1 NOTES
When using modern dh packaging techniques, dh_apparmor can be added to the
override_dh_install section of the rules file. Note that for packages that
have multiple binary packages, you will want to pass '-p<package name>' to
dh_apparmor, otherwise dh_apparmor will add AppArmor reload commands for all
packages rather than just the one that ships the profile.
In addition, you will have to install the profile itself in /etc/apparmor.d.
Eg, in the above manifest file example if you are using dh_install you would
add to debian/bar.install:
=over 4
debian/apparmor/bin.bar etc/apparmor.d
=back
=cut
init(options => {
"profile-name=s" => \$dh{PROFILE_NAME},
"manifest-file=s" => \$dh{AA_MANIFEST},
});
my $aa_dir = "debian/apparmor";
foreach my $package (@{$dh{DOPACKAGES}}) {
if (! $dh{PROFILE_NAME}) {
error("Must specify --profile-name for $package");
}
my $pname = $dh{PROFILE_NAME};
autoscript($package,"postinst","postinst-apparmor","s/#PROFILE#/$pname/");
autoscript($package,"postrm","postrm-apparmor","s/#PROFILE#/$pname/");
if ($dh{AA_MANIFEST}) {
unless (-e "debian/$dh{AA_MANIFEST}") {
error("Could not find debian/$dh{AA_MANIFEST}");
}
unless (-x "/usr/bin/aa-easyprof") {
error("Could not find aa-easyprof");
}
if (! -d "$aa_dir") {
mkdir("$aa_dir");
}
my $profile_fn = "$aa_dir/$dh{PROFILE_NAME}";
if (-e "$profile_fn") {
warning("Regenerating $profile_fn");
unlink("$profile_fn");
}
my $tmpdir = tmpdir($package);
my $tmp = "$tmpdir/$dh{PROFILE_NAME}.aa-easyprof.tmp";
complex_doit("aa-easyprof --no-verify --manifest=debian/$dh{AA_MANIFEST} > $tmp");
rename("$tmp", "$profile_fn");
}
}
=head1 SEE ALSO
L<debhelper(7)> L<aa-easyprof(8)>
This program is a part of debhelper.
=head1 AUTHOR
Jamie Strandboge <jamie@canonical.com>
=cut
|