[pull] main from roddhjav:main

.github/workflows/main.yml

@@ -9,9 +9,14 @@ jobs:
       - name: Check out repository code
         uses: actions/checkout@v4
 
+      - name: Install linter dependencies
+        run: |
+          pipx install rust-just
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
       - name: Run basic profile linter check
         run: |
-          make check
+          just check
 
   build:
     runs-on: ${{ matrix.os }}
@@ -23,8 +28,6 @@ jobs:
             mode: default
           - os: ubuntu-24.04
             mode: full-system-policy
-          - os: ubuntu-22.04
-            mode: default
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
@@ -35,17 +38,14 @@ jobs:
           sudo apt-get install -y \
             devscripts debhelper config-package-dev \
             auditd apparmor-profiles apparmor-utils
+          pipx install rust-just
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
           sudo rm /etc/apparmor.d/usr.lib.snapd.snap-confine.real
 
       - name: Build the apparmor.d package
         run: |
           if [[ ${{ matrix.mode }} == full-system-policy ]]; then
-            echo -e "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
-          fi
-          if [[ ${{ matrix.os }} == ubuntu-24.04 ]] && [[ ${{ matrix.mode }} == default ]]; then
-            # Test with Re-attach disconnected path
-            sed -e 's;// builder.Register("attach");builder.Register("attach");' -i pkg/prebuild/cli/cli.go
-            sed -e '/@{att}/d' -i apparmor.d/tunables/multiarch.d/system
+            sed -e "s/just complain/just fsp-complain/" -i debian/rules
           fi
           bash dists/build.sh dpkg
 
@@ -54,13 +54,10 @@ jobs:
 
       - name: Reload AppArmor
         run: |
-          sudo systemctl restart apparmor.service || true
-          sudo systemctl status apparmor.service
-
-      - name: Ensure compatibility with some AppArmor userspace tools
-        if: matrix.os != 'ubuntu-24.04'
-        run: |
-          sudo aa-enforce /etc/apparmor.d/aa-notify
+            if ! sudo systemctl restart apparmor.service; then
+              sudo journalctl -xeu apparmor.service
+              exit 1
+            fi
 
       - name: Show AppArmor log and rules
         run: |
@@ -81,6 +78,7 @@ jobs:
   tests:
     runs-on: ubuntu-24.04
     needs: build
+    if: github.ref_name == 'dev' || github.event_name == 'workflow_dispatch'
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
@@ -100,7 +98,8 @@ jobs:
           sudo apt-get install -y \
             apparmor-profiles apparmor-utils \
             bats bats-support
-          sudo install -Dm0644 .github/local/needrestart /etc/apparmor.d/local/needrestart
+          pipx install rust-just
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
 
       - name: Install apparmor.d
         run: |
@@ -132,11 +131,12 @@ jobs:
 
       - name: Install integration dependencies
         run: |
-          bash tests/requirements.sh
+          just init
+          find /usr/sbin/ -type f
 
       - name: Run the integration tests
         run: |
-          make integration
+          just integration
 
       - name: Show final AppArmor logs
         if: always()

.gitignore

@@ -1,10 +1,16 @@
 # Build
 .build
 .logs
+.pkg
+.snapd
+/snap
+snapd.backup
 tests/tldr
 tests/tldr.tar.gz
+tests/bats_dirty
 
 # mkdocs
+__pycache__
 .cache
 public
 site

.gitlab-ci.yml

@@ -25,6 +25,7 @@ bash:
     - shellcheck --shell=bash
         PKGBUILD dists/build.sh dists/docker.sh tests/check.sh
         tests/packer/init.sh tests/packer/src/aa-update tests/packer/clean.sh
+        tests/autopkgtest/autopkgtest.sh
 
 golangci-lint:
   stage: lint
@@ -38,9 +39,8 @@ packer:
     name: hashicorp/packer:latest
     entrypoint: [""]
   script:
-    - cd tests &&
-      packer fmt --check packer/ &&
-      packer validate --syntax-only packer/
+    - packer fmt tests/packer/
+    - packer validate --syntax-only tests/packer/
 
 sast:
   stage: lint
@@ -66,7 +66,7 @@ check:
   stage: test
   image: registry.gitlab.com/roddhjav/builders/archlinux
   script:
-    - make check
+    - just check
 
 # Package Build
 # -------------
@@ -84,13 +84,12 @@ archlinux:
 
 debian:
   stage: build
-  image: registry.gitlab.com/roddhjav/builders/debian:12
+  image: registry.gitlab.com/roddhjav/builders/debian:13
   script:
     - sudo chown -R build:build /builds/
     - git config --global --add safe.directory $CI_PROJECT_DIR
     - mkdir -p "$PKGDEST"
-    - sudo apt-get update -q && sudo apt-get install -y config-package-dev lsb-release
-    - sudo apt-get install -y -t bookworm-backports golang-go
+    - sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
     - bash dists/build.sh dpkg
   artifacts:
     expire_in: 1 day
@@ -105,7 +104,7 @@ ubuntu:
   script:
     - git config --global --add safe.directory $CI_PROJECT_DIR
     - mkdir -p "$PKGDEST"
-    - sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release
+    - sudo apt-get update -q && sudo apt-get install -y config-package-dev golang-go lsb-release libdistro-info-perl
     - bash dists/build.sh dpkg
   artifacts:
     expire_in: 1 day
@@ -117,7 +116,7 @@ whonix:
   variables:
     DISTRIBUTION: whonix
   before_script:
-    - echo "\noverride_dh_auto_build:\n\tmake full" >> debian/rules
+    - sed -e "s/just complain/just fsp-complain/" -i debian/rules
 
 opensuse:
   stage: build
@@ -147,7 +146,7 @@ preprocess-archlinux:
 
 preprocess-debian:
   stage: preprocess
-  image: debian
+  image: debian:13
   dependencies:
     - debian
   script:
@@ -167,7 +166,7 @@ preprocess-ubuntu:
     - dpkg --install $PKGDEST/*
     - apparmor_parser --preprocess /etc/apparmor.d 1> /dev/null
 
-preprocess-whonix:
+.preprocess-whonix:
   extends: preprocess-debian
   dependencies:
     - whonix