Add AppArmor profiles for addpkg and delpkg scripts

2019-03-10 21:25:56 -07:00 · 2019-03-10 21:25:56 -07:00 · d5a79a00ec
commit d5a79a00ec
parent 5dca985412
4 changed files with 42 additions and 2 deletions
--- a/8
+++ b/8
@ -1,6 +1,6 @@
 # Maintainer: Eric Torres <erictorres4@protonmail.com>
 pkgname=packaging-scripts
-pkgver=1.1
+pkgver=1.1.1
 pkgrel=1
 pkgdesc="A set of helper scripts for handling Arch Linux packages"
 arch=('any')
@ -10,6 +10,7 @@ depends=('pacman' 'python')
 makedepends=('git' 'python-setuptools')
 optdepends=('fzf: for the fqo script'
            'mlocate: for the fqo script')
+backup=(etc/apparmor.d/usr.bin.{addpkg,delpkg})
 source=("git+file:///home/etorres/Projects/packaging-scripts")
 sha256sums=('SKIP')
 sha512sums=('SKIP')
@ -27,6 +28,11 @@ package() {
    # install README
    install -Dm644 README.rst "${pkgdir}/usr/share/doc/${pkgname}/README.rst"

+    # install AppArmor profiles
+    for profile in misc/apparmor/*; do
+        install -Dm644 "${profile}" "${pkgdir}/etc/apparmor.d/${profile##*/}"
+    done
+
    # install zsh completions
    install -d "${pkgdir}/usr/share/zsh/site-functions"
    for completion in packaging_scripts/zsh-completions/*; do
--- a/misc/apparmor/usr.bin.addpkg
+++ b/misc/apparmor/usr.bin.addpkg
@ -0,0 +1,17 @@
+#include <tunables/global>
+
+/usr/bin/addpkg {
+  #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/python>
+
+  /usr/bin/repo-add Ux,
+
+  /etc/pacman.conf r,
+  /etc/pacman.d/ r,
+  /etc/pacman.d/** r,
+  /home/*/{Packages,Projects} r,
+  /home/*/{Packages,Projects}/** rw,
+  /var/cache/pacman/ r,
+  /var/cache/pacman/** rw,
+}
--- a/misc/apparmor/usr.bin.delpkg
+++ b/misc/apparmor/usr.bin.delpkg
@ -0,0 +1,17 @@
+#include <tunables/global>
+
+/usr/bin/delpkg {
+  #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/python>
+
+  /usr/bin/repo-remove Ux,
+
+  /etc/pacman.conf r,
+  /etc/pacman.d/ r,
+  /etc/pacman.d/** r,
+  /home/*/{Packages,Projects} r,
+  /home/*/{Packages,Projects}/** rw,
+  /var/cache/pacman/ r,
+  /var/cache/pacman/** rw,
+}
--- a/setup.py
+++ b/setup.py
@ -5,7 +5,7 @@ with open("README.rst", "r") as fh:

 setuptools.setup(
    name="packaging_scripts",
-    version="1.1",
+    version="1.1.1",
    author="Eric Russel Torres",
    author_email="erictorres4@protonmail.com",
    description="A set of helpers for automating borg interaction",