This patch adds a new make target, check_severity_db, to the
utils/Makefile. It greps the severity.db for the presence of each
capability, as computed by the newly abstracted out variable in
common/Make.rules, and issues a build time error if it finds any
missing.
It also silences the check targets, so that only the output from them
will be emitted.
---
utils/Makefile | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
Index: b/utils/Makefile
===================================================================
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -68,7 +68,22 @@ clean: _clean
rm -f Make.rules
$(MAKE) -C po clean
-check:
+# ${CAPABILITIES} is defined in common/Make.rules
+.PHONY: check_severity_db
+.SILENT: check_severity_db
+check_severity_db: /usr/include/sys/capability.h severity.db
+ # The sed statement is based on the one in the parser's makefile
+ RC=0 ; for cap in ${CAPABILITIES} ; do \
+ if ! grep -q -w $${cap} severity.db ; then \
+ echo "Warning! capability $${cap} not found in severity.db" ; \
+ RC=1 ; \
+ fi ;\
+ done ; \
+ test "$$RC" -eq 0
+
+.PHONY: check
+.SILENT: check
+check: check_severity_db
for i in ${MODULES} ${PERLTOOLS} ; do \
perl -c $$i || exit 1; \
done
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
