diff --git a/.gitignore b/.gitignore
index cd339b8739ed65d06d06902274b71b2f54ac948d..bac706f2bf774c5f289923343a18dd684677fe46 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,11 +4,17 @@ binutils/aa-enabled
binutils/aa-enabled.1
binutils/aa-exec
binutils/aa-exec.1
+binutils/aa-features-abi
+binutils/aa-features-abi.1
+binutils/aa-status
+binutils/aa-status.8
+binutils/cJSON.o
binutils/po/*.mo
parser/po/*.mo
parser/af_names.h
parser/cap_names.h
parser/generated_cap_names.h
+parser/generated_af_names.h
parser/tst_lib
parser/tst_misc
parser/tst_regex
@@ -24,6 +30,7 @@ parser/af_rule.o
parser/af_unix.o
parser/common_optarg.o
parser/dbus.o
+parser/default_features.o
parser/lib.o
parser/libapparmor_re/aare_rules.o
parser/libapparmor_re/chfa.o
@@ -153,6 +160,7 @@ libraries/libapparmor/swig/perl/libapparmor_wrap.c
libraries/libapparmor/swig/perl/libapparmor_wrap.o
libraries/libapparmor/swig/perl/pm_to_blib
libraries/libapparmor/swig/python/LibAppArmor.py
+libraries/libapparmor/swig/python/LibAppArmor.egg-info/
libraries/libapparmor/swig/python/build/
libraries/libapparmor/swig/python/libapparmor_wrap.c
libraries/libapparmor/swig/python/Makefile
@@ -169,7 +177,7 @@ libraries/libapparmor/swig/ruby/LibAppArmor_wrap.c
libraries/libapparmor/swig/ruby/LibAppArmor_wrap.o
libraries/libapparmor/swig/ruby/Makefile
libraries/libapparmor/swig/ruby/Makefile.in
-libraries/libapparmor/swig/ruby/Makefile.new
+libraries/libapparmor/swig/ruby/Makefile.bak
libraries/libapparmor/swig/ruby/Makefile.ruby
libraries/libapparmor/swig/ruby/mkmf.log
libraries/libapparmor/testsuite/.deps
@@ -197,8 +205,12 @@ utils/*.tmp
utils/po/*.mo
utils/apparmor/*.pyc
utils/apparmor/rule/*.pyc
+utils/apparmor.egg-info/
+utils/build/
+utils/htmlcov/
utils/test/common_test.pyc
utils/test/.coverage
+utils/test/coverage-report.txt
utils/test/htmlcov/
utils/vim/apparmor.vim
utils/vim/apparmor.vim.5
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 39203c9d5f78fe007699f2e8c8e077c4b75353f6..64d6a4cb0e46d66d3985e086e78b5944172e344f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,7 +1,7 @@
---
image: ubuntu:latest
before_script:
- - export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install --no-install-recommends -y build-essential apache2-dev autoconf automake bison dejagnu flex libpam-dev libtool perl liblocale-gettext-perl pkg-config python-all-dev python3-all-dev pyflakes3 ruby-dev swig lsb-release python3-notify2 python3-psutil zlib1g-dev
+ - export DEBIAN_FRONTEND=noninteractive && apt-get update -qq && apt-get install --no-install-recommends -y build-essential apache2-dev autoconf automake bison dejagnu flex libpam-dev libtool perl liblocale-gettext-perl pkg-config python-all-dev python3-all-dev pyflakes3 ruby-dev swig lsb-release python3-notify2 python3-psutil python3-setuptools zlib1g-dev
- lsb_release -a
- uname -a
@@ -27,7 +27,7 @@ build-all:
- changehat/pam_apparmor/
- profiles/
script:
- - cd libraries/libapparmor && ./autogen.sh && PYTHON=/usr/bin/python3 ./configure --with-perl --with-python --prefix=/usr && make PYTHON=/usr/bin/python3 && cd ../.. || { cat config.log ; exit 1 ; }
+ - cd libraries/libapparmor && ./autogen.sh && ./configure --with-perl --with-python --prefix=/usr && make && cd ../.. || { cat config.log ; exit 1 ; }
- make -C parser
- make -C binutils
- make -C utils
@@ -38,12 +38,13 @@ build-all:
test-all:
stage: test
script:
- - make -C libraries/libapparmor check PYTHON=/usr/bin/python3
+ - make -C libraries/libapparmor check
- make -C parser check
- make -C binutils check
- - make -C utils check PYFLAKES=/usr/bin/pyflakes3 PYTHON_VERSIONS=/usr/bin/python3
+ - make -C utils check
- make -C changehat/mod_apparmor check
- make -C profiles check-parser
+ - make -C profiles check-abstractions.d
# Disabled due to aa-logprof dependency on /sbin/apparmor_parser existing
# - make -C profiles check-profiles
diff --git a/Makefile b/Makefile
index 7937f098b0fd22e4275648f92aad11efecd88505..4453500ecdcafc18277244fe0237f3491e7c3e3c 100644
--- a/Makefile
+++ b/Makefile
@@ -19,7 +19,7 @@ DIRS=libraries/libapparmor \
# with conversion to git, we don't export from the remote
REPO_URL?=git@gitlab.com:apparmor/apparmor.git
-REPO_BRANCH?=apparmor-2.13
+REPO_BRANCH?=master
COVERITY_DIR=cov-int
RELEASE_DIR=apparmor-${VERSION}
@@ -54,12 +54,12 @@ snapshot: clean
.PHONY: coverity
coverity: snapshot
cd $(SNAPSHOT_NAME)/libraries/libapparmor && ./configure --with-python
- $(foreach dir, $(filter-out utils profiles tests, $(DIRS)), \
- cov-build --dir $(COVERITY_DIR) -- $(MAKE) -C $(SNAPSHOT_NAME)/$(dir); \
- mv $(COVERITY_DIR)/build-log.txt $(COVERITY_DIR)/build-log-$(subst /,.,$(dir)).txt ;)
$(foreach dir, libraries/libapparmor utils, \
cov-build --dir $(COVERITY_DIR) --no-command --fs-capture-search $(SNAPSHOT_NAME)/$(dir); \
mv $(COVERITY_DIR)/build-log.txt $(COVERITY_DIR)/build-log-python-$(subst /,.,$(dir)).txt ;)
+ cov-build --dir $(COVERITY_DIR) -- sh -c \
+ "$(foreach dir, $(filter-out utils profiles tests, $(DIRS)), \
+ $(MAKE) -C $(SNAPSHOT_NAME)/$(dir);) "
tar -cvzf $(SNAPSHOT_NAME)-$(COVERITY_DIR).tar.gz $(COVERITY_DIR)
.PHONY: export_dir
diff --git a/README.md b/README.md
index 4366d62fb4f49731c7e16ff3b6ad1460df93fb06..b7555f990f727f1a51ec48fe1fe15e72faa6775d 100644
--- a/README.md
+++ b/README.md
@@ -35,14 +35,13 @@ and questions to the
[AppArmor mailing list](https://lists.ubuntu.com/mailman/listinfo/apparmor).
Bug reports can be filed against the AppArmor project on
-[launchpad](https://bugs.launchpad.net/apparmor) or reported to the mailing
+[GitLab](https://gitlab.com/apparmor/apparmor/-/issues) or reported to the mailing
list directly for those who wish not to register for an account on
-launchpad. See the
+GitLab. See the
[wiki page](https://gitlab.com/apparmor/apparmor/wikis/home#reporting-bugs)
for more information.
-Security issues can be filed as security bugs on launchpad
-or directed to `security@apparmor.net`. Additional details can be found
+Security issues can be filed in GitLab by opening up a new [issue](https://gitlab.com/apparmor/apparmor/-/issues) and selecting the tick box ```This issue is confidential and should only be visible to team members with at least Reporter access.``` or directed to `security@apparmor.net`. Additional details can be found
in the [wiki](https://gitlab.com/apparmor/apparmor/wikis/home#reporting-security-vulnerabilities).
@@ -58,9 +57,9 @@ The AppArmor userspace tools do not collect information on the system user beyon
Users may submit information as part of an email, bug report or merge request, etc. and that will be recorded as part of the mailing list, bug/issue tracker, or code repository but only as part of a user initiated action.
-The AppArmor project does not collect information from contributors beyond their interactions with the AppArmor project, code, and community. However contributors are subject to the terms and conditions and privacy policy of the individual platforms (currently GitLab and LaunchPad) should they choose to contribute through those platforms. And those platforms may collect data on the user that the AppArmor project does not.
+The AppArmor project does not collect information from contributors beyond their interactions with the AppArmor project, code, and community. However contributors are subject to the terms and conditions and privacy policy of the individual platforms (currently GitLab) should they choose to contribute through those platforms. And those platforms may collect data on the user that the AppArmor project does not.
-Currently both GitLab an LaunchPad require a user account to submit patches or report bugs and issues. If a contributor does not wish to create an account for these platforms the mailing list is available. Membership in the list is not required. Content from non-list members will be sent to moderation, to ensure that it is on topic, so there may be a delay in choosing to interact in this way.
+Currently GitLab requires a user account to submit patches or report bugs and issues. If a contributor does not wish to create an account for these platforms the mailing list is available. Membership in the list is not required. Content from non-list members will be sent to moderation, to ensure that it is on topic, so there may be a delay in choosing to interact in this way.
-------------
@@ -112,7 +111,7 @@ $ export PYTHON_VERSION=3
$ export PYTHON_VERSIONS=python3
```
-libapparmor:
+### libapparmor:
```
$ cd ./libraries/libapparmor
@@ -127,7 +126,7 @@ $ make install
generate Ruby bindings to libapparmor.]
-Binary Utilities:
+### Binary Utilities:
```
$ cd binutils
@@ -136,7 +135,7 @@ $ make check
$ make install
```
-parser:
+### Parser:
```
$ cd parser
@@ -146,7 +145,7 @@ $ make install
```
-Utilities:
+### Utilities:
```
$ cd utils
@@ -155,7 +154,7 @@ $ make check PYFLAKES=/usr/bin/pyflakes3
$ make install
```
-Apache mod_apparmor:
+### Apache mod_apparmor:
```
$ cd changehat/mod_apparmor
@@ -164,7 +163,7 @@ $ make install
```
-PAM AppArmor:
+### PAM AppArmor:
```
$ cd changehat/pam_apparmor
@@ -173,7 +172,7 @@ $ make install
```
-Profiles:
+### Profiles:
```
$ cd profiles
@@ -202,6 +201,20 @@ tests/regression/apparmor/README.
To run:
+### Regression tests - using apparmor userspace installed on host
+```
+$ cd tests/regression/apparmor (requires root)
+$ make USE_SYSTEM=1
+$ sudo make tests USE_SYSTEM=1
+$ sudo bash open.sh -r # runs and saves the last testcase from open.sh
+```
+
+### Regression tests - using apparmor userspace from the tree.
+- [build libapparmor](#libapparmor)
+- [build binutils](#binary-utilities)
+- [build apparmor parser](#parser)
+- [build Pam apparmor](#pam-apparmor)
+
```
$ cd tests/regression/apparmor (requires root)
$ make
@@ -332,10 +345,15 @@ The AppArmor userspace utilities are written with some assumptions about
installed and available versions of other tools. This is a (possibly
incomplete) list of known version dependencies:
-The Python utilities require a minimum of Python 2.7 (deprecated) or Python 3.3.
-Python 3.x is recommended. Python 2.x support is deprecated since AppArmor 2.11.
+The Python utilities require a minimum of Python 3.3.
+
+The aa-notify tool's Python dependencies can be satisfied by installing the
+following packages (Debian package names, other distros may vary):
+* python3-notify2
+* python3-psutil
-Some utilities (aa-exec, aa-notify and aa-decode) require Perl 5.10.1 or newer.
+Perl is no longer needed since none of the utilities shipped to end users depend
+on it anymore.
Most shell scripts are written for POSIX-compatible sh. aa-decode expects
bash, probably version 3.2 and higher.
diff --git a/binutils/Makefile b/binutils/Makefile
index e9fcbbd86b52f56addb9bf041248faae9fe7bf01..3f1d001126689c986b9e530c89e57ec9e50ef67e 100644
--- a/binutils/Makefile
+++ b/binutils/Makefile
@@ -19,11 +19,11 @@ include $(COMMONDIR)/Make.rules
DESTDIR=/
BINDIR=${DESTDIR}/usr/bin
+SBINDIR=${DESTDIR}/usr/sbin
LOCALEDIR=/usr/share/locale
-MANPAGES=aa-enabled.1 aa-exec.1
+MANPAGES=aa-enabled.1 aa-exec.1 aa-features-abi.1 aa-status.8
WARNINGS = -Wall
-EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
CPP_WARNINGS =
ifndef CFLAGS
CFLAGS = -g -O2 -pipe
@@ -36,7 +36,7 @@ CFLAGS = -g -pg -fprofile-arcs -ftest-coverage
endif
endif #CFLAGS
-EXTRA_CFLAGS = ${CFLAGS} ${CPPFLAGS} ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
+EXTRA_CFLAGS = ${CFLAGS} ${CPPFLAGS} ${EXTRA_CXXFLAGS} ${CPP_WARNINGS} $(EXTRA_WARNINGS)
#INCLUDEDIR = /usr/src/linux/include
INCLUDEDIR =
@@ -50,7 +50,8 @@ EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
SRCS = aa_enabled.c
HDRS =
-TOOLS = aa-enabled aa-exec
+BINTOOLS = aa-enabled aa-exec aa-features-abi
+SBINTOOLS = aa-status
AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
@@ -97,7 +98,7 @@ po/%.pot: %.c
# targets arranged this way so that people who don't want full docs can
# pick specific targets they want.
-arch: $(TOOLS)
+arch: $(BINTOOLS) $(SBINTOOLS)
manpages: $(MANPAGES)
@@ -110,7 +111,7 @@ all: arch indep
.PHONY: coverage
coverage:
- $(MAKE) clean $(TOOLS) COVERAGE=1
+ $(MAKE) clean $(BINTOOLS) $(SBINTOOLS) COVERAGE=1
ifndef USE_SYSTEM
$(LIBAPPARMOR_A):
@@ -122,18 +123,27 @@ $(LIBAPPARMOR_A):
fi
endif
+aa-features-abi: aa_features_abi.c $(LIBAPPARMOR_A)
+ $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
+
aa-enabled: aa_enabled.c $(LIBAPPARMOR_A)
$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
aa-exec: aa_exec.c $(LIBAPPARMOR_A)
$(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
+aa-status: aa_status.c cJSON.o $(LIBAPPARMOR_A)
+ $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB) cJSON.o
+
+cJSON.o: cJSON.c cJSON.h
+ $(CC) $(EXTRA_CFLAGS) -c -o $@ $<
+
.SILENT: check
.PHONY: check
check: check_pod_files tests
.SILENT: tests
-tests: $(TOOLS) $(TESTS)
+tests: $(BINTOOLS) $(SBINTOOLS) $(TESTS)
echo "no tests atm"
.PHONY: install
@@ -142,12 +152,16 @@ install: install-indep install-arch
.PHONY: install-arch
install-arch: arch
install -m 755 -d ${BINDIR}
- install -m 755 ${TOOLS} ${BINDIR}
+ install -m 755 ${BINTOOLS} ${BINDIR}
+ install -m 755 -d ${SBINDIR}
+ ln -sf aa-status ${SBINDIR}/apparmor_status
+ install -m 755 ${SBINTOOLS} ${SBINDIR}
.PHONY: install-indep
install-indep: indep
$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
$(MAKE) install_manpages DESTDIR=${DESTDIR}
+ ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
ifndef VERBOSE
.SILENT: clean
@@ -156,6 +170,6 @@ endif
clean: pod_clean
rm -f core core.* *.o *.s *.a *~ *.gcda *.gcno
rm -f gmon.out
- rm -f $(TOOLS) $(TESTS)
+ rm -f $(BINTOOLS) $(SBINTOOLS) $(TESTS)
$(MAKE) -s -C po clean
diff --git a/binutils/aa-enabled.1 b/binutils/aa-enabled.1
index 7ff7af12cade6cbd7a9fb0b936d2cc79a4662516..c993335d5d50da9cee3ce90c825579eec83a8a98 100644
--- a/binutils/aa-enabled.1
+++ b/binutils/aa-enabled.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-ENABLED 1"
-.TH AA-ENABLED 1 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-ENABLED 1 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,6 +157,10 @@ Display a brief usage guide.
Do not output anything to stdout. This option is intended to be used by
scripts that simply want to use the exit code to determine if AppArmor is
enabled.
+.IP "\-x, \-\-exclusive" 4
+.IX Item "-x, --exclusive"
+Require AppArmor to have exclusive access to shared \s-1LSM\s0 interfaces to
+be considered enabled.
.SH "EXIT STATUS"
.IX Header "EXIT STATUS"
Upon exiting, \fBaa-enabled\fR will set its exit status to the following values:
@@ -171,13 +179,16 @@ if the AppArmor control files aren't available under /sys/kernel/security/.
.IP "\fB4\fR" 4
.IX Item "4"
if \fBaa-enabled\fR doesn't have enough privileges to read the apparmor control files.
+.IP "\fB10\fR" 4
+.IX Item "10"
+AppArmor is enabled but does not have access to shared \s-1LSM\s0 interfaces.
.IP "\fB64\fR" 4
.IX Item "64"
if any unexpected error or condition is encountered.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa_is_enabled\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_is_enabled\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-enabled.pod b/binutils/aa-enabled.pod
index 57e58420593358ef4f28b0a6ff2944141edc4a5d..23973a1bbd539057fb34031591bc3b318bf7ec6e 100644
--- a/binutils/aa-enabled.pod
+++ b/binutils/aa-enabled.pod
@@ -48,6 +48,11 @@ Do not output anything to stdout. This option is intended to be used by
scripts that simply want to use the exit code to determine if AppArmor is
enabled.
+=item -x, --exclusive
+
+Require AppArmor to have exclusive access to shared LSM interfaces to
+be considered enabled.
+
=back
=head1 EXIT STATUS
@@ -76,6 +81,10 @@ if the AppArmor control files aren't available under /sys/kernel/security/.
if B<aa-enabled> doesn't have enough privileges to read the apparmor control files.
+=item B<10>
+
+AppArmor is enabled but does not have access to shared LSM interfaces.
+
=item B<64>
if any unexpected error or condition is encountered.
@@ -85,7 +94,7 @@ if any unexpected error or condition is encountered.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/binutils/aa-exec.1 b/binutils/aa-exec.1
index d5f68af53e2e75a05ba8d27f4aeef4fa9145b745..45e8b93ead76437ad5b72d156c5f4d407aec104f 100644
--- a/binutils/aa-exec.1
+++ b/binutils/aa-exec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-EXEC 1"
-.TH AA-EXEC 1 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-EXEC 1 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,8 +185,8 @@ aa-exec.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIaa\-stack\fR\|(8), \fIaa\-namespace\fR\|(8), \fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa_change_profile\fR\|(3),
-\&\fIaa_change_onexec\fR\|(3) and <https://wiki.apparmor.net>.
+\&\fBaa\-stack\fR\|(8), \fBaa\-namespace\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_profile\fR\|(3),
+\&\fBaa_change_onexec\fR\|(3) and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-exec.pod b/binutils/aa-exec.pod
index 17a788c582a96cdf3161880841b3da191788d8ee..d432c785155251af66940246e887c0b4fffa4e4a 100644
--- a/binutils/aa-exec.pod
+++ b/binutils/aa-exec.pod
@@ -83,7 +83,7 @@ aa-exec.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>
=head1 SEE ALSO
diff --git a/parser/subdomain.conf.5 b/binutils/aa-features-abi.1
similarity index 61%
rename from parser/subdomain.conf.5
rename to binutils/aa-features-abi.1
index 9935ee39840752987430c9a6d39bb9b9e220ba08..669d49f5370e52177f043f1ca57e421f49210799 100644
--- a/parser/subdomain.conf.5
+++ b/binutils/aa-features-abi.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -128,58 +132,56 @@
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
-.IX Title "SUBDOMAIN.CONF 5"
-.TH SUBDOMAIN.CONF 5 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.IX Title "AA-FEATURES-ABI 1"
+.TH AA-FEATURES-ABI 1 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-/etc/apparmor/subdomain.conf \- configuration file for fine\-tuning the
-behavior of the AppArmor security tool.
+aa\-features\-abi \- Extract, validate and manipulate AppArmor feature abis
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBaa-features-abi\fR [\s-1OPTIONS\s0] <\s-1SOURCE\s0> [\s-1OUTPUT OPTIONS\s0]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The AppArmor security tool can be configured to have
-certain default behaviors based on configuration options set
-in subdomain.conf. There are two variables that can be set in
-subdomain.conf: \fB\s-1SUBDOMAIN_PATH\s0\fR, and \fB\s-1SUBDOMAIN_MODULE_PANIC\s0\fR.
-.SS "\s-1SUBDOMAIN_PATH\s0"
-.IX Subsection "SUBDOMAIN_PATH"
-This variable accepts a string (path), and is by default set to
-\&'/etc/apparmor.d/' This variable defines where the AppArmor security
-tool looks for its policy definitions (a.k.a. AppArmor profiles).
-.SS "\s-1SUBDOMAIN_MODULE_PANIC\s0"
-.IX Subsection "SUBDOMAIN_MODULE_PANIC"
-This variable accepts a string that is one of four values: \fIwarn\fR,
-\&\fIbuild\fR, \fIpanic\fR, or \fIbuild-panic\fR, and is set by default to \fIwarn\fR.
-.PP
-This setting controls the behavior of the AppArmor initscript if it
-cannot successfully load the AppArmor kernel module on startup. The four
-possible settings are:
-.IP "\fIwarn\fR" 4
-.IX Item "warn"
-Log a failure message (the default behavior).
-.IP "\fIbuild\fR" 4
-.IX Item "build"
-Attempt to build the AppArmor module against the currently running
-kernel. If the compilation is successful, the module will be loaded and
-AppArmor started; if the compilation fails, a failure message is logged.
-.IP "\fIpanic\fR" 4
-.IX Item "panic"
-Log a failure message and drop to runlevel 1 (single user).
-.IP "\fIbuild-panic\fR" 4
-.IX Item "build-panic"
-Attempt to build the module against the running kernel (like \fIbuild\fR)
-and if the compilation fails, drop to runlevel 1 (single user).
+\&\fBaa-features-abi\fR is used to extract a features abi and output to
+either stdout or a specified file. A \s-1SOURCE_OPTION\s0 must be specified.
+If an output option is not specified the features abi is written to
+stdout.
+.SH "OPTIONS"
+.IX Header "OPTIONS"
+\&\fBaa-features-abi\fR accepts the following arguments:
+.IP "\-h, \-\-help" 4
+.IX Item "-h, --help"
+Display a brief usage guide.
+.IP "\-d, \-\-debug" 4
+.IX Item "-d, --debug"
+show messages with debugging information
+.IP "\-v, \-\-verbose" 4
+.IX Item "-v, --verbose"
+show messages with stats
+.SH "SOURCE"
+.IX Header "SOURCE"
+.IP "\-x, \-\-extract" 4
+.IX Item "-x, --extract"
+Extract the features abi for the kernel
+.IP "\-f \s-1FILE,\s0 \-\-file=FILE" 4
+.IX Item "-f FILE, --file=FILE"
+Load the features abi from \s-1FILE\s0 and send it to \s-1OUTPUT OPTIONS.\s0
+.SH "OUTPUT OPTIONS"
+.IX Header "OUTPUT OPTIONS"
+.IP "\-\-stdout" 4
+.IX Item "--stdout"
+Write the features abi to \fIstdout\fR, this is the default if no output option
+is specified.
+.IP "\-w \s-1FILE,\s0 \-\-write \s-1FILE\s0" 4
+.IX Item "-w FILE, --write FILE"
+Write the features abi to \fI\s-1FILE\s0\fR.
.SH "BUGS"
.IX Header "BUGS"
-Setting the initscript to recompile the module will fail on \s-1SUSE,\s0 as the
-module source is no longer installed by default. However, the module has
-been included with the \s-1SUSE\s0 kernel, so no rebuilding should be necessary.
-.PP
-If you find any additional bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any bugs, please report them at
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor_parser\fR\|(8), and
-<https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_features\fR\|(3), and <https://wiki.apparmor.net>.
diff --git a/binutils/aa-features-abi.pod b/binutils/aa-features-abi.pod
new file mode 100644
index 0000000000000000000000000000000000000000..a4b892417c65200e7d701c663f63da9b86d87a02
--- /dev/null
+++ b/binutils/aa-features-abi.pod
@@ -0,0 +1,97 @@
+# This publication is intellectual property of Canonical Ltd. Its contents
+# can be duplicated, either in part or in whole, provided that a copyright
+# label is visibly located on each copy.
+#
+# All information found in this book has been compiled with utmost
+# attention to detail. However, this does not guarantee complete accuracy.
+# Neither Canonical Ltd, the authors, nor the translators shall be held
+# liable for possible errors or the consequences thereof.
+#
+# Many of the software and hardware descriptions cited in this book
+# are registered trademarks. All trade names are subject to copyright
+# restrictions and may be registered trade marks. Canonical Ltd
+# essentially adheres to the manufacturer's spelling.
+#
+# Names of products and trademarks appearing in this book (with or without
+# specific notation) are likewise subject to trademark and trade protection
+# laws and may thus fall under copyright restrictions.
+#
+
+
+=pod
+
+=head1 NAME
+
+aa-features-abi - Extract, validate and manipulate AppArmor feature abis
+
+=head1 SYNOPSIS
+
+B<aa-features-abi> [OPTIONS] <SOURCE> [OUTPUT OPTIONS]
+
+=head1 DESCRIPTION
+
+B<aa-features-abi> is used to extract a features abi and output to
+either stdout or a specified file. A SOURCE_OPTION must be specified.
+If an output option is not specified the features abi is written to
+stdout.
+
+=head1 OPTIONS
+
+B<aa-features-abi> accepts the following arguments:
+
+=over 4
+
+=item -h, --help
+
+Display a brief usage guide.
+
+=item -d, --debug
+
+show messages with debugging information
+
+=item -v, --verbose
+
+show messages with stats
+
+=back
+
+=head1 SOURCE
+
+=over 4
+
+=item -x, --extract
+
+Extract the features abi for the kernel
+
+=item -f FILE, --file=FILE
+
+Load the features abi from FILE and send it to OUTPUT OPTIONS.
+
+=back
+
+=head1 OUTPUT OPTIONS
+
+=over 4
+
+=item --stdout
+
+Write the features abi to I<stdout>, this is the default if no output option
+is specified.
+
+=item -w FILE, --write FILE
+
+Write the features abi to I<FILE>.
+
+=back
+
+
+=head1 BUGS
+
+If you find any bugs, please report them at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
+
+=head1 SEE ALSO
+
+apparmor(7), apparmor.d(5), aa_features(3), and L<https://wiki.apparmor.net>.
+
+=cut
diff --git a/utils/aa-status.8 b/binutils/aa-status.8
similarity index 85%
rename from utils/aa-status.8
rename to binutils/aa-status.8
index 8501568f6002aa4a8b8dc752b474ead6dd9b6976..e30bf27cd794c5c00fa7d0c06b598cc6bb5f4461 100644
--- a/utils/aa-status.8
+++ b/binutils/aa-status.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-STATUS 8"
-.TH AA-STATUS 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-STATUS 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,8 +179,18 @@ displays the number of loaded enforcing AppArmor policies.
.IP "\-\-complaining" 4
.IX Item "--complaining"
displays the number of loaded non-enforcing AppArmor policies.
+.IP "\-\-kill" 4
+.IX Item "--kill"
+displays the number of loaded enforcing AppArmor policies that will kill tasks on policy violations.
+.IP "\-\-special\-unconfined" 4
+.IX Item "--special-unconfined"
+displays the number of loaded non-enforcing AppArmor policies that are in the special unconfined mode.
+.IP "\-\-process\-mixed displays the number of processes confined by profile stacks with profiles in different modes." 4
+.IX Item "--process-mixed displays the number of processes confined by profile stacks with profiles in different modes."
+.PD 0
.IP "\-\-verbose" 4
.IX Item "--verbose"
+.PD
displays multiple data points about loaded AppArmor policy
set (the default action if no arguments are given).
.IP "\-\-json" 4
@@ -210,6 +224,9 @@ if the apparmor control files aren't available under /sys/kernel/security/.
.IX Item "4"
if the user running the script doesn't have enough privileges to read
the apparmor control files.
+.IP "\fB42\fR" 4
+.IX Item "42"
+if an internal error occurred.
.SH "BUGS"
.IX Header "BUGS"
\&\fBaa-status\fR must be run as root to read the state of the loaded
@@ -217,8 +234,8 @@ policy from the apparmor module. It uses the /proc filesystem to determine
which processes are confined and so is susceptible to race conditions.
.PP
If you find any additional bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), and
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), and
<https://wiki.apparmor.net>.
diff --git a/utils/aa-status.pod b/binutils/aa-status.pod
similarity index 88%
rename from utils/aa-status.pod
rename to binutils/aa-status.pod
index dd6d9495a246175cc6016da9a3acdd05c3464ed6..038b3a3e9bc2606b8a0160c3826d02ca60e0aef3 100644
--- a/utils/aa-status.pod
+++ b/binutils/aa-status.pod
@@ -70,6 +70,18 @@ displays the number of loaded enforcing AppArmor policies.
displays the number of loaded non-enforcing AppArmor policies.
+=item --kill
+
+displays the number of loaded enforcing AppArmor policies that will kill tasks on policy violations.
+
+=item --special-unconfined
+
+displays the number of loaded non-enforcing AppArmor policies that are in the special unconfined mode.
+
+=item --process-mixed
+displays the number of processes confined by profile stacks with
+profiles in different modes.
+
=item --verbose
displays multiple data points about loaded AppArmor policy
@@ -119,6 +131,10 @@ if the apparmor control files aren't available under /sys/kernel/security/.
if the user running the script doesn't have enough privileges to read
the apparmor control files.
+=item B<42>
+
+if an internal error occurred.
+
=back
=head1 BUGS
@@ -128,7 +144,7 @@ policy from the apparmor module. It uses the /proc filesystem to determine
which processes are confined and so is susceptible to race conditions.
If you find any additional bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/binutils/aa_enabled.c b/binutils/aa_enabled.c
index 3ca84b0c291ceb01b761bdd932ff4beaba40b5fd..85cfbab30fc8fff5543daf5dd3bbeac13e2d0531 100644
--- a/binutils/aa_enabled.c
+++ b/binutils/aa_enabled.c
@@ -20,6 +20,7 @@ void print_help(const char *command)
{
printf(_("%s: [options]\n"
" options:\n"
+ " -x | --exclusive Shared interfaces must be available\n"
" -q | --quiet Don't print out any messages\n"
" -h | --help Print help\n"),
command);
@@ -30,8 +31,6 @@ void print_help(const char *command)
/* Exit statuses and meanings are documented in the aa-enabled.pod file */
static void exit_with_error(int saved_errno, int quiet)
{
- int err;
-
switch(saved_errno) {
case ENOSYS:
if (!quiet)
@@ -50,8 +49,11 @@ static void exit_with_error(int saved_errno, int quiet)
if (!quiet)
printf(_("Maybe - insufficient permissions to determine availability.\n"));
exit(4);
+ case EBUSY:
+ if (!quiet)
+ printf(_("Partially - public shared interfaces are not available.\n"));
+ exit(10);
}
-
if (!quiet)
printf(_("Error - %s\n"), strerror(saved_errno));
exit(64);
@@ -59,22 +61,27 @@ static void exit_with_error(int saved_errno, int quiet)
int main(int argc, char **argv)
{
- int enabled;
+ int i, enabled;
int quiet = 0;
+ int require_shared = 0;
setlocale(LC_MESSAGES, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
- if (argc > 2) {
+ if (argc > 3) {
printf(_("unknown or incompatible options\n"));
print_help(argv[0]);
- } else if (argc == 2) {
- if (strcmp(argv[1], "--quiet") == 0 ||
- strcmp(argv[1], "-q") == 0) {
+ }
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "--quiet") == 0 ||
+ strcmp(argv[i], "-q") == 0) {
quiet = 1;
- } else if (strcmp(argv[1], "--help") == 0 ||
- strcmp(argv[1], "-h") == 0) {
+ } else if (strcmp(argv[i], "--exclusive") == 0 ||
+ strcmp(argv[i], "-x") == 0) {
+ require_shared = 1;
+ } else if (strcmp(argv[i], "--help") == 0 ||
+ strcmp(argv[i], "-h") == 0) {
print_help(argv[0]);
} else {
printf(_("unknown option '%s'\n"), argv[1]);
@@ -83,9 +90,10 @@ int main(int argc, char **argv)
}
enabled = aa_is_enabled();
- if (!enabled)
- exit_with_error(errno, quiet);
-
+ if (!enabled) {
+ if (require_shared || errno != EBUSY)
+ exit_with_error(errno, quiet);
+ }
if (!quiet)
printf(_("Yes\n"));
exit(0);
diff --git a/binutils/aa_exec.c b/binutils/aa_exec.c
index 7e73f45f30414117ecc46ec9b23b21f2cb96e74b..a076bfbfd534ae17ee269569ab9873eeaeb3734a 100644
--- a/binutils/aa_exec.c
+++ b/binutils/aa_exec.c
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/apparmor.h>
+#include <sys/types.h>
#include <unistd.h>
#define _(s) gettext(s)
@@ -33,6 +34,7 @@ static const char *opt_namespace = NULL;
static bool opt_debug = false;
static bool opt_immediate = false;
static bool opt_verbose = false;
+static pid_t pid = 0;
static void usage(const char *name, bool error)
{
@@ -60,7 +62,7 @@ static void usage(const char *name, bool error)
exit(status);
}
-#define error(fmt, args...) _error(_("aa-exec: ERROR: " fmt "\n"), ## args)
+#define error(fmt, args...) _error(_("[%ld] aa-exec: ERROR: " fmt "\n"), (long)pid, ## args)
static void _error(const char *fmt, ...)
{
va_list args;
@@ -71,7 +73,7 @@ static void _error(const char *fmt, ...)
exit(EXIT_FAILURE);
}
-#define debug(fmt, args...) _debug(_("aa-exec: DEBUG: " fmt "\n"), ## args)
+#define debug(fmt, args...) _debug(_("[%ld] aa-exec: DEBUG: " fmt "\n"), (long)pid, ## args)
static void _debug(const char *fmt, ...)
{
va_list args;
@@ -84,7 +86,7 @@ static void _debug(const char *fmt, ...)
va_end(args);
}
-#define verbose(fmt, args...) _verbose(_(fmt "\n"), ## args)
+#define verbose(fmt, args...) _verbose(_("[%ld] " fmt "\n"), (long)pid, ## args)
static void _verbose(const char *fmt, ...)
{
va_list args;
@@ -102,7 +104,7 @@ static void verbose_print_argv(char **argv)
if (!opt_verbose)
return;
- fprintf(stderr, _("exec"));
+ fprintf(stderr, _("[%ld] exec"), (long)pid);
for (; *argv; argv++)
fprintf(stderr, " %s", *argv);
fprintf(stderr, "\n");
@@ -129,9 +131,13 @@ static char **parse_args(int argc, char **argv)
usage(argv[0], false);
break;
case 'p':
+ if (opt_profile)
+ error("Multiple -p/--profile parameters given");
opt_profile = optarg;
break;
case 'n':
+ if (opt_namespace)
+ error("Multiple -n/--namespace parameters given");
opt_namespace = optarg;
break;
case 'i':
@@ -183,6 +189,11 @@ int main(int argc, char **argv)
char name[PATH_MAX];
int rc = 0;
+ /* IMPORTANT: pid must be initialized before doing anything else since
+ * it is used in a global context when printing messages
+ */
+ pid = getpid();
+
argv = parse_args(argc, argv);
if (opt_namespace || opt_profile)
@@ -201,8 +212,11 @@ int main(int argc, char **argv)
}
if (rc) {
- if (errno == ENOENT || errno == EACCES) {
- error("%s '%s' does not exist\n",
+ if (errno == ENOENT) {
+ error("%s '%s' does not exist",
+ opt_profile ? "profile" : "namespace", name);
+ } else if (errno == EACCES) {
+ error("insufficient permissions to change to the %s '%s'",
opt_profile ? "profile" : "namespace", name);
} else if (errno == EINVAL) {
error("AppArmor interface not available");
diff --git a/binutils/aa_features_abi.c b/binutils/aa_features_abi.c
new file mode 100644
index 0000000000000000000000000000000000000000..ed734aea9a8c5bfe3d87efd8d893d59ac89162be
--- /dev/null
+++ b/binutils/aa_features_abi.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright (c) 2020
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <libintl.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/apparmor.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#define _(s) gettext(s)
+
+#include "../libraries/libapparmor/src/private.h"
+
+static const char *progname = NULL;
+static const char *opt_file = NULL;
+static const char *opt_write = NULL;
+static bool opt_debug = false;
+static bool opt_verbose = false;
+static bool opt_extract = false;
+
+static void usage(const char *name, bool error)
+{
+ FILE *stream = stdout;
+ int status = EXIT_SUCCESS;
+
+ if (error) {
+ stream = stderr;
+ status = EXIT_FAILURE;
+ }
+
+ fprintf(stream,
+ _("USAGE: %s [OPTIONS] <SOURCE> [OUTPUT OPTIONS]\n"
+ "\n"
+ "Output AppArmor feature abi from SOURCE to OUTPUT"
+ "\n"
+ "OPTIONS:\n"
+#if 0
+ " -d, --debug show messages with debugging information\n"
+ " -v, --verbose show messages with stats\n"
+#endif
+ " -h, --help display this help\n"
+ "SOURCE:\n"
+ " -f F, --file=F load features abi from file F\n"
+ " -x, --extract extract features abi from the kernel\n"
+ "OUTPUT OPTIONS:\n"
+ " --stdout default, write features to stdout\n"
+ " -w F, --write=F write features abi to the file F instead of stdout\n"
+ "\n"), name);
+ exit(status);
+}
+
+#define error(fmt, args...) _error(_("%s: ERROR: " fmt " - %m\n"), progname, ## args)
+static void _error(const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ exit(EXIT_FAILURE);
+}
+
+#if 0
+#define debug(fmt, args...) _debug(_("%s: DEBUG: " fmt "\n"), progname, ## args)
+static void _debug(const char *fmt, ...)
+{
+ va_list args;
+
+ if (!opt_debug)
+ return;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+}
+
+#define verbose(fmt, args...) _verbose(_(fmt "\n"), ## args)
+static void _verbose(const char *fmt, ...)
+{
+ va_list args;
+
+ if (!opt_verbose)
+ return;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+}
+#endif
+
+#define ARG_STDOUT 128
+
+static char **parse_args(int argc, char **argv)
+{
+ int opt;
+ struct option long_opts[] = {
+ {"debug", no_argument, 0, 'd'},
+ {"verbose", no_argument, 0, 'v'},
+ {"help", no_argument, 0, 'h'},
+ {"extract", no_argument, 0, 'x'},
+ {"file", required_argument, 0, 'f'},
+ {"write", required_argument, 0, 'w'},
+ {"stdout", no_argument, 0, ARG_STDOUT},
+ };
+
+ while ((opt = getopt_long(argc, argv, "+dvhxf:l:w:", long_opts, NULL)) != -1) {
+ switch (opt) {
+ case 'd':
+ opt_debug = true;
+ break;
+ case 'v':
+ opt_verbose = true;
+ break;
+ case 'h':
+ usage(argv[0], false);
+ break;
+ case 'x':
+ opt_extract = true;
+ break;
+ case 'f':
+ opt_file = optarg;
+ break;
+ case 'w':
+ opt_write = optarg;
+ break;
+ case ARG_STDOUT:
+ opt_write = NULL;
+ break;
+ default:
+ usage(argv[0], true);
+ break;
+ }
+ }
+
+ return argv + optind;
+}
+
+
+/* TODO: add features intersection and testing */
+
+int main(int argc, char **argv)
+{
+ struct aa_features *features;
+ autoclose int in = -1;
+ autoclose int out = -1;
+ int rc = 0;
+
+ progname = argv[0];
+
+ argv = parse_args(argc, argv);
+
+ if (!opt_extract && !opt_file)
+ usage(argv[0], true);
+ if (opt_extract && opt_file) {
+ error("options --extract and --file are mutually exclusive");
+ }
+ if (opt_extract) {
+ rc = aa_features_new_from_kernel(&features);
+ if (rc == -1)
+ error("failed to extract features abi from the kernel");
+ }
+ if (opt_file) {
+ in = open(opt_file, O_RDONLY);
+ if (in == -1)
+ error("failed to open file '%s'", opt_file);
+ rc = aa_features_new_from_file(&features, in);
+ if (rc == -1)
+ error("failed to load features abi from file '%s'", opt_file);
+ }
+
+
+ if (opt_write) {
+ out = open(opt_write, O_WRONLY | O_CREAT, 00600);
+ if (out == -1)
+ error("failed to open output file '%s'", opt_write);
+ } else {
+ out = fileno(stdout);
+ if (out == -1)
+ error("failed to get stdout");
+ }
+ rc = aa_features_write_to_fd(features, out);
+ if (rc == -1)
+ error("failed to write features abi");
+
+ return 0;
+}
diff --git a/binutils/aa_status.c b/binutils/aa_status.c
new file mode 100644
index 0000000000000000000000000000000000000000..57610d53d34f41ea0d17798d5cbb7202c0d2d900
--- /dev/null
+++ b/binutils/aa_status.c
@@ -0,0 +1,671 @@
+/*
+ * Copyright (C) 2020 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ */
+
+#define _GNU_SOURCE /* for asprintf() */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <errno.h>
+#include <ctype.h>
+#include <dirent.h>
+
+#include <sys/apparmor.h>
+#include <sys/apparmor_private.h>
+
+#include "cJSON.h"
+
+#define autofree __attribute((cleanup(_aa_autofree)))
+#define autofclose __attribute((cleanup(_aa_autofclose)))
+
+#define AA_EXIT_ENABLED 0
+#define AA_EXIT_DISABLED 1
+#define AA_EXIT_NO_POLICY 2
+#define AA_EXIT_NO_CONTROL 3
+#define AA_EXIT_NO_PERM 4
+#define AA_EXIT_INTERNAL_ERROR 42
+
+/* NOTE: Increment this whenever the JSON format changes */
+static const unsigned char aa_status_json_version[] = "2";
+
+#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
+#define __unused __attribute__ ((__unused__))
+
+struct profile {
+ char *name;
+ char *status;
+};
+
+static void free_profiles(struct profile *profiles, size_t n) {
+ while (n > 0) {
+ n--;
+ free(profiles[n].name);
+ free(profiles[n].status);
+ }
+ free(profiles);
+}
+
+struct process {
+ char *pid;
+ char *profile;
+ char *exe;
+ char *mode;
+};
+
+static void free_processes(struct process *processes, size_t n) {
+ while (n > 0) {
+ n--;
+ free(processes[n].pid);
+ free(processes[n].profile);
+ free(processes[n].exe);
+ free(processes[n].mode);
+ }
+ free(processes);
+}
+
+static int verbose = 0;
+
+#define dprintf(...) \
+do { \
+ if (verbose) \
+ printf(__VA_ARGS__); \
+} while (0)
+
+#define dfprintf(...) \
+do { \
+ if (verbose) \
+ fprintf(__VA_ARGS__); \
+} while (0)
+
+
+static int get_profiles(struct profile **profiles, size_t *n) {
+ autofree char *apparmorfs = NULL;
+ autofree char *apparmor_profiles = NULL;
+ struct stat st;
+ autofclose FILE *fp = NULL;
+ autofree char *line = NULL;
+ size_t len = 0;
+ int ret;
+
+ *profiles = NULL;
+ *n = 0;
+
+ ret = stat("/sys/module/apparmor", &st);
+ if (ret != 0) {
+ dfprintf(stderr, "apparmor not present.\n");
+ ret = AA_EXIT_DISABLED;
+ goto exit;
+ }
+ dprintf("apparmor module is loaded.\n");
+
+ ret = aa_find_mountpoint(&apparmorfs);
+ if (ret == -1) {
+ dfprintf(stderr, "apparmor filesystem is not mounted.\n");
+ ret = AA_EXIT_NO_CONTROL;
+ goto exit;
+ }
+
+ apparmor_profiles = malloc(strlen(apparmorfs) + 10); // /profiles\0
+ if (apparmor_profiles == NULL) {
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto exit;
+ }
+ sprintf(apparmor_profiles, "%s/profiles", apparmorfs);
+
+ fp = fopen(apparmor_profiles, "r");
+ if (fp == NULL) {
+ if (errno == EACCES) {
+ dfprintf(stderr, "You do not have enough privilege to read the profile set.\n");
+ } else {
+ dfprintf(stderr, "Could not open %s: %s", apparmor_profiles, strerror(errno));
+ }
+ ret = AA_EXIT_NO_PERM;
+ goto exit;
+ }
+
+ while (getline(&line, &len, fp) != -1) {
+ struct profile *_profiles;
+ autofree char *status = NULL;
+ autofree char *name = NULL;
+ char *tmpname = aa_splitcon(line, &status);
+
+ if (!tmpname) {
+ dfprintf(stderr, "Error: failed profile name split of '%s'.\n", line);
+ ret = AA_EXIT_INTERNAL_ERROR;
+ // skip this entry and keep processing
+ continue;
+ }
+ name = strdup(tmpname);
+
+ if (status)
+ status = strdup(status);
+ // give up if out of memory
+ if (name == NULL || status == NULL) {
+ free_profiles(*profiles, *n);
+ *profiles = NULL;
+ *n = 0;
+ ret = AA_EXIT_INTERNAL_ERROR;
+ break;
+ }
+ _profiles = realloc(*profiles, (*n + 1) * sizeof(**profiles));
+ if (_profiles == NULL) {
+ free_profiles(*profiles, *n);
+ *profiles = NULL;
+ *n = 0;
+ ret = AA_EXIT_INTERNAL_ERROR;
+ break;
+ }
+ // steal name and status
+ _profiles[*n].name = name;
+ _profiles[*n].status = status;
+ name = NULL;
+ status = NULL;
+ *n = *n + 1;
+ *profiles = _profiles;
+ }
+
+exit:
+ return ret == 0 ? (*n > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
+}
+
+static int compare_profiles(const void *a, const void *b) {
+ return strcmp(((struct profile *)a)->name,
+ ((struct profile *)b)->name);
+}
+
+static int filter_profiles(struct profile *profiles,
+ size_t n,
+ const char *filter,
+ struct profile **filtered,
+ size_t *nfiltered)
+{
+ int ret = 0;
+ size_t i;
+
+ *filtered = NULL;
+ *nfiltered = 0;
+
+ for (i = 0; i < n; i++) {
+ if (filter == NULL || strcmp(profiles[i].status, filter) == 0) {
+ struct profile *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
+ if (_filtered == NULL) {
+ free_profiles(*filtered, *nfiltered);
+ *filtered = NULL;
+ *nfiltered = 0;
+ ret = AA_EXIT_INTERNAL_ERROR;
+ break;
+ }
+ _filtered[*nfiltered].name = strdup(profiles[i].name);
+ _filtered[*nfiltered].status = strdup(profiles[i].status);
+ *filtered = _filtered;
+ *nfiltered = *nfiltered + 1;
+ }
+ }
+ if (*nfiltered != 0) {
+ qsort(*filtered, *nfiltered, sizeof(*profiles), compare_profiles);
+ }
+ return ret;
+}
+
+static int get_processes(struct profile *profiles,
+ size_t n,
+ struct process **processes,
+ size_t *nprocesses)
+{
+ DIR *dir = NULL;
+ struct dirent *entry = NULL;
+ int ret = 0;
+
+ *processes = NULL;
+ *nprocesses = 0;
+
+ dir = opendir("/proc");
+ if (dir == NULL) {
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto exit;
+ }
+ while ((entry = readdir(dir)) != NULL) {
+ size_t i;
+ int rc;
+ int ispid = 1;
+ autofree char *profile = NULL;
+ autofree char *mode = NULL; /* be careful */
+ autofree char *exe = NULL;
+ autofree char *real_exe = NULL;
+ autofclose FILE *fp = NULL;
+ autofree char *line = NULL;
+
+ // ignore non-pid entries
+ for (i = 0; ispid && i < strlen(entry->d_name); i++) {
+ ispid = (isdigit(entry->d_name[i]) ? 1 : 0);
+ }
+ if (!ispid) {
+ continue;
+ }
+
+ rc = aa_getprocattr(atoi(entry->d_name), "current", &profile, &mode);
+ if (rc == -1 && errno != ENOMEM) {
+ /* fail to access */
+ continue;
+ } else if (rc == -1 ||
+ asprintf(&exe, "/proc/%s/exe", entry->d_name) == -1) {
+ fprintf(stderr, "ERROR: Failed to allocate memory\n");
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto exit;
+ } else if (mode) {
+ /* TODO: make this not needed. Mode can now be autofreed */
+ mode = strdup(mode);
+ }
+ // get executable - readpath can allocate for us but seems
+ // to fail in some cases with errno 2 - no such file or
+ // directory - whereas readlink() can succeed in these
+ // cases - and readpath() seems to have the same behaviour
+ // as in python with better canonicalized results so try it
+ // first and fallack to readlink if it fails
+ // coverity[toctou]
+ real_exe = realpath(exe, NULL);
+ if (real_exe == NULL) {
+ int res;
+ // ensure enough space for NUL terminator
+ real_exe = calloc(PATH_MAX + 1, sizeof(char));
+ if (real_exe == NULL) {
+ fprintf(stderr, "ERROR: Failed to allocate memory\n");
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto exit;
+ }
+ res = readlink(exe, real_exe, PATH_MAX);
+ if (res == -1) {
+ continue;
+ }
+ real_exe[res] = '\0';
+ }
+
+
+ if (mode == NULL) {
+ // is unconfined so keep only if this has a
+ // matching profile. TODO: fix to use attachment
+ for (i = 0; i < n; i++) {
+ if (strcmp(profiles[i].name, real_exe) == 0) {
+ profile = strdup(real_exe);
+ mode = strdup("unconfined");
+ break;
+ }
+ }
+ }
+ if (profile != NULL && mode != NULL) {
+ struct process *_processes = realloc(*processes,
+ (*nprocesses + 1) * sizeof(**processes));
+ if (_processes == NULL) {
+ free_processes(*processes, *nprocesses);
+ *processes = NULL;
+ *nprocesses = 0;
+ ret = AA_EXIT_INTERNAL_ERROR;
+ goto exit;
+ }
+ _processes[*nprocesses].pid = strdup(entry->d_name);
+ _processes[*nprocesses].profile = profile;
+ _processes[*nprocesses].exe = strdup(real_exe);
+ _processes[*nprocesses].mode = mode;
+ *processes = _processes;
+ *nprocesses = *nprocesses + 1;
+ profile = NULL;
+ mode = NULL;
+ ret = AA_EXIT_ENABLED;
+ }
+ }
+
+exit:
+ if (dir != NULL) {
+ closedir(dir);
+ }
+ return ret;
+}
+
+static int filter_processes(struct process *processes,
+ size_t n,
+ const char *filter,
+ struct process **filtered,
+ size_t *nfiltered)
+{
+ size_t i;
+ int ret = 0;
+
+ *filtered = NULL;
+ *nfiltered = 0;
+
+ for (i = 0; i < n; i++) {
+ if (filter == NULL || strcmp(processes[i].mode, filter) == 0) {
+ struct process *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
+ if (_filtered == NULL) {
+ free_processes(*filtered, *nfiltered);
+ *filtered = NULL;
+ *nfiltered = 0;
+ ret = AA_EXIT_INTERNAL_ERROR;
+ break;
+ }
+ _filtered[*nfiltered].pid = strdup(processes[i].pid);
+ _filtered[*nfiltered].profile = strdup(processes[i].profile);
+ _filtered[*nfiltered].exe = strdup(processes[i].exe);
+ _filtered[*nfiltered].mode = strdup(processes[i].mode);
+ *filtered = _filtered;
+ *nfiltered = *nfiltered + 1;
+ }
+ }
+ return ret;
+}
+
+/**
+ * Returns error code if AppArmor is not enabled
+ */
+static int simple_filtered_count(const char *filter) {
+ size_t n;
+ struct profile *profiles;
+ int ret;
+
+ ret = get_profiles(&profiles, &n);
+ if (ret == 0) {
+ size_t nfiltered;
+ struct profile *filtered = NULL;
+ ret = filter_profiles(profiles, n, filter, &filtered, &nfiltered);
+ printf("%zd\n", nfiltered);
+ free_profiles(filtered, nfiltered);
+ }
+ free_profiles(profiles, n);
+ return ret;
+}
+
+static int simple_filtered_process_count(const char *filter) {
+ size_t nprocesses, nprofiles;
+ struct profile *profiles = NULL;
+ struct process *processes = NULL;
+ int ret;
+
+ ret = get_profiles(&profiles, &nprofiles);
+ if (ret != 0)
+ return ret;
+ ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
+ if (ret == 0) {
+ size_t nfiltered;
+ struct process *filtered = NULL;
+ ret = filter_processes(processes, nprocesses, filter, &filtered, &nfiltered);
+ printf("%zd\n", nfiltered);
+ free_processes(filtered, nfiltered);
+ }
+ free_profiles(profiles, nprofiles);
+ free_processes(processes, nprocesses);
+ return ret;
+}
+
+static int cmd_enabled(__unused const char *command) {
+ int res = aa_is_enabled();
+ return res == 1 ? 0 : 1;
+}
+
+
+static int cmd_profiled(__unused const char *command) {
+ return simple_filtered_count(NULL);
+}
+
+static int cmd_enforced(__unused const char *command) {
+ return simple_filtered_count("enforce");
+}
+
+static int cmd_complaining(__unused const char *command) {
+ return simple_filtered_count("complain");
+}
+
+static int cmd_kill(__unused const char *command) {
+ return simple_filtered_count("kill");
+}
+
+static int cmd_unconfined(__unused const char *command) {
+ return simple_filtered_count("unconfined");
+}
+
+static int cmd_process_mixed(__unused const char *command) {
+ return simple_filtered_process_count("mixed");
+}
+
+
+static int compare_processes_by_profile(const void *a, const void *b) {
+ return strcmp(((struct process *)a)->profile,
+ ((struct process *)b)->profile);
+}
+
+static int compare_processes_by_executable(const void *a, const void *b) {
+ return strcmp(((struct process *)a)->exe,
+ ((struct process *)b)->exe);
+}
+
+static int detailed_output(FILE *json) {
+ size_t nprofiles = 0, nprocesses = 0;
+ struct profile *profiles = NULL;
+ struct process *processes = NULL;
+ const char *profile_statuses[] = {"enforce", "complain", "kill", "unconfined"};
+ const char *process_statuses[] = {"enforce", "complain", "unconfined", "mixed", "kill"};
+ int ret;
+ size_t i;
+
+ ret = get_profiles(&profiles, &nprofiles);
+ if (ret != 0) {
+ goto exit;
+ }
+ ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
+ if (ret != 0) {
+ dfprintf(stderr, "Failed to get processes: %d....\n", ret);
+ goto exit;
+ }
+
+ if (json) {
+ fprintf(json, "{\"version\": \"%s\", \"profiles\": {", aa_status_json_version);
+ } else {
+ dprintf("%zd profiles are loaded.\n", nprofiles);
+ }
+
+ for (i = 0; i < ARRAY_SIZE(profile_statuses); i++) {
+ size_t nfiltered = 0, j;
+ struct profile *filtered = NULL;
+ ret = filter_profiles(profiles, nprofiles, profile_statuses[i], &filtered, &nfiltered);
+ if (ret != 0) {
+ goto exit;
+ }
+ if (!json) {
+ dprintf("%zd profiles are in %s mode.\n", nfiltered, profile_statuses[i]);
+ }
+
+ for (j = 0; j < nfiltered; j++) {
+ if (json) {
+ fprintf(json, "%s\"%s\": \"%s\"",
+ i == 0 && j == 0 ? "" : ", ", filtered[j].name, profile_statuses[i]);
+ } else {
+ dprintf(" %s\n", filtered[j].name);
+ }
+ }
+
+ free_profiles(filtered, nfiltered);
+ }
+ if (json) {
+ fprintf(json, "}, \"processes\": {");
+ } else {
+ dprintf("%zd processes have profiles defined.\n", nprocesses);
+ }
+
+ for (i = 0; i < ARRAY_SIZE(process_statuses); i++) {
+ size_t nfiltered = 0, j;
+ struct process *filtered = NULL;
+ ret = filter_processes(processes, nprocesses, process_statuses[i], &filtered, &nfiltered);
+ if (ret != 0) {
+ goto exit;
+ }
+ if (!json) {
+ if (strcmp(process_statuses[i], "unconfined") == 0) {
+ dprintf("%zd processes are unconfined but have a profile defined.\n", nfiltered);
+ } else {
+ dprintf("%zd processes are in %s mode.\n", nfiltered, process_statuses[i]);
+ }
+ }
+
+ if (!json) {
+ qsort(filtered, nfiltered, sizeof(*filtered), compare_processes_by_profile);
+ for (j = 0; j < nfiltered; j++) {
+ dprintf(" %s (%s) %s\n", filtered[j].exe, filtered[j].pid,
+ // hide profile name if matches executable
+ (strcmp(filtered[j].profile, filtered[j].exe) == 0 ?
+ "" :
+ filtered[j].profile));
+ }
+ } else {
+ // json output requires processes to be grouped per executable
+ qsort(filtered, nfiltered, sizeof(*filtered), compare_processes_by_executable);
+ for (j = 0; j < nfiltered; j++) {
+ if (j > 0 && strcmp(filtered[j].exe, filtered[j - 1].exe) == 0) {
+ // same executable
+ fprintf(json, ", {\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
+ filtered[j].profile, filtered[j].pid, filtered[j].mode);
+ } else {
+ fprintf(json, "%s\"%s\": [{\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
+ // first element will be a unique executable
+ i == 0 && j == 0 ? "" : "], ",
+ filtered[j].exe, filtered[j].profile, filtered[j].pid, filtered[j].mode);
+ }
+
+ }
+ }
+ free_processes(filtered, nfiltered);
+ }
+ if (json) {
+ fprintf(json, "%s}}\n", nprocesses > 0 ? "]" : "");
+ }
+
+exit:
+ free_processes(processes, nprocesses);
+ free_profiles(profiles, nprofiles);
+ return ret == 0 ? (nprofiles > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
+}
+
+static int cmd_json(__unused const char *command) {
+ detailed_output(stdout);
+ return 0;
+}
+
+static int cmd_pretty_json(__unused const char *command) {
+ autofree char *buffer = NULL;
+ autofree char *pretty = NULL;
+ cJSON *json;
+ FILE *f; /* no autofclose - want explicit close to sync */
+ size_t size;
+ int ret;
+
+ f = open_memstream(&buffer, &size);
+ if (!f) {
+ dfprintf(stderr, "Failed to open memstream: %m\n");
+ return AA_EXIT_INTERNAL_ERROR;
+ }
+
+ ret = detailed_output(f);
+ fclose(f);
+ if (ret)
+ return ret;
+
+ json = cJSON_Parse(buffer);
+ if (!json) {
+ dfprintf(stderr, "Failed to parse json output");
+ return AA_EXIT_INTERNAL_ERROR;
+ }
+
+ pretty = cJSON_Print(json);
+ if (!pretty) {
+ dfprintf(stderr, "Failed to print pretty json");
+ return AA_EXIT_INTERNAL_ERROR;
+ }
+ fprintf(stdout, "%s\n", pretty);
+
+ return AA_EXIT_ENABLED;
+}
+
+static int cmd_verbose(__unused const char *command) {
+ verbose = 1;
+ return detailed_output(NULL);
+}
+
+static int print_usage(const char *command)
+{
+ printf("Usage: %s [OPTIONS]\n"
+ "Displays various information about the currently loaded AppArmor policy.\n"
+ "OPTIONS (one only):\n"
+ " --enabled returns error code if AppArmor not enabled\n"
+ " --profiled prints the number of loaded policies\n"
+ " --enforced prints the number of loaded enforcing policies\n"
+ " --complaining prints the number of loaded non-enforcing policies\n"
+ " --kill prints the number of loaded enforcing policies that kill tasks on policy violations\n"
+ " --special-unconfined prints the number of loaded non-enforcing policies in the special unconfined mode\n"
+ " --process-mixed prints the number processes with mixed profile modes\n"
+ " --json displays multiple data points in machine-readable JSON format\n"
+ " --pretty-json same data as --json, formatted for human consumption as well\n"
+ " --verbose (default) displays multiple data points about loaded policy set\n"
+ " --help this message\n",
+ command);
+ return 0;
+}
+
+struct command {
+ const char * const name;
+ int (*cmd)(const char *command);
+};
+
+static struct command commands[] = {
+ {"--enabled", cmd_enabled},
+ {"--profiled", cmd_profiled},
+ {"--enforced", cmd_enforced},
+ {"--complaining", cmd_complaining},
+ {"--kill", cmd_kill},
+ {"--special-unconfined", cmd_unconfined},
+ {"--process-mixed", cmd_process_mixed},
+ {"--json", cmd_json},
+ {"--pretty-json", cmd_pretty_json},
+ {"--verbose", cmd_verbose},
+ {"-v", cmd_verbose},
+ {"--help", print_usage},
+ {"-h", print_usage},
+};
+
+int main(int argc, char **argv)
+{
+ int ret = EXIT_SUCCESS;
+ int _ret;
+ int (*cmd)(const char*) = cmd_verbose;
+
+ if (argc > 2) {
+ dfprintf(stderr, "Error: Too many options.\n");
+ cmd = print_usage;
+ ret = EXIT_FAILURE;
+ } else if (argc == 2) {
+ int (*_cmd)(const char*) = NULL;
+ size_t i;
+ for (i = 0; i < ARRAY_SIZE(commands); i++) {
+ if (strcmp(argv[1], commands[i].name) == 0) {
+ _cmd = commands[i].cmd;
+ break;
+ }
+ }
+ if (_cmd == NULL) {
+ dfprintf(stderr, "Error: Invalid command.\n");
+ cmd = print_usage;
+ ret = EXIT_FAILURE;
+ } else {
+ cmd = _cmd;
+ }
+ }
+
+ _ret = cmd(argv[0]);
+ exit(ret == EXIT_FAILURE ? ret : _ret);
+}
diff --git a/binutils/cJSON.c b/binutils/cJSON.c
new file mode 100644
index 0000000000000000000000000000000000000000..a5d39878c29ad8b42f29851744c587f61ea01181
--- /dev/null
+++ b/binutils/cJSON.c
@@ -0,0 +1,3074 @@
+/*
+ Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+*/
+
+/* cJSON */
+/* JSON parser in C. */
+
+/* disable warnings about old C89 functions in MSVC */
+#if !defined(_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER)
+#define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+#ifdef __GNUC__
+#pragma GCC visibility push(default)
+#endif
+#if defined(_MSC_VER)
+#pragma warning (push)
+/* disable warning about single line comments in system headers */
+#pragma warning (disable : 4001)
+#endif
+
+#include <string.h>
+#include <stdio.h>
+#include <math.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <ctype.h>
+#include <float.h>
+
+#ifdef ENABLE_LOCALES
+#include <locale.h>
+#endif
+
+#if defined(_MSC_VER)
+#pragma warning (pop)
+#endif
+#ifdef __GNUC__
+#pragma GCC visibility pop
+#endif
+
+#include "cJSON.h"
+
+/* define our own boolean type */
+#ifdef true
+#undef true
+#endif
+#define true ((cJSON_bool)1)
+
+#ifdef false
+#undef false
+#endif
+#define false ((cJSON_bool)0)
+
+/* define isnan and isinf for ANSI C, if in C99 or above, isnan and isinf has been defined in math.h */
+#ifndef isinf
+#define isinf(d) (isnan((d - d)) && !isnan(d))
+#endif
+#ifndef isnan
+#define isnan(d) (d != d)
+#endif
+
+#ifndef NAN
+#define NAN 0.0/0.0
+#endif
+
+typedef struct {
+ const unsigned char *json;
+ size_t position;
+} error;
+static error global_error = { NULL, 0 };
+
+CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
+{
+ return (const char*) (global_error.json + global_error.position);
+}
+
+CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item)
+{
+ if (!cJSON_IsString(item))
+ {
+ return NULL;
+ }
+
+ return item->valuestring;
+}
+
+CJSON_PUBLIC(double) cJSON_GetNumberValue(cJSON *item)
+{
+ if (!cJSON_IsNumber(item))
+ {
+ return NAN;
+ }
+
+ return item->valuedouble;
+}
+
+/* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 13)
+ #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
+#endif
+
+CJSON_PUBLIC(const char*) cJSON_Version(void)
+{
+ static char version[15];
+ sprintf(version, "%i.%i.%i", CJSON_VERSION_MAJOR, CJSON_VERSION_MINOR, CJSON_VERSION_PATCH);
+
+ return version;
+}
+
+/* Case insensitive string comparison, doesn't consider two NULL pointers equal though */
+static int case_insensitive_strcmp(const unsigned char *string1, const unsigned char *string2)
+{
+ if ((string1 == NULL) || (string2 == NULL))
+ {
+ return 1;
+ }
+
+ if (string1 == string2)
+ {
+ return 0;
+ }
+
+ for(; tolower(*string1) == tolower(*string2); (void)string1++, string2++)
+ {
+ if (*string1 == '\0')
+ {
+ return 0;
+ }
+ }
+
+ return tolower(*string1) - tolower(*string2);
+}
+
+typedef struct internal_hooks
+{
+ void *(CJSON_CDECL *allocate)(size_t size);
+ void (CJSON_CDECL *deallocate)(void *pointer);
+ void *(CJSON_CDECL *reallocate)(void *pointer, size_t size);
+} internal_hooks;
+
+#if defined(_MSC_VER)
+/* work around MSVC error C2322: '...' address of dllimport '...' is not static */
+static void * CJSON_CDECL internal_malloc(size_t size)
+{
+ return malloc(size);
+}
+static void CJSON_CDECL internal_free(void *pointer)
+{
+ free(pointer);
+}
+static void * CJSON_CDECL internal_realloc(void *pointer, size_t size)
+{
+ return realloc(pointer, size);
+}
+#else
+#define internal_malloc malloc
+#define internal_free free
+#define internal_realloc realloc
+#endif
+
+/* strlen of character literals resolved at compile time */
+#define static_strlen(string_literal) (sizeof(string_literal) - sizeof(""))
+
+static internal_hooks global_hooks = { internal_malloc, internal_free, internal_realloc };
+
+static unsigned char* cJSON_strdup(const unsigned char* string, const internal_hooks * const hooks)
+{
+ size_t length = 0;
+ unsigned char *copy = NULL;
+
+ if (string == NULL)
+ {
+ return NULL;
+ }
+
+ length = strlen((const char*)string) + sizeof("");
+ copy = (unsigned char*)hooks->allocate(length);
+ if (copy == NULL)
+ {
+ return NULL;
+ }
+ memcpy(copy, string, length);
+
+ return copy;
+}
+
+CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks)
+{
+ if (hooks == NULL)
+ {
+ /* Reset hooks */
+ global_hooks.allocate = malloc;
+ global_hooks.deallocate = free;
+ global_hooks.reallocate = realloc;
+ return;
+ }
+
+ global_hooks.allocate = malloc;
+ if (hooks->malloc_fn != NULL)
+ {
+ global_hooks.allocate = hooks->malloc_fn;
+ }
+
+ global_hooks.deallocate = free;
+ if (hooks->free_fn != NULL)
+ {
+ global_hooks.deallocate = hooks->free_fn;
+ }
+
+ /* use realloc only if both free and malloc are used */
+ global_hooks.reallocate = NULL;
+ if ((global_hooks.allocate == malloc) && (global_hooks.deallocate == free))
+ {
+ global_hooks.reallocate = realloc;
+ }
+}
+
+/* Internal constructor. */
+static cJSON *cJSON_New_Item(const internal_hooks * const hooks)
+{
+ cJSON* node = (cJSON*)hooks->allocate(sizeof(cJSON));
+ if (node)
+ {
+ memset(node, '\0', sizeof(cJSON));
+ }
+
+ return node;
+}
+
+/* Delete a cJSON structure. */
+CJSON_PUBLIC(void) cJSON_Delete(cJSON *item)
+{
+ cJSON *next = NULL;
+ while (item != NULL)
+ {
+ next = item->next;
+ if (!(item->type & cJSON_IsReference) && (item->child != NULL))
+ {
+ cJSON_Delete(item->child);
+ }
+ if (!(item->type & cJSON_IsReference) && (item->valuestring != NULL))
+ {
+ global_hooks.deallocate(item->valuestring);
+ }
+ if (!(item->type & cJSON_StringIsConst) && (item->string != NULL))
+ {
+ global_hooks.deallocate(item->string);
+ }
+ global_hooks.deallocate(item);
+ item = next;
+ }
+}
+
+/* get the decimal point character of the current locale */
+static unsigned char get_decimal_point(void)
+{
+#ifdef ENABLE_LOCALES
+ struct lconv *lconv = localeconv();
+ return (unsigned char) lconv->decimal_point[0];
+#else
+ return '.';
+#endif
+}
+
+typedef struct
+{
+ const unsigned char *content;
+ size_t length;
+ size_t offset;
+ size_t depth; /* How deeply nested (in arrays/objects) is the input at the current offset. */
+ internal_hooks hooks;
+} parse_buffer;
+
+/* check if the given size is left to read in a given parse buffer (starting with 1) */
+#define can_read(buffer, size) ((buffer != NULL) && (((buffer)->offset + size) <= (buffer)->length))
+/* check if the buffer can be accessed at the given index (starting with 0) */
+#define can_access_at_index(buffer, index) ((buffer != NULL) && (((buffer)->offset + index) < (buffer)->length))
+#define cannot_access_at_index(buffer, index) (!can_access_at_index(buffer, index))
+/* get a pointer to the buffer at the position */
+#define buffer_at_offset(buffer) ((buffer)->content + (buffer)->offset)
+
+/* Parse the input text to generate a number, and populate the result into item. */
+static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_buffer)
+{
+ double number = 0;
+ unsigned char *after_end = NULL;
+ unsigned char number_c_string[64];
+ unsigned char decimal_point = get_decimal_point();
+ size_t i = 0;
+
+ if ((input_buffer == NULL) || (input_buffer->content == NULL))
+ {
+ return false;
+ }
+
+ /* copy the number into a temporary buffer and replace '.' with the decimal point
+ * of the current locale (for strtod)
+ * This also takes care of '\0' not necessarily being available for marking the end of the input */
+ for (i = 0; (i < (sizeof(number_c_string) - 1)) && can_access_at_index(input_buffer, i); i++)
+ {
+ switch (buffer_at_offset(input_buffer)[i])
+ {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9':
+ case '+':
+ case '-':
+ case 'e':
+ case 'E':
+ number_c_string[i] = buffer_at_offset(input_buffer)[i];
+ break;
+
+ case '.':
+ number_c_string[i] = decimal_point;
+ break;
+
+ default:
+ goto loop_end;
+ }
+ }
+loop_end:
+ number_c_string[i] = '\0';
+
+ number = strtod((const char*)number_c_string, (char**)&after_end);
+ if (number_c_string == after_end)
+ {
+ return false; /* parse_error */
+ }
+
+ item->valuedouble = number;
+
+ /* use saturation in case of overflow */
+ if (number >= INT_MAX)
+ {
+ item->valueint = INT_MAX;
+ }
+ else if (number <= (double)INT_MIN)
+ {
+ item->valueint = INT_MIN;
+ }
+ else
+ {
+ item->valueint = (int)number;
+ }
+
+ item->type = cJSON_Number;
+
+ input_buffer->offset += (size_t)(after_end - number_c_string);
+ return true;
+}
+
+/* don't ask me, but the original cJSON_SetNumberValue returns an integer or double */
+CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number)
+{
+ if (number >= INT_MAX)
+ {
+ object->valueint = INT_MAX;
+ }
+ else if (number <= (double)INT_MIN)
+ {
+ object->valueint = INT_MIN;
+ }
+ else
+ {
+ object->valueint = (int)number;
+ }
+
+ return object->valuedouble = number;
+}
+
+CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
+{
+ char *copy = NULL;
+ /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
+ if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
+ {
+ return NULL;
+ }
+ if (strlen(valuestring) <= strlen(object->valuestring))
+ {
+ strcpy(object->valuestring, valuestring);
+ return object->valuestring;
+ }
+ copy = (char*) cJSON_strdup((const unsigned char*)valuestring, &global_hooks);
+ if (copy == NULL)
+ {
+ return NULL;
+ }
+ if (object->valuestring != NULL)
+ {
+ cJSON_free(object->valuestring);
+ }
+ object->valuestring = copy;
+
+ return copy;
+}
+
+typedef struct
+{
+ unsigned char *buffer;
+ size_t length;
+ size_t offset;
+ size_t depth; /* current nesting depth (for formatted printing) */
+ cJSON_bool noalloc;
+ cJSON_bool format; /* is this print a formatted print */
+ internal_hooks hooks;
+} printbuffer;
+
+/* realloc printbuffer if necessary to have at least "needed" bytes more */
+static unsigned char* ensure(printbuffer * const p, size_t needed)
+{
+ unsigned char *newbuffer = NULL;
+ size_t newsize = 0;
+
+ if ((p == NULL) || (p->buffer == NULL))
+ {
+ return NULL;
+ }
+
+ if ((p->length > 0) && (p->offset >= p->length))
+ {
+ /* make sure that offset is valid */
+ return NULL;
+ }
+
+ if (needed > INT_MAX)
+ {
+ /* sizes bigger than INT_MAX are currently not supported */
+ return NULL;
+ }
+
+ needed += p->offset + 1;
+ if (needed <= p->length)
+ {
+ return p->buffer + p->offset;
+ }
+
+ if (p->noalloc) {
+ return NULL;
+ }
+
+ /* calculate new buffer size */
+ if (needed > (INT_MAX / 2))
+ {
+ /* overflow of int, use INT_MAX if possible */
+ if (needed <= INT_MAX)
+ {
+ newsize = INT_MAX;
+ }
+ else
+ {
+ return NULL;
+ }
+ }
+ else
+ {
+ newsize = needed * 2;
+ }
+
+ if (p->hooks.reallocate != NULL)
+ {
+ /* reallocate with realloc if available */
+ newbuffer = (unsigned char*)p->hooks.reallocate(p->buffer, newsize);
+ if (newbuffer == NULL)
+ {
+ p->hooks.deallocate(p->buffer);
+ p->length = 0;
+ p->buffer = NULL;
+
+ return NULL;
+ }
+ }
+ else
+ {
+ /* otherwise reallocate manually */
+ newbuffer = (unsigned char*)p->hooks.allocate(newsize);
+ if (!newbuffer)
+ {
+ p->hooks.deallocate(p->buffer);
+ p->length = 0;
+ p->buffer = NULL;
+
+ return NULL;
+ }
+ if (newbuffer)
+ {
+ memcpy(newbuffer, p->buffer, p->offset + 1);
+ }
+ p->hooks.deallocate(p->buffer);
+ }
+ p->length = newsize;
+ p->buffer = newbuffer;
+
+ return newbuffer + p->offset;
+}
+
+/* calculate the new length of the string in a printbuffer and update the offset */
+static void update_offset(printbuffer * const buffer)
+{
+ const unsigned char *buffer_pointer = NULL;
+ if ((buffer == NULL) || (buffer->buffer == NULL))
+ {
+ return;
+ }
+ buffer_pointer = buffer->buffer + buffer->offset;
+
+ buffer->offset += strlen((const char*)buffer_pointer);
+}
+
+/* securely comparison of floating-point variables */
+static cJSON_bool compare_double(double a, double b)
+{
+ double maxVal = fabs(a) > fabs(b) ? fabs(a) : fabs(b);
+ return (fabs(a - b) <= maxVal * DBL_EPSILON);
+}
+
+/* Render the number nicely from the given item into a string. */
+static cJSON_bool print_number(const cJSON * const item, printbuffer * const output_buffer)
+{
+ unsigned char *output_pointer = NULL;
+ double d = item->valuedouble;
+ int length = 0;
+ size_t i = 0;
+ unsigned char number_buffer[26] = {0}; /* temporary buffer to print the number into */
+ unsigned char decimal_point = get_decimal_point();
+ double test = 0.0;
+
+ if (output_buffer == NULL)
+ {
+ return false;
+ }
+
+ /* This checks for NaN and Infinity */
+ if (isnan(d) || isinf(d))
+ {
+ length = sprintf((char*)number_buffer, "null");
+ }
+ else
+ {
+ /* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */
+ length = sprintf((char*)number_buffer, "%1.15g", d);
+
+ /* Check whether the original double can be recovered */
+ if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || !compare_double((double)test, d))
+ {
+ /* If not, print with 17 decimal places of precision */
+ length = sprintf((char*)number_buffer, "%1.17g", d);
+ }
+ }
+
+ /* sprintf failed or buffer overrun occurred */
+ if ((length < 0) || (length > (int)(sizeof(number_buffer) - 1)))
+ {
+ return false;
+ }
+
+ /* reserve appropriate space in the output */
+ output_pointer = ensure(output_buffer, (size_t)length + sizeof(""));
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+
+ /* copy the printed number to the output and replace locale
+ * dependent decimal point with '.' */
+ for (i = 0; i < ((size_t)length); i++)
+ {
+ if (number_buffer[i] == decimal_point)
+ {
+ output_pointer[i] = '.';
+ continue;
+ }
+
+ output_pointer[i] = number_buffer[i];
+ }
+ output_pointer[i] = '\0';
+
+ output_buffer->offset += (size_t)length;
+
+ return true;
+}
+
+/* parse 4 digit hexadecimal number */
+static unsigned parse_hex4(const unsigned char * const input)
+{
+ unsigned int h = 0;
+ size_t i = 0;
+
+ for (i = 0; i < 4; i++)
+ {
+ /* parse digit */
+ if ((input[i] >= '0') && (input[i] <= '9'))
+ {
+ h += (unsigned int) input[i] - '0';
+ }
+ else if ((input[i] >= 'A') && (input[i] <= 'F'))
+ {
+ h += (unsigned int) 10 + input[i] - 'A';
+ }
+ else if ((input[i] >= 'a') && (input[i] <= 'f'))
+ {
+ h += (unsigned int) 10 + input[i] - 'a';
+ }
+ else /* invalid */
+ {
+ return 0;
+ }
+
+ if (i < 3)
+ {
+ /* shift left to make place for the next nibble */
+ h = h << 4;
+ }
+ }
+
+ return h;
+}
+
+/* converts a UTF-16 literal to UTF-8
+ * A literal can be one or two sequences of the form \uXXXX */
+static unsigned char utf16_literal_to_utf8(const unsigned char * const input_pointer, const unsigned char * const input_end, unsigned char **output_pointer)
+{
+ long unsigned int codepoint = 0;
+ unsigned int first_code = 0;
+ const unsigned char *first_sequence = input_pointer;
+ unsigned char utf8_length = 0;
+ unsigned char utf8_position = 0;
+ unsigned char sequence_length = 0;
+ unsigned char first_byte_mark = 0;
+
+ if ((input_end - first_sequence) < 6)
+ {
+ /* input ends unexpectedly */
+ goto fail;
+ }
+
+ /* get the first utf16 sequence */
+ first_code = parse_hex4(first_sequence + 2);
+
+ /* check that the code is valid */
+ if (((first_code >= 0xDC00) && (first_code <= 0xDFFF)))
+ {
+ goto fail;
+ }
+
+ /* UTF16 surrogate pair */
+ if ((first_code >= 0xD800) && (first_code <= 0xDBFF))
+ {
+ const unsigned char *second_sequence = first_sequence + 6;
+ unsigned int second_code = 0;
+ sequence_length = 12; /* \uXXXX\uXXXX */
+
+ if ((input_end - second_sequence) < 6)
+ {
+ /* input ends unexpectedly */
+ goto fail;
+ }
+
+ if ((second_sequence[0] != '\\') || (second_sequence[1] != 'u'))
+ {
+ /* missing second half of the surrogate pair */
+ goto fail;
+ }
+
+ /* get the second utf16 sequence */
+ second_code = parse_hex4(second_sequence + 2);
+ /* check that the code is valid */
+ if ((second_code < 0xDC00) || (second_code > 0xDFFF))
+ {
+ /* invalid second half of the surrogate pair */
+ goto fail;
+ }
+
+
+ /* calculate the unicode codepoint from the surrogate pair */
+ codepoint = 0x10000 + (((first_code & 0x3FF) << 10) | (second_code & 0x3FF));
+ }
+ else
+ {
+ sequence_length = 6; /* \uXXXX */
+ codepoint = first_code;
+ }
+
+ /* encode as UTF-8
+ * takes at maximum 4 bytes to encode:
+ * 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx */
+ if (codepoint < 0x80)
+ {
+ /* normal ascii, encoding 0xxxxxxx */
+ utf8_length = 1;
+ }
+ else if (codepoint < 0x800)
+ {
+ /* two bytes, encoding 110xxxxx 10xxxxxx */
+ utf8_length = 2;
+ first_byte_mark = 0xC0; /* 11000000 */
+ }
+ else if (codepoint < 0x10000)
+ {
+ /* three bytes, encoding 1110xxxx 10xxxxxx 10xxxxxx */
+ utf8_length = 3;
+ first_byte_mark = 0xE0; /* 11100000 */
+ }
+ else if (codepoint <= 0x10FFFF)
+ {
+ /* four bytes, encoding 1110xxxx 10xxxxxx 10xxxxxx 10xxxxxx */
+ utf8_length = 4;
+ first_byte_mark = 0xF0; /* 11110000 */
+ }
+ else
+ {
+ /* invalid unicode codepoint */
+ goto fail;
+ }
+
+ /* encode as utf8 */
+ for (utf8_position = (unsigned char)(utf8_length - 1); utf8_position > 0; utf8_position--)
+ {
+ /* 10xxxxxx */
+ (*output_pointer)[utf8_position] = (unsigned char)((codepoint | 0x80) & 0xBF);
+ codepoint >>= 6;
+ }
+ /* encode first byte */
+ if (utf8_length > 1)
+ {
+ (*output_pointer)[0] = (unsigned char)((codepoint | first_byte_mark) & 0xFF);
+ }
+ else
+ {
+ (*output_pointer)[0] = (unsigned char)(codepoint & 0x7F);
+ }
+
+ *output_pointer += utf8_length;
+
+ return sequence_length;
+
+fail:
+ return 0;
+}
+
+/* Parse the input text into an unescaped cinput, and populate item. */
+static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_buffer)
+{
+ const unsigned char *input_pointer = buffer_at_offset(input_buffer) + 1;
+ const unsigned char *input_end = buffer_at_offset(input_buffer) + 1;
+ unsigned char *output_pointer = NULL;
+ unsigned char *output = NULL;
+
+ /* not a string */
+ if (buffer_at_offset(input_buffer)[0] != '\"')
+ {
+ goto fail;
+ }
+
+ {
+ /* calculate approximate size of the output (overestimate) */
+ size_t allocation_length = 0;
+ size_t skipped_bytes = 0;
+ while (((size_t)(input_end - input_buffer->content) < input_buffer->length) && (*input_end != '\"'))
+ {
+ /* is escape sequence */
+ if (input_end[0] == '\\')
+ {
+ if ((size_t)(input_end + 1 - input_buffer->content) >= input_buffer->length)
+ {
+ /* prevent buffer overflow when last input character is a backslash */
+ goto fail;
+ }
+ skipped_bytes++;
+ input_end++;
+ }
+ input_end++;
+ }
+ if (((size_t)(input_end - input_buffer->content) >= input_buffer->length) || (*input_end != '\"'))
+ {
+ goto fail; /* string ended unexpectedly */
+ }
+
+ /* This is at most how much we need for the output */
+ allocation_length = (size_t) (input_end - buffer_at_offset(input_buffer)) - skipped_bytes;
+ output = (unsigned char*)input_buffer->hooks.allocate(allocation_length + sizeof(""));
+ if (output == NULL)
+ {
+ goto fail; /* allocation failure */
+ }
+ }
+
+ output_pointer = output;
+ /* loop through the string literal */
+ while (input_pointer < input_end)
+ {
+ if (*input_pointer != '\\')
+ {
+ *output_pointer++ = *input_pointer++;
+ }
+ /* escape sequence */
+ else
+ {
+ unsigned char sequence_length = 2;
+ if ((input_end - input_pointer) < 1)
+ {
+ goto fail;
+ }
+
+ switch (input_pointer[1])
+ {
+ case 'b':
+ *output_pointer++ = '\b';
+ break;
+ case 'f':
+ *output_pointer++ = '\f';
+ break;
+ case 'n':
+ *output_pointer++ = '\n';
+ break;
+ case 'r':
+ *output_pointer++ = '\r';
+ break;
+ case 't':
+ *output_pointer++ = '\t';
+ break;
+ case '\"':
+ case '\\':
+ case '/':
+ *output_pointer++ = input_pointer[1];
+ break;
+
+ /* UTF-16 literal */
+ case 'u':
+ sequence_length = utf16_literal_to_utf8(input_pointer, input_end, &output_pointer);
+ if (sequence_length == 0)
+ {
+ /* failed to convert UTF16-literal to UTF-8 */
+ goto fail;
+ }
+ break;
+
+ default:
+ goto fail;
+ }
+ input_pointer += sequence_length;
+ }
+ }
+
+ /* zero terminate the output */
+ *output_pointer = '\0';
+
+ item->type = cJSON_String;
+ item->valuestring = (char*)output;
+
+ input_buffer->offset = (size_t) (input_end - input_buffer->content);
+ input_buffer->offset++;
+
+ return true;
+
+fail:
+ if (output != NULL)
+ {
+ input_buffer->hooks.deallocate(output);
+ }
+
+ if (input_pointer != NULL)
+ {
+ input_buffer->offset = (size_t)(input_pointer - input_buffer->content);
+ }
+
+ return false;
+}
+
+/* Render the cstring provided to an escaped version that can be printed. */
+static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffer * const output_buffer)
+{
+ const unsigned char *input_pointer = NULL;
+ unsigned char *output = NULL;
+ unsigned char *output_pointer = NULL;
+ size_t output_length = 0;
+ /* numbers of additional characters needed for escaping */
+ size_t escape_characters = 0;
+
+ if (output_buffer == NULL)
+ {
+ return false;
+ }
+
+ /* empty string */
+ if (input == NULL)
+ {
+ output = ensure(output_buffer, sizeof("\"\""));
+ if (output == NULL)
+ {
+ return false;
+ }
+ strcpy((char*)output, "\"\"");
+
+ return true;
+ }
+
+ /* set "flag" to 1 if something needs to be escaped */
+ for (input_pointer = input; *input_pointer; input_pointer++)
+ {
+ switch (*input_pointer)
+ {
+ case '\"':
+ case '\\':
+ case '\b':
+ case '\f':
+ case '\n':
+ case '\r':
+ case '\t':
+ /* one character escape sequence */
+ escape_characters++;
+ break;
+ default:
+ if (*input_pointer < 32)
+ {
+ /* UTF-16 escape sequence uXXXX */
+ escape_characters += 5;
+ }
+ break;
+ }
+ }
+ output_length = (size_t)(input_pointer - input) + escape_characters;
+
+ output = ensure(output_buffer, output_length + sizeof("\"\""));
+ if (output == NULL)
+ {
+ return false;
+ }
+
+ /* no characters have to be escaped */
+ if (escape_characters == 0)
+ {
+ output[0] = '\"';
+ memcpy(output + 1, input, output_length);
+ output[output_length + 1] = '\"';
+ output[output_length + 2] = '\0';
+
+ return true;
+ }
+
+ output[0] = '\"';
+ output_pointer = output + 1;
+ /* copy the string */
+ for (input_pointer = input; *input_pointer != '\0'; (void)input_pointer++, output_pointer++)
+ {
+ if ((*input_pointer > 31) && (*input_pointer != '\"') && (*input_pointer != '\\'))
+ {
+ /* normal character, copy */
+ *output_pointer = *input_pointer;
+ }
+ else
+ {
+ /* character needs to be escaped */
+ *output_pointer++ = '\\';
+ switch (*input_pointer)
+ {
+ case '\\':
+ *output_pointer = '\\';
+ break;
+ case '\"':
+ *output_pointer = '\"';
+ break;
+ case '\b':
+ *output_pointer = 'b';
+ break;
+ case '\f':
+ *output_pointer = 'f';
+ break;
+ case '\n':
+ *output_pointer = 'n';
+ break;
+ case '\r':
+ *output_pointer = 'r';
+ break;
+ case '\t':
+ *output_pointer = 't';
+ break;
+ default:
+ /* escape and print as unicode codepoint */
+ sprintf((char*)output_pointer, "u%04x", *input_pointer);
+ output_pointer += 4;
+ break;
+ }
+ }
+ }
+ output[output_length + 1] = '\"';
+ output[output_length + 2] = '\0';
+
+ return true;
+}
+
+/* Invoke print_string_ptr (which is useful) on an item. */
+static cJSON_bool print_string(const cJSON * const item, printbuffer * const p)
+{
+ return print_string_ptr((unsigned char*)item->valuestring, p);
+}
+
+/* Predeclare these prototypes. */
+static cJSON_bool parse_value(cJSON * const item, parse_buffer * const input_buffer);
+static cJSON_bool print_value(const cJSON * const item, printbuffer * const output_buffer);
+static cJSON_bool parse_array(cJSON * const item, parse_buffer * const input_buffer);
+static cJSON_bool print_array(const cJSON * const item, printbuffer * const output_buffer);
+static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_buffer);
+static cJSON_bool print_object(const cJSON * const item, printbuffer * const output_buffer);
+
+/* Utility to jump whitespace and cr/lf */
+static parse_buffer *buffer_skip_whitespace(parse_buffer * const buffer)
+{
+ if ((buffer == NULL) || (buffer->content == NULL))
+ {
+ return NULL;
+ }
+
+ if (cannot_access_at_index(buffer, 0))
+ {
+ return buffer;
+ }
+
+ while (can_access_at_index(buffer, 0) && (buffer_at_offset(buffer)[0] <= 32))
+ {
+ buffer->offset++;
+ }
+
+ if (buffer->offset == buffer->length)
+ {
+ buffer->offset--;
+ }
+
+ return buffer;
+}
+
+/* skip the UTF-8 BOM (byte order mark) if it is at the beginning of a buffer */
+static parse_buffer *skip_utf8_bom(parse_buffer * const buffer)
+{
+ if ((buffer == NULL) || (buffer->content == NULL) || (buffer->offset != 0))
+ {
+ return NULL;
+ }
+
+ if (can_access_at_index(buffer, 4) && (strncmp((const char*)buffer_at_offset(buffer), "\xEF\xBB\xBF", 3) == 0))
+ {
+ buffer->offset += 3;
+ }
+
+ return buffer;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated)
+{
+ size_t buffer_length;
+
+ if (NULL == value)
+ {
+ return NULL;
+ }
+
+ /* Adding null character size due to require_null_terminated. */
+ buffer_length = strlen(value) + sizeof("");
+
+ return cJSON_ParseWithLengthOpts(value, buffer_length, return_parse_end, require_null_terminated);
+}
+
+/* Parse an object - create a new root, and populate. */
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated)
+{
+ parse_buffer buffer = { 0, 0, 0, 0, { 0, 0, 0 } };
+ cJSON *item = NULL;
+
+ /* reset error position */
+ global_error.json = NULL;
+ global_error.position = 0;
+
+ if (value == NULL || 0 == buffer_length)
+ {
+ goto fail;
+ }
+
+ buffer.content = (const unsigned char*)value;
+ buffer.length = buffer_length;
+ buffer.offset = 0;
+ buffer.hooks = global_hooks;
+
+ item = cJSON_New_Item(&global_hooks);
+ if (item == NULL) /* memory fail */
+ {
+ goto fail;
+ }
+
+ if (!parse_value(item, buffer_skip_whitespace(skip_utf8_bom(&buffer))))
+ {
+ /* parse failure. ep is set. */
+ goto fail;
+ }
+
+ /* if we require null-terminated JSON without appended garbage, skip and then check for a null terminator */
+ if (require_null_terminated)
+ {
+ buffer_skip_whitespace(&buffer);
+ if ((buffer.offset >= buffer.length) || buffer_at_offset(&buffer)[0] != '\0')
+ {
+ goto fail;
+ }
+ }
+ if (return_parse_end)
+ {
+ *return_parse_end = (const char*)buffer_at_offset(&buffer);
+ }
+
+ return item;
+
+fail:
+ if (item != NULL)
+ {
+ cJSON_Delete(item);
+ }
+
+ if (value != NULL)
+ {
+ error local_error;
+ local_error.json = (const unsigned char*)value;
+ local_error.position = 0;
+
+ if (buffer.offset < buffer.length)
+ {
+ local_error.position = buffer.offset;
+ }
+ else if (buffer.length > 0)
+ {
+ local_error.position = buffer.length - 1;
+ }
+
+ if (return_parse_end != NULL)
+ {
+ *return_parse_end = (const char*)local_error.json + local_error.position;
+ }
+
+ global_error = local_error;
+ }
+
+ return NULL;
+}
+
+/* Default options for cJSON_Parse */
+CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value)
+{
+ return cJSON_ParseWithOpts(value, 0, 0);
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length)
+{
+ return cJSON_ParseWithLengthOpts(value, buffer_length, 0, 0);
+}
+
+#define cjson_min(a, b) (((a) < (b)) ? (a) : (b))
+
+static unsigned char *print(const cJSON * const item, cJSON_bool format, const internal_hooks * const hooks)
+{
+ static const size_t default_buffer_size = 256;
+ printbuffer buffer[1];
+ unsigned char *printed = NULL;
+
+ memset(buffer, 0, sizeof(buffer));
+
+ /* create buffer */
+ buffer->buffer = (unsigned char*) hooks->allocate(default_buffer_size);
+ buffer->length = default_buffer_size;
+ buffer->format = format;
+ buffer->hooks = *hooks;
+ if (buffer->buffer == NULL)
+ {
+ goto fail;
+ }
+
+ /* print the value */
+ if (!print_value(item, buffer))
+ {
+ goto fail;
+ }
+ update_offset(buffer);
+
+ /* check if reallocate is available */
+ if (hooks->reallocate != NULL)
+ {
+ printed = (unsigned char*) hooks->reallocate(buffer->buffer, buffer->offset + 1);
+ if (printed == NULL) {
+ goto fail;
+ }
+ buffer->buffer = NULL;
+ }
+ else /* otherwise copy the JSON over to a new buffer */
+ {
+ printed = (unsigned char*) hooks->allocate(buffer->offset + 1);
+ if (printed == NULL)
+ {
+ goto fail;
+ }
+ memcpy(printed, buffer->buffer, cjson_min(buffer->length, buffer->offset + 1));
+ printed[buffer->offset] = '\0'; /* just to be sure */
+
+ /* free the buffer */
+ hooks->deallocate(buffer->buffer);
+ }
+
+ return printed;
+
+fail:
+ if (buffer->buffer != NULL)
+ {
+ hooks->deallocate(buffer->buffer);
+ }
+
+ if (printed != NULL)
+ {
+ hooks->deallocate(printed);
+ }
+
+ return NULL;
+}
+
+/* Render a cJSON item/entity/structure to text. */
+CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item)
+{
+ return (char*)print(item, true, &global_hooks);
+}
+
+CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item)
+{
+ return (char*)print(item, false, &global_hooks);
+}
+
+CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt)
+{
+ printbuffer p = { 0, 0, 0, 0, 0, 0, { 0, 0, 0 } };
+
+ if (prebuffer < 0)
+ {
+ return NULL;
+ }
+
+ p.buffer = (unsigned char*)global_hooks.allocate((size_t)prebuffer);
+ if (!p.buffer)
+ {
+ return NULL;
+ }
+
+ p.length = (size_t)prebuffer;
+ p.offset = 0;
+ p.noalloc = false;
+ p.format = fmt;
+ p.hooks = global_hooks;
+
+ if (!print_value(item, &p))
+ {
+ global_hooks.deallocate(p.buffer);
+ return NULL;
+ }
+
+ return (char*)p.buffer;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format)
+{
+ printbuffer p = { 0, 0, 0, 0, 0, 0, { 0, 0, 0 } };
+
+ if ((length < 0) || (buffer == NULL))
+ {
+ return false;
+ }
+
+ p.buffer = (unsigned char*)buffer;
+ p.length = (size_t)length;
+ p.offset = 0;
+ p.noalloc = true;
+ p.format = format;
+ p.hooks = global_hooks;
+
+ return print_value(item, &p);
+}
+
+/* Parser core - when encountering text, process appropriately. */
+static cJSON_bool parse_value(cJSON * const item, parse_buffer * const input_buffer)
+{
+ if ((input_buffer == NULL) || (input_buffer->content == NULL))
+ {
+ return false; /* no input */
+ }
+
+ /* parse the different types of values */
+ /* null */
+ if (can_read(input_buffer, 4) && (strncmp((const char*)buffer_at_offset(input_buffer), "null", 4) == 0))
+ {
+ item->type = cJSON_NULL;
+ input_buffer->offset += 4;
+ return true;
+ }
+ /* false */
+ if (can_read(input_buffer, 5) && (strncmp((const char*)buffer_at_offset(input_buffer), "false", 5) == 0))
+ {
+ item->type = cJSON_False;
+ input_buffer->offset += 5;
+ return true;
+ }
+ /* true */
+ if (can_read(input_buffer, 4) && (strncmp((const char*)buffer_at_offset(input_buffer), "true", 4) == 0))
+ {
+ item->type = cJSON_True;
+ item->valueint = 1;
+ input_buffer->offset += 4;
+ return true;
+ }
+ /* string */
+ if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '\"'))
+ {
+ return parse_string(item, input_buffer);
+ }
+ /* number */
+ if (can_access_at_index(input_buffer, 0) && ((buffer_at_offset(input_buffer)[0] == '-') || ((buffer_at_offset(input_buffer)[0] >= '0') && (buffer_at_offset(input_buffer)[0] <= '9'))))
+ {
+ return parse_number(item, input_buffer);
+ }
+ /* array */
+ if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '['))
+ {
+ return parse_array(item, input_buffer);
+ }
+ /* object */
+ if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '{'))
+ {
+ return parse_object(item, input_buffer);
+ }
+
+ return false;
+}
+
+/* Render a value to text. */
+static cJSON_bool print_value(const cJSON * const item, printbuffer * const output_buffer)
+{
+ unsigned char *output = NULL;
+
+ if ((item == NULL) || (output_buffer == NULL))
+ {
+ return false;
+ }
+
+ switch ((item->type) & 0xFF)
+ {
+ case cJSON_NULL:
+ output = ensure(output_buffer, 5);
+ if (output == NULL)
+ {
+ return false;
+ }
+ strcpy((char*)output, "null");
+ return true;
+
+ case cJSON_False:
+ output = ensure(output_buffer, 6);
+ if (output == NULL)
+ {
+ return false;
+ }
+ strcpy((char*)output, "false");
+ return true;
+
+ case cJSON_True:
+ output = ensure(output_buffer, 5);
+ if (output == NULL)
+ {
+ return false;
+ }
+ strcpy((char*)output, "true");
+ return true;
+
+ case cJSON_Number:
+ return print_number(item, output_buffer);
+
+ case cJSON_Raw:
+ {
+ size_t raw_length = 0;
+ if (item->valuestring == NULL)
+ {
+ return false;
+ }
+
+ raw_length = strlen(item->valuestring) + sizeof("");
+ output = ensure(output_buffer, raw_length);
+ if (output == NULL)
+ {
+ return false;
+ }
+ memcpy(output, item->valuestring, raw_length);
+ return true;
+ }
+
+ case cJSON_String:
+ return print_string(item, output_buffer);
+
+ case cJSON_Array:
+ return print_array(item, output_buffer);
+
+ case cJSON_Object:
+ return print_object(item, output_buffer);
+
+ default:
+ return false;
+ }
+}
+
+/* Build an array from input text. */
+static cJSON_bool parse_array(cJSON * const item, parse_buffer * const input_buffer)
+{
+ cJSON *head = NULL; /* head of the linked list */
+ cJSON *current_item = NULL;
+
+ if (input_buffer->depth >= CJSON_NESTING_LIMIT)
+ {
+ return false; /* to deeply nested */
+ }
+ input_buffer->depth++;
+
+ if (buffer_at_offset(input_buffer)[0] != '[')
+ {
+ /* not an array */
+ goto fail;
+ }
+
+ input_buffer->offset++;
+ buffer_skip_whitespace(input_buffer);
+ if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ']'))
+ {
+ /* empty array */
+ goto success;
+ }
+
+ /* check if we skipped to the end of the buffer */
+ if (cannot_access_at_index(input_buffer, 0))
+ {
+ input_buffer->offset--;
+ goto fail;
+ }
+
+ /* step back to character in front of the first element */
+ input_buffer->offset--;
+ /* loop through the comma separated array elements */
+ do
+ {
+ /* allocate next item */
+ cJSON *new_item = cJSON_New_Item(&(input_buffer->hooks));
+ if (new_item == NULL)
+ {
+ goto fail; /* allocation failure */
+ }
+
+ /* attach next item to list */
+ if (head == NULL)
+ {
+ /* start the linked list */
+ current_item = head = new_item;
+ }
+ else
+ {
+ /* add to the end and advance */
+ current_item->next = new_item;
+ new_item->prev = current_item;
+ current_item = new_item;
+ }
+
+ /* parse next value */
+ input_buffer->offset++;
+ buffer_skip_whitespace(input_buffer);
+ if (!parse_value(current_item, input_buffer))
+ {
+ goto fail; /* failed to parse value */
+ }
+ buffer_skip_whitespace(input_buffer);
+ }
+ while (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ','));
+
+ if (cannot_access_at_index(input_buffer, 0) || buffer_at_offset(input_buffer)[0] != ']')
+ {
+ goto fail; /* expected end of array */
+ }
+
+success:
+ input_buffer->depth--;
+
+ item->type = cJSON_Array;
+ item->child = head;
+
+ input_buffer->offset++;
+
+ return true;
+
+fail:
+ if (head != NULL)
+ {
+ cJSON_Delete(head);
+ }
+
+ return false;
+}
+
+/* Render an array to text */
+static cJSON_bool print_array(const cJSON * const item, printbuffer * const output_buffer)
+{
+ unsigned char *output_pointer = NULL;
+ size_t length = 0;
+ cJSON *current_element = item->child;
+
+ if (output_buffer == NULL)
+ {
+ return false;
+ }
+
+ /* Compose the output array. */
+ /* opening square bracket */
+ output_pointer = ensure(output_buffer, 1);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+
+ *output_pointer = '[';
+ output_buffer->offset++;
+ output_buffer->depth++;
+
+ while (current_element != NULL)
+ {
+ if (!print_value(current_element, output_buffer))
+ {
+ return false;
+ }
+ update_offset(output_buffer);
+ if (current_element->next)
+ {
+ length = (size_t) (output_buffer->format ? 2 : 1);
+ output_pointer = ensure(output_buffer, length + 1);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ *output_pointer++ = ',';
+ if(output_buffer->format)
+ {
+ *output_pointer++ = ' ';
+ }
+ *output_pointer = '\0';
+ output_buffer->offset += length;
+ }
+ current_element = current_element->next;
+ }
+
+ output_pointer = ensure(output_buffer, 2);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ *output_pointer++ = ']';
+ *output_pointer = '\0';
+ output_buffer->depth--;
+
+ return true;
+}
+
+/* Build an object from the text. */
+static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_buffer)
+{
+ cJSON *head = NULL; /* linked list head */
+ cJSON *current_item = NULL;
+
+ if (input_buffer->depth >= CJSON_NESTING_LIMIT)
+ {
+ return false; /* to deeply nested */
+ }
+ input_buffer->depth++;
+
+ if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != '{'))
+ {
+ goto fail; /* not an object */
+ }
+
+ input_buffer->offset++;
+ buffer_skip_whitespace(input_buffer);
+ if (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == '}'))
+ {
+ goto success; /* empty object */
+ }
+
+ /* check if we skipped to the end of the buffer */
+ if (cannot_access_at_index(input_buffer, 0))
+ {
+ input_buffer->offset--;
+ goto fail;
+ }
+
+ /* step back to character in front of the first element */
+ input_buffer->offset--;
+ /* loop through the comma separated array elements */
+ do
+ {
+ /* allocate next item */
+ cJSON *new_item = cJSON_New_Item(&(input_buffer->hooks));
+ if (new_item == NULL)
+ {
+ goto fail; /* allocation failure */
+ }
+
+ /* attach next item to list */
+ if (head == NULL)
+ {
+ /* start the linked list */
+ current_item = head = new_item;
+ }
+ else
+ {
+ /* add to the end and advance */
+ current_item->next = new_item;
+ new_item->prev = current_item;
+ current_item = new_item;
+ }
+
+ /* parse the name of the child */
+ input_buffer->offset++;
+ buffer_skip_whitespace(input_buffer);
+ if (!parse_string(current_item, input_buffer))
+ {
+ goto fail; /* failed to parse name */
+ }
+ buffer_skip_whitespace(input_buffer);
+
+ /* swap valuestring and string, because we parsed the name */
+ current_item->string = current_item->valuestring;
+ current_item->valuestring = NULL;
+
+ if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != ':'))
+ {
+ goto fail; /* invalid object */
+ }
+
+ /* parse the value */
+ input_buffer->offset++;
+ buffer_skip_whitespace(input_buffer);
+ if (!parse_value(current_item, input_buffer))
+ {
+ goto fail; /* failed to parse value */
+ }
+ buffer_skip_whitespace(input_buffer);
+ }
+ while (can_access_at_index(input_buffer, 0) && (buffer_at_offset(input_buffer)[0] == ','));
+
+ if (cannot_access_at_index(input_buffer, 0) || (buffer_at_offset(input_buffer)[0] != '}'))
+ {
+ goto fail; /* expected end of object */
+ }
+
+success:
+ input_buffer->depth--;
+
+ item->type = cJSON_Object;
+ item->child = head;
+
+ input_buffer->offset++;
+ return true;
+
+fail:
+ if (head != NULL)
+ {
+ cJSON_Delete(head);
+ }
+
+ return false;
+}
+
+/* Render an object to text. */
+static cJSON_bool print_object(const cJSON * const item, printbuffer * const output_buffer)
+{
+ unsigned char *output_pointer = NULL;
+ size_t length = 0;
+ cJSON *current_item = item->child;
+
+ if (output_buffer == NULL)
+ {
+ return false;
+ }
+
+ /* Compose the output: */
+ length = (size_t) (output_buffer->format ? 2 : 1); /* fmt: {\n */
+ output_pointer = ensure(output_buffer, length + 1);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+
+ *output_pointer++ = '{';
+ output_buffer->depth++;
+ if (output_buffer->format)
+ {
+ *output_pointer++ = '\n';
+ }
+ output_buffer->offset += length;
+
+ while (current_item)
+ {
+ if (output_buffer->format)
+ {
+ size_t i;
+ output_pointer = ensure(output_buffer, output_buffer->depth);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ for (i = 0; i < output_buffer->depth; i++)
+ {
+ *output_pointer++ = '\t';
+ }
+ output_buffer->offset += output_buffer->depth;
+ }
+
+ /* print key */
+ if (!print_string_ptr((unsigned char*)current_item->string, output_buffer))
+ {
+ return false;
+ }
+ update_offset(output_buffer);
+
+ length = (size_t) (output_buffer->format ? 2 : 1);
+ output_pointer = ensure(output_buffer, length);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ *output_pointer++ = ':';
+ if (output_buffer->format)
+ {
+ *output_pointer++ = '\t';
+ }
+ output_buffer->offset += length;
+
+ /* print value */
+ if (!print_value(current_item, output_buffer))
+ {
+ return false;
+ }
+ update_offset(output_buffer);
+
+ /* print comma if not last */
+ length = ((size_t)(output_buffer->format ? 1 : 0) + (size_t)(current_item->next ? 1 : 0));
+ output_pointer = ensure(output_buffer, length + 1);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ if (current_item->next)
+ {
+ *output_pointer++ = ',';
+ }
+
+ if (output_buffer->format)
+ {
+ *output_pointer++ = '\n';
+ }
+ *output_pointer = '\0';
+ output_buffer->offset += length;
+
+ current_item = current_item->next;
+ }
+
+ output_pointer = ensure(output_buffer, output_buffer->format ? (output_buffer->depth + 1) : 2);
+ if (output_pointer == NULL)
+ {
+ return false;
+ }
+ if (output_buffer->format)
+ {
+ size_t i;
+ for (i = 0; i < (output_buffer->depth - 1); i++)
+ {
+ *output_pointer++ = '\t';
+ }
+ }
+ *output_pointer++ = '}';
+ *output_pointer = '\0';
+ output_buffer->depth--;
+
+ return true;
+}
+
+/* Get Array size/item / object item. */
+CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array)
+{
+ cJSON *child = NULL;
+ size_t size = 0;
+
+ if (array == NULL)
+ {
+ return 0;
+ }
+
+ child = array->child;
+
+ while(child != NULL)
+ {
+ size++;
+ child = child->next;
+ }
+
+ /* FIXME: Can overflow here. Cannot be fixed without breaking the API */
+
+ return (int)size;
+}
+
+static cJSON* get_array_item(const cJSON *array, size_t index)
+{
+ cJSON *current_child = NULL;
+
+ if (array == NULL)
+ {
+ return NULL;
+ }
+
+ current_child = array->child;
+ while ((current_child != NULL) && (index > 0))
+ {
+ index--;
+ current_child = current_child->next;
+ }
+
+ return current_child;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index)
+{
+ if (index < 0)
+ {
+ return NULL;
+ }
+
+ return get_array_item(array, (size_t)index);
+}
+
+static cJSON *get_object_item(const cJSON * const object, const char * const name, const cJSON_bool case_sensitive)
+{
+ cJSON *current_element = NULL;
+
+ if ((object == NULL) || (name == NULL))
+ {
+ return NULL;
+ }
+
+ current_element = object->child;
+ if (case_sensitive)
+ {
+ while ((current_element != NULL) && (current_element->string != NULL) && (strcmp(name, current_element->string) != 0))
+ {
+ current_element = current_element->next;
+ }
+ }
+ else
+ {
+ while ((current_element != NULL) && (case_insensitive_strcmp((const unsigned char*)name, (const unsigned char*)(current_element->string)) != 0))
+ {
+ current_element = current_element->next;
+ }
+ }
+
+ if ((current_element == NULL) || (current_element->string == NULL)) {
+ return NULL;
+ }
+
+ return current_element;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string)
+{
+ return get_object_item(object, string, false);
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string)
+{
+ return get_object_item(object, string, true);
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string)
+{
+ return cJSON_GetObjectItem(object, string) ? 1 : 0;
+}
+
+/* Utility for array list handling. */
+static void suffix_object(cJSON *prev, cJSON *item)
+{
+ prev->next = item;
+ item->prev = prev;
+}
+
+/* Utility for handling references. */
+static cJSON *create_reference(const cJSON *item, const internal_hooks * const hooks)
+{
+ cJSON *reference = NULL;
+ if (item == NULL)
+ {
+ return NULL;
+ }
+
+ reference = cJSON_New_Item(hooks);
+ if (reference == NULL)
+ {
+ return NULL;
+ }
+
+ memcpy(reference, item, sizeof(cJSON));
+ reference->string = NULL;
+ reference->type |= cJSON_IsReference;
+ reference->next = reference->prev = NULL;
+ return reference;
+}
+
+static cJSON_bool add_item_to_array(cJSON *array, cJSON *item)
+{
+ cJSON *child = NULL;
+
+ if ((item == NULL) || (array == NULL) || (array == item))
+ {
+ return false;
+ }
+
+ child = array->child;
+ /*
+ * To find the last item in array quickly, we use prev in array
+ */
+ if (child == NULL)
+ {
+ /* list is empty, start new one */
+ array->child = item;
+ item->prev = item;
+ item->next = NULL;
+ }
+ else
+ {
+ /* append to the end */
+ if (child->prev)
+ {
+ suffix_object(child->prev, item);
+ array->child->prev = item;
+ }
+ else
+ {
+ while (child->next)
+ {
+ child = child->next;
+ }
+ suffix_object(child, item);
+ array->child->prev = item;
+ }
+ }
+
+ return true;
+}
+
+/* Add item to array/object. */
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item)
+{
+ return add_item_to_array(array, item);
+}
+
+#if defined(__clang__) || (defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))
+ #pragma GCC diagnostic push
+#endif
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wcast-qual"
+#endif
+/* helper function to cast away const */
+static void* cast_away_const(const void* string)
+{
+ return (void*)string;
+}
+#if defined(__clang__) || (defined(__GNUC__) && ((__GNUC__ > 4) || ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))
+ #pragma GCC diagnostic pop
+#endif
+
+
+static cJSON_bool add_item_to_object(cJSON * const object, const char * const string, cJSON * const item, const internal_hooks * const hooks, const cJSON_bool constant_key)
+{
+ char *new_key = NULL;
+ int new_type = cJSON_Invalid;
+
+ if ((object == NULL) || (string == NULL) || (item == NULL) || (object == item))
+ {
+ return false;
+ }
+
+ if (constant_key)
+ {
+ new_key = (char*)cast_away_const(string);
+ new_type = item->type | cJSON_StringIsConst;
+ }
+ else
+ {
+ new_key = (char*)cJSON_strdup((const unsigned char*)string, hooks);
+ if (new_key == NULL)
+ {
+ return false;
+ }
+
+ new_type = item->type & ~cJSON_StringIsConst;
+ }
+
+ if (!(item->type & cJSON_StringIsConst) && (item->string != NULL))
+ {
+ hooks->deallocate(item->string);
+ }
+
+ item->string = new_key;
+ item->type = new_type;
+
+ return add_item_to_array(object, item);
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item)
+{
+ return add_item_to_object(object, string, item, &global_hooks, false);
+}
+
+/* Add an item to an object with constant string as key */
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item)
+{
+ return add_item_to_object(object, string, item, &global_hooks, true);
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item)
+{
+ if (array == NULL)
+ {
+ return false;
+ }
+
+ return add_item_to_array(array, create_reference(item, &global_hooks));
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item)
+{
+ if ((object == NULL) || (string == NULL))
+ {
+ return false;
+ }
+
+ return add_item_to_object(object, string, create_reference(item, &global_hooks), &global_hooks, false);
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name)
+{
+ cJSON *null = cJSON_CreateNull();
+ if (add_item_to_object(object, name, null, &global_hooks, false))
+ {
+ return null;
+ }
+
+ cJSON_Delete(null);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name)
+{
+ cJSON *true_item = cJSON_CreateTrue();
+ if (add_item_to_object(object, name, true_item, &global_hooks, false))
+ {
+ return true_item;
+ }
+
+ cJSON_Delete(true_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name)
+{
+ cJSON *false_item = cJSON_CreateFalse();
+ if (add_item_to_object(object, name, false_item, &global_hooks, false))
+ {
+ return false_item;
+ }
+
+ cJSON_Delete(false_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean)
+{
+ cJSON *bool_item = cJSON_CreateBool(boolean);
+ if (add_item_to_object(object, name, bool_item, &global_hooks, false))
+ {
+ return bool_item;
+ }
+
+ cJSON_Delete(bool_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number)
+{
+ cJSON *number_item = cJSON_CreateNumber(number);
+ if (add_item_to_object(object, name, number_item, &global_hooks, false))
+ {
+ return number_item;
+ }
+
+ cJSON_Delete(number_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string)
+{
+ cJSON *string_item = cJSON_CreateString(string);
+ if (add_item_to_object(object, name, string_item, &global_hooks, false))
+ {
+ return string_item;
+ }
+
+ cJSON_Delete(string_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw)
+{
+ cJSON *raw_item = cJSON_CreateRaw(raw);
+ if (add_item_to_object(object, name, raw_item, &global_hooks, false))
+ {
+ return raw_item;
+ }
+
+ cJSON_Delete(raw_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name)
+{
+ cJSON *object_item = cJSON_CreateObject();
+ if (add_item_to_object(object, name, object_item, &global_hooks, false))
+ {
+ return object_item;
+ }
+
+ cJSON_Delete(object_item);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name)
+{
+ cJSON *array = cJSON_CreateArray();
+ if (add_item_to_object(object, name, array, &global_hooks, false))
+ {
+ return array;
+ }
+
+ cJSON_Delete(array);
+ return NULL;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item)
+{
+ if ((parent == NULL) || (item == NULL))
+ {
+ return NULL;
+ }
+
+ if (item != parent->child)
+ {
+ /* not the first element */
+ item->prev->next = item->next;
+ }
+ if (item->next != NULL)
+ {
+ /* not the last element */
+ item->next->prev = item->prev;
+ }
+
+ if (item == parent->child)
+ {
+ /* first element */
+ parent->child = item->next;
+ }
+ /* make sure the detached item doesn't point anywhere anymore */
+ item->prev = NULL;
+ item->next = NULL;
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which)
+{
+ if (which < 0)
+ {
+ return NULL;
+ }
+
+ return cJSON_DetachItemViaPointer(array, get_array_item(array, (size_t)which));
+}
+
+CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which)
+{
+ cJSON_Delete(cJSON_DetachItemFromArray(array, which));
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string)
+{
+ cJSON *to_detach = cJSON_GetObjectItem(object, string);
+
+ return cJSON_DetachItemViaPointer(object, to_detach);
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string)
+{
+ cJSON *to_detach = cJSON_GetObjectItemCaseSensitive(object, string);
+
+ return cJSON_DetachItemViaPointer(object, to_detach);
+}
+
+CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string)
+{
+ cJSON_Delete(cJSON_DetachItemFromObject(object, string));
+}
+
+CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string)
+{
+ cJSON_Delete(cJSON_DetachItemFromObjectCaseSensitive(object, string));
+}
+
+/* Replace array/object items with new ones. */
+CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem)
+{
+ cJSON *after_inserted = NULL;
+
+ if (which < 0)
+ {
+ return false;
+ }
+
+ after_inserted = get_array_item(array, (size_t)which);
+ if (after_inserted == NULL)
+ {
+ return add_item_to_array(array, newitem);
+ }
+
+ newitem->next = after_inserted;
+ newitem->prev = after_inserted->prev;
+ after_inserted->prev = newitem;
+ if (after_inserted == array->child)
+ {
+ array->child = newitem;
+ }
+ else
+ {
+ newitem->prev->next = newitem;
+ }
+ return true;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement)
+{
+ if ((parent == NULL) || (replacement == NULL) || (item == NULL))
+ {
+ return false;
+ }
+
+ if (replacement == item)
+ {
+ return true;
+ }
+
+ replacement->next = item->next;
+ replacement->prev = item->prev;
+
+ if (replacement->next != NULL)
+ {
+ replacement->next->prev = replacement;
+ }
+ if (parent->child == item)
+ {
+ parent->child = replacement;
+ }
+ else
+ { /*
+ * To find the last item in array quickly, we use prev in array.
+ * We can't modify the last item's next pointer where this item was the parent's child
+ */
+ if (replacement->prev != NULL)
+ {
+ replacement->prev->next = replacement;
+ }
+ }
+
+ item->next = NULL;
+ item->prev = NULL;
+ cJSON_Delete(item);
+
+ return true;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem)
+{
+ if (which < 0)
+ {
+ return false;
+ }
+
+ return cJSON_ReplaceItemViaPointer(array, get_array_item(array, (size_t)which), newitem);
+}
+
+static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSON *replacement, cJSON_bool case_sensitive)
+{
+ if ((replacement == NULL) || (string == NULL))
+ {
+ return false;
+ }
+
+ /* replace the name in the replacement */
+ if (!(replacement->type & cJSON_StringIsConst) && (replacement->string != NULL))
+ {
+ cJSON_free(replacement->string);
+ }
+ replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks);
+ replacement->type &= ~cJSON_StringIsConst;
+
+ return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement);
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object, const char *string, cJSON *newitem)
+{
+ return replace_item_in_object(object, string, newitem, false);
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object, const char *string, cJSON *newitem)
+{
+ return replace_item_in_object(object, string, newitem, true);
+}
+
+/* Create basic types: */
+CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_NULL;
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_True;
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_False;
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = boolean ? cJSON_True : cJSON_False;
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_Number;
+ item->valuedouble = num;
+
+ /* use saturation in case of overflow */
+ if (num >= INT_MAX)
+ {
+ item->valueint = INT_MAX;
+ }
+ else if (num <= (double)INT_MIN)
+ {
+ item->valueint = INT_MIN;
+ }
+ else
+ {
+ item->valueint = (int)num;
+ }
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_String;
+ item->valuestring = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks);
+ if(!item->valuestring)
+ {
+ cJSON_Delete(item);
+ return NULL;
+ }
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if (item != NULL)
+ {
+ item->type = cJSON_String | cJSON_IsReference;
+ item->valuestring = (char*)cast_away_const(string);
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if (item != NULL) {
+ item->type = cJSON_Object | cJSON_IsReference;
+ item->child = (cJSON*)cast_away_const(child);
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child) {
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if (item != NULL) {
+ item->type = cJSON_Array | cJSON_IsReference;
+ item->child = (cJSON*)cast_away_const(child);
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type = cJSON_Raw;
+ item->valuestring = (char*)cJSON_strdup((const unsigned char*)raw, &global_hooks);
+ if(!item->valuestring)
+ {
+ cJSON_Delete(item);
+ return NULL;
+ }
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if(item)
+ {
+ item->type=cJSON_Array;
+ }
+
+ return item;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void)
+{
+ cJSON *item = cJSON_New_Item(&global_hooks);
+ if (item)
+ {
+ item->type = cJSON_Object;
+ }
+
+ return item;
+}
+
+/* Create Arrays: */
+CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count)
+{
+ size_t i = 0;
+ cJSON *n = NULL;
+ cJSON *p = NULL;
+ cJSON *a = NULL;
+
+ if ((count < 0) || (numbers == NULL))
+ {
+ return NULL;
+ }
+
+ a = cJSON_CreateArray();
+ for(i = 0; a && (i < (size_t)count); i++)
+ {
+ n = cJSON_CreateNumber(numbers[i]);
+ if (!n)
+ {
+ cJSON_Delete(a);
+ return NULL;
+ }
+ if(!i)
+ {
+ a->child = n;
+ }
+ else
+ {
+ suffix_object(p, n);
+ }
+ p = n;
+ }
+
+ return a;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count)
+{
+ size_t i = 0;
+ cJSON *n = NULL;
+ cJSON *p = NULL;
+ cJSON *a = NULL;
+
+ if ((count < 0) || (numbers == NULL))
+ {
+ return NULL;
+ }
+
+ a = cJSON_CreateArray();
+
+ for(i = 0; a && (i < (size_t)count); i++)
+ {
+ n = cJSON_CreateNumber((double)numbers[i]);
+ if(!n)
+ {
+ cJSON_Delete(a);
+ return NULL;
+ }
+ if(!i)
+ {
+ a->child = n;
+ }
+ else
+ {
+ suffix_object(p, n);
+ }
+ p = n;
+ }
+
+ return a;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count)
+{
+ size_t i = 0;
+ cJSON *n = NULL;
+ cJSON *p = NULL;
+ cJSON *a = NULL;
+
+ if ((count < 0) || (numbers == NULL))
+ {
+ return NULL;
+ }
+
+ a = cJSON_CreateArray();
+
+ for(i = 0;a && (i < (size_t)count); i++)
+ {
+ n = cJSON_CreateNumber(numbers[i]);
+ if(!n)
+ {
+ cJSON_Delete(a);
+ return NULL;
+ }
+ if(!i)
+ {
+ a->child = n;
+ }
+ else
+ {
+ suffix_object(p, n);
+ }
+ p = n;
+ }
+
+ return a;
+}
+
+CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count)
+{
+ size_t i = 0;
+ cJSON *n = NULL;
+ cJSON *p = NULL;
+ cJSON *a = NULL;
+
+ if ((count < 0) || (strings == NULL))
+ {
+ return NULL;
+ }
+
+ a = cJSON_CreateArray();
+
+ for (i = 0; a && (i < (size_t)count); i++)
+ {
+ n = cJSON_CreateString(strings[i]);
+ if(!n)
+ {
+ cJSON_Delete(a);
+ return NULL;
+ }
+ if(!i)
+ {
+ a->child = n;
+ }
+ else
+ {
+ suffix_object(p,n);
+ }
+ p = n;
+ }
+
+ return a;
+}
+
+/* Duplication */
+CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse)
+{
+ cJSON *newitem = NULL;
+ cJSON *child = NULL;
+ cJSON *next = NULL;
+ cJSON *newchild = NULL;
+
+ /* Bail on bad ptr */
+ if (!item)
+ {
+ goto fail;
+ }
+ /* Create new item */
+ newitem = cJSON_New_Item(&global_hooks);
+ if (!newitem)
+ {
+ goto fail;
+ }
+ /* Copy over all vars */
+ newitem->type = item->type & (~cJSON_IsReference);
+ newitem->valueint = item->valueint;
+ newitem->valuedouble = item->valuedouble;
+ if (item->valuestring)
+ {
+ newitem->valuestring = (char*)cJSON_strdup((unsigned char*)item->valuestring, &global_hooks);
+ if (!newitem->valuestring)
+ {
+ goto fail;
+ }
+ }
+ if (item->string)
+ {
+ newitem->string = (item->type&cJSON_StringIsConst) ? item->string : (char*)cJSON_strdup((unsigned char*)item->string, &global_hooks);
+ if (!newitem->string)
+ {
+ goto fail;
+ }
+ }
+ /* If non-recursive, then we're done! */
+ if (!recurse)
+ {
+ return newitem;
+ }
+ /* Walk the ->next chain for the child. */
+ child = item->child;
+ while (child != NULL)
+ {
+ newchild = cJSON_Duplicate(child, true); /* Duplicate (with recurse) each item in the ->next chain */
+ if (!newchild)
+ {
+ goto fail;
+ }
+ if (next != NULL)
+ {
+ /* If newitem->child already set, then crosswire ->prev and ->next and move on */
+ next->next = newchild;
+ newchild->prev = next;
+ next = newchild;
+ }
+ else
+ {
+ /* Set newitem->child and move to it */
+ newitem->child = newchild;
+ next = newchild;
+ }
+ child = child->next;
+ }
+
+ return newitem;
+
+fail:
+ if (newitem != NULL)
+ {
+ cJSON_Delete(newitem);
+ }
+
+ return NULL;
+}
+
+static void skip_oneline_comment(char **input)
+{
+ *input += static_strlen("//");
+
+ for (; (*input)[0] != '\0'; ++(*input))
+ {
+ if ((*input)[0] == '\n') {
+ *input += static_strlen("\n");
+ return;
+ }
+ }
+}
+
+static void skip_multiline_comment(char **input)
+{
+ *input += static_strlen("/*");
+
+ for (; (*input)[0] != '\0'; ++(*input))
+ {
+ if (((*input)[0] == '*') && ((*input)[1] == '/'))
+ {
+ *input += static_strlen("*/");
+ return;
+ }
+ }
+}
+
+static void minify_string(char **input, char **output) {
+ (*output)[0] = (*input)[0];
+ *input += static_strlen("\"");
+ *output += static_strlen("\"");
+
+
+ for (; (*input)[0] != '\0'; (void)++(*input), ++(*output)) {
+ (*output)[0] = (*input)[0];
+
+ if ((*input)[0] == '\"') {
+ (*output)[0] = '\"';
+ *input += static_strlen("\"");
+ *output += static_strlen("\"");
+ return;
+ } else if (((*input)[0] == '\\') && ((*input)[1] == '\"')) {
+ (*output)[1] = (*input)[1];
+ *input += static_strlen("\"");
+ *output += static_strlen("\"");
+ }
+ }
+}
+
+CJSON_PUBLIC(void) cJSON_Minify(char *json)
+{
+ char *into = json;
+
+ if (json == NULL)
+ {
+ return;
+ }
+
+ while (json[0] != '\0')
+ {
+ switch (json[0])
+ {
+ case ' ':
+ case '\t':
+ case '\r':
+ case '\n':
+ json++;
+ break;
+
+ case '/':
+ if (json[1] == '/')
+ {
+ skip_oneline_comment(&json);
+ }
+ else if (json[1] == '*')
+ {
+ skip_multiline_comment(&json);
+ } else {
+ json++;
+ }
+ break;
+
+ case '\"':
+ minify_string(&json, (char**)&into);
+ break;
+
+ default:
+ into[0] = json[0];
+ json++;
+ into++;
+ }
+ }
+
+ /* and null-terminate. */
+ *into = '\0';
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_Invalid;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_False;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xff) == cJSON_True;
+}
+
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & (cJSON_True | cJSON_False)) != 0;
+}
+CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_NULL;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_Number;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_String;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_Array;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_Object;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item)
+{
+ if (item == NULL)
+ {
+ return false;
+ }
+
+ return (item->type & 0xFF) == cJSON_Raw;
+}
+
+CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive)
+{
+ if ((a == NULL) || (b == NULL) || ((a->type & 0xFF) != (b->type & 0xFF)) || cJSON_IsInvalid(a))
+ {
+ return false;
+ }
+
+ /* check if type is valid */
+ switch (a->type & 0xFF)
+ {
+ case cJSON_False:
+ case cJSON_True:
+ case cJSON_NULL:
+ case cJSON_Number:
+ case cJSON_String:
+ case cJSON_Raw:
+ case cJSON_Array:
+ case cJSON_Object:
+ break;
+
+ default:
+ return false;
+ }
+
+ /* identical objects are equal */
+ if (a == b)
+ {
+ return true;
+ }
+
+ switch (a->type & 0xFF)
+ {
+ /* in these cases and equal type is enough */
+ case cJSON_False:
+ case cJSON_True:
+ case cJSON_NULL:
+ return true;
+
+ case cJSON_Number:
+ if (compare_double(a->valuedouble, b->valuedouble))
+ {
+ return true;
+ }
+ return false;
+
+ case cJSON_String:
+ case cJSON_Raw:
+ if ((a->valuestring == NULL) || (b->valuestring == NULL))
+ {
+ return false;
+ }
+ if (strcmp(a->valuestring, b->valuestring) == 0)
+ {
+ return true;
+ }
+
+ return false;
+
+ case cJSON_Array:
+ {
+ cJSON *a_element = a->child;
+ cJSON *b_element = b->child;
+
+ for (; (a_element != NULL) && (b_element != NULL);)
+ {
+ if (!cJSON_Compare(a_element, b_element, case_sensitive))
+ {
+ return false;
+ }
+
+ a_element = a_element->next;
+ b_element = b_element->next;
+ }
+
+ /* one of the arrays is longer than the other */
+ if (a_element != b_element) {
+ return false;
+ }
+
+ return true;
+ }
+
+ case cJSON_Object:
+ {
+ cJSON *a_element = NULL;
+ cJSON *b_element = NULL;
+ cJSON_ArrayForEach(a_element, a)
+ {
+ /* TODO This has O(n^2) runtime, which is horrible! */
+ b_element = get_object_item(b, a_element->string, case_sensitive);
+ if (b_element == NULL)
+ {
+ return false;
+ }
+
+ if (!cJSON_Compare(a_element, b_element, case_sensitive))
+ {
+ return false;
+ }
+ }
+
+ /* doing this twice, once on a and b to prevent true comparison if a subset of b
+ * TODO: Do this the proper way, this is just a fix for now */
+ cJSON_ArrayForEach(b_element, b)
+ {
+ a_element = get_object_item(a, b_element->string, case_sensitive);
+ if (a_element == NULL)
+ {
+ return false;
+ }
+
+ if (!cJSON_Compare(b_element, a_element, case_sensitive))
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ default:
+ return false;
+ }
+}
+
+CJSON_PUBLIC(void *) cJSON_malloc(size_t size)
+{
+ return global_hooks.allocate(size);
+}
+
+CJSON_PUBLIC(void) cJSON_free(void *object)
+{
+ global_hooks.deallocate(object);
+}
diff --git a/binutils/cJSON.h b/binutils/cJSON.h
new file mode 100644
index 0000000000000000000000000000000000000000..0c6c8e070efd754803e8d8b6549e2bb34315e9a4
--- /dev/null
+++ b/binutils/cJSON.h
@@ -0,0 +1,293 @@
+/*
+ Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to deal
+ in the Software without restriction, including without limitation the rights
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ THE SOFTWARE.
+*/
+
+#ifndef cJSON__h
+#define cJSON__h
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#if !defined(__WINDOWS__) && (defined(WIN32) || defined(WIN64) || defined(_MSC_VER) || defined(_WIN32))
+#define __WINDOWS__
+#endif
+
+#ifdef __WINDOWS__
+
+/* When compiling for windows, we specify a specific calling convention to avoid issues where we are being called from a project with a different default calling convention. For windows you have 3 define options:
+
+CJSON_HIDE_SYMBOLS - Define this in the case where you don't want to ever dllexport symbols
+CJSON_EXPORT_SYMBOLS - Define this on library build when you want to dllexport symbols (default)
+CJSON_IMPORT_SYMBOLS - Define this if you want to dllimport symbol
+
+For *nix builds that support visibility attribute, you can define similar behavior by
+
+setting default visibility to hidden by adding
+-fvisibility=hidden (for gcc)
+or
+-xldscope=hidden (for sun cc)
+to CFLAGS
+
+then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJSON_EXPORT_SYMBOLS does
+
+*/
+
+#define CJSON_CDECL __cdecl
+#define CJSON_STDCALL __stdcall
+
+/* export symbols by default, this is necessary for copy pasting the C and header file */
+#if !defined(CJSON_HIDE_SYMBOLS) && !defined(CJSON_IMPORT_SYMBOLS) && !defined(CJSON_EXPORT_SYMBOLS)
+#define CJSON_EXPORT_SYMBOLS
+#endif
+
+#if defined(CJSON_HIDE_SYMBOLS)
+#define CJSON_PUBLIC(type) type CJSON_STDCALL
+#elif defined(CJSON_EXPORT_SYMBOLS)
+#define CJSON_PUBLIC(type) __declspec(dllexport) type CJSON_STDCALL
+#elif defined(CJSON_IMPORT_SYMBOLS)
+#define CJSON_PUBLIC(type) __declspec(dllimport) type CJSON_STDCALL
+#endif
+#else /* !__WINDOWS__ */
+#define CJSON_CDECL
+#define CJSON_STDCALL
+
+#if (defined(__GNUC__) || defined(__SUNPRO_CC) || defined (__SUNPRO_C)) && defined(CJSON_API_VISIBILITY)
+#define CJSON_PUBLIC(type) __attribute__((visibility("default"))) type
+#else
+#define CJSON_PUBLIC(type) type
+#endif
+#endif
+
+/* project version */
+#define CJSON_VERSION_MAJOR 1
+#define CJSON_VERSION_MINOR 7
+#define CJSON_VERSION_PATCH 13
+
+#include <stddef.h>
+
+/* cJSON Types: */
+#define cJSON_Invalid (0)
+#define cJSON_False (1 << 0)
+#define cJSON_True (1 << 1)
+#define cJSON_NULL (1 << 2)
+#define cJSON_Number (1 << 3)
+#define cJSON_String (1 << 4)
+#define cJSON_Array (1 << 5)
+#define cJSON_Object (1 << 6)
+#define cJSON_Raw (1 << 7) /* raw json */
+
+#define cJSON_IsReference 256
+#define cJSON_StringIsConst 512
+
+/* The cJSON structure: */
+typedef struct cJSON
+{
+ /* next/prev allow you to walk array/object chains. Alternatively, use GetArraySize/GetArrayItem/GetObjectItem */
+ struct cJSON *next;
+ struct cJSON *prev;
+ /* An array or object item will have a child pointer pointing to a chain of the items in the array/object. */
+ struct cJSON *child;
+
+ /* The type of the item, as above. */
+ int type;
+
+ /* The item's string, if type==cJSON_String and type == cJSON_Raw */
+ char *valuestring;
+ /* writing to valueint is DEPRECATED, use cJSON_SetNumberValue instead */
+ int valueint;
+ /* The item's number, if type==cJSON_Number */
+ double valuedouble;
+
+ /* The item's name string, if this item is the child of, or is in the list of subitems of an object. */
+ char *string;
+} cJSON;
+
+typedef struct cJSON_Hooks
+{
+ /* malloc/free are CDECL on Windows regardless of the default calling convention of the compiler, so ensure the hooks allow passing those functions directly. */
+ void *(CJSON_CDECL *malloc_fn)(size_t sz);
+ void (CJSON_CDECL *free_fn)(void *ptr);
+} cJSON_Hooks;
+
+typedef int cJSON_bool;
+
+/* Limits how deeply nested arrays/objects can be before cJSON rejects to parse them.
+ * This is to prevent stack overflows. */
+#ifndef CJSON_NESTING_LIMIT
+#define CJSON_NESTING_LIMIT 1000
+#endif
+
+/* returns the version of cJSON as a string */
+CJSON_PUBLIC(const char*) cJSON_Version(void);
+
+/* Supply malloc, realloc and free functions to cJSON */
+CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
+
+/* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
+/* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
+CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithLength(const char *value, size_t buffer_length);
+/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
+/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer_length, const char **return_parse_end, cJSON_bool require_null_terminated);
+
+/* Render a cJSON entity to text for transfer/storage. */
+CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
+/* Render a cJSON entity to text for transfer/storage without any formatting. */
+CJSON_PUBLIC(char *) cJSON_PrintUnformatted(const cJSON *item);
+/* Render a cJSON entity to text using a buffered strategy. prebuffer is a guess at the final size. guessing well reduces reallocation. fmt=0 gives unformatted, =1 gives formatted */
+CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON_bool fmt);
+/* Render a cJSON entity to text using a buffer already allocated in memory with given length. Returns 1 on success and 0 on failure. */
+/* NOTE: cJSON is not always 100% accurate in estimating how much memory it will use, so to be safe allocate 5 bytes more than you actually need */
+CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buffer, const int length, const cJSON_bool format);
+/* Delete a cJSON entity and all subentities. */
+CJSON_PUBLIC(void) cJSON_Delete(cJSON *item);
+
+/* Returns the number of items in an array (or object). */
+CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array);
+/* Retrieve item number "index" from array "array". Returns NULL if unsuccessful. */
+CJSON_PUBLIC(cJSON *) cJSON_GetArrayItem(const cJSON *array, int index);
+/* Get item "string" from object. Case insensitive. */
+CJSON_PUBLIC(cJSON *) cJSON_GetObjectItem(const cJSON * const object, const char * const string);
+CJSON_PUBLIC(cJSON *) cJSON_GetObjectItemCaseSensitive(const cJSON * const object, const char * const string);
+CJSON_PUBLIC(cJSON_bool) cJSON_HasObjectItem(const cJSON *object, const char *string);
+/* For analysing failed parses. This returns a pointer to the parse error. You'll probably need to look a few chars back to make sense of it. Defined when cJSON_Parse() returns 0. 0 when cJSON_Parse() succeeds. */
+CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void);
+
+/* Check item type and return its value */
+CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item);
+CJSON_PUBLIC(double) cJSON_GetNumberValue(cJSON *item);
+
+/* These functions check the type of an item */
+CJSON_PUBLIC(cJSON_bool) cJSON_IsInvalid(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsFalse(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsTrue(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsBool(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsNull(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsNumber(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsString(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsArray(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsObject(const cJSON * const item);
+CJSON_PUBLIC(cJSON_bool) cJSON_IsRaw(const cJSON * const item);
+
+/* These calls create a cJSON item of the appropriate type. */
+CJSON_PUBLIC(cJSON *) cJSON_CreateNull(void);
+CJSON_PUBLIC(cJSON *) cJSON_CreateTrue(void);
+CJSON_PUBLIC(cJSON *) cJSON_CreateFalse(void);
+CJSON_PUBLIC(cJSON *) cJSON_CreateBool(cJSON_bool boolean);
+CJSON_PUBLIC(cJSON *) cJSON_CreateNumber(double num);
+CJSON_PUBLIC(cJSON *) cJSON_CreateString(const char *string);
+/* raw json */
+CJSON_PUBLIC(cJSON *) cJSON_CreateRaw(const char *raw);
+CJSON_PUBLIC(cJSON *) cJSON_CreateArray(void);
+CJSON_PUBLIC(cJSON *) cJSON_CreateObject(void);
+
+/* Create a string where valuestring references a string so
+ * it will not be freed by cJSON_Delete */
+CJSON_PUBLIC(cJSON *) cJSON_CreateStringReference(const char *string);
+/* Create an object/array that only references it's elements so
+ * they will not be freed by cJSON_Delete */
+CJSON_PUBLIC(cJSON *) cJSON_CreateObjectReference(const cJSON *child);
+CJSON_PUBLIC(cJSON *) cJSON_CreateArrayReference(const cJSON *child);
+
+/* These utilities create an Array of count items.
+ * The parameter count cannot be greater than the number of elements in the number array, otherwise array access will be out of bounds.*/
+CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count);
+CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count);
+CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count);
+CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int count);
+
+/* Append item to the specified array/object. */
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToArray(cJSON *array, cJSON *item);
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item);
+/* Use this when string is definitely const (i.e. a literal, or as good as), and will definitely survive the cJSON object.
+ * WARNING: When this function was used, make sure to always check that (item->type & cJSON_StringIsConst) is zero before
+ * writing to `item->string` */
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item);
+/* Append reference to item to the specified array/object. Use this when you want to add an existing cJSON to a new cJSON, but don't want to corrupt your existing cJSON. */
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item);
+CJSON_PUBLIC(cJSON_bool) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item);
+
+/* Remove/Detach items from Arrays/Objects. */
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item);
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromArray(cJSON *array, int which);
+CJSON_PUBLIC(void) cJSON_DeleteItemFromArray(cJSON *array, int which);
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObject(cJSON *object, const char *string);
+CJSON_PUBLIC(cJSON *) cJSON_DetachItemFromObjectCaseSensitive(cJSON *object, const char *string);
+CJSON_PUBLIC(void) cJSON_DeleteItemFromObject(cJSON *object, const char *string);
+CJSON_PUBLIC(void) cJSON_DeleteItemFromObjectCaseSensitive(cJSON *object, const char *string);
+
+/* Update array items. */
+CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newitem); /* Shifts pre-existing items to the right. */
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement);
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newitem);
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObject(cJSON *object,const char *string,cJSON *newitem);
+CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemInObjectCaseSensitive(cJSON *object,const char *string,cJSON *newitem);
+
+/* Duplicate a cJSON item */
+CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse);
+/* Duplicate will create a new, identical cJSON item to the one you pass, in new memory that will
+ * need to be released. With recurse!=0, it will duplicate any children connected to the item.
+ * The item->next and ->prev pointers are always zero on return from Duplicate. */
+/* Recursively compare two cJSON items for equality. If either a or b is NULL or invalid, they will be considered unequal.
+ * case_sensitive determines if object keys are treated case sensitive (1) or case insensitive (0) */
+CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
+
+/* Minify a strings, remove blank characters(such as ' ', '\t', '\r', '\n') from strings.
+ * The input pointer json cannot point to a read-only address area, such as a string constant,
+ * but should point to a readable and writable adress area. */
+CJSON_PUBLIC(void) cJSON_Minify(char *json);
+
+/* Helper functions for creating and adding items to an object at the same time.
+ * They return the added item or NULL on failure. */
+CJSON_PUBLIC(cJSON*) cJSON_AddNullToObject(cJSON * const object, const char * const name);
+CJSON_PUBLIC(cJSON*) cJSON_AddTrueToObject(cJSON * const object, const char * const name);
+CJSON_PUBLIC(cJSON*) cJSON_AddFalseToObject(cJSON * const object, const char * const name);
+CJSON_PUBLIC(cJSON*) cJSON_AddBoolToObject(cJSON * const object, const char * const name, const cJSON_bool boolean);
+CJSON_PUBLIC(cJSON*) cJSON_AddNumberToObject(cJSON * const object, const char * const name, const double number);
+CJSON_PUBLIC(cJSON*) cJSON_AddStringToObject(cJSON * const object, const char * const name, const char * const string);
+CJSON_PUBLIC(cJSON*) cJSON_AddRawToObject(cJSON * const object, const char * const name, const char * const raw);
+CJSON_PUBLIC(cJSON*) cJSON_AddObjectToObject(cJSON * const object, const char * const name);
+CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * const name);
+
+/* When assigning an integer value, it needs to be propagated to valuedouble too. */
+#define cJSON_SetIntValue(object, number) ((object) ? (object)->valueint = (object)->valuedouble = (number) : (number))
+/* helper for the cJSON_SetNumberValue macro */
+CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number);
+#define cJSON_SetNumberValue(object, number) ((object != NULL) ? cJSON_SetNumberHelper(object, (double)number) : (number))
+/* Change the valuestring of a cJSON_String object, only takes effect when type of object is cJSON_String */
+CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring);
+
+/* Macro for iterating over an array or object */
+#define cJSON_ArrayForEach(element, array) for(element = (array != NULL) ? (array)->child : NULL; element != NULL; element = element->next)
+
+/* malloc/free objects using the malloc/free functions that have been set with cJSON_InitHooks */
+CJSON_PUBLIC(void *) cJSON_malloc(size_t size);
+CJSON_PUBLIC(void) cJSON_free(void *object);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/binutils/po/aa_enabled.pot b/binutils/po/aa_enabled.pot
index a61d439dd57891882eee4065e6495dcbeb0be222..e9850bf49e8f1a1a8dbab77f2440c6e315a4024f 100644
--- a/binutils/po/aa_enabled.pot
+++ b/binutils/po/aa_enabled.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
-"POT-Creation-Date: 2020-10-14 03:36-0700\n"
+"POT-Creation-Date: 2020-10-14 03:58-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -22,46 +22,52 @@ msgstr ""
msgid ""
"%s: [options]\n"
" options:\n"
+" -x | --exclusive Shared interfaces must be availabe\n"
" -q | --quiet Don't print out any messages\n"
" -h | --help Print help\n"
msgstr ""
-#: ../aa_enabled.c:38
+#: ../aa_enabled.c:37
#, c-format
msgid "No - not available on this system.\n"
msgstr ""
-#: ../aa_enabled.c:42
+#: ../aa_enabled.c:41
#, c-format
msgid "No - disabled at boot.\n"
msgstr ""
-#: ../aa_enabled.c:46
+#: ../aa_enabled.c:45
#, c-format
msgid "Maybe - policy interface not available.\n"
msgstr ""
-#: ../aa_enabled.c:51
+#: ../aa_enabled.c:50
#, c-format
msgid "Maybe - insufficient permissions to determine availability.\n"
msgstr ""
-#: ../aa_enabled.c:56
+#: ../aa_enabled.c:54
+#, c-format
+msgid "Partially - public shared interfaces are not available.\n"
+msgstr ""
+
+#: ../aa_enabled.c:58
#, c-format
msgid "Error - %s\n"
msgstr ""
-#: ../aa_enabled.c:70
+#: ../aa_enabled.c:73
#, c-format
msgid "unknown or incompatible options\n"
msgstr ""
-#: ../aa_enabled.c:80
+#: ../aa_enabled.c:87
#, c-format
msgid "unknown option '%s'\n"
msgstr ""
-#: ../aa_enabled.c:90
+#: ../aa_enabled.c:98
#, c-format
msgid "Yes\n"
msgstr ""
diff --git a/binutils/po/aa_exec.pot b/binutils/po/aa_exec.pot
index 28c6fbd2fa71a51aa6100b5fc2fe979f0047bc3d..bfaa2ffee151501fb2786ea010e054ef79b67887 100644
--- a/binutils/po/aa_exec.pot
+++ b/binutils/po/aa_exec.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
-"POT-Creation-Date: 2020-10-14 03:37-0700\n"
+"POT-Creation-Date: 2020-10-14 03:58-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,7 +17,7 @@ msgstr ""
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
-#: ../aa_exec.c:48
+#: ../aa_exec.c:50
#, c-format
msgid ""
"USAGE: %s [OPTIONS] <prog> <args>\n"
@@ -34,19 +34,22 @@ msgid ""
"\n"
msgstr ""
-#: ../aa_exec.c:63
-msgid "aa-exec: ERROR: "
+#: ../aa_exec.c:65
+#, c-format
+msgid "[%ld] aa-exec: ERROR: "
msgstr ""
-#: ../aa_exec.c:74
-msgid "aa-exec: DEBUG: "
+#: ../aa_exec.c:76
+#, c-format
+msgid "[%ld] aa-exec: DEBUG: "
msgstr ""
-#: ../aa_exec.c:87
-msgid "\n"
+#: ../aa_exec.c:89
+#, c-format
+msgid "[%ld] "
msgstr ""
-#: ../aa_exec.c:105
+#: ../aa_exec.c:107
#, c-format
-msgid "exec"
+msgid "[%ld] exec"
msgstr ""
diff --git a/binutils/po/aa_features_abi.pot b/binutils/po/aa_features_abi.pot
new file mode 100644
index 0000000000000000000000000000000000000000..12a6861013b2cfdbc0f32ba80f883c73a9b0d321
--- /dev/null
+++ b/binutils/po/aa_features_abi.pot
@@ -0,0 +1,51 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Canonical Ltd
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
+"POT-Creation-Date: 2020-10-14 03:58-0700\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: ../aa_features_abi.c:53
+#, c-format
+msgid ""
+"USAGE: %s [OPTIONS] <SOURCE> [OUTPUT OPTIONS]\n"
+"\n"
+"Output AppArmor feature abi from SOURCE to OUTPUT\n"
+"OPTIONS:\n"
+" -d, --debug show messages with debugging information\n"
+" -v, --verbose show messages with stats\n"
+" -h, --help display this help\n"
+"SOURCE:\n"
+" -f F, --file=F load features abi from file F\n"
+" -x, --extract extract features abi from the kernel\n"
+"OUTPUT OPTIONS:\n"
+" --stdout default, write features to stdout\n"
+" -w F, --write=F write features abi to the file F instead of stdout\n"
+"\n"
+msgstr ""
+
+#: ../aa_features_abi.c:73
+#, c-format
+msgid "%s: ERROR: "
+msgstr ""
+
+#: ../aa_features_abi.c:85
+#, c-format
+msgid "%s: DEBUG: "
+msgstr ""
+
+#: ../aa_features_abi.c:98
+msgid "\n"
+msgstr ""
diff --git a/binutils/po/af.po b/binutils/po/af.po
new file mode 100644
index 0000000000000000000000000000000000000000..64846b6f7b104d4829b02de762611b2743c98f0d
--- /dev/null
+++ b/binutils/po/af.po
@@ -0,0 +1,71 @@
+# Afrikaans translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2015-11-28 10:23-0800\n"
+"PO-Revision-Date: 2020-03-04 17:55+0000\n"
+"Last-Translator: bernard stafford <Unknown>\n"
+"Language-Team: Afrikaans <af@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-03-05 05:40+0000\n"
+"X-Generator: Launchpad (build e0878392dc799b267dea80578fa65500a5d74155)\n"
+
+#: ../aa_enabled.c:26
+#, c-format
+msgid ""
+"%s: [options]\n"
+" options:\n"
+" -q | --quiet Don't print out any messages\n"
+" -h | --help Print help\n"
+msgstr ""
+"%s: [opsies]\n"
+" opsies:\n"
+" -q | --quiet Moenie druk uit enige boodskappe\n"
+" -h | --help Afdruk hulp\n"
+
+#: ../aa_enabled.c:45
+#, c-format
+msgid "unknown or incompatible options\n"
+msgstr "onbekende of onversoenbare opsies\n"
+
+#: ../aa_enabled.c:55
+#, c-format
+msgid "unknown option '%s'\n"
+msgstr "onbekende opsie '%s'\n"
+
+#: ../aa_enabled.c:64
+#, c-format
+msgid "Yes\n"
+msgstr "Ja\n"
+
+#: ../aa_enabled.c:71
+#, c-format
+msgid "No - not available on this system.\n"
+msgstr "Geen - nie beskikbaar op hierdie stelsel.\n"
+
+#: ../aa_enabled.c:74
+#, c-format
+msgid "No - disabled at boot.\n"
+msgstr "Nee - gestremde by stewel.\n"
+
+#: ../aa_enabled.c:77
+#, c-format
+msgid "Maybe - policy interface not available.\n"
+msgstr "Miskien - beleid koppelvlak nie beskikbaar.\n"
+
+#: ../aa_enabled.c:81
+#, c-format
+msgid "Maybe - insufficient permissions to determine availability.\n"
+msgstr "Miskien - onvoldoende toestemmings om beskikbaarheid te bepaal.\n"
+
+#: ../aa_enabled.c:84
+#, c-format
+msgid "Error - '%s'\n"
+msgstr "Fout - '%s'\n"
diff --git a/binutils/po/fa.po b/binutils/po/fa.po
new file mode 100644
index 0000000000000000000000000000000000000000..9368da531c7785f03745dbdfeef138fb8b118949
--- /dev/null
+++ b/binutils/po/fa.po
@@ -0,0 +1,67 @@
+# Persian translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2015-11-28 10:23-0800\n"
+"PO-Revision-Date: 2019-12-27 08:16+0000\n"
+"Last-Translator: VahidNameni <Unknown>\n"
+"Language-Team: Persian <fa@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-28 05:38+0000\n"
+"X-Generator: Launchpad (build bceb5ef013b87ef7aafe0755545ceb689ca7ac60)\n"
+
+#: ../aa_enabled.c:26
+#, c-format
+msgid ""
+"%s: [options]\n"
+" options:\n"
+" -q | --quiet Don't print out any messages\n"
+" -h | --help Print help\n"
+msgstr ""
+
+#: ../aa_enabled.c:45
+#, c-format
+msgid "unknown or incompatible options\n"
+msgstr "تنظیم نامعلوم یا ناسازگار\n"
+
+#: ../aa_enabled.c:55
+#, c-format
+msgid "unknown option '%s'\n"
+msgstr "تنظیم '%s' ناشناخته است\n"
+
+#: ../aa_enabled.c:64
+#, c-format
+msgid "Yes\n"
+msgstr "بله\n"
+
+#: ../aa_enabled.c:71
+#, c-format
+msgid "No - not available on this system.\n"
+msgstr "خیر- در این سیستم موجود نیست.\n"
+
+#: ../aa_enabled.c:74
+#, c-format
+msgid "No - disabled at boot.\n"
+msgstr "خیر - غیرÙعال در زمان boot.\n"
+
+#: ../aa_enabled.c:77
+#, c-format
+msgid "Maybe - policy interface not available.\n"
+msgstr "شاید - رابط سیاست گذاری در دسترس نیست.\n"
+
+#: ../aa_enabled.c:81
+#, c-format
+msgid "Maybe - insufficient permissions to determine availability.\n"
+msgstr "شاید - دسترسی ناکاÙÛŒ جهت شناسایی در دسترس پذیری.\n"
+
+#: ../aa_enabled.c:84
+#, c-format
+msgid "Error - '%s'\n"
+msgstr "خطا - '%s'\n"
diff --git a/binutils/po/aa-enabled.pot b/binutils/po/fi.po
similarity index 52%
rename from binutils/po/aa-enabled.pot
rename to binutils/po/fi.po
index bb2b69e7843da9264c196e2515d3f9ef093b5585..930f21fcda69bc03e2c9b13acf7b05904c9771f3 100644
--- a/binutils/po/aa-enabled.pot
+++ b/binutils/po/fi.po
@@ -1,20 +1,21 @@
-# Copyright (C) 2015 Canonical Ltd
-# This file is distributed under the same license as the AppArmor package.
-# John Johansen <john.johansen@canonical.com>, 2015.
+# Finnish translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
#
-#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: PACKAGE VERSION\n"
-"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
"POT-Creation-Date: 2015-11-28 10:23-0800\n"
-"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: LANGUAGE <LL@li.org>\n"
-"Language: \n"
+"PO-Revision-Date: 2020-01-29 07:44+0000\n"
+"Last-Translator: Jiri Grönroos <Unknown>\n"
+"Language-Team: Finnish <fi@li.org>\n"
"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-01-30 05:40+0000\n"
+"X-Generator: Launchpad (build b8d1327fd820d6bf500589d6da587d5037c7d88e)\n"
#: ../aa_enabled.c:26
#, c-format
@@ -28,27 +29,27 @@ msgstr ""
#: ../aa_enabled.c:45
#, c-format
msgid "unknown or incompatible options\n"
-msgstr ""
+msgstr "tuntemattomat tai yhteensopimattomat valinnat\n"
#: ../aa_enabled.c:55
#, c-format
msgid "unknown option '%s'\n"
-msgstr ""
+msgstr "tuntematon valinta '%s'\n"
#: ../aa_enabled.c:64
#, c-format
msgid "Yes\n"
-msgstr ""
+msgstr "Kyllä\n"
#: ../aa_enabled.c:71
#, c-format
msgid "No - not available on this system.\n"
-msgstr ""
+msgstr "Ei - ei käytettävissä tässä järjestelmässä.\n"
#: ../aa_enabled.c:74
#, c-format
msgid "No - disabled at boot.\n"
-msgstr ""
+msgstr "Ei - poistettu käytöstä käynnistyksen yhteydessä.\n"
#: ../aa_enabled.c:77
#, c-format
@@ -63,4 +64,4 @@ msgstr ""
#: ../aa_enabled.c:84
#, c-format
msgid "Error - '%s'\n"
-msgstr ""
+msgstr "Virhe - '%s'\n"
diff --git a/binutils/po/ro.po b/binutils/po/ro.po
new file mode 100644
index 0000000000000000000000000000000000000000..b1f5bd3478af2bd81c816aa45bdc1ff0d038d4b2
--- /dev/null
+++ b/binutils/po/ro.po
@@ -0,0 +1,72 @@
+# Romanian translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2015-11-28 10:23-0800\n"
+"PO-Revision-Date: 2020-02-20 21:47+0000\n"
+"Last-Translator: Daniel Slavu <Unknown>\n"
+"Language-Team: Romanian <ro@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-02-21 05:39+0000\n"
+"X-Generator: Launchpad (build 19413b719a8df7423ab1390528edadce9e0e4aca)\n"
+
+#: ../aa_enabled.c:26
+#, c-format
+msgid ""
+"%s: [options]\n"
+" options:\n"
+" -q | --quiet Don't print out any messages\n"
+" -h | --help Print help\n"
+msgstr ""
+"%s: [opțiuni]\n"
+" opțiuni:\n"
+" -q | --calm Nu imprima niciun mesaj\n"
+" -h | - ajutor Imprimare ajutor\n"
+
+#: ../aa_enabled.c:45
+#, c-format
+msgid "unknown or incompatible options\n"
+msgstr "opțiuni necunoscute sau incompatibile\n"
+
+#: ../aa_enabled.c:55
+#, c-format
+msgid "unknown option '%s'\n"
+msgstr "opțiune necunoscută '%s'\n"
+
+#: ../aa_enabled.c:64
+#, c-format
+msgid "Yes\n"
+msgstr "Da\n"
+
+#: ../aa_enabled.c:71
+#, c-format
+msgid "No - not available on this system.\n"
+msgstr "Nu - nu este disponibil pe acest sistem.\n"
+
+#: ../aa_enabled.c:74
+#, c-format
+msgid "No - disabled at boot.\n"
+msgstr "Nu - dezactivat la pornire.\n"
+
+#: ../aa_enabled.c:77
+#, c-format
+msgid "Maybe - policy interface not available.\n"
+msgstr "Poate - interfața politică nu este disponibilă.\n"
+
+#: ../aa_enabled.c:81
+#, c-format
+msgid "Maybe - insufficient permissions to determine availability.\n"
+msgstr ""
+"Poate - permisiuni insuficiente pentru a determina disponibilitatea.\n"
+
+#: ../aa_enabled.c:84
+#, c-format
+msgid "Error - '%s'\n"
+msgstr "Eroare - '%s'\n"
diff --git a/binutils/po/sw.po b/binutils/po/sw.po
new file mode 100644
index 0000000000000000000000000000000000000000..7766cd39eb2091d2a1e84400110d65de4b3a1629
--- /dev/null
+++ b/binutils/po/sw.po
@@ -0,0 +1,71 @@
+# Swahili translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2015-11-28 10:23-0800\n"
+"PO-Revision-Date: 2019-11-14 12:33+0000\n"
+"Last-Translator: Swahilinux Administration <admin@swahilinux.org>\n"
+"Language-Team: Swahili <sw@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-11-15 04:30+0000\n"
+"X-Generator: Launchpad (build c597c3229eb023b1e626162d5947141bf7befb13)\n"
+
+#: ../aa_enabled.c:26
+#, c-format
+msgid ""
+"%s: [options]\n"
+" options:\n"
+" -q | --quiet Don't print out any messages\n"
+" -h | --help Print help\n"
+msgstr ""
+"%s: [chaguzi]\n"
+" chaguzi:\n"
+" -q | --quiet Usichapishe jumbe yoyote\n"
+" -h | --help Chapisha msaada\n"
+
+#: ../aa_enabled.c:45
+#, c-format
+msgid "unknown or incompatible options\n"
+msgstr "chaguo lisilojulikana au lisilofaa\n"
+
+#: ../aa_enabled.c:55
+#, c-format
+msgid "unknown option '%s'\n"
+msgstr "chaguo lisilojulikana '%s'\n"
+
+#: ../aa_enabled.c:64
+#, c-format
+msgid "Yes\n"
+msgstr "Ndio\n"
+
+#: ../aa_enabled.c:71
+#, c-format
+msgid "No - not available on this system.\n"
+msgstr "La - haipo kwenye mfumo huu.\n"
+
+#: ../aa_enabled.c:74
+#, c-format
+msgid "No - disabled at boot.\n"
+msgstr "La - ilizimwa kwenye washi.\n"
+
+#: ../aa_enabled.c:77
+#, c-format
+msgid "Maybe - policy interface not available.\n"
+msgstr "Labda - kiolesura cha faragha hakipo.\n"
+
+#: ../aa_enabled.c:81
+#, c-format
+msgid "Maybe - insufficient permissions to determine availability.\n"
+msgstr "Labda - hamna ruhusa ya kutosha ili kuamua kama ipo.\n"
+
+#: ../aa_enabled.c:84
+#, c-format
+msgid "Error - '%s'\n"
+msgstr "Dosari - '%s'\n"
diff --git a/changehat/mod_apparmor/Makefile b/changehat/mod_apparmor/Makefile
index 65c9c75ae6cd2d57bece0e18f857ad401de1d5a7..df1f5e92fa83214641da4310c9f60482d62f1b52 100644
--- a/changehat/mod_apparmor/Makefile
+++ b/changehat/mod_apparmor/Makefile
@@ -70,6 +70,8 @@ libapparmor by adding USE_SYSTEM=1 to your make command.${nl}\
LDLIBS = -lapparmor
endif
+APXS_CFLAGS="-Wc,$(EXTRA_WARNINGS)"
+
.PHONY: libapparmor_check
.SILENT: libapparmor_check
libapparmor_check: ; $(ERROR_MESSAGE)
@@ -80,7 +82,7 @@ all: libapparmor_check $(TARGET) docs
docs: ${MANPAGES} ${HTMLMANPAGES}
%.so: %.c
- ${APXS} ${LIBAPPARMOR_FLAGS} -c $< ${LDLIBS}
+ ${APXS} ${LIBAPPARMOR_FLAGS} ${APXS_CFLAGS} -c $< ${LDLIBS}
mv .libs/$@ .
.PHONY: install
diff --git a/changehat/mod_apparmor/mod_apparmor.8 b/changehat/mod_apparmor/mod_apparmor.8
index f0eaeb853cba24fb5b66d01643209fca65761aa8..96b68d8196e2626df525c992d49eb838409f9690 100644
--- a/changehat/mod_apparmor/mod_apparmor.8
+++ b/changehat/mod_apparmor/mod_apparmor.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "MOD_APPARMOR 8"
-.TH MOD_APPARMOR 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH MOD_APPARMOR 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,15 +144,15 @@ mod_apparmor \- fine\-grained AppArmor confinement for Apache
.IX Header "DESCRIPTION"
An AppArmor profile applies to an executable program; if a portion of
the program needs different access permissions than other portions,
-the program can \*(L"change hats\*(R" via \fIaa_change_hat\fR\|(2) to a different role,
+the program can \*(L"change hats\*(R" via \fBaa_change_hat\fR\|(2) to a different role,
also known as a subprofile. The mod_apparmor Apache module uses the
-\&\fIaa_change_hat\fR\|(2) mechanism to offer more fine-grained confinement of dynamic
+\&\fBaa_change_hat\fR\|(2) mechanism to offer more fine-grained confinement of dynamic
elements within Apache such as individual php and perl scripts, while
still allowing the performance benefits of using mod_php and mod_perl.
.PP
To use mod_apparmor with Apache, ensure that mod_apparmor is configured to
be loaded into Apache, either via a2enmod, yast or manual editing of the
-\&\fIapache2\fR\|(8)/\fIhttpd\fR\|(8) configuration files, and restart Apache. Make sure that
+\&\fBapache2\fR\|(8)/\fBhttpd\fR\|(8) configuration files, and restart Apache. Make sure that
apparmor is also functioning.
.PP
Once mod_apparmor is loaded within Apache, all requests to Apache will
@@ -194,37 +198,37 @@ hat does not exist, then it falls back to the behavior described above.
When profiling with mod_apparmor, it is helpful to keep the following order
of operations in mind:
.PP
-On each \s-1URI\s0 request, mod_apparmor will first \fIaa_change_hat\fR\|(2) into
+On each \s-1URI\s0 request, mod_apparmor will first \fBaa_change_hat\fR\|(2) into
^HANDLING_UNTRUSTED_INPUT, if it exists.
.PP
Then, after performing the initial parsing of the request, mod_apparmor
will:
.IP "1." 4
-try to \fIaa_change_hat\fR\|(2) into a matching AAHatName hat if it exists and
+try to \fBaa_change_hat\fR\|(2) into a matching AAHatName hat if it exists and
applies, otherwise it will
.IP "2." 4
-try to \fIaa_change_hat\fR\|(2) into an AADefaultHatName hat, either the
+try to \fBaa_change_hat\fR\|(2) into an AADefaultHatName hat, either the
ServerName (the default) or the configuration value specified by the
AADefaultHatName directive, for the server/vhost, otherwise it will
.IP "3." 4
-try to \fIaa_change_hat\fR\|(2) into the ServerName-URI, otherwise it will
+try to \fBaa_change_hat\fR\|(2) into the ServerName-URI, otherwise it will
.IP "4." 4
-try to \fIaa_change_hat\fR\|(2) into the \s-1URI\s0 itself, otherwise it will
+try to \fBaa_change_hat\fR\|(2) into the \s-1URI\s0 itself, otherwise it will
.IP "5." 4
-try to \fIaa_change_hat\fR\|(2) into the \s-1DEFAULT_URI\s0 hat, if it exists, otherwise it
+try to \fBaa_change_hat\fR\|(2) into the \s-1DEFAULT_URI\s0 hat, if it exists, otherwise it
will
.IP "6." 4
fall back to the global Apache policy
.SH "BUGS"
.IX Header "BUGS"
-\&\fImod_apparmor()\fR currently only supports apache2, and has only been tested
+\&\fBmod_apparmor()\fR currently only supports apache2, and has only been tested
with the prefork \s-1MPM\s0 configuration \*(-- threaded configurations of Apache
may not work correctly. For Apache 2.4 users, you should enable the mpm_prefork
module.
.PP
There are likely other bugs lurking about; if you find any, please report
-them at <https://bugs.launchpad.net/apparmor/+filebug>.
+them at <https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIsubdomain.conf\fR\|(5), \fIapparmor_parser\fR\|(8), \fIaa_change_hat\fR\|(2) and
+\&\fBapparmor\fR\|(7), \fBapparmor_parser\fR\|(8), \fBaa_change_hat\fR\|(2) and
<https://wiki.apparmor.net>.
diff --git a/changehat/mod_apparmor/mod_apparmor.8.html b/changehat/mod_apparmor/mod_apparmor.8.html
index 59823d140ff5126e97c5a5df68e7843dd78a19b1..dc0052364a3e89aeeb23178e787bb138e9818dfb 100644
--- a/changehat/mod_apparmor/mod_apparmor.8.html
+++ b/changehat/mod_apparmor/mod_apparmor.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>mod_apparmor - fine-grained AppArmor confinement for Apache</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> mod_apparmor - fine-grained AppArmor confinement for Apache</span></strong></big>
</td></tr>
</table>
@@ -91,15 +91,15 @@
<p>mod_apparmor() currently only supports apache2, and has only been tested with the prefork MPM configuration -- threaded configurations of Apache may not work correctly. For Apache 2.4 users, you should enable the mpm_prefork module.</p>
-<p>There are likely other bugs lurking about; if you find any, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>There are likely other bugs lurking about; if you find any, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
-<p>apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
+<p>apparmor(7), apparmor_parser(8), aa_change_hat(2) and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> mod_apparmor - fine-grained AppArmor confinement for Apache</span></strong></big>
</td></tr>
</table>
diff --git a/changehat/mod_apparmor/mod_apparmor.c b/changehat/mod_apparmor/mod_apparmor.c
index e3a8fea597a387bf9c3a5e7267f6191b59ffd613..71b2f3c91e29b95f7f8dcea0736e5a7c7e05851a 100644
--- a/changehat/mod_apparmor/mod_apparmor.c
+++ b/changehat/mod_apparmor/mod_apparmor.c
@@ -30,6 +30,10 @@
/* #define DEBUG */
+#ifndef unused_
+#define unused_ __attribute__ ((unused))
+#endif
+
/* should the following be configurable? */
#define DEFAULT_HAT "HANDLING_UNTRUSTED_INPUT"
#define DEFAULT_URI_HAT "DEFAULT_URI"
@@ -65,7 +69,7 @@ typedef struct {
* memory will be wiped out, and the magic_token will be lost, so apache
* wouldn't be able to change_hat back out. */
static int
-aa_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
+aa_init(apr_pool_t *p, unused_ apr_pool_t *plog, unused_ apr_pool_t *ptemp, unused_ server_rec *s)
{
apr_file_t *file;
apr_size_t size = sizeof(magic_token);
@@ -89,7 +93,7 @@ aa_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
* to protect ourselves from bugs in parsing network input, but before
* we change_hat to the uri specific hat. */
static void
-aa_child_init(apr_pool_t *p, server_rec *s)
+aa_child_init(unused_ apr_pool_t *p, unused_ server_rec *s)
{
int ret;
@@ -260,7 +264,7 @@ aa_exit_hat(request_rec *r)
}
static const char *
-aa_cmd_ch_path(cmd_parms *cmd, void *mconfig, const char *parm1)
+aa_cmd_ch_path(unused_ cmd_parms *cmd, unused_ void *mconfig, const char *parm1)
{
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "directory config change hat %s",
parm1 ? parm1 : "DEFAULT");
@@ -287,7 +291,7 @@ immunix_cmd_ch_path(cmd_parms *cmd, void *mconfig, const char *parm1)
}
static const char *
-aa_cmd_ch_srv(cmd_parms *cmd, void *mconfig, const char *parm1)
+aa_cmd_ch_srv(cmd_parms *cmd, unused_ void *mconfig, const char *parm1)
{
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf, "server config change hat %s",
parm1 ? parm1 : "DEFAULT");
@@ -347,7 +351,7 @@ aa_merge_dir_config(apr_pool_t *p, void *parent, void *child)
*/
static void *
-aa_create_srv_config(apr_pool_t *p, server_rec *srv)
+aa_create_srv_config(apr_pool_t *p, unused_ server_rec *srv)
{
apparmor_srv_cfg *newcfg = (apparmor_srv_cfg *) apr_pcalloc(p, sizeof(*newcfg));
@@ -397,7 +401,7 @@ static const command_rec mod_apparmor_cmds[] = {
};
static void
-register_hooks(apr_pool_t *p)
+register_hooks(unused_ apr_pool_t *p)
{
ap_hook_post_config(aa_init, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(aa_child_init, NULL, NULL, APR_HOOK_MIDDLE);
diff --git a/changehat/mod_apparmor/mod_apparmor.pod b/changehat/mod_apparmor/mod_apparmor.pod
index f9352ee7859350e61fbc68f4ed7d78445941c1b9..94aee9d34bc19fa5a9ee94eb667f3e7820ba6b92 100644
--- a/changehat/mod_apparmor/mod_apparmor.pod
+++ b/changehat/mod_apparmor/mod_apparmor.pod
@@ -135,11 +135,11 @@ may not work correctly. For Apache 2.4 users, you should enable the mpm_prefork
module.
There are likely other bugs lurking about; if you find any, please report
-them at L<https://bugs.launchpad.net/apparmor/+filebug>.
+them at L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
-apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and
+apparmor(7), apparmor_parser(8), aa_change_hat(2) and
L<https://wiki.apparmor.net>.
=cut
diff --git a/changehat/pam_apparmor/Makefile b/changehat/pam_apparmor/Makefile
index 61b949c3cca85b9ec0b751687491b38577ad36f4..f6ece2d10063ff4dc7584815d4eb9085f2715dd1 100644
--- a/changehat/pam_apparmor/Makefile
+++ b/changehat/pam_apparmor/Makefile
@@ -54,7 +54,7 @@ libapparmor by adding USE_SYSTEM=1 to your make command.${nl}\
AA_LINK_FLAGS = -L$(LIBAPPARMOR_PATH)
AA_LDLIBS = -lapparmor
endif
-EXTRA_CFLAGS=$(CFLAGS) $(CPPFLAGS) -fPIC -shared -Wall $(LIBAPPARMOR_INCLUDE)
+EXTRA_CFLAGS=$(CFLAGS) $(CPPFLAGS) -fPIC -shared -Wall $(EXTRA_WARNINGS) $(LIBAPPARMOR_INCLUDE)
LINK_FLAGS=-Xlinker -x $(AA_LINK_FLAGS) $(LDFLAGS)
LIBS=-lpam $(AA_LDLIBS)
OBJECTS=${NAME}.o get_options.o
diff --git a/changehat/pam_apparmor/pam_apparmor.c b/changehat/pam_apparmor/pam_apparmor.c
index 85b6f7bbbf0aff889ccf05bcd16a77a0b21c1e11..234296108f106df84ec6fb38e99a688a3d127b60 100644
--- a/changehat/pam_apparmor/pam_apparmor.c
+++ b/changehat/pam_apparmor/pam_apparmor.c
@@ -45,6 +45,10 @@
int debug_flag = 0;
+#ifndef unused_
+#define unused_ __attribute__ ((unused))
+#endif
+
static struct config default_config = {
.hat_type[0] = eGroupname,
.hat_type[1] = eDefault,
@@ -54,14 +58,14 @@ static struct config default_config = {
/* --- session management functions (only) --- */
PAM_EXTERN int
-pam_sm_close_session (pam_handle_t *pamh, int flags,
- int argc, const char **argv)
+pam_sm_close_session (unused_ pam_handle_t *pamh, unused_ int flags,
+ unused_ int argc, unused_ const char **argv)
{
return PAM_IGNORE;
}
PAM_EXTERN
-int pam_sm_open_session(pam_handle_t *pamh, int flags,
+int pam_sm_open_session(pam_handle_t *pamh, unused_ int flags,
int argc, const char **argv)
{
int fd, retval, pam_retval = PAM_SUCCESS;
diff --git a/common/.stamp_rev b/common/.stamp_rev
index cc2adc7e5bff5b2a80b49327fdaca831c6acf150..892b6a123ccb6b2cbbba666ae17358487cc69e94 100644
--- a/common/.stamp_rev
+++ b/common/.stamp_rev
@@ -1 +1 @@
-git@gitlab.com:apparmor/apparmor.git apparmor-2.13 v2.13.5-13-gc16fff8cb487cf15
+git@gitlab.com:apparmor/apparmor.git master v3.0.7-19-g474a12ebe86bb931
diff --git a/common/Make.rules b/common/Make.rules
index ecc6181ab1b38f1491f10927583da2d65c68c262..9e9d213badab138c5cf22c830986d9bd10b041ef 100644
--- a/common/Make.rules
+++ b/common/Make.rules
@@ -47,7 +47,7 @@ endef
REPO_VERSION_CMD=[ -x /usr/bin/git ] && /usr/bin/git describe --tags --long --abbrev=16 --match 'v*' 2> /dev/null || awk '{ print $2 }' common/.stamp_rev
ifndef PYTHON_VERSIONS
-PYTHON_VERSIONS = $(call map, pathsearch, python2 python3)
+PYTHON_VERSIONS = $(call map, pathsearch, python3)
endif
ifndef PYTHON
@@ -57,6 +57,18 @@ endif
#Helper function to be used with $(call pyalldo, run_test_with_all.py)
pyalldo=set -e; $(foreach py, $(PYTHON_VERSIONS), $(py) $(1);)
+# Common set of compiler warnings
+_EXTRA_WARNINGS = -Wall -Wsign-compare -Wmissing-field-initializers -Wformat -Wformat-security -Wunused-parameter -Wimplicit-fallthrough
+EXTRA_WARNINGS := $(shell for warning in ${_EXTRA_WARNINGS} ; do \
+ if ${CC} $${warning} -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then \
+ echo "$${warning}"; \
+ else \
+ echo "***" >&2 ; \
+ echo "WARNING: unable to use $${warning} with ${CC}, dropping" >&2 ; \
+ echo "***" >&2 ; \
+ fi ; \
+ done)
+
.PHONY: version
.SILENT: version
version:
diff --git a/common/Version b/common/Version
index 14239ef15869f476427ab4598b0e27951d1aafcb..67786e246ef5cbdf27c91c78d679e000b3d31cbf 100644
--- a/common/Version
+++ b/common/Version
@@ -1 +1 @@
-2.13.6
+3.0.8
diff --git a/debian/README.source b/debian/README.source
index 34d4f975304b7afcacdc8ea79886b442a140ad2f..0dab9a635fee1cff8775cd9e546e7c0cc8451c6c 100644
--- a/debian/README.source
+++ b/debian/README.source
@@ -1,8 +1,10 @@
+-*- mode: markdown -*-
+
Patch handling
==============
-This package uses gbp pq for maintaining patches with a git-like
-workflow in a "patch-queue/<branch>" local branch and then exporting
+This package uses `gbp pq` for maintaining patches with a git-like
+workflow in a `patch-queue/<branch>` local branch and then exporting
them as quilt series. For working on patches run:
gbp pq import --force
@@ -13,7 +15,7 @@ upstream commits, rebase, etc. there. After you are done, run:
gbp pq export
… which puts you back into your packaging branch and updates
-debian/patches/ (including series). You need to git add etc.
+`debian/patches/` (including series). You need to git add etc.
new patches, possibly other packaging changes, and then git commit
as usual.
@@ -21,17 +23,17 @@ This package uses gbp pq's "topic" branches for organizing patches in
the following order:
- Upstream cherry-picks and patches already submitted upstream go
- into the "empty" topic (i.e. directly into debian/patches/).
+ into the "empty" topic (i.e. directly into `debian/patches/`).
- Patches applied on Debian and presumably all derivatives, that are
- not applicable upstream, go into "Gbp-Pq: Topic debian" (i.e.
- debian/patches/debian/).
+ not applicable upstream, go into `Gbp-Pq: Topic debian` (i.e.
+ `debian/patches/debian/`).
- Patches that Debian wants but Ubuntu doesn't go into the
- "debian-only" topic.
+ `debian-only` topic.
- - Patches applied on $derivative go into "Gbp-Pq: Topic $derivative"
- (i.e. debian/patches/$derivative/).
+ - Patches applied on `$derivative` go into `Gbp-Pq: Topic $derivative`
+ (i.e. `debian/patches/$derivative/`).
Importing a new upstream release from Ubuntu into Debian
========================================================
@@ -56,43 +58,44 @@ Importing a new upstream release from the tarball
=================================================
1. Prepare the environment, e.g.:
- NEW_UPSTREAM_VERSION=2.11
- NEW_UPSTREAM_TAG=v2.11
+
+ NEW_UPSTREAM_VERSION=2.11
+ NEW_UPSTREAM_TAG=v2.11
2. Import the new upstream release:
- git fetch -v --tags origin && \
- git fetch -v --tags upstream-repo && \
- git tag -v "$NEW_UPSTREAM_TAG" && \
- gbp import-orig --uscan --upstream-vcs-tag="$NEW_UPSTREAM_TAG"
+ git fetch -v --tags origin && \
+ git fetch -v --tags upstream-repo && \
+ git tag -v "$NEW_UPSTREAM_TAG" && \
+ gbp import-orig --uscan --upstream-vcs-tag="$NEW_UPSTREAM_TAG"
3. Drop obsolete patches. Sometimes it's as simple as:
- grep --color=never -E '^upstream-commit-.*\.patch' debian/patches/series \
- | xargs -n 1 quilt delete \
- && git rm debian/patches/upstream-commit-*.patch \
- && git commit debian/patches \
- -m "Drop backported patches that are now obsolete."
+ grep --color=never -E '^upstream-.*\.patch' debian/patches/series \
+ | xargs -n 1 quilt delete \
+ && git rm debian/patches/upstream-*.patch \
+ && git commit debian/patches \
+ -m "Drop backported patches that are now obsolete."
4. Apply all quilt patches, update/refresh/delete them as needed.
Commit.
5. Update debian/changelog:
- gbp dch --new-version "${NEW_UPSTREAM_VERSION}-1" \
- --auto --snapshot debian/ \
- && git commit debian/changelog \
- -m "$(echo "Update debian/changelog.\n\nGbp-Dch: Ignore\n")"
+ gbp dch --new-version "${NEW_UPSTREAM_VERSION}-1" \
+ --auto --snapshot debian/ \
+ && git commit debian/changelog \
+ -m "$(echo "Update debian/changelog.\n\nGbp-Dch: Ignore\n")"
6. Build, test, run QA checks (Lintian, autopkgtest, etc.).
Fix problems, rince and repeat.
7. Mark changelog entry as released and tag:
- gbp dch --release \
- && git commit debian/changelog \
- -m "$(echo "Release ${NEW_UPSTREAM_VERSION}-1.\n\nGbp-Dch: Ignore\n")" \
- && gbp buildpackage --git-tag-only --git-sign-tags
+ gbp dch --release \
+ && git commit debian/changelog \
+ -m "$(echo "Release ${NEW_UPSTREAM_VERSION}-1.\n\nGbp-Dch: Ignore\n")" \
+ && gbp buildpackage --git-tag-only --git-sign-tags
8. Build once last time
@@ -100,4 +103,4 @@ Importing a new upstream release from the tarball
10. Push to Vcs-Git:
- gbp push salsa
+ gbp push salsa
diff --git a/debian/apparmor-easyprof.install b/debian/apparmor-easyprof.install
deleted file mode 100644
index 7190960eb2e40c8119fdccfdb6363f74e5d77602..0000000000000000000000000000000000000000
--- a/debian/apparmor-easyprof.install
+++ /dev/null
@@ -1,3 +0,0 @@
-etc/apparmor/easyprof.conf
-usr/bin/aa-easyprof
-usr/share/apparmor/easyprof/ /usr/share/apparmor/
diff --git a/debian/apparmor-easyprof.manpages b/debian/apparmor-easyprof.manpages
deleted file mode 100644
index 7b2b11685e23890a251a52c2c13a4e1a3d285cf6..0000000000000000000000000000000000000000
--- a/debian/apparmor-easyprof.manpages
+++ /dev/null
@@ -1 +0,0 @@
-debian/tmp/usr/share/man/man8/aa-easyprof.8
diff --git a/debian/apparmor-notify.install b/debian/apparmor-notify.install
index ff0abec5fca47167af299488b5bca7858e1ce0be..6bc7583f611eb946094684698d3e95e0f58fba55 100644
--- a/debian/apparmor-notify.install
+++ b/debian/apparmor-notify.install
@@ -1,3 +1,3 @@
-debian/notify/apparmor-notify.desktop /etc/xdg/autostart
+utils/aa-notify.desktop /etc/xdg/autostart
usr/sbin/aa-notify /usr/bin/
etc/apparmor/notify.conf /etc/apparmor/
diff --git a/debian/apparmor-notify.maintscript b/debian/apparmor-notify.maintscript
index 412f1014ab13fe0cfbef0868b140e7ff11998c99..c70fb904898d7f5611cfe77fd3eee712eafea4b0 100644
--- a/debian/apparmor-notify.maintscript
+++ b/debian/apparmor-notify.maintscript
@@ -1 +1 @@
-rm_conffile /etc/X11/Xsession.d/90apparmor-notify 2.8.95~2430-0ubuntu3~
+mv_conffile /etc/xdg/autostart/apparmor-notify.desktop /etc/xdg/autostart/aa-notify.desktop 3.0.5-1~
diff --git a/debian/apparmor-profiles.install b/debian/apparmor-profiles.install
index efca3eea42feda8159c6f2a96d18068ab03219b5..7cfe7d15cb0ba9bc624c2598751636a3648360e8 100644
--- a/debian/apparmor-profiles.install
+++ b/debian/apparmor-profiles.install
@@ -1,5 +1,11 @@
etc/apparmor.d/apache2.d/phpsysinfo
etc/apparmor.d/bin.ping
+etc/apparmor.d/php-fpm
+etc/apparmor.d/samba-bgqd
+etc/apparmor.d/samba-dcerpcd
+etc/apparmor.d/samba-rpcd
+etc/apparmor.d/samba-rpcd-classic
+etc/apparmor.d/samba-rpcd-spoolss
etc/apparmor.d/sbin.klogd
etc/apparmor.d/sbin.syslog-ng
etc/apparmor.d/sbin.syslogd
@@ -46,6 +52,7 @@ usr/share/apparmor/extra-profiles/sbin.rpc.statd
usr/share/apparmor/extra-profiles/usr.NX.bin.nxclient
usr/share/apparmor/extra-profiles/usr.bin.acroread
usr/share/apparmor/extra-profiles/usr.bin.apropos
+usr/share/apparmor/extra-profiles/usr.bin.dumpcap
usr/share/apparmor/extra-profiles/usr.bin.evolution-2.10
usr/share/apparmor/extra-profiles/usr.bin.fam
# The clamav-freshclam package ships its own profile
@@ -77,33 +84,33 @@ usr/share/apparmor/extra-profiles/usr.lib.firefox.firefox
usr/share/apparmor/extra-profiles/usr.lib.firefox.firefox.sh
usr/share/apparmor/extra-profiles/usr.lib.firefox.mozilla-xremote-client
usr/share/apparmor/extra-profiles/usr.lib.man-db.man
-usr/share/apparmor/extra-profiles/usr.lib.postfix.anvil
-usr/share/apparmor/extra-profiles/usr.lib.postfix.bounce
-usr/share/apparmor/extra-profiles/usr.lib.postfix.cleanup
-usr/share/apparmor/extra-profiles/usr.lib.postfix.discard
-usr/share/apparmor/extra-profiles/usr.lib.postfix.dnsblog
-usr/share/apparmor/extra-profiles/usr.lib.postfix.error
-usr/share/apparmor/extra-profiles/usr.lib.postfix.flush
-usr/share/apparmor/extra-profiles/usr.lib.postfix.lmtp
-usr/share/apparmor/extra-profiles/usr.lib.postfix.local
-usr/share/apparmor/extra-profiles/usr.lib.postfix.master
-usr/share/apparmor/extra-profiles/usr.lib.postfix.nqmgr
-usr/share/apparmor/extra-profiles/usr.lib.postfix.oqmgr
-usr/share/apparmor/extra-profiles/usr.lib.postfix.pickup
-usr/share/apparmor/extra-profiles/usr.lib.postfix.pipe
-usr/share/apparmor/extra-profiles/usr.lib.postfix.postscreen
-usr/share/apparmor/extra-profiles/usr.lib.postfix.proxymap
-usr/share/apparmor/extra-profiles/usr.lib.postfix.qmgr
-usr/share/apparmor/extra-profiles/usr.lib.postfix.qmqpd
-usr/share/apparmor/extra-profiles/usr.lib.postfix.scache
-usr/share/apparmor/extra-profiles/usr.lib.postfix.showq
-usr/share/apparmor/extra-profiles/usr.lib.postfix.smtp
-usr/share/apparmor/extra-profiles/usr.lib.postfix.smtpd
-usr/share/apparmor/extra-profiles/usr.lib.postfix.spawn
-usr/share/apparmor/extra-profiles/usr.lib.postfix.tlsmgr
-usr/share/apparmor/extra-profiles/usr.lib.postfix.trivial-rewrite
-usr/share/apparmor/extra-profiles/usr.lib.postfix.verify
-usr/share/apparmor/extra-profiles/usr.lib.postfix.virtual
+usr/share/apparmor/extra-profiles/postfix-anvil
+usr/share/apparmor/extra-profiles/postfix-bounce
+usr/share/apparmor/extra-profiles/postfix-cleanup
+usr/share/apparmor/extra-profiles/postfix-discard
+usr/share/apparmor/extra-profiles/postfix-dnsblog
+usr/share/apparmor/extra-profiles/postfix-error
+usr/share/apparmor/extra-profiles/postfix-flush
+usr/share/apparmor/extra-profiles/postfix-lmtp
+usr/share/apparmor/extra-profiles/postfix-local
+usr/share/apparmor/extra-profiles/postfix-master
+usr/share/apparmor/extra-profiles/postfix-nqmgr
+usr/share/apparmor/extra-profiles/postfix-oqmgr
+usr/share/apparmor/extra-profiles/postfix-pickup
+usr/share/apparmor/extra-profiles/postfix-pipe
+usr/share/apparmor/extra-profiles/postfix-postscreen
+usr/share/apparmor/extra-profiles/postfix-proxymap
+usr/share/apparmor/extra-profiles/postfix-qmgr
+usr/share/apparmor/extra-profiles/postfix-qmqpd
+usr/share/apparmor/extra-profiles/postfix-scache
+usr/share/apparmor/extra-profiles/postfix-showq
+usr/share/apparmor/extra-profiles/postfix-smtp
+usr/share/apparmor/extra-profiles/postfix-smtpd
+usr/share/apparmor/extra-profiles/postfix-spawn
+usr/share/apparmor/extra-profiles/postfix-tlsmgr
+usr/share/apparmor/extra-profiles/postfix-trivial-rewrite
+usr/share/apparmor/extra-profiles/postfix-verify
+usr/share/apparmor/extra-profiles/postfix-virtual
usr/share/apparmor/extra-profiles/usr.lib64.GConf.2.gconfd-2
usr/share/apparmor/extra-profiles/usr.sbin.dhcpd
usr/share/apparmor/extra-profiles/usr.sbin.httpd2-prefork
@@ -114,7 +121,6 @@ usr/share/apparmor/extra-profiles/usr.sbin.in.ntalkd
usr/share/apparmor/extra-profiles/usr.sbin.ipop2d
usr/share/apparmor/extra-profiles/usr.sbin.ipop3d
usr/share/apparmor/extra-profiles/usr.sbin.lighttpd
-usr/share/apparmor/extra-profiles/usr.sbin.nmbd
usr/share/apparmor/extra-profiles/usr.sbin.oidentd
usr/share/apparmor/extra-profiles/usr.sbin.popper
usr/share/apparmor/extra-profiles/usr.sbin.postalias
@@ -124,7 +130,6 @@ usr/share/apparmor/extra-profiles/usr.sbin.postqueue
usr/share/apparmor/extra-profiles/usr.sbin.sendmail
usr/share/apparmor/extra-profiles/usr.sbin.sendmail.postfix
usr/share/apparmor/extra-profiles/usr.sbin.sendmail.sendmail
-usr/share/apparmor/extra-profiles/usr.sbin.smbd
usr/share/apparmor/extra-profiles/usr.sbin.spamd
usr/share/apparmor/extra-profiles/usr.sbin.squid
usr/share/apparmor/extra-profiles/usr.sbin.sshd
diff --git a/debian/apparmor-profiles.lintian-overrides b/debian/apparmor-profiles.lintian-overrides
index a27c6d92ad045c6d395592a26ca751250342db3e..315a56d346d6fd3a4f1dc6b9bd16095bef20ace3 100644
--- a/debian/apparmor-profiles.lintian-overrides
+++ b/debian/apparmor-profiles.lintian-overrides
@@ -1,2 +1,2 @@
# If this README was elsewhere, it would be missed by even more people.
-apparmor-profiles binary: package-contains-documentation-outside-usr-share-doc usr/share/apparmor/extra-profiles/README
+apparmor-profiles binary: package-contains-documentation-outside-usr-share-doc [usr/share/apparmor/extra-profiles/README]
diff --git a/debian/apparmor-profiles.postinst b/debian/apparmor-profiles.postinst
deleted file mode 100644
index fd6348d8f14c7953b02555e41a325634d11da733..0000000000000000000000000000000000000000
--- a/debian/apparmor-profiles.postinst
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# postinst script for apparmor-profiles
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-
-
diff --git a/debian/apparmor-profiles.postrm b/debian/apparmor-profiles.postrm
deleted file mode 100644
index 566af89721b6303dfd8c2664a903f94d27de1742..0000000000000000000000000000000000000000
--- a/debian/apparmor-profiles.postrm
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/sh
-# postrm script for apparmor-profiles
-#
-# see: dh_installdeb(1)
-set -e
-
-case "$1" in
- purge)
- if [ -e /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser ]; then
- rm -f /etc/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
- fi
- ;;
- remove|upgrade|failed-upgrade|disappear)
- ;;
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
diff --git a/debian/apparmor-utils.install b/debian/apparmor-utils.install
index 1e13a79c22dff6c341cca520dbcca5e6d529cba4..1462bcfa87d1a815d683e78f2ec59fa833781d84 100644
--- a/debian/apparmor-utils.install
+++ b/debian/apparmor-utils.install
@@ -1,7 +1,9 @@
debian/aa-update-browser /usr/sbin/
debian/vim-apparmor.yaml /usr/share/vim/registry/
+etc/apparmor/easyprof.conf
etc/apparmor/logprof.conf
etc/apparmor/severity.db
+usr/bin/aa-easyprof
usr/sbin/aa-audit
usr/sbin/aa-autodep
usr/sbin/aa-cleanprof
@@ -14,4 +16,5 @@ usr/sbin/aa-logprof
usr/sbin/aa-mergeprof
usr/sbin/aa-unconfined
usr/share/apparmor/apparmor.vim /usr/share/vim/addons/syntax/
+usr/share/apparmor/easyprof/ /usr/share/apparmor/
usr/share/locale/*/LC_MESSAGES/apparmor-utils.mo
diff --git a/debian/apparmor-utils.manpages b/debian/apparmor-utils.manpages
index 5f9325f5ff11744cd83c94510e227b353e8f210a..800f3ddae102bdb9ec122b33d3d53bf97314cba7 100644
--- a/debian/apparmor-utils.manpages
+++ b/debian/apparmor-utils.manpages
@@ -6,6 +6,7 @@ debian/tmp/usr/share/man/man8/aa-cleanprof.8
debian/tmp/usr/share/man/man8/aa-complain.8
debian/tmp/usr/share/man/man8/aa-decode.8
debian/tmp/usr/share/man/man8/aa-disable.8
+debian/tmp/usr/share/man/man8/aa-easyprof.8
debian/tmp/usr/share/man/man8/aa-enforce.8
debian/tmp/usr/share/man/man8/aa-genprof.8
debian/tmp/usr/share/man/man8/aa-logprof.8
diff --git a/debian/apparmor.install b/debian/apparmor.install
index 6885cb5876b82f5ac7e7c7ccdef820b0ce371718..21503a1068e36a1a63a7d15b692bdfc4537f6763 100644
--- a/debian/apparmor.install
+++ b/debian/apparmor.install
@@ -1,13 +1,14 @@
debian/apport/source_apparmor.py /usr/share/apport/package-hooks/
debian/features /usr/share/apparmor-features/
-debian/lib/apparmor/profile-load /lib/apparmor/
etc/apparmor.d/abstractions/*
+etc/apparmor.d/abi/*
etc/apparmor.d/local/README
etc/apparmor.d/lsb_release
etc/apparmor.d/nvidia_modprobe
etc/apparmor.d/tunables/alias
etc/apparmor.d/tunables/apparmorfs
etc/apparmor.d/tunables/dovecot
+etc/apparmor.d/tunables/etc
etc/apparmor.d/tunables/global
etc/apparmor.d/tunables/home
etc/apparmor.d/tunables/home.d
@@ -22,12 +23,14 @@ etc/apparmor.d/tunables/sys
etc/apparmor.d/tunables/xdg-user-dirs
etc/apparmor.d/tunables/xdg-user-dirs.d
etc/apparmor/parser.conf
+lib/apparmor/profile-load
sbin/apparmor_parser
parser/aa-teardown /usr/sbin/
parser/apparmor.systemd /lib/apparmor/
lib/apparmor/rc.apparmor.functions
usr/bin/aa-enabled
usr/bin/aa-exec
+usr/bin/aa-features-abi
usr/sbin/aa-remove-unknown
usr/sbin/aa-status
usr/sbin/apparmor_status
diff --git a/debian/apparmor.maintscript b/debian/apparmor.maintscript
index b2001fd8336974cf92cefe7181d51048abe31575..5a9ff11677b4b14ced668df9ecd95de6507c76b1 100644
--- a/debian/apparmor.maintscript
+++ b/debian/apparmor.maintscript
@@ -1,5 +1,4 @@
rm_conffile /etc/apparmor.d/abstractions/launchpad-integration 2.13.1-2~
-rm_conffile /etc/apparmor.d/abstractions/ubuntu-sdk-base 2.8.0-0ubuntu20~
rm_conffile /etc/apparmor/features 2.11.1-4~
rm_conffile /etc/apparmor/subdomain.conf 2.13.2-2~
rm_conffile /etc/init/apparmor.conf 2.11.0-11~
diff --git a/debian/apparmor.manpages b/debian/apparmor.manpages
index 117e84207f111a0ab09e645dd4a7edd4ef9e8229..2f03f63a2fc0a473dd4387e3195742d17af22d44 100644
--- a/debian/apparmor.manpages
+++ b/debian/apparmor.manpages
@@ -1,8 +1,10 @@
debian/tmp/usr/share/man/man1/aa-enabled.1
debian/tmp/usr/share/man/man1/aa-exec.1
+debian/tmp/usr/share/man/man1/aa-features-abi.1
debian/tmp/usr/share/man/man5/apparmor.d.5
debian/tmp/usr/share/man/man5/apparmor.vim.5
debian/tmp/usr/share/man/man7/apparmor.7
+debian/tmp/usr/share/man/man7/apparmor_xattrs.7
debian/tmp/usr/share/man/man8/aa-remove-unknown.8
debian/tmp/usr/share/man/man8/aa-status.8
debian/tmp/usr/share/man/man8/aa-teardown.8
diff --git a/debian/apport/source_apparmor.py b/debian/apport/source_apparmor.py
index 33c6a7e0bb7d0cf5f0f74ce85a8889d075e2d43d..1bfeac5b31807430e82f02a1b2d2ab4b2d4538e1 100644
--- a/debian/apport/source_apparmor.py
+++ b/debian/apport/source_apparmor.py
@@ -65,8 +65,8 @@ def add_info(report, ui):
report['Syslog'] = recent_syslog(dbus_sec_re)
packages = ['apparmor', 'apparmor-utils', 'libapparmor1',
- 'libapparmor-dev', 'libapparmor-perl', 'apparmor-utils',
- 'apparmor-profiles', 'apparmor-easyprof',
+ 'libapparmor-dev', 'apparmor-utils',
+ 'apparmor-profiles',
'python3-apparmor', 'libpam-apparmor',
'libapache2-mod-apparmor', 'python3-libapparmor',
'auditd', 'libaudit0']
diff --git a/debian/changelog b/debian/changelog
index e146c483fe0ef691efd71ac473d12b74c3b29e73..d7a7cb6f106194a5cbae62777b816e60ec1670a7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,372 @@
+apparmor (3.0.8-3) unstable; urgency=medium
+
+ * Cherry-pick a few small, targeted fixes from upstream 3.0 branch
+
+ -- intrigeri <intrigeri@debian.org> Tue, 14 Feb 2023 11:49:15 +0000
+
+apparmor (3.0.8-2) unstable; urgency=medium
+
+ * Only pin the policy ABI, not the kernel ABI.
+ This brings back the desired behavior that we had on Bullseye.
+ Fixes regression introduced in 3.0.3-1.
+ * Drop obsolete dependency on lsb-base: it's transitional
+ and provided by sysvinit-utils, which is essential
+
+ -- intrigeri <intrigeri@debian.org> Wed, 18 Jan 2023 11:10:22 +0000
+
+apparmor (3.0.8-1) unstable; urgency=medium
+
+ * New upstream release
+ * debian/watch: only track the 3.0 series for now
+ * Add upstream patch to fix test suite
+
+ -- intrigeri <intrigeri@debian.org> Sat, 10 Dec 2022 17:54:51 +0000
+
+apparmor (3.0.7-1) unstable; urgency=medium
+
+ * New upstream release
+
+ -- intrigeri <intrigeri@debian.org> Tue, 16 Aug 2022 14:09:22 +0000
+
+apparmor (3.0.6-1) unstable; urgency=medium
+
+ * New upstream release (Closes: #1015354)
+ * Drop patch that was applied upstream
+ * Enable LTO
+ * Declare compliance with Policy 4.6.1
+
+ -- intrigeri <intrigeri@debian.org> Tue, 02 Aug 2022 09:15:54 +0000
+
+apparmor (3.0.5-1) unstable; urgency=medium
+
+ * New upstream release
+ * Drop patches that were applied upstream
+ * Drop profile-load script: part of upstream 3.0.5
+ * Install newly upstreamed aa-notify.desktop instead of the custom Debian one
+ * Rename debian/master branch to debian/unstable
+ * New patch, to fix new upstream "dirtest" test
+ * Install new samba-* profiles
+
+ -- intrigeri <intrigeri@debian.org> Mon, 25 Jul 2022 13:46:44 +0000
+
+apparmor (3.0.4-3) unstable; urgency=medium
+
+ * Cherry-pick 7 patches from upstream apparmor-3.0 branch (Closes: #1003153)
+ * Adjust overrides for recent Lintian
+ * Override Lintian false positives
+
+ -- intrigeri <intrigeri@debian.org> Wed, 06 Jul 2022 07:48:25 +0000
+
+apparmor (3.0.4-2) unstable; urgency=medium
+
+ * Add upstream commit that makes the test suite compatible with Python 3.10
+
+ -- intrigeri <intrigeri@debian.org> Wed, 23 Feb 2022 09:48:59 +0000
+
+apparmor (3.0.4-1) unstable; urgency=medium
+
+ * New upstream release
+ * apparmor-profiles: install new samba-bgqd profile
+ * Drop backported patches that are now obsolete
+ * debian/allow-access-to-ibus-socket.patch: drop support for pre-Bullseye
+ ibus path
+ * Declare compliance with Policy 4.6.0.1
+ * Drop XS- prefix for adopted Python-Version control field
+ * Add new symbols
+
+ -- intrigeri <intrigeri@debian.org> Sat, 12 Feb 2022 12:34:23 +0000
+
+apparmor (3.0.3-6) unstable; urgency=medium
+
+ * debian/rules: let "set -e" take effect (Closes: #998843)
+ * Add support for Python 3.10 (Closes: #998686):
+ - upstream-ab4cfb5e-replace-distutils-with-setuptools.patch: new patch,
+ edited to drop changes to upstream .gitignore.
+ - Add build-dependency on python3-setuptools
+
+ -- intrigeri <intrigeri@debian.org> Thu, 18 Nov 2021 09:15:55 +0000
+
+apparmor (3.0.3-5) unstable; urgency=medium
+
+ [ Debian Janitor ]
+ * Remove constraints unnecessary since stretch.
+
+ [ Helmut Grohne ]
+ * Make the package cross-buildable (Closes: #984582):
+ - Multiarchify python Build-Depends
+ - Let dh_auto_build pass cross tools to make
+ - Annotate perl build-dependency with !nocheck
+
+ [ intrigeri ]
+ * Remove obsolete libapparmor-perl on upgrade
+
+ -- intrigeri <intrigeri@debian.org> Sat, 23 Oct 2021 10:22:04 +0000
+
+apparmor (3.0.3-4) unstable; urgency=medium
+
+ * Merge apparmor-easyprof into apparmor-utils (Closes: #972880)
+ * Make apparmor-utils and python3-apparmor arch:all (Closes: #972881)
+
+ -- intrigeri <intrigeri@debian.org> Sun, 17 Oct 2021 17:23:17 +0000
+
+apparmor (3.0.3-3) unstable; urgency=medium
+
+ * Adjust gbp.conf and Vcs-* control fields for 3.0.x now being in sid.
+ * Stop building the libapparmor-perl binary package (Closes: #993565)
+ * Update Lintian overrides
+ * Add B-D on dh-sequence-python3, to workaround #996089 in Lintian
+ * B-D: python3-all → python3-all:any, to appease Lintian
+
+ -- intrigeri <intrigeri@debian.org> Wed, 13 Oct 2021 05:56:16 +0000
+
+apparmor (3.0.3-2) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- intrigeri <intrigeri@debian.org> Fri, 03 Sep 2021 08:23:30 +0000
+
+apparmor (3.0.3-1) experimental; urgency=medium
+
+ * New upstream release
+ * Drop debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
+ obsolete
+ * Refresh patches
+ * Merge changes from sid, up to 2.13.6-10
+ * upstream-6cfc6eee-python-3.10.patch: new patch,
+ for compatibility with Python 3.10
+
+ -- intrigeri <intrigeri@debian.org> Mon, 23 Aug 2021 18:25:14 +0000
+
+apparmor (3.0.1-6) experimental; urgency=medium
+
+ * autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
+
+ -- intrigeri <intrigeri@debian.org> Fri, 02 Apr 2021 11:38:16 +0000
+
+apparmor (3.0.1-5) experimental; urgency=medium
+
+ * Merge changes from sid, up to 2.13.6-9
+
+ -- intrigeri <intrigeri@debian.org> Fri, 12 Feb 2021 14:37:24 +0000
+
+apparmor (3.0.1-4) experimental; urgency=medium
+
+ * apparmor: drop obsolete dependency on python3 (#981442)
+ * Merge changes from sid, up to 2.13.6-7
+
+ -- intrigeri <intrigeri@debian.org> Fri, 05 Feb 2021 06:48:41 +0000
+
+apparmor (3.0.1-3) experimental; urgency=medium
+
+ * Supersede failed, incomplete dgit upload
+
+ -- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:44:24 +0000
+
+apparmor (3.0.1-2) experimental; urgency=medium
+
+ * Supersede failed, incomplete dgit upload
+
+ -- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 10:16:16 +0000
+
+apparmor (3.0.1-1) experimental; urgency=medium
+
+ * New upstream release
+ * Vcs-* control fields: track the debian/experimental branch
+ * Drop upstream-commit-*.patch: included in 3.0.1
+ * Refresh patches
+ * Add aa_features_new_from_file to symbols file
+ * Pin the Linux 5.9 feature set
+ * Only pin the policy ABI, not the kernel ABI
+
+ -- intrigeri <intrigeri@debian.org> Sun, 27 Dec 2020 09:23:01 +0000
+
+apparmor (3.0.0-1) experimental; urgency=medium
+
+ * New upstream release (Closes: #930031)
+ * Merge ubuntu/3.0.0-0ubuntu1:
+ - Drop upstreamed patches
+ - d/apparmor.install:
+ + install new aa-features-abi binary to /usr/bin
+ + include abi/ directory and tunables/etc.
+ - d/apparmor.manpages:
+ + install new aa-features-abi.1 manpage
+ + install apparmor_xattrs.7 manpage
+ - d/apparmor-profiles.install:
+ + install new usr.lib.dovecot.script-login
+ + adjust for renamed postfix profiles
+ + add usr.bin.dumpcap to extra-profiles
+ + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles
+ (already in apparmor-profiles)
+ - d/control:
+ + apparmor-utils: drop perl dependency
+ + Update apparmor-notify dependencies: it was ported to Python
+ - d/tests/test-installed:
+ + include libraries/ in workdir so tests have access to private
+ headers
+ - New patches:
+ + d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
+ Provide better message about caching not happening due to a profile
+ being in force-complain mode. (LP: #1899218)
+ + d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
+ abstractions/exo-open (LP: #1891338)
+ + d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
+ abstractions (LP: #1889699)
+ + d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
+ (LP: #1881357)
+ * Drop another already upstreamed patch
+ * Upstream the patches added by Ubuntu
+ * New patches:
+ - upstream-commit-9350038-add-CAP_CHECKPOINT_RESTORE.patch:
+ fixes FTBFS on Linux 5.9
+ - upstream-commit-5958930-add-_aa_asprintf-to-private-symbols.patch:
+ fixes symbols discrepancy
+ - upstream-commit-51144b5-apparmor_xattrs.7-fix-whatis-entry.patch
+ - upstream-commit-11d1f38-Fix-typos.patch
+ - debian/Revert-libapparmor-fixing-setup.py-call-when-crosscompili.patch:
+ fixes passing hardening LDFLAGS to Python build
+ * apparmor-profiles: install new php-fpm profile
+ * Tell dh_missing that we purposely don't ship the chromium-browser profile
+ * Override a Lintian false positive
+
+ -- intrigeri <intrigeri@debian.org> Sun, 25 Oct 2020 12:03:26 +0000
+
+apparmor (3.0.0-0ubuntu1) groovy; urgency=medium
+
+ [ Alex Murray ]
+ * Update to the final AppArmor 3.0 upstream release
+ - d/apparmor.install:
+ + install new aa-features-abi binary to /usr/bin
+ - d/apparmor.manpages:
+ + install new aa-features-abi.1 man page
+ - d/apparmor-profiles.install:
+ + install new usr.lib.dovecot.script-login
+ + adjust for renamed postfix profiles
+ - d/tests/test-installed:
+ + include libraries/ in workdir so tests have access to private
+ headers
+ - Drop the following patches that were originally backported from
+ upstream but are now incorporated in the final release:
+ + d/p/parser-fix_cap_match.patch
+ + d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch
+ + d/p/parser-add-abi-warning-flags.patch
+ + d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch
+ + d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch
+ + d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch
+ + d/p/fix-change-profile-stack-abstraction.patch
+ + d/p/ubuntu/stop-loading-snapd-profiles.patch
+
+ [ Emilia Torino ]
+ * d/control: adjust apparmor-notify to depends on python3-psutil and
+ python3-apparmor (LP: #1899046)
+
+ [ Steve Beattie ]
+ * d/p/u/parser-Fix-warning-message-when-complain-mode-is-for.patch:
+ Provide better message about caching not happening due to a profile
+ being in force-complain mode. (LP: #1899218)
+
+ -- Alex Murray <alex.murray@canonical.com> Sun, 11 Oct 2020 16:26:32 -0700
+
+apparmor (3.0.0~beta1-0ubuntu6) groovy; urgency=medium
+
+ * Drop d/p/lp1824812.patch: this patch was only needed with 2.13 and not
+ 3.0. With AppArmor 3, the patch ends up setting SFS_MOUNTPOINT to the
+ wrong directory in is_container_with_internal_policy(), which causes
+ policy to always fail to load in containers. Thanks to Christian Ehrhardt
+ for the analysis. (LP: #1895967)
+
+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 22 Sep 2020 15:10:33 +0000
+
+apparmor (3.0.0~beta1-0ubuntu5) groovy; urgency=medium
+
+ [ John Johansen ]
+ * d/p/fix-parser-to-emit-proc-attr-access-for-all-situations.patch:
+ fix-automatic-adding-of-rule-for-change-hat-iface.patch fixed the
+ parser to emit rules needed for change_hat in the hat profiles but
+ broke the rule being emitted for the parent profile, this fixes it for
+ both so that it is emitted for any profile that is a hat or that
+ contains a hat.
+ * d/p/fix-change-profile-stack-abstraction.patch: fix the change_profile
+ abstraction so that it allows access to the apparmor attribute paths
+ under LSM stacking.
+
+ -- Alex Murray <alex.murray@canonical.com> Fri, 18 Sep 2020 11:58:59 +0930
+
+apparmor (3.0.0~beta1-0ubuntu2) groovy; urgency=medium
+
+ [ John Johansen ]
+ * d/p/fix-automatic-adding-of-rule-for-change-hat-iface.patch: fix
+ parser not adding a rule to profiles if they are a hat or contain hats
+ granting write access to the kernel interfaces.
+
+ -- Emilia Torino <emilia.torino@canonical.com> Thu, 17 Sep 2020 12:40:09 -0300
+
+apparmor (3.0.0~beta1-0ubuntu1) groovy; urgency=medium
+
+ [ John Johansen ]
+ * New upstream release (LP: #1895060, LP: #1887577, LP: #1880841)
+ * Drop all patches backported from upstream: applied in 3.0
+ * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: provide
+ example and base abi to pin pre 3.0 policy
+ * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: enable pinning
+ of pre AppArmor 3.x policy
+ * drop d/p/debian/dont-include-site-local-with-dovecot.patch: no longer
+ needed with upstream 'include if exists'
+
+ [ Steve Beattie ]
+ * d/p/parser-fix_cap_match.patch: fix cap match to work correctly, important
+ now that groovy has a 5.8 kernel.
+ * d/apparmor-profiles.install:
+ + adjust for renamed postfix profiles
+ + add usr.bin.dumpcap and usr.bin.mlmmj-receive to extra-profiles
+ + remove usr.sbin.nmbd and usr.sbin.smbd from extra-profiles (already in
+ apparmor-profiles)
+ * d/apparmor.install: include abi/ directory and tunables/etc.
+ * d/apparmor.manpages: add apparmor_xattrs.7 manpage
+ * d/control:
+ + apparmor-utils: no more shipped perl tools, drop perl dependency
+ + apparmor-notify: aa-notify was converted to python3 from perl; adjust
+ -notify dependencies to compensate
+ * d/p/fix-tests-regression-apparmor-prologue-inc-settest.patch:
+ fix sed expression in settest()
+
+ [ Emilia Torino ]
+ * Removing Ubuntu specific chromium-browser profile. This is safe to do
+ since groovy's chromium-browser deb installs the snap. If apparmor3
+ is backported to 18.04 or earlier, the profile will need to be taken
+ into consideration
+ - d/profiles/chromium-browser: remove chromium-browser profile
+ - d/apparmor-profiles.postinst: remove postinst script as it only
+ contains chromium-browser related functionallity.
+ - d/apparmor-profiles.postrm: remove postrm script as it only
+ contains chromium-browser related functionallity.
+ - d/apparmor-profiles.install: remove ubuntu-specific
+ chromium-browser abstraction and profile
+ - d/apparmor-profiles.lintian-overrides: remove chromium-browser
+ profile lintian overrides
+ - d/p/ubuntu/add-chromium-browser.patch: remove patch which added
+ chrome-browser
+
+ [ Alex Murray ]
+ * d/p/policy-provide-example-and-base-abi-to-pin-pre-3.0-p.patch: refresh
+ this patch with the official upstream version
+ * d/p/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch: refresh this
+ patch to match the above
+ * d/p/parser-add-abi-warning-flags.patch: enable parser warnings
+ to be silenced or to be treated as errors
+
+ [ Jamie Strandboge ]
+ * d/p/adjust-for-ibus-1.5.22.patch: update ibus abstract path for ibus
+ 1.5.22. This can be dropped with AppArmor 3.0 final.
+ * d/p/parser-add-abi-warning-flags.patch: refresh to avoid lintian warnings
+ * d/p/ubuntu/lp1891338.patch: adjust ubuntu-integration to use
+ abstractions/exo-open (LP: #1891338)
+ * d/p/ubuntu/lp1889699.patch: adjust to support brave in ubuntu
+ abstractions. Patch thanks to François Marier (LP: #1889699)
+ * d/p/ubuntu/lp1881357.patch: adjust for new ICEauthority path in /run
+ (LP: #1881357)
+
+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 09 Sep 2020 21:48:17 +0000
+
apparmor (2.13.6-10) unstable; urgency=medium
* autopkgtest: use hint-testsuite-triggers to ensure dummy test is not run
diff --git a/debian/control b/debian/control
index 27fcb6b0aeb3ace982cec8a5ce79b8bdabfa13a2..b81b1c705de0ea345628a5176a6ddba893e9dea2 100644
--- a/debian/control
+++ b/debian/control
@@ -13,27 +13,29 @@ Build-Depends: apache2-dev,
dejagnu <!nocheck>,
dh-apache2,
dh-python,
+ dh-sequence-python3,
flex,
liblocale-gettext-perl <!nocheck>,
+ libpython3-all-dev,
libpam-dev,
libtool,
- perl,
+ perl <!nocheck>,
pkg-config,
po-debconf,
- python3,
- python3-all,
- python3-all-dev,
+ python3:any,
+ python3-all:any,
+ python3-all-dev:any,
+ python3-setuptools,
swig
-Standards-Version: 4.5.1
-Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/debian/master
-Vcs-Git: https://salsa.debian.org/apparmor-team/apparmor.git -b debian/master
+Standards-Version: 4.6.1
+Vcs-Browser: https://salsa.debian.org/apparmor-team/apparmor/tree/debian/unstable
+Vcs-Git: https://salsa.debian.org/apparmor-team/apparmor.git -b debian/unstable
Homepage: https://apparmor.net/
Rules-Requires-Root: no
Package: apparmor
Architecture: linux-any
Depends: debconf,
- lsb-base,
${misc:Depends},
${shlibs:Depends}
Suggests: apparmor-profiles-extra,
@@ -51,23 +53,29 @@ Description: user-space parser utility for AppArmor
Security Module.
Package: apparmor-utils
-Architecture: linux-any
+Architecture: all
Depends: apparmor,
python3-apparmor (= ${binary:Version}),
${misc:Depends},
- ${perl:Depends},
${python3:Depends},
${shlibs:Depends}
+Breaks: apparmor-easyprof (<< 3.0.3-4)
+Replaces: apparmor-easyprof (<< 3.0.3-4)
+Provides: apparmor-easyprof
Suggests: vim-addon-manager
Description: utilities for controlling AppArmor
apparmor-utils provides utilities that operate on AppArmor
profiles. Profiles can be created, updated, enforced, set to complain
mode, and disabled with tools such as aa-genprof, aa-enforce,
aa-complain and aa-disable.
+ .
+ Additionally, the aa-easyprof utility helps generating AppArmor policy.
+ It supports the use of templates and policy groups to quickly profile
+ an application.
Package: apparmor-profiles
Architecture: all
-Depends: apparmor (>= 2.8.96~2535-0ubuntu1~),
+Depends: apparmor,
${misc:Depends}
Description: experimental profiles for AppArmor security policies
apparmor-profiles provides various experimental AppArmor profiles.
@@ -98,23 +106,13 @@ Multi-Arch: same
Section: libs
Depends: ${misc:Depends},
${shlibs:Depends}
+Breaks: libapparmor-perl (<< 3.0.3-3)
+Replaces: libapparmor-perl (<< 3.0.3-3)
Description: changehat AppArmor library
libapparmor1 provides a shared library one can compile programs
against in order to use various AppArmor functionality,
such as transitioning to a different AppArmor profile or hat.
-Package: libapparmor-perl
-Architecture: linux-any
-Multi-Arch: same
-Section: perl
-Depends: ${misc:Depends},
- ${perl:Depends},
- ${shlibs:Depends}
-Description: AppArmor library Perl bindings
- libapparmor-perl provides the Perl module that contains the language
- bindings for the AppArmor library, libapparmor, which were autogenerated
- via SWIG.
-
Package: libapache2-mod-apparmor
Architecture: linux-any
Section: httpd
@@ -137,10 +135,12 @@ Description: changehat AppArmor library as a PAM module
Package: apparmor-notify
Architecture: all
-Depends: libapparmor-perl,
- libnotify-bin,
+Depends: python3-apparmor,
+ python3-libapparmor,
+ python3-notify2,
+ python3-psutil,
${misc:Depends},
- ${perl:Depends}
+ ${python3:Depends}
Description: AppArmor notification system
apparmor-notify provides a utility to display AppArmor denial
messages via desktop notifications. The utility can also be used to
@@ -156,10 +156,10 @@ Description: AppArmor library Python3 bindings
python3-libapparmor provides the Python3 module that contains the language
bindings for the AppArmor library, libapparmor, which were autogenerated
via SWIG.
-XS-Python-Version: ${python3:Versions}
+Python-Version: ${python3:Versions}
Package: python3-apparmor
-Architecture: linux-any
+Architecture: all
Section: python
Depends: python3-libapparmor (>= ${source:Upstream-Version}),
${misc:Depends},
@@ -168,7 +168,7 @@ Depends: python3-libapparmor (>= ${source:Upstream-Version}),
Description: AppArmor Python3 utility library
python3-apparmor provides the Python3 modules that implement the
higher-level AppArmor applications.
-XS-Python-Version: ${python3:Versions}
+Python-Version: ${python3:Versions}
Package: dh-apparmor
Architecture: all
@@ -176,19 +176,8 @@ Multi-Arch: foreign
Section: devel
Depends: ${misc:Depends},
${perl:Depends}
-Suggests: apparmor-easyprof
+Suggests: apparmor-utils
Description: AppArmor debhelper routines
dh-apparmor provides the debhelper tools used to install and migrate
AppArmor profiles. This is normally used from package maintainer scripts
during install and removal.
-
-Package: apparmor-easyprof
-Architecture: all
-Multi-Arch: foreign
-Depends: python3-apparmor,
- ${misc:Depends},
- ${python3:Depends}
-Description: AppArmor easyprof profiling tool
- apparmor-easyprof provides the aa-easyprof utility which is an easy to
- use interface for AppArmor policy generation. aa-easyprof supports the
- use of templates and policy groups to quickly profile an application.
diff --git a/debian/copyright b/debian/copyright
index 4dedc33b5f43af985ce507abefbe29fb31a82e9b..0feda5f5c39a63a52fb9b05a09a2f1ad4c3802e3 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -93,6 +93,7 @@ License: GPL-2
Files: debian/*
Copyright: 2007-2011 Canonical Ltd.
+ 2014-2022 intrigeri
License: GPL-2
License: BSD-3-clause
diff --git a/debian/debhelper/dh_apparmor b/debian/debhelper/dh_apparmor
index 944f9025ba3a71d28e42f4b9a6832214df637c2a..a17635a04791d3a331cb9309a9d1f48dd4857253 100644
--- a/debian/debhelper/dh_apparmor
+++ b/debian/debhelper/dh_apparmor
@@ -55,7 +55,7 @@ dh_apparmor --manifest=manifest.json --profile-name=bin.bar -p bar
Because not all build environments support the apparmor kernel interface,
B<aa-easyprof(8)> is called with the --no-verify option. Use of this option
-requires that apparmor-easyprof is installed.
+requires that apparmor-utils is installed.
=back
diff --git a/debian/gbp.conf b/debian/gbp.conf
index f89add00b5a68c6d16821ad9e850c80135ecbeb4..9c1a81274f428c64b1ab65a470753e9e6ab191aa 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,6 +1,6 @@
[DEFAULT]
pristine-tar = True
-debian-branch = debian/master
-upstream-branch = upstream/2.13.x
+debian-branch = debian/unstable
+upstream-branch = upstream/latest
upstream-vcs-tag = v%(version)s
patch-numbers = False
diff --git a/debian/libapache2-mod-apparmor.lintian-overrides b/debian/libapache2-mod-apparmor.lintian-overrides
index 7b9b2e04b5fa692b66602d071273ed4fbc7ada67..5d540a7c4e8af91f9a2564e346ce93d39b78ec43 100644
--- a/debian/libapache2-mod-apparmor.lintian-overrides
+++ b/debian/libapache2-mod-apparmor.lintian-overrides
@@ -1,2 +1,2 @@
# The executable is called mod_apparmor.so
-spare-manual-page usr/share/man/man8/mod_apparmor.8.gz
+spare-manual-page [usr/share/man/man8/mod_apparmor.8.gz]
diff --git a/debian/libapache2-mod-apparmor.maintscript b/debian/libapache2-mod-apparmor.maintscript
deleted file mode 100644
index d3485dc75dc2c9235d1b60fb12d7f4852ac557f5..0000000000000000000000000000000000000000
--- a/debian/libapache2-mod-apparmor.maintscript
+++ /dev/null
@@ -1,2 +0,0 @@
-rm_conffile /etc/apparmor.d/local/usr.lib.apache2.mpm-prefork.apache2 2.8.0-0ubuntu21~
-rm_conffile /etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 2.8.0-0ubuntu21~
diff --git a/debian/libapparmor-perl.examples b/debian/libapparmor-perl.examples
deleted file mode 100644
index 9501ea623555c91ab1d741443e3f8f472acce5e7..0000000000000000000000000000000000000000
--- a/debian/libapparmor-perl.examples
+++ /dev/null
@@ -1 +0,0 @@
-libraries/libapparmor/swig/perl/examples/*
diff --git a/debian/libapparmor-perl.install b/debian/libapparmor-perl.install
deleted file mode 100755
index 9ac7dc47ffc13386df65e7edc9224282fe278d8a..0000000000000000000000000000000000000000
--- a/debian/libapparmor-perl.install
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/perl -w
-use Config;
-# expand the perl binary module directory at build time
-print substr($Config{vendorarch}, 1) . "\n";
diff --git a/debian/libapparmor1.symbols b/debian/libapparmor1.symbols
index e6a1b9c249ef6bfb8a1b4108595a9792ef1e8af7..356fc5affecf77d6be13f9f13bf0ec84d7965fcc 100644
--- a/debian/libapparmor1.symbols
+++ b/debian/libapparmor1.symbols
@@ -7,8 +7,12 @@ libapparmor.so.1 libapparmor1 #MINVER#
APPARMOR_2.13.1@APPARMOR_2.13.1 2.13.1
APPARMOR_2.13@APPARMOR_2.13 2.13
APPARMOR_2.9@APPARMOR_2.9 2.8.94
+ APPARMOR_3.0@APPARMOR_3.0 3.0.0
IMMUNIX_1.0@IMMUNIX_1.0 2.6~devel
PRIVATE@PRIVATE 2.10
+ __aa_query_label@APPARMOR_1.1 3.0.4
+ __change_hat@APPARMOR_1.0 3.0.4
+ __old_change_hat@IMMUNIX_1.0 3.0.4
_aa_asprintf@PRIVATE 2.13.5
_aa_autoclose@PRIVATE 2.10
_aa_autofclose@PRIVATE 2.10
@@ -23,11 +27,14 @@ libapparmor.so.1 libapparmor1 #MINVER#
aa_features_id@APPARMOR_2.13 2.13
aa_features_is_equal@APPARMOR_2.10 2.10
aa_features_new@APPARMOR_2.10 2.10
+ aa_features_new_from_file@APPARMOR_3.0 3.0.1
aa_features_new_from_kernel@APPARMOR_2.10 2.10
aa_features_new_from_string@APPARMOR_2.10 2.10
aa_features_ref@APPARMOR_2.10 2.10
aa_features_supports@APPARMOR_2.10 2.10
aa_features_unref@APPARMOR_2.10 2.10
+ aa_features_value@APPARMOR_3.0 3.0.0
+ aa_features_write_to_fd@APPARMOR_3.0 3.0.0
aa_features_write_to_file@APPARMOR_2.10 2.10
aa_find_mountpoint@APPARMOR_1.1 2.7.0~beta1+bzr1772
aa_getcon@APPARMOR_1.1 2.7.0~beta1+bzr1772
@@ -73,3 +80,4 @@ libapparmor.so.1 libapparmor1 #MINVER#
change_hat@IMMUNIX_1.0 2.6~devel
free_record@APPARMOR_1.0 2.6~devel
parse_record@APPARMOR_1.0 2.6~devel
+ query_label@APPARMOR_2.9 3.0.4
diff --git a/debian/not-installed b/debian/not-installed
index 71b3c923c29dc2285dad9a212cdd120a996d70f4..a3c5e9273729d058353ff3450e499008370418a4 100644
--- a/debian/not-installed
+++ b/debian/not-installed
@@ -23,3 +23,4 @@ usr/lib/*/libapparmor.la
# Not installed on purpose
etc/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
etc/apparmor.d/usr.sbin.winbindd
+usr/share/apparmor/extra-profiles/usr.bin.chromium-browser
diff --git a/debian/patches/Avoid-blhc-CPPFLAGS-missing-false-positive.patch b/debian/patches/Avoid-blhc-CPPFLAGS-missing-false-positive.patch
deleted file mode 100644
index cc07afadd9e38d018ef832d8fe80eedd3df2cf19..0000000000000000000000000000000000000000
--- a/debian/patches/Avoid-blhc-CPPFLAGS-missing-false-positive.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Wed, 17 Jul 2019 20:22:19 +0000
-Subject: Avoid blhc "CPPFLAGS missing" false positive.
-
-Forwarded: yes
-Bug: https://gitlab.com/apparmor/apparmor/merge_requests/403
----
- libraries/libapparmor/src/Makefile.am | 2 +-
- libraries/libapparmor/src/Makefile.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
-index 6d9c629..0030a54 100644
---- a/libraries/libapparmor/src/Makefile.am
-+++ b/libraries/libapparmor/src/Makefile.am
-@@ -43,7 +43,7 @@ scanner.h: scanner.l
- scanner.c: scanner.l
-
- af_protos.h:
-- echo '#include <netinet/in.h>' | $(CC) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
-+ echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
-
- lib_LTLIBRARIES = libapparmor.la
- noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
-diff --git a/libraries/libapparmor/src/Makefile.in b/libraries/libapparmor/src/Makefile.in
-index ab47afe..6459790 100644
---- a/libraries/libapparmor/src/Makefile.in
-+++ b/libraries/libapparmor/src/Makefile.in
-@@ -1183,7 +1183,7 @@ scanner.h: scanner.l
- scanner.c: scanner.l
-
- af_protos.h:
-- echo '#include <netinet/in.h>' | $(CC) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
-+ echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
-
- %.pc: %.pc.in $(top_builddir)/config.status
- $(AM_V_GEN)cd "$(top_builddir)" && \
diff --git a/debian/patches/Merge-Add-pipewire-client.conf-to-audio-abstractions.patch b/debian/patches/Merge-Add-pipewire-client.conf-to-audio-abstractions.patch
new file mode 100644
index 0000000000000000000000000000000000000000..68e9fd9af8a9b080504c7d845dceb4ebf5084d2b
--- /dev/null
+++ b/debian/patches/Merge-Add-pipewire-client.conf-to-audio-abstractions.patch
@@ -0,0 +1,31 @@
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Mon, 23 Jan 2023 20:34:57 +0000
+Subject: Merge Add pipewire client.conf to audio abstractions
+
+Fixes: https://bugs.launchpad.net/bugs/2003702
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/970
+Approved-by: Jon Tourville <jon.tourville@canonical.com>
+Merged-by: Christian Boltz <apparmor@cboltz.de>
+
+
+(cherry picked from commit dedb5d94cb8ce2c5a843f9e06f0cedeaaacad7d2)
+
+b5a7641d Add pipewire client.conf to audio abstractions
+---
+ profiles/apparmor.d/abstractions/audio | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio
+index 0149326..dd78399 100644
+--- a/profiles/apparmor.d/abstractions/audio
++++ b/profiles/apparmor.d/abstractions/audio
+@@ -85,5 +85,8 @@ owner @{HOME}/.local/share/openal/hrtf/{,**} r,
+ # wildmidi
+ /etc/wildmidi/wildmidi.cfg r,
+
++# pipewire
++/usr/share/pipewire/client.conf r,
++
+ # Include additions to the abstraction
+ include if exists <abstractions/audio.d>
diff --git a/debian/patches/Merge-Extend-crypto-and-ssl_certs-abstractions.patch b/debian/patches/Merge-Extend-crypto-and-ssl_certs-abstractions.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bfa9ae692228be5a9f0c11422fde9f7928d31ac5
--- /dev/null
+++ b/debian/patches/Merge-Extend-crypto-and-ssl_certs-abstractions.patch
@@ -0,0 +1,47 @@
+From: John Johansen <john@jjmx.net>
+Date: Tue, 24 Jan 2023 21:38:19 +0000
+Subject: Merge Extend crypto and ssl_certs abstractions
+
+- ssl_certs: /{etc,usr/share}/pki/trust/ has more than the 'anchors' subdirectory
+- crypoto: allow reading /etc/gcrypt/hwf.deny
+
+I propose this patch for 3.0..master (2.13 doesn't have abstractions/crypto).
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/961
+Approved-by: John Johansen <john@jjmx.net>
+Merged-by: John Johansen <john@jjmx.net>
+
+
+(cherry picked from commit bb30df7843d13ebb1a282ec20421d9427c056aa1)
+
+d15bfa99 Extend crypto and ssl_certs abstractions
+---
+ profiles/apparmor.d/abstractions/crypto | 1 +
+ profiles/apparmor.d/abstractions/ssl_certs | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/profiles/apparmor.d/abstractions/crypto b/profiles/apparmor.d/abstractions/crypto
+index 8367600..50852e8 100644
+--- a/profiles/apparmor.d/abstractions/crypto
++++ b/profiles/apparmor.d/abstractions/crypto
+@@ -13,6 +13,7 @@
+
+ abi <abi/3.0>,
+
++ @{etc_ro}/gcrypt/hwf.deny r,
+ @{etc_ro}/gcrypt/random.conf r,
+ @{PROC}/sys/crypto/fips_enabled r,
+
+diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
+index 56ab53c..82e532b 100644
+--- a/profiles/apparmor.d/abstractions/ssl_certs
++++ b/profiles/apparmor.d/abstractions/ssl_certs
+@@ -17,7 +17,7 @@
+ /etc/{,libre}ssl/certs/{,**} r,
+ /{etc,usr/share}/pki/bl[ao]cklist/{,*} r,
+ /{etc,usr/share}/pki/trust/{,*} r,
+- /{etc,usr/share}/pki/trust/anchors/{,**} r,
++ /{etc,usr/share}/pki/trust/{bl[oa]cklist,anchors}/{,**} r,
+ /usr/share/ca-certificates/{,**} r,
+ /usr/share/ssl/certs/ca-bundle.crt r,
+ /usr/local/share/ca-certificates/{,**} r,
diff --git a/debian/patches/Merge-Fix-Opening-links-with-Brave.patch b/debian/patches/Merge-Fix-Opening-links-with-Brave.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c1b8c6f981ae2a7254f54e898d510c0df595dd22
--- /dev/null
+++ b/debian/patches/Merge-Fix-Opening-links-with-Brave.patch
@@ -0,0 +1,50 @@
+From: John Johansen <john@jjmx.net>
+Date: Tue, 24 Jan 2023 21:42:25 +0000
+Subject: Merge Fix: Opening links with Brave
+
+Resolves #292.
+
+This fix is the same as !830 but for Brave.
+Opening links in Brave now works as intended.
+
+Note that now a separate denial is caused, related to WidevineCDM, is produced:
+```
+[ERROR:content_main_runner_impl.cc(415)] Unable to load CDM /home/username/.config/BraveSoftware/Brave-Browser/WidevineCdm/4.10.2557.0/_platform_specific/linux_x64/libwidevinecdm.so (error: /home/username/.config/BraveSoftware/Brave-Browser/WidevineCdm/4.10.2557.0/_platform_specific/linux_x64/libwidevinecdm.so: failed to map segment from shared object)
+```
+
+In the syslog:
+```
+audit: type=1400 audit(1671108748.090:117): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/evince//sanitized_helper" name="/home/username/.config/BraveSoftware/Brave-Browser/WidevineCdm/4.10.2557.0/_platform_specific/linux_x64/libwidevinecdm.so" pid=65765 comm="brave" requested_mask="m" denied_mask="m" fsuid=1000 ouid=100
+```
+
+I'm not sure if granting permission(s) for this is desirable. In either case, the potential relevant changes are out of the scope of this MR.
+
+If I disable WidevineCDM in Brave, I get the following denial on cap sys_admin:
+```
+audit: type=1400 audit(1671112807.666:174): apparmor="DENIED" operation="capable" profile="/usr/bin/evince//sanitized_helper" pid=112098 comm="brave" capability=21 capname="sys_admin"
+```
+which is fine, as mentioned by @jjohansen [here](https://gitlab.com/apparmor/apparmor/-/merge_requests/830#note_831915024).
+
+Closes #292
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/957
+Approved-by: John Johansen <john@jjmx.net>
+Merged-by: John Johansen <john@jjmx.net>
+
+(cherry picked from commit 5fd8c25745020f816cb96d6daa15af0c140914e3)
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ profiles/apparmor.d/abstractions/ubuntu-helpers | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/profiles/apparmor.d/abstractions/ubuntu-helpers b/profiles/apparmor.d/abstractions/ubuntu-helpers
+index b9a3b1c..7e07ef4 100644
+--- a/profiles/apparmor.d/abstractions/ubuntu-helpers
++++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
+@@ -79,6 +79,7 @@ profile sanitized_helper {
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/chrome-sandbox PUxr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/brave-browser{,-beta,-dev,-nightly} Pixr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/brave Pixr,
++ /opt/brave.com/brave{,-beta,-dev,-nightly}/chrome_crashpad_handler Pixr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/{,**/}lib*.so{,.*} m,
+
+ # Full access
diff --git a/debian/patches/Merge-aa-status-Fix-malformed-json-output-with-unconfined.patch b/debian/patches/Merge-aa-status-Fix-malformed-json-output-with-unconfined.patch
new file mode 100644
index 0000000000000000000000000000000000000000..76bdac17f21d2ef3bbdeaa82b81f31b33aabe6e4
--- /dev/null
+++ b/debian/patches/Merge-aa-status-Fix-malformed-json-output-with-unconfined.patch
@@ -0,0 +1,45 @@
+From: John Johansen <john@jjmx.net>
+Date: Wed, 4 Jan 2023 17:32:40 +0000
+Subject: Merge aa-status: Fix malformed json output with unconfined processes
+
+As reported in issue #295, the json output from aa-status would be invalid if
+there were profiles defined for processes that were unconfined. Fix this by
+ensuring the json for the processes array is closed properly.
+
+Signed-off-by: Alex Murray <alex.murray@canonical.com>
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/964
+Approved-by: John Johansen <john@jjmx.net>
+Merged-by: John Johansen <john@jjmx.net>
+(cherry picked from commit dfc9847f89f5b960b42dda1bcfdd212ee2210c59)
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ binutils/aa_status.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/aa_status.c b/binutils/aa_status.c
+index 57610d5..900c559 100644
+--- a/binutils/aa_status.c
++++ b/binutils/aa_status.c
+@@ -534,16 +534,19 @@ static int detailed_output(FILE *json) {
+ } else {
+ fprintf(json, "%s\"%s\": [{\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
+ // first element will be a unique executable
+- i == 0 && j == 0 ? "" : "], ",
++ j == 0 ? "" : "], ",
+ filtered[j].exe, filtered[j].profile, filtered[j].pid, filtered[j].mode);
+ }
+
+ }
++ if (j > 0) {
++ fprintf(json, "]");
++ }
+ }
+ free_processes(filtered, nfiltered);
+ }
+ if (json) {
+- fprintf(json, "%s}}\n", nprocesses > 0 ? "]" : "");
++ fprintf(json, "}}\n");
+ }
+
+ exit:
diff --git a/debian/patches/Merge-abstractions-nvidia-allow-reading-pid-comm.patch b/debian/patches/Merge-abstractions-nvidia-allow-reading-pid-comm.patch
new file mode 100644
index 0000000000000000000000000000000000000000..eed1502819a7cffd578e23f380ce3eb91c580e9b
--- /dev/null
+++ b/debian/patches/Merge-abstractions-nvidia-allow-reading-pid-comm.patch
@@ -0,0 +1,95 @@
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 27 Nov 2022 13:06:35 +0000
+Subject: Merge abstractions/nvidia: allow reading @{pid}/comm
+
+On Debian Sid, NVIDIA driver spams log with:
+
+```
+type=AVC msg=audit(1669542108.552:11855): apparmor="DENIED"
+operation="open" profile="qtox" name="/proc/21222/comm" pid=21222
+comm="qtox" requested_mask="r" denied_mask="r" fsuid=1000
+ouid=1000FSUID="vincas" OUID="vincas"
+```
+
+```
+type=AVC msg=audit(1669541506.703:11329): apparmor="DENIED"
+operation="open" profile="skypeforlinux" name="/proc/19851/comm"
+pid=19851 comm="skypeforlinux" requested_mask="r" denied_mask="r"
+fsuid=1000 ouid=1000FSUID="vincas" OUID="vincas"
+```
+
+Read is initiated within libnvidia-glcore.so:
+
+```
+Thread 1 "qtox" hit Catchpoint 1 (call to syscall openat), 0x00007fb797b16ed0 in __libc_open64 (file=file@entry=0x7fb742adbb50 "/proc/self/comm", oflag=0) at ../sysdeps/unix/sysv/linux/open64.c:41
+41 in ../sysdeps/unix/sysv/linux/open64.c
+$27 = 0x7fb742adbb50 "/proc/self/comm"
+0 0x00007fb797b16ed0 in __libc_open64 (file=file@entry=0x7fb742adbb50 "/proc/self/comm", oflag=0) at ../sysdeps/unix/sysv/linux/open64.c:41
+1 0x00007fb797aa0862 in __GI__IO_file_open (fp=fp@entry=0x55795176e600, filename=filename@entry=0x7fb742adbb50 "/proc/self/comm", posix_mode=<optimized out>, prot=prot@entry=438, read_write=8, is32not64=<optimized out>) at ./libio/fileops.c:188
+2 0x00007fb797aa0a1b in _IO_new_file_fopen (fp=fp@entry=0x55795176e600, filename=filename@entry=0x7fb742adbb50 "/proc/self/comm", mode=<optimized out>, mode@entry=0x7fb7428effe2 "r", is32not64=is32not64@entry=1) at ./libio/fileops.c:280
+3 0x00007fb797a950f9 in __fopen_internal (filename=0x7fb742adbb50 "/proc/self/comm", mode=0x7fb7428effe2 "r", is32=1) at ./libio/iofopen.c:75
+4 0x00007fb7423d791f in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
+5 0x00007fb7423d4515 in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
+6 0x00007fb7423d0226 in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
+7 0x00007fb7423e1961 in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
+8 0x00007fb74824bc79 in ?? () from /lib/x86_64-linux-gnu/libGLX_nvidia.so.0
+9 0x00007fb7482b1c56 in ?? () from /lib/x86_64-linux-gnu/libGLX_nvidia.so.0
+10 0x000000000000001d in ?? ()
+11 0x00005579518975f0 in ?? ()
+12 0x0000000000000001 in ?? ()
+13 0x00007fb74824b1eb in ?? () from /lib/x86_64-linux-gnu/libGLX_nvidia.so.0
+14 0x00005579518975f0 in ?? ()
+15 0x00007fb79b2dda79 in call_init (env=0x7ffd92d7aac8, argv=0x7ffd92d7aab8, argc=-1831363648, l=0x7fb748516f70) at ./elf/dl-init.c:56
+16 call_init (l=0x7fb748516f70, argc=-1831363648, argv=0x7ffd92d7aab8, env=0x7ffd92d7aac8) at ./elf/dl-init.c:26
+17 0x00007fb79b2ddba4 in _dl_init (main_map=0x5579518975f0, argc=1, argv=0x7ffd92d7aab8, env=0x7ffd92d7aac8) at ./elf/dl-init.c:117
+18 0x00007fb797b6def4 in __GI__dl_catch_exception (exception=<optimized out>, operate=<optimized out>, args=<optimized out>) at ./elf/dl-error-skeleton.c:182
+19 0x00007fb79b2e430e in dl_open_worker (a=a@entry=0x7ffd92d79f20) at ./elf/dl-open.c:808
+20 0x00007fb797b6de9a in __GI__dl_catch_exception (exception=<optimized out>, operate=<optimized out>, args=<optimized out>) at ./elf/dl-error-skeleton.c:208
+21 0x00007fb79b2e46a8 in _dl_open (file=0x557951888020 "libGLX_nvidia.so.0", mode=<optimized out>, caller_dlopen=0x7fb78d7d4d27, nsid=<optimized out>, argc=1, argv=0x7ffd92d7aab8, env=0x7ffd92d7aac8) at ./elf/dl-open.c:884
+22 0x00007fb797aa42d8 in dlopen_doit (a=a@entry=0x7ffd92d7a190) at ./dlfcn/dlopen.c:56
+23 0x00007fb797b6de9a in __GI__dl_catch_exception (exception=exception@entry=0x7ffd92d7a0f0, operate=<optimized out>, args=<optimized out>) at ./elf/dl-error-skeleton.c:208
+24 0x00007fb797b6df4f in __GI__dl_catch_error (objname=0x7ffd92d7a148, errstring=0x7ffd92d7a150, mallocedp=0x7ffd92d7a147, operate=<optimized out>, args=<optimized out>) at ./elf/dl-error-skeleton.c:227
+25 0x00007fb797aa3dc7 in _dlerror_run (operate=operate@entry=0x7fb797aa4280 <dlopen_doit>, args=args@entry=0x7ffd92d7a190) at ./dlfcn/dlerror.c:138
+26 0x00007fb797aa4389 in dlopen_implementation (dl_caller=<optimized out>, mode=<optimized out>, file=<optimized out>) at ./dlfcn/dlopen.c:71
+27 ___dlopen (file=<optimized out>, mode=<optimized out>) at ./dlfcn/dlopen.c:81
+28 0x00007fb78d7d4d27 in ?? () from /lib/x86_64-linux-gnu/libGLX.so.0
+29 0x00007fb78d7d6335 in ?? () from /lib/x86_64-linux-gnu/libGLX.so.0
+30 0x00007fb78d7cf9f8 in glXChooseFBConfig () from /lib/x86_64-linux-gnu/libGLX.so.0
+31 0x00007fb748646f6a in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so
+32 0x00007fb748644450 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so
+33 0x00007fb7486421b7 in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so
+34 0x00007fb79838262d in QOpenGLContext::create() () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
+35 0x00007fb74bb4303c in ?? () from /usr/lib/x86_64-linux-gnu/qt5/plugins/platformthemes/KDEPlasmaPlatformTheme.so
+36 0x00007fb797eb7aaf in qt_call_pre_routines () at kernel/qcoreapplication.cpp:317
+37 QCoreApplicationPrivate::init (this=<optimized out>) at kernel/qcoreapplication.cpp:849
+38 0x00007fb7983379dc in QGuiApplicationPrivate::init() () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
+39 0x00007fb798b684c9 in QApplicationPrivate::init() () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
+40 0x0000557950f1d597 in main ()
+```
+
+Add read rule to allow reading @{pid}/comm.
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/954
+Approved-by: Christian Boltz <apparmor@cboltz.de>
+Merged-by: Christian Boltz <apparmor@cboltz.de>
+
+
+(cherry picked from commit 2597fd5db85e482657c001f68a0d574ac2ba2fb7)
+
+948cbb56 abstractions/nvidia: allow reading @{pid}/comm
+---
+ profiles/apparmor.d/abstractions/nvidia | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
+index b2d475f..893ed09 100644
+--- a/profiles/apparmor.d/abstractions/nvidia
++++ b/profiles/apparmor.d/abstractions/nvidia
+@@ -26,6 +26,7 @@
+ owner @{HOME}/.nv/ w,
+ owner @{HOME}/.nv/GLCache/ rw,
+ owner @{HOME}/.nv/GLCache/** rwk,
++ owner @{PROC}/@{pid}/comm r, # somehwere in libnvidia-glcore.so
+
+ unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
+
diff --git a/debian/patches/Merge-lsb_release-allow-cat-and-cut.patch b/debian/patches/Merge-lsb_release-allow-cat-and-cut.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d9db70317f561b8afe96ad7a6daab76aeb197b96
--- /dev/null
+++ b/debian/patches/Merge-lsb_release-allow-cat-and-cut.patch
@@ -0,0 +1,59 @@
+From: Christian Boltz <apparmor@cboltz.de>
+Date: Sun, 27 Nov 2022 13:00:07 +0000
+Subject: Merge lsb_release: allow cat and cut
+
+lsb_release fails on Debian Sid:
+
+```
+$ sudo aa-exec -p lsb_release lsb_release
+/usr/bin/lsb_release: 70: cut: Permission denied
+/usr/bin/lsb_release: 70: cut: Permission denied
+```
+
+```
+$ sudo aa-exec -p lsb_release lsb_release -h
+/usr/bin/lsb_release: 11: cat: Permission denied
+```
+
+```
+type=AVC msg=audit(1669540199.087:2680): apparmor="DENIED"
+operation="exec" profile="lsb_release" name="/usr/bin/cut" pid=17419
+comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0
+ouid=0FSUID="root" OUID="root"
+```
+
+```
+type=AVC msg=audit(1669540392.244:2944): apparmor="DENIED"
+operation="exec" profile="lsb_release" name="/usr/bin/cat" pid=17847
+comm="lsb_release" requested_mask="x" denied_mask="x" fsuid=0
+ouid=0FSUID="root" OUID="root"
+```
+
+Update profile to allow lsb_release script to invoke required
+executables.
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/953
+Approved-by: Christian Boltz <apparmor@cboltz.de>
+Merged-by: Christian Boltz <apparmor@cboltz.de>
+
+
+(cherry picked from commit 495f68c797ac7254e62e77d3ee8a4b91b8aa1767)
+
+f596a176 lsb_release: allow cat and cut
+---
+ profiles/apparmor.d/lsb_release | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
+index ad8b998..421a52f 100644
+--- a/profiles/apparmor.d/lsb_release
++++ b/profiles/apparmor.d/lsb_release
+@@ -30,6 +30,8 @@ profile lsb_release {
+ /{usr/,}bin/dash ixr,
+ /usr/bin/basename ixr,
+ /usr/bin/dpkg-query ixr,
++ /usr/bin/cat ixr,
++ /usr/bin/cut ixr,
+ /usr/bin/getopt ixr,
+ /usr/bin/sed ixr,
+ /usr/bin/tr ixr,
diff --git a/debian/patches/Merge-regression-tests-fix-bogon-patch-characters-in-Make.patch b/debian/patches/Merge-regression-tests-fix-bogon-patch-characters-in-Make.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b55a8648770c5f9260f37a897b7c615c63105f54
--- /dev/null
+++ b/debian/patches/Merge-regression-tests-fix-bogon-patch-characters-in-Make.patch
@@ -0,0 +1,43 @@
+From: John Johansen <john@jjmx.net>
+Date: Thu, 5 Jan 2023 00:44:37 +0000
+Subject: Merge regression tests: fix bogon patch characters in Makefile
+
+Commit 8cf3534a5 ("tests regression: fix failure on older versions of
+Make") from https://gitlab.com/apparmor/apparmor/-/merge_requests/639
+was incorrectly applied, including the `+` prefixes from the proposed
+patch. This causes the sysctl syscall() checks to not correctly be
+applied and results in a mismatch of expectations in the
+syscall_sysctl.sh test script, causing it and the testsuite to fail.
+
+Thus, remove the bogon `+` characters from the Makefile, to make
+USE_SYSCTL be set correctly.
+
+Fixes: 8cf3534a5 ("tests regression: fix failure on older versions of Make")
+Signed-off-by: Steve Beattie <steve.beattie@canonical.com>
+
+MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/963
+Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
+Approved-by: Christian Boltz <apparmor@cboltz.de>
+Approved-by: John Johansen <john@jjmx.net>
+Merged-by: John Johansen <john@jjmx.net>
+(cherry picked from commit f0bc1a89a4cf52678b58525c7bf3d0f38e01ae54)
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ tests/regression/apparmor/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
+index 5c275a3..384417a 100644
+--- a/tests/regression/apparmor/Makefile
++++ b/tests/regression/apparmor/Makefile
+@@ -67,8 +67,8 @@ system aa-exec by adding USE_SYSTEM=1 to your make command.${nl}\
+ LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
+ endif # USE_SYSTEM
+
+-+SYSCTL_INCLUDE="\#include <sys/sysctl.h>"
+-+USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
++SYSCTL_INCLUDE="\#include <sys/sysctl.h>"
++USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
+
+ CFLAGS += -g -O0 $(EXTRA_WARNINGS)
+
diff --git a/debian/patches/debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch b/debian/patches/debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
index 71cb3d4559e1cc9758445192877629aba2a8dce7..d8545dbd0a8f9662f2fdc09d9237d5dfbd33e0b0 100644
--- a/debian/patches/debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
+++ b/debian/patches/debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
@@ -9,7 +9,7 @@ Forwarded: not-needed
1 file changed, 12 insertions(+)
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
-index 59ac72c..2f484cd 100644
+index c4ba078..39a86bb 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -33,6 +33,18 @@ programs and are fed to the AppArmor policy enforcement module using
@@ -30,4 +30,4 @@ index 59ac72c..2f484cd 100644
+
=head1 FORMAT
- The following is a BNF-style description of AppArmor policy
+ AppArmor policy is written in a declarative language, in which the
diff --git a/debian/patches/debian-only/pin-feature-set.patch b/debian/patches/debian-only/pin-feature-set.patch
index b5e7c86a8aaec482b4f65272a4c938774e820dbb..9544279d5358ec9aff884548662726722aa16778 100644
--- a/debian/patches/debian-only/pin-feature-set.patch
+++ b/debian/patches/debian-only/pin-feature-set.patch
@@ -5,21 +5,23 @@ Subject: pin the AppArmor feature set to the one shipped by the apparmor
Let's smooth UX on kernel upgrades and allow ourselves to update the AppArmor
policy in a relaxed manner.
-Bug-Debian: https://bugs.debian.org/879584
+Bug-Debian: https://bugs.debian.org/879584
Forwarded: not-needed
---
- parser/parser.conf | 4 ++++
- 1 file changed, 4 insertions(+)
+ parser/parser.conf | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/parser/parser.conf b/parser/parser.conf
-index 641cf1d..58d0d2d 100644
+index 1d1c0da..43598d4 100644
--- a/parser/parser.conf
+++ b/parser/parser.conf
-@@ -59,3 +59,7 @@
- ## Adjust compression
- #Optimize=compress-small
- #Optimize=compress-fast
+@@ -76,4 +76,8 @@
+ #policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla
+
+ ## Pin older policy to the 5.4 kernel abi + out of tree network and af_unix
+-#policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network
++#policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla
+
-+## Pin the policy feature set (avoid regressions when policy is lagging behind
++## Pin feature set (avoid regressions when policy is lagging behind
+## the kernel)
-+compile-features=/usr/share/apparmor-features/features
++policy-features=/usr/share/apparmor-features/features
diff --git a/debian/patches/debian/Enable-writing-cache.patch b/debian/patches/debian/Enable-writing-cache.patch
index a157ad0068a39a21c2086ac99c14d939d20ed82d..047f0866e16e28ab703342d65c6c84774834a207 100644
--- a/debian/patches/debian/Enable-writing-cache.patch
+++ b/debian/patches/debian/Enable-writing-cache.patch
@@ -1,18 +1,20 @@
From: intrigeri <intrigeri@boum.org>
Date: Fri, 28 Dec 2018 16:20:24 +0000
Subject: Enable writing cache.
+
Forwarded: not-needed
+
---
parser/rc.apparmor.functions | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 3e35aeb..74b6bc8 100644
+index 8dec7f6..8382212 100644
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
-@@ -33,7 +33,7 @@
+@@ -32,7 +32,7 @@
+ # Some nice defines that we use
- MODULE=apparmor
PARSER=/sbin/apparmor_parser
-PARSER_OPTS=
+PARSER_OPTS=--write-cache
diff --git a/debian/patches/debian/Make-the-systemd-unit-a-no-op-in-containers-with-no-inter.patch b/debian/patches/debian/Make-the-systemd-unit-a-no-op-in-containers-with-no-inter.patch
deleted file mode 100644
index 799e4f4fbfcb12168e49f29e020055b742380cc0..0000000000000000000000000000000000000000
--- a/debian/patches/debian/Make-the-systemd-unit-a-no-op-in-containers-with-no-inter.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Tue, 30 Oct 2018 16:46:52 +0000
-Subject: Make the systemd unit a no-op in containers with no internal policy.
-
-Forwarded: no (Debian/Ubuntu specific)
-
----
- parser/apparmor.systemd | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/parser/apparmor.systemd b/parser/apparmor.systemd
-index aa81ca8..09d5792 100644
---- a/parser/apparmor.systemd
-+++ b/parser/apparmor.systemd
-@@ -71,6 +71,13 @@ fi
-
- case "$1" in
- start)
-+ if [ -x /usr/bin/systemd-detect-virt ] && \
-+ systemd-detect-virt --quiet --container && \
-+ ! is_container_with_internal_policy; then
-+ aa_log_daemon_msg "Not starting AppArmor in container"
-+ aa_log_end_msg 0
-+ exit 0
-+ fi
- apparmor_start
- rc=$?
- ;;
-@@ -79,6 +86,13 @@ case "$1" in
- rc=$?
- ;;
- restart|reload|force-reload)
-+ if [ -x /usr/bin/systemd-detect-virt ] && \
-+ systemd-detect-virt --quiet --container && \
-+ ! is_container_with_internal_policy; then
-+ aa_log_daemon_msg "Not starting AppArmor in container"
-+ aa_log_end_msg 0
-+ exit 0
-+ fi
- apparmor_restart
- rc=$?
- ;;
diff --git a/debian/patches/debian/add-debian-integration-to-lighttpd.patch b/debian/patches/debian/add-debian-integration-to-lighttpd.patch
index d5e22870cef9435a14208fc09316bdd8f2a634c5..c8f80c73e0cc7f11eaf167801941b1ae76736fda 100644
--- a/debian/patches/debian/add-debian-integration-to-lighttpd.patch
+++ b/debian/patches/debian/add-debian-integration-to-lighttpd.patch
@@ -5,26 +5,18 @@ Subject: Add entries for lighttpd to work in a Debian/Ubuntu install
Forwarded: no (Debian/Ubuntu specific)
Ubuntu-Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/582814
---
- profiles/apparmor/profiles/extras/usr.sbin.lighttpd | 10 ++++++++++
- 1 file changed, 10 insertions(+)
+ profiles/apparmor/profiles/extras/usr.sbin.lighttpd | 1 +
+ 1 file changed, 1 insertion(+)
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
-index 7fa27e2..41dfea6 100644
+index af11fb5..c21b95c 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
-@@ -52,5 +52,15 @@
- /{usr/,}bin/bash mix,
- /{usr/,}bin/zsh mix,
+@@ -60,6 +60,7 @@ include <tunables/global>
/{usr/,}bin/cat mix,
-+
-+ # Debian/Ubuntu integration in default installation
-+ #include <abstractions/perl>
-+ /etc/mime.types r,
-+ /usr/share/lighttpd/ r,
-+ /usr/share/lighttpd/*.pl rmix,
-+ /etc/lighttpd/conf-available/ r,
-+ /etc/lighttpd/conf-available/*.conf r,
-+ /etc/lighttpd/conf-enabled/ r,
-+ /etc/lighttpd/conf-enabled/*.conf r,
- }
+ # Debian/Ubuntu integration in default installation
++ include <abstractions/perl>
+ /etc/mime.types r,
+ /usr/share/lighttpd/ r,
+ /usr/share/lighttpd/*.pl mrix,
diff --git a/debian/patches/debian/allow-access-to-ibus-socket.patch b/debian/patches/debian/allow-access-to-ibus-socket.patch
deleted file mode 100644
index 44b2bb4c3909248bb432582d52f7e7b392b1d937..0000000000000000000000000000000000000000
--- a/debian/patches/debian/allow-access-to-ibus-socket.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Jamie Strandboge <jamie@ubuntu.com>
-Date: Mon, 29 Jan 2018 12:26:43 +0000
-Subject: Allow access to the Ubuntu-specific path for ibus-daemon
-
-im-config, in Ubuntu, was modified to start the ibus-daemon with the
-"--address 'unix:tmpdir=/tmp/ibus'" command line option. It previously
-used a UNIX domain socket path that was indistinguishable from the
-session bus daemon's path. This patch adjusts the ibus abstraction so
-that access to the new path can be granted to confined ibus-daemon
-client applications.
-
-Later updated for ibus 1.5.22, due to LP: #1856738
-
-Bug-Ubuntu: https://launchpad.net/bugs/1580463
-Forwarded: not-needed
-
-Forwarded: no
----
- profiles/apparmor.d/abstractions/ibus | 14 ++++++++++++++
- 1 file changed, 14 insertions(+)
-
-diff --git a/profiles/apparmor.d/abstractions/ibus b/profiles/apparmor.d/abstractions/ibus
-index c76fe3b..a4431b9 100644
---- a/profiles/apparmor.d/abstractions/ibus
-+++ b/profiles/apparmor.d/abstractions/ibus
-@@ -13,3 +13,17 @@
- owner @{HOME}/.config/ibus/ r,
- owner @{HOME}/.config/ibus/bus/ rw,
- owner @{HOME}/.config/ibus/bus/* rw,
-+
-+ # abstract path in ibus < 1.5.22 uses /tmp
-+ unix (connect, receive, send)
-+ type=stream
-+ peer=(addr="@/tmp/ibus/dbus-*"),
-+
-+ # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache)
-+ # This should use this, but due to LP: #1856738 we cannot
-+ #unix (connect, receive, send)
-+ # type=stream
-+ # peer=(addr="@@{HOME}/.cache/ibus/dbus-*"),
-+ unix (connect, receive, send)
-+ type=stream
-+ peer=(addr="@/home/*/.cache/ibus/dbus-*"),
diff --git a/debian/patches/debian/dont-include-site-local-with-dovecot.patch b/debian/patches/debian/dont-include-site-local-with-dovecot.patch
deleted file mode 100644
index 9627a1f498722c7f8e879c9b712ab7cb15ce9104..0000000000000000000000000000000000000000
--- a/debian/patches/debian/dont-include-site-local-with-dovecot.patch
+++ /dev/null
@@ -1,240 +0,0 @@
-From: Jamie Strandboge <jamie@canonical.com>
-Date: Mon, 25 May 2020 08:11:06 +0000
-Subject: Don't include /etc/apparmor.d/local in the dovecot extra profiles
-
-since the directory may not exist (breaks QRT)
-Forwarded: no
----
- profiles/apparmor.d/usr.lib.dovecot.anvil | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.auth | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.config | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.deliver | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.dict | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.dovecot-auth | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.imap | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.imap-login | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.lmtp | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.log | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.managesieve | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.managesieve-login | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.pop3 | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.pop3-login | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.script-login | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.ssl-params | 2 +-
- profiles/apparmor.d/usr.lib.dovecot.stats | 2 +-
- profiles/apparmor.d/usr.sbin.dovecot | 2 +-
- 19 files changed, 19 insertions(+), 19 deletions(-)
-
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.anvil b/profiles/apparmor.d/usr.lib.dovecot.anvil
-index 5b0fba6..558a1a5 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.anvil
-+++ b/profiles/apparmor.d/usr.lib.dovecot.anvil
-@@ -25,5 +25,5 @@
- /usr/lib/dovecot/anvil mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.anvil>
-+ ## include <local/usr.lib.dovecot.anvil>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
-index 2545ede..eb48ec3 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.auth
-+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
-@@ -53,5 +53,5 @@
- /var/spool/postfix/private/auth rw,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.auth>
-+ ## include <local/usr.lib.dovecot.auth>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
-index 9368675..96eea78 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.config
-+++ b/profiles/apparmor.d/usr.lib.dovecot.config
-@@ -28,5 +28,5 @@
- /var/lib/dovecot/ssl-parameters.dat r,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.config>
-+ ## include <local/usr.lib.dovecot.config>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.deliver b/profiles/apparmor.d/usr.lib.dovecot.deliver
-index dcfcdbe..aad8f15 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.deliver
-+++ b/profiles/apparmor.d/usr.lib.dovecot.deliver
-@@ -33,5 +33,5 @@
- /usr/lib/dovecot/deliver mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.deliver>
-+ ## include <local/usr.lib.dovecot.deliver>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.dict b/profiles/apparmor.d/usr.lib.dovecot.dict
-index 5eb9476..ad32b46 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.dict
-+++ b/profiles/apparmor.d/usr.lib.dovecot.dict
-@@ -28,5 +28,5 @@
- /usr/lib/dovecot/dict mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.dict>
-+ ## include <local/usr.lib.dovecot.dict>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
-index 041e46b..653e5ea 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
-+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
-@@ -29,5 +29,5 @@
- /var/spool/postfix/private/dovecot-auth w,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.dovecot-auth>
-+ ## include <local/usr.lib.dovecot.dovecot-auth>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
-index b0450df..45a6df9 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
-+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
-@@ -34,7 +34,7 @@
- /usr/share/dovecot/protocols.d/** r,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.dovecot-lda>
-+ ## include <local/usr.lib.dovecot.dovecot-lda>
-
-
- profile sendmail /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
-index db3f9e9..22c69d2 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.imap
-+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
-@@ -42,5 +42,5 @@
- /{,var/}run/dovecot/mounts r,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.imap>
-+ ## include <local/usr.lib.dovecot.imap>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap-login b/profiles/apparmor.d/usr.lib.dovecot.imap-login
-index 9b7ed74..29d8873 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.imap-login
-+++ b/profiles/apparmor.d/usr.lib.dovecot.imap-login
-@@ -31,5 +31,5 @@
- /{,var/}run/dovecot/login/* rw,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.imap-login>
-+ ## include <local/usr.lib.dovecot.imap-login>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
-index 5ae6e61..0245673 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
-+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
-@@ -35,5 +35,5 @@
- /{var/,}run/dovecot/mounts r,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.lmtp>
-+ ## include <local/usr.lib.dovecot.lmtp>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.log b/profiles/apparmor.d/usr.lib.dovecot.log
-index 3108606..e58b41c 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.log
-+++ b/profiles/apparmor.d/usr.lib.dovecot.log
-@@ -18,5 +18,5 @@
- /usr/lib/dovecot/log mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.log>
-+ ## include <local/usr.lib.dovecot.log>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
-index 8ce9fae..6ba5a71 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
-+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
-@@ -30,5 +30,5 @@
- /usr/lib/dovecot/managesieve mrix,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.managesieve>
-+ ## include <local/usr.lib.dovecot.managesieve>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
-index 4504fd9..b5bfaad 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
-+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
-@@ -33,5 +33,5 @@
- /{,var/}run/dovecot/login/* rw,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.managesieve-login>
-+ ## include <local/usr.lib.dovecot.managesieve-login>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
-index ae3d73a..dbe10d2 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.pop3
-+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
-@@ -27,5 +27,5 @@
- /usr/lib/dovecot/pop3 mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.pop3>
-+ ## include <local/usr.lib.dovecot.pop3>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
-index 7d6cbed..a509736 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
-+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
-@@ -31,5 +31,5 @@
- /{,var/}run/dovecot/login/* rw,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.pop3-login>
-+ ## include <local/usr.lib.dovecot.pop3-login>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.script-login b/profiles/apparmor.d/usr.lib.dovecot.script-login
-index 3b04689..c3cf8a1 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.script-login
-+++ b/profiles/apparmor.d/usr.lib.dovecot.script-login
-@@ -28,6 +28,6 @@ profile dovecot-script-login /usr/lib/dovecot/script-login {
- # and then to create the profile for the script.
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.script-login>
-+ ## include <local/usr.lib.dovecot.script-login>
- }
-
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.ssl-params b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
-index b6cb8dc..b66ed65 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.ssl-params
-+++ b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
-@@ -22,5 +22,5 @@
- /var/lib/dovecot/ssl-parameters.dat.tmp rwk,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.ssl-params>
-+ ## include <local/usr.lib.dovecot.ssl-params>
- }
-diff --git a/profiles/apparmor.d/usr.lib.dovecot.stats b/profiles/apparmor.d/usr.lib.dovecot.stats
-index 151e4ed..2942d6d 100644
---- a/profiles/apparmor.d/usr.lib.dovecot.stats
-+++ b/profiles/apparmor.d/usr.lib.dovecot.stats
-@@ -21,5 +21,5 @@
- /usr/lib/dovecot/stats mr,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.lib.dovecot.stats>
-+ ## include <local/usr.lib.dovecot.stats>
- }
-diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
-index ec3296a..5c6c7e9 100644
---- a/profiles/apparmor.d/usr.sbin.dovecot
-+++ b/profiles/apparmor.d/usr.sbin.dovecot
-@@ -73,5 +73,5 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
- link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,
-
- # Site-specific additions and overrides. See local/README for details.
-- #include <local/usr.sbin.dovecot>
-+ ## include <local/usr.sbin.dovecot>
- }
diff --git a/debian/patches/debian/etc-writable.patch b/debian/patches/debian/etc-writable.patch
index 1dca3ad392b5f21bffb347a375ca756b470221a5..807f2ddcfdbe23ff2f3c5f9eba50363eec14219c 100644
--- a/debian/patches/debian/etc-writable.patch
+++ b/debian/patches/debian/etc-writable.patch
@@ -12,22 +12,22 @@ Bug-Ubuntu: https://launchpad.net/bugs/1227520
3 files changed, 4 insertions(+)
diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
-index fabb427..1dc77a3 100644
+index 4853bef..9100968 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
-@@ -30,6 +30,7 @@
- /etc/locale/** r,
- /etc/locale.alias r,
- /etc/localtime r,
+@@ -32,6 +32,7 @@
+ @{etc_ro}/locale/** r,
+ @{etc_ro}/locale.alias r,
+ @{etc_ro}/localtime r,
+ /etc/writable/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
/usr/share/locale/** r,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
-index 8193a5c..e0a67cf 100644
+index 507d62a..ae93c75 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
-@@ -37,6 +37,7 @@
+@@ -39,6 +39,7 @@
/etc/lsb-release r,
/etc/ssl/certs/java/* r,
/etc/timezone r,
@@ -35,7 +35,7 @@ index 8193a5c..e0a67cf 100644
@{PROC}/@{pid}/ r,
@{PROC}/@{pid}/fd/ r,
-@@ -84,6 +85,7 @@
+@@ -86,6 +87,7 @@
/etc/lsb-release r,
/etc/ssl/certs/java/* r,
/etc/timezone r,
@@ -44,10 +44,10 @@ index 8193a5c..e0a67cf 100644
@{PROC}/@{pid}/ r,
@{PROC}/@{pid}/fd/ r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
-index 8f3bf56..68bf1ea 100644
+index 6d869d6..9678543 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
-@@ -38,6 +38,7 @@
+@@ -40,6 +40,7 @@ include <tunables/global>
/tmp/.X[0-9]*-lock r,
/etc/timezone r,
diff --git a/debian/patches/debian/libapparmor-layout-deb.patch b/debian/patches/debian/libapparmor-layout-deb.patch
index f0072966c0c433778f6ec38b6cd034fe2261521f..86365e3751f20272c7f5a3e8adec8b0af647fc14 100644
--- a/debian/patches/debian/libapparmor-layout-deb.patch
+++ b/debian/patches/debian/libapparmor-layout-deb.patch
@@ -1,20 +1,20 @@
From: Jamie Strandboge <jamie@canonical.com>
Date: Mon, 29 Jan 2018 12:26:43 +0000
Subject: always install python modules in the proper location when creating
+ deb files
-deb files
-Forwarded: no (Debian/Ubuntu specific)
+Forwarded: not-needed
---
libraries/libapparmor/swig/python/Makefile.am | 2 +-
utils/Makefile | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libraries/libapparmor/swig/python/Makefile.am b/libraries/libapparmor/swig/python/Makefile.am
-index 421acba..3326edb 100644
+index 04edff0..1a03b82 100644
--- a/libraries/libapparmor/swig/python/Makefile.am
+++ b/libraries/libapparmor/swig/python/Makefile.am
-@@ -14,7 +14,7 @@ all-local: libapparmor_wrap.c setup.py
- $(PYTHON) setup.py build
+@@ -17,7 +17,7 @@ all-local: libapparmor_wrap.c setup.py
+ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
install-exec-local:
- $(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
@@ -23,7 +23,7 @@ index 421acba..3326edb 100644
clean-local:
if test -x "$(PYTHON)"; then $(PYTHON) setup.py clean; fi
diff --git a/utils/Makefile b/utils/Makefile
-index 35ae88c..eab6543 100644
+index 1f08f25..86fea54 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -58,7 +58,7 @@ install: ${MANPAGES} ${HTMLMANPAGES}
@@ -31,7 +31,7 @@ index 35ae88c..eab6543 100644
$(MAKE) install_manpages DESTDIR=${DESTDIR}
$(MAKE) -C vim install DESTDIR=${DESTDIR}
- ${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
-+ ${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --install-layout=deb --version=${VERSION}
++ ${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --install-layout=deb --version=${VERSION}
.PHONY: clean
ifndef VERBOSE
diff --git a/debian/patches/debian/smbd-include-snippet-generated-at-runtime.patch b/debian/patches/debian/smbd-include-snippet-generated-at-runtime.patch
deleted file mode 100644
index 8d7d843110e0ce1f5776deb90dae3d5e2887c3e6..0000000000000000000000000000000000000000
--- a/debian/patches/debian/smbd-include-snippet-generated-at-runtime.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Sun, 24 Feb 2019 17:42:16 +0000
-Subject: smbd: include snippet generated at runtime
-Forwarded: not-needed
-
----
- profiles/apparmor.d/usr.sbin.smbd | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
-index f46e80e..1c49c9c 100644
---- a/profiles/apparmor.d/usr.sbin.smbd
-+++ b/profiles/apparmor.d/usr.sbin.smbd
-@@ -55,6 +55,10 @@ profile smbd /usr/{bin,sbin}/smbd {
-
- @{HOMEDIRS}/** lrwk,
-
-+ # Permissions for all configured shares (file autogenerated by
-+ # update-apparmor-samba-profile on service startup.
-+ #include if exists <samba/smbd-shares>
-+
- # Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.smbd>
- }
diff --git a/debian/patches/fix-expected-library-version.patch b/debian/patches/fix-expected-library-version.patch
new file mode 100644
index 0000000000000000000000000000000000000000..96ca510644c9f32ea7f2951ed0ea4335622d0d5f
--- /dev/null
+++ b/debian/patches/fix-expected-library-version.patch
@@ -0,0 +1,22 @@
+From: John Johansen <john.johansen@canonical.com>
+Date: Mon, 21 Nov 2022 17:09:28 -0800
+Subject: libapparmor: fix expect library version to bump in 3.0.8 release
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ libraries/libapparmor/src/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
+index 4511bba..ef8a45e 100644
+--- a/libraries/libapparmor/src/Makefile.am
++++ b/libraries/libapparmor/src/Makefile.am
+@@ -29,7 +29,7 @@ INCLUDES = $(all_includes)
+ AA_LIB_CURRENT = 9
+ AA_LIB_REVISION = 4
+ AA_LIB_AGE = 8
+-EXPECTED_SO_NAME = libapparmor.so.1.8.3
++EXPECTED_SO_NAME = libapparmor.so.1.8.4
+
+ SUFFIXES = .pc.in .pc
+
diff --git a/debian/patches/lp1824812.patch b/debian/patches/lp1824812.patch
deleted file mode 100644
index 03c0207f8a38fc26d63b74a776921bf2fac25503..0000000000000000000000000000000000000000
--- a/debian/patches/lp1824812.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Jamie Strandboge <jamie@canonical.com>
-Date: Mon, 25 May 2020 08:11:06 +0000
-Subject: set SFS_MOUNTPOINT in is_container_with_internal_policy() since it
-
-Bug: https://launchpad.net/bugs/1824812
-Forwarded: yes
-
-is sometimes called before is_apparmor_loaded()
----
- parser/rc.apparmor.functions | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 73f6a84..3e35aeb 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -80,6 +80,9 @@ is_apparmor_present() {
- # process should continue without any loss of functionality. This is an
- # unsupported configuration that cannot be properly handled by this function.
- is_container_with_internal_policy() {
-+ # this function is sometimes called independently of
-+ # is_apparmor_loaded(), so define this here.
-+ SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
- local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
- local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
- local ns_stacked
diff --git a/debian/patches/series b/debian/patches/series
index c425b8fd6a437cfc3a8bcd8e1b8ef0a9f06b128b..05a8d107abc41cf97e78764d83840278263efbff 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,23 +1,19 @@
-upstream-commit-1244b81-limit-expr-tree-simplification-passes.patch
-upstream-commit-0d5ab43-rc.apparmor.functions-drop-module-loading-support.patch
-upstream-commit-94ff870-remove-subdomainfs-support.patch
-upstream-commit-3a89e98-Remove-traces-of-aa-eventd.patch
-upstream-commit-7ba8dc7-Drop-APPARMOR_ENABLE_AAEVENTD.patch
-upstream-mr-252-Make-rc.apparmor.functions-suitable-for-Debian-and-Ubuntu.patch
-lp1824812.patch
-Avoid-blhc-CPPFLAGS-missing-false-positive.patch
-upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch
-upstream-commit-8f9046b-port-aa-status-to-c.patch
+fix-expected-library-version.patch
+Merge-lsb_release-allow-cat-and-cut.patch
+Merge-abstractions-nvidia-allow-reading-pid-comm.patch
+Merge-aa-status-Fix-malformed-json-output-with-unconfined.patch
+Merge-regression-tests-fix-bogon-patch-characters-in-Make.patch
+Merge-Add-pipewire-client.conf-to-audio-abstractions.patch
+Merge-Extend-crypto-and-ssl_certs-abstractions.patch
+Merge-Fix-Opening-links-with-Brave.patch
debian/add-debian-integration-to-lighttpd.patch
debian/libapparmor-layout-deb.patch
debian/etc-writable.patch
-debian/allow-access-to-ibus-socket.patch
debian/Enable-writing-cache.patch
-debian/Make-the-systemd-unit-a-no-op-in-containers-with-no-inter.patch
-debian/smbd-include-snippet-generated-at-runtime.patch
-debian/dont-include-site-local-with-dovecot.patch
debian-only/pin-feature-set.patch
debian-only/aa-notify-point-to-Debian-documentation.patch
debian-only/Document-which-AppArmor-features-are-not-supported-on-Deb.patch
-# ubuntu/libnss-systemd.patch
-# ubuntu/stop-loading-snapd-profiles.patch
+# ubuntu/communitheme-snap-support.patch
+# ubuntu/mimeinfo-snap-support.patch
+# ubuntu/profiles-grant-access-to-systemd-resolved.patch
+# ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch
diff --git a/debian/patches/ubuntu/communitheme-snap-support.patch b/debian/patches/ubuntu/communitheme-snap-support.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d347f2cfbdfc38163b78c7dee488164df07189e5
--- /dev/null
+++ b/debian/patches/ubuntu/communitheme-snap-support.patch
@@ -0,0 +1,37 @@
+From: Didier Roche <didier.roche@canonical.com>
+Date: Wed, 11 Apr 2018 10:25:10 +0000
+Subject: add communitheme snap support
+Bug-Ubuntu: https://launchpad.net/bugs/1762983
+
+Forwarded: no
+---
+ profiles/apparmor.d/abstractions/freedesktop.org | 4 ++++
+ profiles/apparmor.d/abstractions/gnome | 4 ++++
+ 2 files changed, 8 insertions(+)
+
+--- apparmor-3.0.0-beta1.orig/profiles/apparmor.d/abstractions/freedesktop.org
++++ apparmor-3.0.0-beta1/profiles/apparmor.d/abstractions/freedesktop.org
+@@ -16,6 +16,10 @@
+ @{system_share_dirs}/icons/{**,} r,
+ @{system_share_dirs}/pixmaps/{**,} r,
+
++ # communitheme snap
++ /snap/communitheme/*/share/icons/ r,
++ /snap/communitheme/*/share/icons/** r,
++
+ # this should probably go elsewhere
+ @{system_share_dirs}/mime/** r,
+
+--- apparmor-3.0.0-beta1.orig/profiles/apparmor.d/abstractions/gnome
++++ apparmor-3.0.0-beta1/profiles/apparmor.d/abstractions/gnome
+@@ -31,6 +31,10 @@
+ /usr/share/themes/** r,
+ /usr/share/gtk-3.0/settings.ini r,
+
++ # communitheme snap
++ /snap/communitheme/*/share/themes/ r,
++ /snap/communitheme/*/share/themes/** r,
++
+ # for gnome 1 applications
+ /etc/orbitrc r,
+
diff --git a/debian/patches/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch b/debian/patches/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch
new file mode 100644
index 0000000000000000000000000000000000000000..87ef14a1f7506c3a855116260ef17be51a6b61d0
--- /dev/null
+++ b/debian/patches/ubuntu/enable-pinning-of-pre-AppArmor-3.x-poli.patch
@@ -0,0 +1,36 @@
+From cfc0e1a7a7fe69e30c73c49afccc4a1dd4a139e0 Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Thu, 27 Aug 2020 09:53:54 -0700
+Subject: [PATCH 2/2] UBUNTU: SAUCE: enable pinning of pre AppArmor 3.x policy
+
+Ubuntu several packages that are shipping policy that has not been
+updated for AppArmor 3 and abi rules.
+
+Pin the policy to the out of tree networking abi as Ubuntu carried
+the out of tree networking patches. Pinning the policy is needed
+to address two issues.
+1. Silence policy load warnings
+
+ Warning from stdin (stdin line 1): apparmor_parser: File 'example'
+ missing feature abi, falling back to default policy feature abi.
+
+2. Ubuntu policy expects to be able to use network, unix, and dbus
+ rules but without pinning the abi these rules will either be
+ silently dropped or the policy will fail to compile.
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ parser/parser.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/parser/parser.conf
++++ b/parser/parser.conf
+@@ -68,7 +68,7 @@
+
+ ### Only a single feature ABI rule should be used at a time.
+ ## Pin older policy to the 5.4 kernel abi
+-#policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network
++policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network
+
+ ## Pin older policy to the 5.4 kernel abi + out of tree network and af_unix
+ #policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla
diff --git a/debian/patches/ubuntu/libnss-systemd.patch b/debian/patches/ubuntu/libnss-systemd.patch
deleted file mode 100644
index 5f4d01f2ecc6da12e74ee9803580a9094b3c8488..0000000000000000000000000000000000000000
--- a/debian/patches/ubuntu/libnss-systemd.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Author: Jamie Strandboge <jamie@ubuntu.com>
-Description: allow accessing the libnss-systemd VarLink sockets and
- and DBus APIs
-Bug-Ubuntu: https://launchpad.net/bugs/1796911
-Bug-Ubuntu: https://launchpad.net/bugs/1869024
-Index: apparmor-2.13.3/profiles/apparmor.d/abstractions/nameservice
-===================================================================
---- apparmor-2.13.3.orig/profiles/apparmor.d/abstractions/nameservice
-+++ apparmor-2.13.3/profiles/apparmor.d/abstractions/nameservice
-@@ -106,6 +106,29 @@
- member="Resolve{Address,Hostname,Record,Service}"
- peer=(name="org.freedesktop.resolve1"),
-
-+ # libnss-systemd
-+ #
-+ # https://systemd.io/USER_GROUP_API/
-+ # https://systemd.io/USER_RECORD/
-+ # https://www.freedesktop.org/software/systemd/man/nss-systemd.html
-+ #
-+ # Allow User/Group lookups via common VarLink socket APIs. Applications need
-+ # to either consult all of them or the io.systemd.Multiplexer frontend.
-+ /run/systemd/userdb/ r,
-+ /run/systemd/userdb/io.systemd.Multiplexer rw,
-+ /run/systemd/userdb/io.systemd.DynamicUser rw, # systemd-exec users
-+ /run/systemd/userdb/io.systemd.Home rw, # systemd-home dirs
-+ /run/systemd/userdb/io.systemd.NameServiceSwitch rw, # UNIX/glibc NSS
-+
-+ # Also allow lookups for systemd-exec's DynamicUsers via D-Bus
-+ # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-+ dbus send
-+ bus=system
-+ path="/org/freedesktop/systemd1"
-+ interface="org.freedesktop.systemd1.Manager"
-+ member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}"
-+ peer=(name="org.freedesktop.systemd1"),
-+
- # TCP/UDP network access
- network inet stream,
- network inet6 stream,
diff --git a/debian/patches/ubuntu/mimeinfo-snap-support.patch b/debian/patches/ubuntu/mimeinfo-snap-support.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e4e894111e856fde3b7f7a3fa01bad0c49465c9
--- /dev/null
+++ b/debian/patches/ubuntu/mimeinfo-snap-support.patch
@@ -0,0 +1,23 @@
+Author: Jamie Strandboge <jamie@canonical.com>
+Description: allow reading /var/lib/snapd/desktop/applications/*.desktop and
+ /var/lib/snapd/desktop/applications/mimeinfo.cache
+Bug-Ubuntu: https://launchpad.net/bugs/1712039
+Forwarded: no
+
+---
+ profiles/apparmor.d/abstractions/freedesktop.org | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- apparmor-3.0.0-beta1.orig/profiles/apparmor.d/abstractions/freedesktop.org
++++ apparmor-3.0.0-beta1/profiles/apparmor.d/abstractions/freedesktop.org
+@@ -20,6 +20,10 @@
+ /snap/communitheme/*/share/icons/ r,
+ /snap/communitheme/*/share/icons/** r,
+
++ # mimeinfo and desktop files for snaps
++ /var/lib/snapd/desktop/applications/mimeinfo.cache r,
++ /var/lib/snapd/desktop/applications/{,*.desktop} r,
++
+ # this should probably go elsewhere
+ @{system_share_dirs}/mime/** r,
+
diff --git a/debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch b/debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d7ebd0d05e44cae00220dc8251b20240dc65b722
--- /dev/null
+++ b/debian/patches/ubuntu/profiles-grant-access-to-systemd-resolved.patch
@@ -0,0 +1,57 @@
+From: Tyler Hicks <tyhicks@canonical.com>
+Date: Mon, 29 Jan 2018 12:45:10 +0000
+Subject: profiles: Grant access to systemd-resolved in the nameservice
+ abstraction
+
+https://launchpad.net/bugs/1598759
+
+Profiles that rely on the nameservice abstraction are experiencing
+denials on systems configured to use systemd-resolved via the
+libnss-resolve plugin.
+
+libnss-resolve talks to systemd-resolved over D-Bus and this patch
+attempts to only grant access to the safe members of the D-Bus API.
+
+Special considerations need to be made when applying this patch to most
+Linux distributions as many of them do not have the ability to perform
+fine-grained AppArmor mediation of D-Bus traffic. In those cases, any
+users of the nameservice abstraction (such as tcpdump or ntpd) will have
+full access to the D-Bus system bus once this change is applied to the
+nameservice abstraction.
+
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Acked-by: Seth Arnold <seth.arnold@canonical.com>
+Forwarded: https://lists.ubuntu.com/archives/apparmor/2016-October/010130.html
+Bug: https://launchpad.net/bugs/1598759
+---
+ profiles/apparmor.d/abstractions/nameservice | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+
+--- apparmor-3.0.0-beta1.orig/profiles/apparmor.d/abstractions/nameservice
++++ apparmor-3.0.0-beta1/profiles/apparmor.d/abstractions/nameservice
+@@ -101,6 +101,25 @@
+ member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}"
+ peer=(name="org.freedesktop.systemd1"),
+
++ # resolve
++ #
++ # Allow access to the safe members of the systemd-resolved D-Bus API:
++ #
++ # https://www.freedesktop.org/wiki/Software/systemd/resolved/
++ #
++ # This API may be used directly over the D-Bus system bus or it may be used
++ # indirectly via the nss-resolve plugin:
++ #
++ # https://www.freedesktop.org/software/systemd/man/nss-resolve.html
++ #
++ #include <abstractions/dbus-strict>
++ dbus send
++ bus=system
++ path="/org/freedesktop/resolve1"
++ interface="org.freedesktop.resolve1.Manager"
++ member="Resolve{Address,Hostname,Record,Service}"
++ peer=(name="org.freedesktop.resolve1"),
++
+ # TCP/UDP network access
+ network inet stream,
+ network inet6 stream,
diff --git a/debian/patches/ubuntu/stop-loading-snapd-profiles.patch b/debian/patches/ubuntu/stop-loading-snapd-profiles.patch
deleted file mode 100644
index 8308273b6d5700433240840838a3d3839ec9cbbc..0000000000000000000000000000000000000000
--- a/debian/patches/ubuntu/stop-loading-snapd-profiles.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Author: Jamie Strandboge <jamie@canonical.com>
-Description: snapd now loads its snap policy via its own systemd unit, so
- stop loading the snap policy in /var/lib/snapd/apparmor/profiles
-Bug-Ubuntu: https://launchpad.net/bugs/1871148
-
-Index: apparmor-2.13.3/parser/rc.apparmor.functions
-===================================================================
---- apparmor-2.13.3.orig/parser/rc.apparmor.functions
-+++ apparmor-2.13.3/parser/rc.apparmor.functions
-@@ -44,8 +44,8 @@ if [ -d /etc/apparmor.d ] ; then
- else
- aa_log_warning_msg "Unable to find profiles directory, installation problem?"
- fi
--ADDITIONAL_PROFILE_DIR=/var/lib/snapd/apparmor/profiles
--if [ -d "$ADDITIONAL_PROFILE_DIR" ]; then
-+ADDITIONAL_PROFILE_DIR=
-+if [ -n "$ADDITIONAL_PROFILE_DIR" ] && [ -d "$ADDITIONAL_PROFILE_DIR" ]; then
- PROFILE_DIRS="${PROFILE_DIRS} ${ADDITIONAL_PROFILE_DIR}"
- fi
- AA_STATUS=/usr/sbin/aa-status
diff --git a/debian/patches/upstream-commit-0d5ab43-rc.apparmor.functions-drop-module-loading-support.patch b/debian/patches/upstream-commit-0d5ab43-rc.apparmor.functions-drop-module-loading-support.patch
deleted file mode 100644
index 53b006f573dd64e23e685b7ef3d5cc5359f8ae6d..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-0d5ab43-rc.apparmor.functions-drop-module-loading-support.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 3 Nov 2018 07:15:16 -0700
-Subject: rc.apparmor.functions: drop module loading support
-
-The apparmor kernel "module" has not been a loadable module for more
-than a decade, it must be built into the kernel and due configuration
-requirements it will never go back to being a loadable module.
-
-Remove the long unfunctioning load_module support from the init script.
-
-PR: https://gitlab.com/apparmor/apparmor/merge_requests/257
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: seth.arnold@canonical.com
----
- parser/rc.apparmor.functions | 42 ++++++++----------------------------------
- 1 file changed, 8 insertions(+), 34 deletions(-)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 8c1c57c..875ca08 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -327,42 +327,16 @@ unmount_subdomainfs() {
- fi
- }
-
--load_module() {
-- local rc=0
-- if modinfo -F filename apparmor > /dev/null 2>&1 ; then
-- MODULE=apparmor
-- elif modinfo -F filename ${OLD_MODULE} > /dev/null 2>&1 ; then
-- MODULE=${OLD_MODULE}
-- fi
--
-- if ! is_apparmor_present apparmor subdomain ; then
-- aa_action "Loading AppArmor module" /sbin/modprobe -q $MODULE $1
-- rc=$?
-- if [ $rc -ne 0 ] ; then
-- module_panic
-- rc=$?
-- if [ $rc -ne 0 ] ; then
-- exit $rc
-- fi
-- fi
-- fi
--
-- if ! is_apparmor_loaded ; then
-- return 1
-- fi
--
-- return $rc
--}
--
- apparmor_start() {
- aa_log_daemon_msg "Starting AppArmor"
-- if ! is_apparmor_loaded ; then
-- load_module
-- rc=$?
-- if [ $rc -ne 0 ] ; then
-- aa_log_end_msg $rc
-- return $rc
-- fi
-+ if ! is_apparmor_present ; then
-+ aa_log_failure_msg "Starting AppArmor - failed, To enable AppArmor, ensure your kernel is configured with CONFIG_SECURITY_APPARMOR=y then add 'security=apparmor apparmor=1' to the kernel command line"
-+ aa_log_end_msg 1
-+ return 1
-+ elif ! is_apparmor_loaded ; then
-+ aa_log_failure_msg "Starting AppArmor - AppArmor control files aren't available under /sys/kernel/security/, please make sure securityfs is mounted."
-+ aa_log_end_msg 1
-+ return 1
- fi
-
- if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then
diff --git a/debian/patches/upstream-commit-1244b81-limit-expr-tree-simplification-passes.patch b/debian/patches/upstream-commit-1244b81-limit-expr-tree-simplification-passes.patch
deleted file mode 100644
index 8bb7223766260d3e9de6f83e2a97b584e15788ba..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-1244b81-limit-expr-tree-simplification-passes.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 20 Oct 2018 15:59:51 -0700
-Subject: parser: limit the number of passes expr tree simplification does
-
-Forwarded: yes
-Origin: commit:2809060bec4a6511e84f5d7cbc80079c1cdc92a8
----
- parser/libapparmor_re/expr-tree.cc | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/parser/libapparmor_re/expr-tree.cc b/parser/libapparmor_re/expr-tree.cc
-index a80f903..75af8b0 100644
---- a/parser/libapparmor_re/expr-tree.cc
-+++ b/parser/libapparmor_re/expr-tree.cc
-@@ -551,7 +551,8 @@ static void count_tree_nodes(Node *t, struct node_counts *counts)
-
- Node *simplify_tree(Node *t, dfaflags_t flags)
- {
-- bool update;
-+ bool update = true;
-+ int i, limit = 1;
-
- if (flags & DFA_DUMP_TREE_STATS) {
- struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0 };
-@@ -562,7 +563,7 @@ Node *simplify_tree(Node *t, dfaflags_t flags)
- counts.alt, counts.plus, counts.star, counts.any,
- counts.cat);
- }
-- do {
-+ for (i = 0; update && i < limit; i++) {
- update = false;
- //default to right normalize first as this reduces the number
- //of trailing nodes which might follow an internal *
-@@ -588,7 +589,7 @@ Node *simplify_tree(Node *t, dfaflags_t flags)
- else
- dir--;
- }
-- } while (update);
-+ }
- if (flags & DFA_DUMP_TREE_STATS) {
- struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0 };
- count_tree_nodes(t, &counts);
diff --git a/debian/patches/upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch b/debian/patches/upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch
deleted file mode 100644
index c6c1ebb6ec69692d6f94e83e54f7f302ea0694ab..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-1ba978b6-adjust-for-new-ICEauthority-path-in-run.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Christian Boltz <gitlab2@cboltz.de>
-Date: Sun, 25 Oct 2020 10:16:26 +0000
-Subject: Merge branch 'adjust-for-new-ICEauthority-path-in-run' into 'master'
-
-Adjust for new ICEauthority path in /run
-
-Bug-Ubuntu: https://launchpad.net/bugs/1881357
-
-See merge request apparmor/apparmor!668
-
-Acked-by: Christian Boltz <apparmor@cboltz.de> for 3.0 and master
-
-(cherry picked from commit dbb1b900b818d270086e2da3e780cdc83e2c7a1c)
-
-1abe1017 Adjust for new ICEauthority path in /run
----
- profiles/apparmor.d/abstractions/X | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X
-index d60ef27..be444fc 100644
---- a/profiles/apparmor.d/abstractions/X
-+++ b/profiles/apparmor.d/abstractions/X
-@@ -15,6 +15,7 @@
-
- # .ICEauthority files required for X authentication, per user
- owner @{HOME}/.ICEauthority r,
-+ owner @{run}/user/*/ICEauthority r,
-
- # .Xauthority files required for X connections, per user
- owner @{HOME}/.Xauthority r,
diff --git a/debian/patches/upstream-commit-3a89e98-Remove-traces-of-aa-eventd.patch b/debian/patches/upstream-commit-3a89e98-Remove-traces-of-aa-eventd.patch
deleted file mode 100644
index ec91349d4178cd6038f3b8a062fb9955792f2b42..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-3a89e98-Remove-traces-of-aa-eventd.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Christian Boltz <apparmor@cboltz.de>
-Date: Fri, 9 Nov 2018 17:22:17 +0100
-Subject: Remove traces of aa-eventd
-
-aa-eventd and its initscripts have been moved to deprecated/ in 2014 and
-didn't get any serious updates for several more years, so it's most
-probably useless and/or broken nowadays.
-
-This also means we don't need to keep the AA_EV_BIN and AA_EV_PIDFILE
-variables in rc.apparmor.functions anymore.
----
- parser/rc.apparmor.functions | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index ab2e58c..95cdbd4 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -55,8 +55,6 @@ elif [ -d /etc/apparmor.d ] ; then
- PROFILE_DIR=/etc/apparmor.d
- fi
- ABSTRACTIONS="-I${PROFILE_DIR}"
--AA_EV_BIN=/usr/sbin/aa-eventd
--AA_EV_PIDFILE=/var/run/aa-eventd.pid
- AA_STATUS=/usr/sbin/aa-status
- SECURITYFS=/sys/kernel/security
-
diff --git a/debian/patches/upstream-commit-7ba8dc7-Drop-APPARMOR_ENABLE_AAEVENTD.patch b/debian/patches/upstream-commit-7ba8dc7-Drop-APPARMOR_ENABLE_AAEVENTD.patch
deleted file mode 100644
index 46468ffdd7c14b99f5fc4f1fe20ff46ec779fb23..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-7ba8dc7-Drop-APPARMOR_ENABLE_AAEVENTD.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From: Christian Boltz <apparmor@cboltz.de>
-Date: Mon, 12 Nov 2018 15:51:15 +0100
-Subject: Drop APPARMOR_ENABLE_AAEVENTD
-
-This is another trace of aa-eventd which is deprecated since years.
----
- parser/rc.apparmor.functions | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 95cdbd4..c954c5f 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -39,8 +39,6 @@ else
- aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
- fi
-
--APPARMOR_ENABLE_AAEVENTD="no"
--
- if [ -f "${APPARMOR_CONF}" ] ; then
- #parse the conf file to see what we should do
- . "${APPARMOR_CONF}"
diff --git a/debian/patches/upstream-commit-8f9046b-port-aa-status-to-c.patch b/debian/patches/upstream-commit-8f9046b-port-aa-status-to-c.patch
deleted file mode 100644
index 731f9c54d890292dfac615798681525779b5f0e0..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-8f9046b-port-aa-status-to-c.patch
+++ /dev/null
@@ -1,1306 +0,0 @@
-From: Alex Murray <murray.alex@gmail.com>
-Date: Fri, 24 Apr 2020 05:43:47 +0000
-Subject: Merge Port aa-status from python to C
-
-This allows aa-status to be used without a python runtime to support things like https://bugs.launchpad.net/bugs/1865519
-
-Fixes: https://bugs.launchpad.net/bugs/1865519
-PR: https://gitlab.com/apparmor/apparmor/-/merge_requests/473
-Acked-by: John Johansen <john.johansen@canonical.com>
----
- binutils/Makefile | 21 +-
- binutils/aa-status.pod | 142 ++++++++++++
- binutils/aa_status.c | 613 +++++++++++++++++++++++++++++++++++++++++++++++++
- utils/Makefile | 4 +-
- utils/aa-status | 267 ---------------------
- utils/aa-status.pod | 138 -----------
- 6 files changed, 771 insertions(+), 414 deletions(-)
- create mode 100644 binutils/aa-status.pod
- create mode 100644 binutils/aa_status.c
- delete mode 100755 utils/aa-status
- delete mode 100644 utils/aa-status.pod
-
-diff --git a/binutils/Makefile b/binutils/Makefile
-index e9fcbbd..d8c1b63 100644
---- a/binutils/Makefile
-+++ b/binutils/Makefile
-@@ -19,8 +19,9 @@ include $(COMMONDIR)/Make.rules
-
- DESTDIR=/
- BINDIR=${DESTDIR}/usr/bin
-+SBINDIR=${DESTDIR}/usr/sbin
- LOCALEDIR=/usr/share/locale
--MANPAGES=aa-enabled.1 aa-exec.1
-+MANPAGES=aa-enabled.1 aa-exec.1 aa-status.8
-
- WARNINGS = -Wall
- EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
-@@ -50,7 +51,8 @@ EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
-
- SRCS = aa_enabled.c
- HDRS =
--TOOLS = aa-enabled aa-exec
-+BINTOOLS = aa-enabled aa-exec
-+SBINTOOLS = aa-status
-
- AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
-
-@@ -97,7 +99,7 @@ po/%.pot: %.c
-
- # targets arranged this way so that people who don't want full docs can
- # pick specific targets they want.
--arch: $(TOOLS)
-+arch: $(BINTOOLS) $(SBINTOOLS)
-
- manpages: $(MANPAGES)
-
-@@ -110,7 +112,7 @@ all: arch indep
-
- .PHONY: coverage
- coverage:
-- $(MAKE) clean $(TOOLS) COVERAGE=1
-+ $(MAKE) clean $(BINTOOLS) $(SBINTOOLS) COVERAGE=1
-
- ifndef USE_SYSTEM
- $(LIBAPPARMOR_A):
-@@ -128,12 +130,15 @@ aa-enabled: aa_enabled.c $(LIBAPPARMOR_A)
- aa-exec: aa_exec.c $(LIBAPPARMOR_A)
- $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
-
-+aa-status: aa_status.c $(LIBAPPARMOR_A)
-+ $(CC) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $< $(LIBS) $(AALIB)
-+
- .SILENT: check
- .PHONY: check
- check: check_pod_files tests
-
- .SILENT: tests
--tests: $(TOOLS) $(TESTS)
-+tests: $(BINTOOLS) $(SBINTOOLS) $(TESTS)
- echo "no tests atm"
-
- .PHONY: install
-@@ -142,7 +147,11 @@ install: install-indep install-arch
- .PHONY: install-arch
- install-arch: arch
- install -m 755 -d ${BINDIR}
-- install -m 755 ${TOOLS} ${BINDIR}
-+ install -m 755 ${BINTOOLS} ${BINDIR}
-+ install -m 755 -d ${SBINDIR}
-+ ln -sf aa-status ${SBINDIR}/apparmor_status
-+ install -m 755 ${SBINTOOLS} ${SBINDIR}
-+ ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
-
- .PHONY: install-indep
- install-indep: indep
-diff --git a/binutils/aa-status.pod b/binutils/aa-status.pod
-new file mode 100644
-index 0000000..b97f0bb
---- /dev/null
-+++ b/binutils/aa-status.pod
-@@ -0,0 +1,142 @@
-+# This publication is intellectual property of Novell Inc. and Canonical
-+# Ltd. Its contents can be duplicated, either in part or in whole, provided
-+# that a copyright label is visibly located on each copy.
-+#
-+# All information found in this book has been compiled with utmost
-+# attention to detail. However, this does not guarantee complete accuracy.
-+# Neither SUSE LINUX GmbH, Canonical Ltd, the authors, nor the translators
-+# shall be held liable for possible errors or the consequences thereof.
-+#
-+# Many of the software and hardware descriptions cited in this book
-+# are registered trademarks. All trade names are subject to copyright
-+# restrictions and may be registered trade marks. SUSE LINUX GmbH
-+# and Canonical Ltd. essentially adhere to the manufacturer's spelling.
-+#
-+# Names of products and trademarks appearing in this book (with or without
-+# specific notation) are likewise subject to trademark and trade protection
-+# laws and may thus fall under copyright restrictions.
-+#
-+
-+
-+=pod
-+
-+=head1 NAME
-+
-+aa-status - display various information about the current AppArmor
-+policy.
-+
-+=head1 SYNOPSIS
-+
-+B<aa-status> [option]
-+
-+=head1 DESCRIPTION
-+
-+B<aa-status> will report various aspects of the current state of
-+AppArmor confinement. By default, it displays the same information as if
-+the I<--verbose> argument were given. A sample of what this looks like
-+is:
-+
-+ apparmor module is loaded.
-+ 110 profiles are loaded.
-+ 102 profiles are in enforce mode.
-+ 8 profiles are in complain mode.
-+ Out of 129 processes running:
-+ 13 processes have profiles defined.
-+ 8 processes have profiles in enforce mode.
-+ 5 processes have profiles in complain mode.
-+
-+Other argument options are provided to report individual aspects, to
-+support being used in scripts.
-+
-+=head1 OPTIONS
-+
-+B<aa-status> accepts only one argument at a time out of:
-+
-+=over 4
-+
-+=item --enabled
-+
-+returns error code if AppArmor is not enabled.
-+
-+=item --profiled
-+
-+displays the number of loaded AppArmor policies.
-+
-+=item --enforced
-+
-+displays the number of loaded enforcing AppArmor policies.
-+
-+=item --complaining
-+
-+displays the number of loaded non-enforcing AppArmor policies.
-+
-+=item --verbose
-+
-+displays multiple data points about loaded AppArmor policy
-+set (the default action if no arguments are given).
-+
-+=item --json
-+
-+displays multiple data points about loaded AppArmor policy
-+set in a JSON format, fit for machine consumption.
-+
-+=item --pretty-json
-+
-+same as --json, formatted to be readable by humans as well
-+as by machines.
-+
-+=item --help
-+
-+displays a short usage statement.
-+
-+=back
-+
-+=head1 EXIT STATUS
-+
-+Upon exiting, B<aa-status> will set its exit status to the
-+following values:
-+
-+=over 4
-+
-+=item B<0>
-+
-+if apparmor is enabled and policy is loaded.
-+
-+=item B<1>
-+
-+if apparmor is not enabled/loaded.
-+
-+=item B<2>
-+
-+if apparmor is enabled but no policy is loaded.
-+
-+=item B<3>
-+
-+if the apparmor control files aren't available under /sys/kernel/security/.
-+
-+=item B<4>
-+
-+if the user running the script doesn't have enough privileges to read
-+the apparmor control files.
-+
-+=item B<42>
-+
-+if an internal error occurred.
-+
-+=back
-+
-+=head1 BUGS
-+
-+B<aa-status> must be run as root to read the state of the loaded
-+policy from the apparmor module. It uses the /proc filesystem to determine
-+which processes are confined and so is susceptible to race conditions.
-+
-+If you find any additional bugs, please report them at
-+L<https://bugs.launchpad.net/apparmor/+filebug>.
-+
-+=head1 SEE ALSO
-+
-+apparmor(7), apparmor.d(5), and
-+L<https://wiki.apparmor.net>.
-+
-+=cut
-diff --git a/binutils/aa_status.c b/binutils/aa_status.c
-new file mode 100644
-index 0000000..b9c6e1c
---- /dev/null
-+++ b/binutils/aa_status.c
-@@ -0,0 +1,613 @@
-+/*
-+ * Copyright (C) 2020 Canonical Ltd.
-+ *
-+ * This program is free software; you can redistribute it and/or
-+ * modify it under the terms of version 2 of the GNU General Public
-+ * License published by the Free Software Foundation.
-+ */
-+
-+#define _GNU_SOURCE /* for asprintf() */
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <sys/wait.h>
-+#include <unistd.h>
-+#include <regex.h>
-+#include <errno.h>
-+#include <ctype.h>
-+#include <dirent.h>
-+
-+#include <sys/apparmor.h>
-+#include <sys/apparmor_private.h>
-+
-+#define autofree __attribute((cleanup(_aa_autofree)))
-+#define autofclose __attribute((cleanup(_aa_autofclose)))
-+
-+#define AA_EXIT_ENABLED 0
-+#define AA_EXIT_DISABLED 1
-+#define AA_EXIT_NO_POLICY 2
-+#define AA_EXIT_NO_CONTROL 3
-+#define AA_EXIT_NO_PERM 4
-+#define AA_EXIT_INTERNAL_ERROR 42
-+
-+#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0]))
-+
-+struct profile {
-+ char *name;
-+ char *status;
-+};
-+
-+static void free_profiles(struct profile *profiles, size_t n) {
-+ while (n > 0) {
-+ n--;
-+ free(profiles[n].name);
-+ free(profiles[n].status);
-+ }
-+ free(profiles);
-+}
-+
-+struct process {
-+ char *pid;
-+ char *profile;
-+ char *exe;
-+ char *mode;
-+};
-+
-+static void free_processes(struct process *processes, size_t n) {
-+ while (n > 0) {
-+ n--;
-+ free(processes[n].pid);
-+ free(processes[n].profile);
-+ free(processes[n].exe);
-+ free(processes[n].mode);
-+ }
-+ free(processes);
-+}
-+
-+static int verbose = 0;
-+
-+#define dprintf(...) \
-+ do { \
-+ if (verbose) \
-+ printf(__VA_ARGS__); \
-+ } while (0)
-+
-+#define dfprintf(...) \
-+ do { \
-+ if (verbose) \
-+ fprintf(__VA_ARGS__); \
-+ } while (0)
-+
-+
-+static int get_profiles(struct profile **profiles, size_t *n) {
-+ autofree char *apparmorfs = NULL;
-+ autofree char *apparmor_profiles = NULL;
-+ struct stat st;
-+ autofclose FILE *fp = NULL;
-+ regex_t regex;
-+ autofree char *line = NULL;
-+ size_t len = 0;
-+ int ret;
-+
-+ *profiles = NULL;
-+ *n = 0;
-+
-+ ret = stat("/sys/module/apparmor", &st);
-+ if (ret != 0) {
-+ dfprintf(stderr, "apparmor not present.\n");
-+ ret = AA_EXIT_DISABLED;
-+ goto exit;
-+ }
-+ dprintf("apparmor module is loaded.\n");
-+
-+ ret = aa_find_mountpoint(&apparmorfs);
-+ if (ret == -1) {
-+ dfprintf(stderr, "apparmor filesystem is not mounted.\n");
-+ ret = AA_EXIT_NO_CONTROL;
-+ goto exit;
-+ }
-+
-+ apparmor_profiles = malloc(strlen(apparmorfs) + 10); // /profiles\0
-+ if (apparmor_profiles == NULL) {
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto exit;
-+ }
-+ sprintf(apparmor_profiles, "%s/profiles", apparmorfs);
-+
-+ fp = fopen(apparmor_profiles, "r");
-+ if (fp == NULL) {
-+ if (errno == EACCES) {
-+ dfprintf(stderr, "You do not have enough privilege to read the profile set.\n");
-+ } else {
-+ dfprintf(stderr, "Could not open %s: %s", apparmor_profiles, strerror(errno));
-+ }
-+ ret = AA_EXIT_NO_PERM;
-+ goto exit;
-+ }
-+
-+ ret = regcomp(®ex, "^(.+)\\s+\\((.+)\\).*", REG_EXTENDED | REG_NEWLINE);
-+ if (ret != 0) {
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto exit;
-+ }
-+
-+ while (getline(&line, &len, fp) != -1) {
-+ regmatch_t match[3];
-+
-+ ret = regexec(®ex, line, 3, match, 0);
-+ if (ret == 0) {
-+ size_t i;
-+ struct profile *_profiles;
-+ autofree char *name = strndup(line + match[1].rm_so,
-+ match[1].rm_eo - match[1].rm_so);
-+ autofree char *status = strndup(line + match[2].rm_so,
-+ match[2].rm_eo - match[2].rm_so);
-+
-+ // give up if out of memory
-+ if (name == NULL || status == NULL) {
-+ free_profiles(*profiles, *n);
-+ *profiles = NULL;
-+ *n = 0;
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ break;
-+ }
-+ _profiles = realloc(*profiles, (*n + 1) * sizeof(**profiles));
-+ if (_profiles == NULL) {
-+ free_profiles(*profiles, *n);
-+ *profiles = NULL;
-+ *n = 0;
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ break;
-+ }
-+ // steal name and status
-+ _profiles[*n].name = name;
-+ _profiles[*n].status = status;
-+ name = NULL;
-+ status = NULL;
-+ *n = *n + 1;
-+ *profiles = _profiles;
-+ }
-+ }
-+ regfree(®ex);
-+
-+exit:
-+ return ret == 0 ? (*n > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
-+}
-+
-+static int compare_profiles(const void *a, const void *b) {
-+ return strcmp(((struct profile *)a)->name,
-+ ((struct profile *)b)->name);
-+}
-+
-+static int filter_profiles(struct profile *profiles,
-+ size_t n,
-+ const char *filter,
-+ struct profile **filtered,
-+ size_t *nfiltered)
-+{
-+ int ret = 0;
-+ size_t i;
-+
-+ *filtered = NULL;
-+ *nfiltered = 0;
-+
-+ for (i = 0; i < n; i++) {
-+ if (filter == NULL || strcmp(profiles[i].status, filter) == 0) {
-+ struct profile *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
-+ if (_filtered == NULL) {
-+ free_profiles(*filtered, *nfiltered);
-+ *filtered = NULL;
-+ *nfiltered = 0;
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ break;
-+ }
-+ _filtered[*nfiltered].name = strdup(profiles[i].name);
-+ _filtered[*nfiltered].status = strdup(profiles[i].status);
-+ *filtered = _filtered;
-+ *nfiltered = *nfiltered + 1;
-+ }
-+ }
-+ if (*nfiltered != 0) {
-+ qsort(*filtered, *nfiltered, sizeof(*profiles), compare_profiles);
-+ }
-+ return ret;
-+}
-+
-+static int get_processes(struct profile *profiles,
-+ size_t n,
-+ struct process **processes,
-+ size_t *nprocesses)
-+{
-+ DIR *dir = NULL;
-+ struct dirent *entry = NULL;
-+ regex_t regex;
-+ int ret;
-+
-+ *processes = NULL;
-+ *nprocesses = 0;
-+
-+ ret = regcomp(®ex, "^(.*)\\s+\\((.*)\\)\n$", REG_EXTENDED | REG_NEWLINE);
-+ if (ret != 0) {
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto exit;
-+ }
-+ dir = opendir("/proc");
-+ if (dir == NULL) {
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto free_regex;
-+ }
-+ while ((entry = readdir(dir)) != NULL) {
-+ int i;
-+ int ispid = 1;
-+ autofree char *current = NULL;
-+ autofree char *exe = NULL;
-+ autofree char *real_exe = NULL;
-+ autofclose FILE *fp = NULL;
-+ autofree char *line = NULL;
-+ size_t len = 0;
-+
-+ // ignore non-pid entries
-+ for (i = 0; ispid && i < strlen(entry->d_name); i++) {
-+ ispid = (isdigit(entry->d_name[i]) ? 1 : 0);
-+ }
-+ if (!ispid) {
-+ continue;
-+ }
-+ if (asprintf(¤t, "/proc/%s/attr/current", entry->d_name) == -1 ||
-+ asprintf(&exe, "/proc/%s/exe", entry->d_name) == -1) {
-+ fprintf(stderr, "ERROR: Failed to allocate memory\n");
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto free_regex;
-+ }
-+ // get executable - readpath can allocate for us but seems
-+ // to fail in some cases with errno 2 - no such file or
-+ // directory - whereas readlink() can succeed in these
-+ // cases - and readpath() seems to have the same behaviour
-+ // as in python with better canonicalized results so try it
-+ // first and fallack to readlink if it fails
-+ // coverity[toctou]
-+ real_exe = realpath(exe, NULL);
-+ if (real_exe == NULL) {
-+ int res;
-+ // ensure enough space for NUL terminator
-+ real_exe = calloc(PATH_MAX + 1, sizeof(char));
-+ if (real_exe == NULL) {
-+ fprintf(stderr, "ERROR: Failed to allocate memory\n");
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto free_regex;
-+ }
-+ res = readlink(exe, real_exe, PATH_MAX);
-+ if (res == -1) {
-+ continue;
-+ }
-+ real_exe[res] = '\0';
-+ }
-+ // see if has a label
-+ fp = fopen(current, "r");
-+ if (fp == NULL) {
-+ continue;
-+ }
-+ while (getline(&line, &len, fp) != -1) {
-+ autofree char *profile = NULL;
-+ autofree char *mode = NULL;
-+ regmatch_t match[3];
-+ int res;
-+
-+ res = regexec(®ex, line, 3, match, 0);
-+ if (res == 0) {
-+ profile = strndup(line + match[1].rm_so,
-+ match[1].rm_eo - match[1].rm_so);
-+ mode = strndup(line + match[2].rm_so,
-+ match[2].rm_eo - match[2].rm_so);
-+ } else {
-+ // is unconfined so keep only if this has a
-+ // matching profile
-+ for (i = 0; i < n; i++) {
-+ if (strcmp(profiles[i].name, real_exe) == 0) {
-+ profile = strdup(real_exe);
-+ mode = strdup("unconfined");
-+ break;
-+ }
-+ }
-+ }
-+ if (profile != NULL && mode != NULL) {
-+ struct process *_processes = realloc(*processes,
-+ (*nprocesses + 1) * sizeof(**processes));
-+ if (_processes == NULL) {
-+ free_processes(*processes, *nprocesses);
-+ *processes = NULL;
-+ *nprocesses = 0;
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ goto free_regex;
-+ }
-+ _processes[*nprocesses].pid = strdup(entry->d_name);
-+ _processes[*nprocesses].profile = profile;
-+ _processes[*nprocesses].exe = strdup(real_exe);
-+ _processes[*nprocesses].mode = mode;
-+ *processes = _processes;
-+ *nprocesses = *nprocesses + 1;
-+ profile = NULL;
-+ mode = NULL;
-+ ret = AA_EXIT_ENABLED;
-+ }
-+ }
-+ }
-+
-+free_regex:
-+ regfree(®ex);
-+exit:
-+ if (dir != NULL) {
-+ closedir(dir);
-+ }
-+ return ret;
-+}
-+
-+static int filter_processes(struct process *processes,
-+ size_t n,
-+ const char *filter,
-+ struct process **filtered,
-+ size_t *nfiltered)
-+{
-+ size_t i;
-+ int ret = 0;
-+
-+ *filtered = NULL;
-+ *nfiltered = 0;
-+
-+ for (i = 0; i < n; i++) {
-+ if (filter == NULL || strcmp(processes[i].mode, filter) == 0) {
-+ struct process *_filtered = realloc(*filtered, (*nfiltered + 1) * sizeof(**filtered));
-+ if (_filtered == NULL) {
-+ free_processes(*filtered, *nfiltered);
-+ *filtered = NULL;
-+ *nfiltered = 0;
-+ ret = AA_EXIT_INTERNAL_ERROR;
-+ break;
-+ }
-+ _filtered[*nfiltered].pid = strdup(processes[i].pid);
-+ _filtered[*nfiltered].profile = strdup(processes[i].profile);
-+ _filtered[*nfiltered].exe = strdup(processes[i].exe);
-+ _filtered[*nfiltered].mode = strdup(processes[i].mode);
-+ *filtered = _filtered;
-+ *nfiltered = *nfiltered + 1;
-+ }
-+ }
-+ return ret;
-+}
-+
-+/**
-+ * Returns error code if AppArmor is not enabled
-+ */
-+static int simple_filtered_count(const char *filter) {
-+ size_t n;
-+ struct profile *profiles;
-+ int ret;
-+
-+ ret = get_profiles(&profiles, &n);
-+ if (ret == 0) {
-+ size_t nfiltered;
-+ struct profile *filtered = NULL;
-+ ret = filter_profiles(profiles, n, filter, &filtered, &nfiltered);
-+ printf("%zd\n", nfiltered);
-+ free_profiles(filtered, nfiltered);
-+ }
-+ free_profiles(profiles, n);
-+ return ret;
-+}
-+
-+static int cmd_enabled(const char *command) {
-+ int res = aa_is_enabled();
-+ return res == 1 ? 0 : 1;
-+}
-+
-+
-+static int cmd_profiled(const char *command) {
-+ return simple_filtered_count(NULL);
-+}
-+
-+static int cmd_enforced(const char *command) {
-+ return simple_filtered_count("enforce");
-+}
-+
-+static int cmd_complaining(const char *command) {
-+ return simple_filtered_count("complain");
-+}
-+
-+static int compare_processes_by_profile(const void *a, const void *b) {
-+ return strcmp(((struct process *)a)->profile,
-+ ((struct process *)b)->profile);
-+}
-+
-+static int compare_processes_by_executable(const void *a, const void *b) {
-+ return strcmp(((struct process *)a)->exe,
-+ ((struct process *)b)->exe);
-+}
-+
-+static int detailed_output(int json) {
-+ size_t nprofiles = 0, nprocesses = 0;
-+ struct profile *profiles = NULL;
-+ struct process *processes = NULL;
-+ const char *profile_statuses[] = {"enforce", "complain"};
-+ const char *process_statuses[] = {"enforce", "complain", "unconfined"};
-+ int ret, i;
-+
-+ ret = get_profiles(&profiles, &nprofiles);
-+ if (ret != 0) {
-+ goto exit;
-+ }
-+ ret = get_processes(profiles, nprofiles, &processes, &nprocesses);
-+ if (ret != 0) {
-+ dfprintf(stderr, "Failed to get processes: %d....\n", ret);
-+ goto exit;
-+ }
-+
-+ if (json) {
-+ printf("{\"version\": \"1\", \"profiles\": {");
-+ } else {
-+ dprintf("%zd profiles are loaded.\n", nprofiles);
-+ }
-+
-+ for (i = 0; i < ARRAY_SIZE(profile_statuses); i++) {
-+ size_t nfiltered = 0, j;
-+ struct profile *filtered = NULL;
-+ ret = filter_profiles(profiles, nprofiles, profile_statuses[i], &filtered, &nfiltered);
-+ if (ret != 0) {
-+ goto exit;
-+ }
-+ if (!json) {
-+ dprintf("%zd profiles are in %s mode.\n", nfiltered, profile_statuses[i]);
-+ }
-+
-+ for (j = 0; j < nfiltered; j++) {
-+ if (json) {
-+ printf("%s\"%s\": \"%s\"",
-+ i == 0 && j == 0 ? "" : ", ", filtered[j].name, profile_statuses[i]);
-+ } else {
-+ dprintf(" %s\n", filtered[j].name);
-+ }
-+ }
-+
-+ free_profiles(filtered, nfiltered);
-+ }
-+ if (json) {
-+ printf("}, \"processes\": {");
-+ } else {
-+ dprintf("%zd processes have profiles defined.\n", nprocesses);
-+ }
-+
-+ for (i = 0; i < ARRAY_SIZE(process_statuses); i++) {
-+ size_t nfiltered = 0, j;
-+ struct process *filtered = NULL;
-+ ret = filter_processes(processes, nprocesses, process_statuses[i], &filtered, &nfiltered);
-+ if (ret != 0) {
-+ goto exit;
-+ }
-+ if (!json) {
-+ if (strcmp(process_statuses[i], "unconfined") == 0) {
-+ dprintf("%zd processes are unconfined but have a profile defined.\n", nfiltered);
-+ } else {
-+ dprintf("%zd processes are in %s mode.\n", nfiltered, process_statuses[i]);
-+ }
-+ }
-+
-+ if (!json) {
-+ qsort(filtered, nfiltered, sizeof(*filtered), compare_processes_by_profile);
-+ for (j = 0; j < nfiltered; j++) {
-+ dprintf(" %s (%s) %s\n", filtered[j].exe, filtered[j].pid,
-+ // hide profile name if matches executable
-+ (strcmp(filtered[j].profile, filtered[j].exe) == 0 ?
-+ "" :
-+ filtered[j].profile));
-+ }
-+ } else {
-+ // json output requires processes to be grouped per executable
-+ qsort(filtered, nfiltered, sizeof(*filtered), compare_processes_by_executable);
-+ for (j = 0; j < nfiltered; j++) {
-+ if (j > 0 && strcmp(filtered[j].exe, filtered[j - 1].exe) == 0) {
-+ // same executable
-+ printf(", {\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
-+ filtered[j].profile, filtered[j].pid, filtered[j].mode);
-+ } else {
-+ printf("%s\"%s\": [{\"profile\": \"%s\", \"pid\": \"%s\", \"status\": \"%s\"}",
-+ // first element will be a unique executable
-+ i == 0 && j == 0 ? "" : "], ",
-+ filtered[j].exe, filtered[j].profile, filtered[j].pid, filtered[j].mode);
-+ }
-+
-+ }
-+ }
-+ free_processes(filtered, nfiltered);
-+ }
-+ if (json) {
-+ printf("%s}}", nprocesses > 0 ? "]" : "");
-+ }
-+
-+exit:
-+ free_processes(processes, nprocesses);
-+ free_profiles(profiles, nprofiles);
-+ return ret == 0 ? (nprofiles > 0 ? AA_EXIT_ENABLED : AA_EXIT_NO_POLICY) : ret;
-+}
-+
-+static int cmd_json(const char *command) {
-+ detailed_output(1);
-+ return 0;
-+}
-+
-+static int cmd_pretty_json(const char *command) {
-+ // TODO - add support for pretty printing json output
-+ return cmd_json(command);
-+}
-+
-+static int cmd_verbose(const char *command) {
-+ verbose = 1;
-+ return detailed_output(0);
-+}
-+
-+static int print_usage(const char *command)
-+{
-+ printf("Usage: %s [OPTIONS]\n"
-+ "Displays various information about the currently loaded AppArmor policy.\n"
-+ "OPTIONS (one only):\n"
-+ " --enabled returns error code if AppArmor not enabled\n"
-+ " --profiled prints the number of loaded policies\n"
-+ " --enforced prints the number of loaded enforcing policies\n"
-+ " --complaining prints the number of loaded non-enforcing policies\n"
-+ " --json displays multiple data points in machine-readable JSON format\n"
-+ " --pretty-json same data as --json, formatted for human consumption as well\n"
-+ " --verbose (default) displays multiple data points about loaded policy set\n"
-+ " --help this message\n",
-+ command);
-+ return 0;
-+}
-+
-+struct command {
-+ const char * const name;
-+ int (*cmd)(const char *command);
-+};
-+
-+static struct command commands[] = {
-+ {"--enabled", cmd_enabled},
-+ {"--profiled", cmd_profiled},
-+ {"--enforced", cmd_enforced},
-+ {"--complaining", cmd_complaining},
-+ {"--json", cmd_json},
-+ {"--pretty-json", cmd_pretty_json},
-+ {"--verbose", cmd_verbose},
-+ {"-v", cmd_verbose},
-+ {"--help", print_usage},
-+ {"-h", print_usage},
-+};
-+
-+int main(int argc, char **argv)
-+{
-+ int ret = EXIT_SUCCESS;
-+ int _ret;
-+ int (*cmd)(const char*) = cmd_verbose;
-+
-+ if (argc > 2) {
-+ dfprintf(stderr, "Error: Too many options.\n");
-+ cmd = print_usage;
-+ ret = EXIT_FAILURE;
-+ } else if (argc == 2) {
-+ int (*_cmd)(const char*) = NULL;
-+ int i;
-+ for (i = 0; i < ARRAY_SIZE(commands); i++) {
-+ if (strcmp(argv[1], commands[i].name) == 0) {
-+ _cmd = commands[i].cmd;
-+ break;
-+ }
-+ }
-+ if (_cmd == NULL) {
-+ dfprintf(stderr, "Error: Invalid command.\n");
-+ cmd = print_usage;
-+ ret = EXIT_FAILURE;
-+ } else {
-+ cmd = _cmd;
-+ }
-+ }
-+
-+ _ret = cmd(argv[0]);
-+ exit(ret == EXIT_FAILURE ? ret : _ret);
-+}
-diff --git a/utils/Makefile b/utils/Makefile
-index 5807c2c..35ae88c 100644
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -23,7 +23,7 @@ include $(COMMONDIR)/Make.rules
- PERLTOOLS = aa-notify
- PYTOOLS = aa-easyprof aa-genprof aa-logprof aa-cleanprof aa-mergeprof \
- aa-autodep aa-audit aa-complain aa-enforce aa-disable \
-- aa-status aa-unconfined
-+ aa-unconfined
- TOOLS = ${PERLTOOLS} ${PYTOOLS} aa-decode aa-remove-unknown
- PYSETUP = python-tools-setup.py
- PYMODULES = $(wildcard apparmor/*.py apparmor/rule/*.py)
-@@ -53,13 +53,11 @@ install: ${MANPAGES} ${HTMLMANPAGES}
- install -d ${CONFDIR}
- install -m 644 logprof.conf severity.db notify.conf ${CONFDIR}
- install -d ${BINDIR}
-- ln -sf aa-status ${BINDIR}/apparmor_status
- # aa-easyprof is installed by python-tools-setup.py
- install -m 755 $(filter-out aa-easyprof, ${TOOLS}) ${BINDIR}
- $(MAKE) -C po install DESTDIR=${DESTDIR} NAME=${NAME}
- $(MAKE) install_manpages DESTDIR=${DESTDIR}
- $(MAKE) -C vim install DESTDIR=${DESTDIR}
-- ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
- ${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
-
- .PHONY: clean
-diff --git a/utils/aa-status b/utils/aa-status
-deleted file mode 100755
-index abc4b01..0000000
---- a/utils/aa-status
-+++ /dev/null
-@@ -1,267 +0,0 @@
--#! /usr/bin/python3
--# ------------------------------------------------------------------
--#
--# Copyright (C) 2005-2006 Novell/SUSE
--# Copyright (C) 2011 Canonical Ltd.
--#
--# This program is free software; you can redistribute it and/or
--# modify it under the terms of version 2 of the GNU General Public
--# License published by the Free Software Foundation.
--#
--# ------------------------------------------------------------------
--
--import re, os, sys, errno, json
--
--# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
--# environments where installing all of the python utils and python
--# apparmor module may not make sense. Please think carefully before
--# importing anything from apparmor; see how the apparmor.fail import is
--# handled below.
--
--# setup exception handling
--try:
-- from apparmor.fail import enable_aa_exception_handler
-- enable_aa_exception_handler()
--except ImportError:
-- # just let normal python exceptions happen (LP: #1480492)
-- pass
--
--def cmd_enabled():
-- '''Returns error code if AppArmor is not enabled'''
-- if get_profiles() == {}:
-- sys.exit(2)
--
--def cmd_profiled():
-- '''Prints the number of loaded profiles'''
-- profiles = get_profiles()
-- sys.stdout.write("%d\n" % len(profiles))
-- if profiles == {}:
-- sys.exit(2)
--
--def cmd_enforced():
-- '''Prints the number of loaded enforcing profiles'''
-- profiles = get_profiles()
-- sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'enforce')))
-- if profiles == {}:
-- sys.exit(2)
--
--def cmd_complaining():
-- '''Prints the number of loaded non-enforcing profiles'''
-- profiles = get_profiles()
-- sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'complain')))
-- if profiles == {}:
-- sys.exit(2)
--
--def cmd_verbose():
-- '''Displays multiple data points about loaded profile set'''
-- global verbose
-- verbose = True
-- profiles = get_profiles()
-- processes = get_processes(profiles)
--
-- stdmsg("%d profiles are loaded." % len(profiles))
-- for status in ('enforce', 'complain'):
-- filtered_profiles = filter_profiles(profiles, status)
-- stdmsg("%d profiles are in %s mode." % (len(filtered_profiles), status))
-- for item in filtered_profiles:
-- stdmsg(" %s" % item)
--
-- stdmsg("%d processes have profiles defined." % len(processes))
-- for status in ('enforce', 'complain', 'unconfined'):
-- filtered_processes = filter_processes(processes, status)
-- if status == 'unconfined':
-- stdmsg("%d processes are unconfined but have a profile defined." % len(filtered_processes))
-- else:
-- stdmsg("%d processes are in %s mode." % (len(filtered_processes), status))
-- # Sort by name, and then by pid
-- filtered_processes.sort(key=lambda x: int(x[0]))
-- filtered_processes.sort(key=lambda x: x[1])
-- for (pid, profile, exe) in filtered_processes:
-- if exe == profile:
-- profile = ""
-- stdmsg(" %s (%s) %s" % (exe, pid, profile))
--
-- if profiles == {}:
-- sys.exit(2)
--
--def cmd_json(pretty_output=False):
-- '''Outputs multiple data points about loaded profile set in a machine-readable JSON format'''
-- global verbose
-- profiles = get_profiles()
-- processes = get_processes(profiles)
--
-- i = {
-- 'version': '1',
-- 'profiles': {},
-- 'processes': {}
-- }
--
-- for status in ('enforce', 'complain'):
-- filtered_profiles = filter_profiles(profiles, status)
-- for item in filtered_profiles:
-- i['profiles'][item] = status
--
-- for status in ('enforce', 'complain', 'unconfined'):
-- filtered_processes = filter_processes(processes, status)
-- for (pid, profile, exe) in filtered_processes:
-- if exe not in i['processes']:
-- i['processes'][exe] = []
--
-- i['processes'][exe].append({
-- 'profile': profile,
-- 'pid': pid,
-- 'status': status
-- })
--
-- if pretty_output:
-- sys.stdout.write(json.dumps(i, sort_keys=True, indent=4, separators=(',', ': ')))
-- else:
-- sys.stdout.write(json.dumps(i))
--
--def cmd_pretty_json():
-- cmd_json(True)
--
--def get_profiles():
-- '''Fetch loaded profiles'''
--
-- profiles = {}
--
-- if os.path.exists("/sys/module/apparmor"):
-- stdmsg("apparmor module is loaded.")
-- else:
-- errormsg("apparmor module is not loaded.")
-- sys.exit(1)
--
-- apparmorfs = find_apparmorfs()
-- if not apparmorfs:
-- errormsg("apparmor filesystem is not mounted.")
-- sys.exit(3)
--
-- apparmor_profiles = os.path.join(apparmorfs, "profiles")
-- try:
-- f = open(apparmor_profiles)
-- except IOError as e:
-- if e.errno == errno.EACCES:
-- errormsg("You do not have enough privilege to read the profile set.")
-- else:
-- errormsg("Could not open %s: %s" % (apparmor_profiles, os.strerror(e.errno)))
-- sys.exit(4)
--
-- for p in f.readlines():
-- match = re.search("^(.+)\s+\((\w+)\)$", p)
-- profiles[match.group(1)] = match.group(2)
--
-- f.close()
--
-- return profiles
--
--def get_processes(profiles):
-- '''Fetch process list'''
-- processes = {}
-- contents = os.listdir("/proc")
-- for filename in contents:
-- if filename.isdigit():
-- try:
-- for p in open("/proc/%s/attr/current" % filename).readlines():
-- match = re.search("^([^\(]+)\s+\((\w+)\)$", p)
-- exe = os.path.realpath("/proc/%s/exe" % filename)
-- if match:
-- processes[filename] = { 'profile' : match.group(1), \
-- 'exe': exe, \
-- 'mode' : match.group(2) }
-- elif exe in profiles:
-- # keep only unconfined processes that have a profile defined
-- processes[filename] = { 'profile' : exe, \
-- 'exe': exe, \
-- 'mode' : 'unconfined' }
-- except:
-- pass
-- return processes
--
--def filter_profiles(profiles, status):
-- '''Return a list of profiles that have a particular status'''
-- filtered = []
-- for key, value in list(profiles.items()):
-- if value == status:
-- filtered.append(key)
-- filtered.sort()
-- return filtered
--
--def filter_processes(processes, status):
-- '''Return a list of processes that have a particular status'''
-- filtered = []
-- for key, value in list(processes.items()):
-- if value['mode'] == status:
-- filtered.append([key, value['profile'], value['exe']])
-- return filtered
--
--def find_apparmorfs():
-- '''Finds AppArmor mount point'''
-- for p in open("/proc/mounts","rb").readlines():
-- if p.split()[2].decode() == "securityfs" and \
-- os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
-- return os.path.join(p.split()[1].decode(), "apparmor")
-- return False
--
--def errormsg(message):
-- '''Prints to stderr if verbose mode is on'''
-- global verbose
-- if verbose:
-- sys.stderr.write(message + "\n")
--
--def stdmsg(message):
-- '''Prints to stdout if verbose mode is on'''
-- global verbose
-- if verbose:
-- sys.stdout.write(message + "\n")
--
--def print_usage():
-- '''Print usage information'''
-- sys.stdout.write('''Usage: %s [OPTIONS]
--Displays various information about the currently loaded AppArmor policy.
--OPTIONS (one only):
-- --enabled returns error code if AppArmor not enabled
-- --profiled prints the number of loaded policies
-- --enforced prints the number of loaded enforcing policies
-- --complaining prints the number of loaded non-enforcing policies
-- --json displays multiple data points in machine-readable JSON format
-- --pretty-json same data as --json, formatted for human consumption as well
-- --verbose (default) displays multiple data points about loaded policy set
-- --help this message
--''' % sys.argv[0])
--
--# Main
--global verbose
--verbose = False
--
--if len(sys.argv) > 2:
-- sys.stderr.write("Error: Too many options.\n")
-- print_usage()
-- sys.exit(1)
--elif len(sys.argv) == 2:
-- cmd = sys.argv.pop(1)
--else:
-- cmd = '--verbose'
--
--# Command dispatch:
--commands = {
-- '--enabled' : cmd_enabled,
-- '--profiled' : cmd_profiled,
-- '--enforced' : cmd_enforced,
-- '--complaining' : cmd_complaining,
-- '--json' : cmd_json,
-- '--pretty-json' : cmd_pretty_json,
-- '--verbose' : cmd_verbose,
-- '-v' : cmd_verbose,
-- '--help' : print_usage,
-- '-h' : print_usage
--}
--
--if cmd in commands:
-- commands[cmd]()
-- sys.exit(0)
--else:
-- sys.stderr.write("Error: Invalid command.\n")
-- print_usage()
-- sys.exit(1)
--
-diff --git a/utils/aa-status.pod b/utils/aa-status.pod
-deleted file mode 100644
-index dd6d949..0000000
---- a/utils/aa-status.pod
-+++ /dev/null
-@@ -1,138 +0,0 @@
--# This publication is intellectual property of Novell Inc. and Canonical
--# Ltd. Its contents can be duplicated, either in part or in whole, provided
--# that a copyright label is visibly located on each copy.
--#
--# All information found in this book has been compiled with utmost
--# attention to detail. However, this does not guarantee complete accuracy.
--# Neither SUSE LINUX GmbH, Canonical Ltd, the authors, nor the translators
--# shall be held liable for possible errors or the consequences thereof.
--#
--# Many of the software and hardware descriptions cited in this book
--# are registered trademarks. All trade names are subject to copyright
--# restrictions and may be registered trade marks. SUSE LINUX GmbH
--# and Canonical Ltd. essentially adhere to the manufacturer's spelling.
--#
--# Names of products and trademarks appearing in this book (with or without
--# specific notation) are likewise subject to trademark and trade protection
--# laws and may thus fall under copyright restrictions.
--#
--
--
--=pod
--
--=head1 NAME
--
--aa-status - display various information about the current AppArmor
--policy.
--
--=head1 SYNOPSIS
--
--B<aa-status> [option]
--
--=head1 DESCRIPTION
--
--B<aa-status> will report various aspects of the current state of
--AppArmor confinement. By default, it displays the same information as if
--the I<--verbose> argument were given. A sample of what this looks like
--is:
--
-- apparmor module is loaded.
-- 110 profiles are loaded.
-- 102 profiles are in enforce mode.
-- 8 profiles are in complain mode.
-- Out of 129 processes running:
-- 13 processes have profiles defined.
-- 8 processes have profiles in enforce mode.
-- 5 processes have profiles in complain mode.
--
--Other argument options are provided to report individual aspects, to
--support being used in scripts.
--
--=head1 OPTIONS
--
--B<aa-status> accepts only one argument at a time out of:
--
--=over 4
--
--=item --enabled
--
--returns error code if AppArmor is not enabled.
--
--=item --profiled
--
--displays the number of loaded AppArmor policies.
--
--=item --enforced
--
--displays the number of loaded enforcing AppArmor policies.
--
--=item --complaining
--
--displays the number of loaded non-enforcing AppArmor policies.
--
--=item --verbose
--
--displays multiple data points about loaded AppArmor policy
--set (the default action if no arguments are given).
--
--=item --json
--
--displays multiple data points about loaded AppArmor policy
--set in a JSON format, fit for machine consumption.
--
--=item --pretty-json
--
--same as --json, formatted to be readable by humans as well
--as by machines.
--
--=item --help
--
--displays a short usage statement.
--
--=back
--
--=head1 EXIT STATUS
--
--Upon exiting, B<aa-status> will set its exit status to the
--following values:
--
--=over 4
--
--=item B<0>
--
--if apparmor is enabled and policy is loaded.
--
--=item B<1>
--
--if apparmor is not enabled/loaded.
--
--=item B<2>
--
--if apparmor is enabled but no policy is loaded.
--
--=item B<3>
--
--if the apparmor control files aren't available under /sys/kernel/security/.
--
--=item B<4>
--
--if the user running the script doesn't have enough privileges to read
--the apparmor control files.
--
--=back
--
--=head1 BUGS
--
--B<aa-status> must be run as root to read the state of the loaded
--policy from the apparmor module. It uses the /proc filesystem to determine
--which processes are confined and so is susceptible to race conditions.
--
--If you find any additional bugs, please report them at
--L<https://bugs.launchpad.net/apparmor/+filebug>.
--
--=head1 SEE ALSO
--
--apparmor(7), apparmor.d(5), and
--L<https://wiki.apparmor.net>.
--
--=cut
diff --git a/debian/patches/upstream-commit-94ff870-remove-subdomainfs-support.patch b/debian/patches/upstream-commit-94ff870-remove-subdomainfs-support.patch
deleted file mode 100644
index 9904788e4ae7a7a717ad0e1dfadf431a47dbd9c8..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-commit-94ff870-remove-subdomainfs-support.patch
+++ /dev/null
@@ -1,1539 +0,0 @@
-From: John Johansen <john.johansen@canonical.com>
-Date: Sat, 3 Nov 2018 16:39:49 -0700
-Subject: remove subdomainfs support
-
-It has been over 10 years since transition from subdomainfs to
-using securityfs. Lets drop this deprecated code.
-
-PR: https://gitlab.com/apparmor/apparmor/merge_requests/258
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Acked-by: seth.arnold@canonical.com
----
- changehat/mod_apparmor/mod_apparmor.pod | 2 +-
- parser/Makefile | 6 +-
- parser/apparmor.pod | 2 +-
- parser/apparmor_parser.pod | 4 +-
- parser/parser_include.c | 68 ++---------------
- parser/rc.apparmor.functions | 98 +-----------------------
- parser/subdomain.conf | 53 -------------
- parser/subdomain.conf.pod | 104 --------------------------
- tests/stress/apparmor/Makefile | 24 ++++++
- tests/stress/apparmor/change_hat.c | 51 +++++++++++++
- tests/stress/apparmor/change_hat.profile.pre | 24 ++++++
- tests/stress/apparmor/child.c | 35 +++++++++
- tests/stress/apparmor/child.profile.pre | 12 +++
- tests/stress/apparmor/kill.sh | 19 +++++
- tests/stress/apparmor/open.c | 34 +++++++++
- tests/stress/apparmor/open.profile.pre | 15 ++++
- tests/stress/apparmor/s-2.4.20.sh | 18 +++++
- tests/stress/apparmor/s.sh | 18 +++++
- tests/stress/apparmor/sh.profile.pre | 24 ++++++
- tests/stress/apparmor/stress.sh | 20 +++++
- tests/stress/apparmor/stress.sh-2.4.20 | 18 +++++
- tests/stress/apparmor/uservars.inc | 42 +++++++++++
- tests/stress/subdomain/Makefile | 24 ------
- tests/stress/subdomain/change_hat.c | 51 -------------
- tests/stress/subdomain/change_hat.profile.pre | 24 ------
- tests/stress/subdomain/child.c | 35 ---------
- tests/stress/subdomain/child.profile.pre | 12 ---
- tests/stress/subdomain/kill.sh | 20 -----
- tests/stress/subdomain/open.c | 34 ---------
- tests/stress/subdomain/open.profile.pre | 15 ----
- tests/stress/subdomain/s-2.4.20.sh | 19 -----
- tests/stress/subdomain/s.sh | 19 -----
- tests/stress/subdomain/sh.profile.pre | 24 ------
- tests/stress/subdomain/stress.sh | 21 ------
- tests/stress/subdomain/stress.sh-2.4.20 | 19 -----
- tests/stress/subdomain/uservars.inc | 42 -----------
- utils/apparmor/config.py | 2 +-
- 37 files changed, 368 insertions(+), 684 deletions(-)
- delete mode 100644 parser/subdomain.conf
- delete mode 100644 parser/subdomain.conf.pod
- create mode 100644 tests/stress/apparmor/Makefile
- create mode 100644 tests/stress/apparmor/change_hat.c
- create mode 100644 tests/stress/apparmor/change_hat.profile.pre
- create mode 100644 tests/stress/apparmor/child.c
- create mode 100644 tests/stress/apparmor/child.profile.pre
- create mode 100755 tests/stress/apparmor/kill.sh
- create mode 100644 tests/stress/apparmor/open.c
- create mode 100644 tests/stress/apparmor/open.profile.pre
- create mode 100755 tests/stress/apparmor/s-2.4.20.sh
- create mode 100755 tests/stress/apparmor/s.sh
- create mode 100644 tests/stress/apparmor/sh.profile.pre
- create mode 100755 tests/stress/apparmor/stress.sh
- create mode 100755 tests/stress/apparmor/stress.sh-2.4.20
- create mode 100644 tests/stress/apparmor/uservars.inc
- delete mode 100644 tests/stress/subdomain/Makefile
- delete mode 100644 tests/stress/subdomain/change_hat.c
- delete mode 100644 tests/stress/subdomain/change_hat.profile.pre
- delete mode 100644 tests/stress/subdomain/child.c
- delete mode 100644 tests/stress/subdomain/child.profile.pre
- delete mode 100755 tests/stress/subdomain/kill.sh
- delete mode 100644 tests/stress/subdomain/open.c
- delete mode 100644 tests/stress/subdomain/open.profile.pre
- delete mode 100755 tests/stress/subdomain/s-2.4.20.sh
- delete mode 100755 tests/stress/subdomain/s.sh
- delete mode 100644 tests/stress/subdomain/sh.profile.pre
- delete mode 100755 tests/stress/subdomain/stress.sh
- delete mode 100755 tests/stress/subdomain/stress.sh-2.4.20
- delete mode 100644 tests/stress/subdomain/uservars.inc
-
-diff --git a/changehat/mod_apparmor/mod_apparmor.pod b/changehat/mod_apparmor/mod_apparmor.pod
-index f9352ee..54f9f36 100644
---- a/changehat/mod_apparmor/mod_apparmor.pod
-+++ b/changehat/mod_apparmor/mod_apparmor.pod
-@@ -139,7 +139,7 @@ them at L<https://bugs.launchpad.net/apparmor/+filebug>.
-
- =head1 SEE ALSO
-
--apparmor(7), subdomain.conf(5), apparmor_parser(8), aa_change_hat(2) and
-+apparmor(7), apparmor_parser(8), aa_change_hat(2) and
- L<https://wiki.apparmor.net>.
-
- =cut
-diff --git a/parser/Makefile b/parser/Makefile
-index 1ab173d..714b6a3 100644
---- a/parser/Makefile
-+++ b/parser/Makefile
-@@ -30,7 +30,7 @@ SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
- CONFDIR=/etc/apparmor
- INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
- LOCALEDIR=/usr/share/locale
--MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8
-+MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8
-
- YACC := bison
- YFLAGS := -d
-@@ -72,9 +72,6 @@ endif
- # Internationalization support. Define a package and a LOCALEDIR
- EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
-
--# Compile-time configuration of the location of the config file
--EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\"
--
- SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
- parser_main.c parser_misc.c parser_merge.c parser_symtab.c \
- parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
-@@ -385,7 +382,6 @@ install-arch: $(INSTALLDEPS)
- .PHONY: install-indep
- install-indep: indep
- install -m 755 -d $(INSTALL_CONFDIR)
-- install -m 644 subdomain.conf $(INSTALL_CONFDIR)
- install -m 644 parser.conf $(INSTALL_CONFDIR)
- install -m 755 -d ${DESTDIR}/var/lib/apparmor
- install -m 755 -d $(APPARMOR_BIN_PREFIX)
-diff --git a/parser/apparmor.pod b/parser/apparmor.pod
-index 5752002..4d731f3 100644
---- a/parser/apparmor.pod
-+++ b/parser/apparmor.pod
-@@ -212,7 +212,7 @@ Else, if auditd is running, see auditd(8) and auditd.conf(5).
- =head1 SEE ALSO
-
- apparmor_parser(8), aa_change_hat(2), apparmor.d(5),
--subdomain.conf(5), aa-autodep(1), clean(1),
-+aa-autodep(1), clean(1),
- auditd(8),
- aa-unconfined(8), aa-enforce(1), aa-complain(1), and
- L<https://wiki.apparmor.net>.
-diff --git a/parser/apparmor_parser.pod b/parser/apparmor_parser.pod
-index 2ea283c..8258189 100644
---- a/parser/apparmor_parser.pod
-+++ b/parser/apparmor_parser.pod
-@@ -179,7 +179,7 @@ defined as relative paths.
- Add element n to the search path when resolving #include directives
- defined as an absolute paths.
-
--=item -f n, --subdomainfs n
-+=item -f n, --apparmorfs n
-
- Set the location of the apparmor security filesystem (default is
- "/sys/kernel/security/apparmor").
-@@ -407,7 +407,7 @@ L<https://bugs.launchpad.net/apparmor/+filebug>.
-
- =head1 SEE ALSO
-
--apparmor(7), apparmor.d(5), subdomain.conf(5), aa_change_hat(2), and
-+apparmor(7), apparmor.d(5), aa_change_hat(2), and
- L<https://wiki.apparmor.net>.
-
- =cut
-diff --git a/parser/parser_include.c b/parser/parser_include.c
-index 9fc8b83..d312488 100644
---- a/parser/parser_include.c
-+++ b/parser/parser_include.c
-@@ -17,21 +17,21 @@
- * along with this program; if not, contact Canonical, Ltd.
- */
-
--/* Handle subdomain includes, as a straight forward preprocessing phase.
-+/* Handle apparmor includes, as a straight forward preprocessing phase.
- While we are at it we will strip comments. Why? because it made it
- easier.
-
- We support 2 types of includes
-
- #include <name> which searches for the first occurance of name in the
-- subdomain directory path.
-+ apparmor directory path.
-
- #include "name" which will search for a relative or absolute pathed
- file
-
- -p : preprocess only. Dump output to stdout
- -I path : add a path to be search by #include < >
---b path : set the base path to something other than /etc/subdomain.d
-+-b path : set the base path to something other than /etc/apparmor.d
-
- */
-
-@@ -57,13 +57,6 @@
- /* maximum depth of nesting */
- #define MAX_NEST_LEVEL 100
-
--/* Location of the subdomain.conf file */
--#ifdef SUBDOMAIN_CONFDIR
--#define SUBDOMAIN_CONF SUBDOMAIN_CONFDIR "/subdomain.conf"
--#else /* !defined SUBDOMAIN_CONFDIR */
--#define SUBDOMAIN_CONF "/etc/subdomain.conf"
--#endif /* SUBDOMAIN_CONFDIR */
--
- static char *path[MAX_PATH] = { NULL };
- static int npath = 0;
-
-@@ -71,12 +64,11 @@ static int fgetline(FILE * f, char *buffer, size_t len);
- static int stripcomment(char *s);
- static char *stripblanks(char *s);
-
--/* default base directory is /etc/subdomain.d, it can be overriden
-+/* default base directory is /etc/apparmor.d, it can be overriden
- with the -b option. */
-
- const char *basedir;
- static const char *default_basedir = "/etc/apparmor.d";
--static const char *old_basedir = "/etc/subdomain.d";
-
-
- /* set up basedir so that it can be overridden/used later. */
-@@ -94,12 +86,6 @@ void init_base_dir(void)
- basedir = default_basedir;
- return;
- }
--
-- rc = stat(old_basedir, &sbuf);
-- if (rc == 0 && S_ISDIR(sbuf.st_mode)) {
-- basedir = old_basedir;
-- return;
-- }
- }
-
- /* Set the base dir. Used to change default path for relative includes */
-@@ -164,53 +150,9 @@ int add_search_dir(const char *dir)
- return 1;
- }
-
--/* Parse Subdomain.conf and put the default dirs in place.
--
-- subdomain.conf is a shell sourcable file
-- we only parse entries starting with
-- SUBDOMAIN_PATH=
--
-- if there are multiple entries with SUBDOMAIN_PATH=
-- each will get added.
--
-- SUBDOMAIN_PATH=/etc/subdomain.d:/etc/subdomain.d/include
-- is the same as
-- SUBDOMAIN_PATH=/etc/subdomain.d
-- SUBDOMAIN_PATH=/etc/subdomain.d/include */
- void parse_default_paths(void)
- {
-- autofclose FILE *f;
-- char buf[1024];
-- char *t, *s;
-- int saved_npath = npath;
--
-- f = fopen(SUBDOMAIN_CONF, "r");
-- if (f == NULL)
-- goto out;
--
-- memset(buf, 0, sizeof(buf));
--
-- while (fgetline(f, buf, 1024)) {
-- if (stripcomment(buf) && (t = strstr(buf, "SUBDOMAIN_PATH="))) {
-- t += 15;
-- /* handle : separating path elements */
-- do {
-- s = strchr(t, ':');
-- if (s)
-- *s = 0;
-- if (!add_search_dir(stripblanks(t)))
-- break;
-- if (s)
-- t = s + 1;
-- } while (s != NULL);
-- }
-- }
--
-- /* if subdomain.conf doesn't set a base search dir set it to this */
--out:
-- if (npath - saved_npath == 0) {
-- add_search_dir(basedir);
-- }
-+ add_search_dir(basedir);
- }
-
- FILE *search_path(char *filename, char **fullpath)
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index 875ca08..ab2e58c 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -33,25 +33,12 @@
-
- CONFIG_DIR=/etc/apparmor
- MODULE=apparmor
--OLD_MODULE=subdomain
- if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then
- APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf"
--elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then
-- APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf"
--elif [ -f "/etc/immunix/subdomain.conf" ] ; then
-- aa_log_warning_msg "/etc/immunix/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
-- APPARMOR_CONF="/etc/immunix/subdomain.conf"
--elif [ -f "/etc/subdomain.conf" ] ; then
-- aa_log_warning_msg "/etc/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
-- APPARMOR_CONF="/etc/subdomain.conf"
- else
- aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
- fi
-
--# Read configuration options from /etc/subdomain.conf, default is to
--# warn if subdomain won't load.
--SUBDOMAIN_MODULE_PANIC="warn"
--SUBDOMAIN_ENABLE_OWLSM="no"
- APPARMOR_ENABLE_AAEVENTD="no"
-
- if [ -f "${APPARMOR_CONF}" ] ; then
-@@ -61,28 +48,18 @@ fi
-
- PARSER=/sbin/apparmor_parser
-
--# SUBDOMAIN_DIR and APPARMOR_DIR might be defined in subdomain.conf|apparmor.conf
-+# APPARMOR_DIR might be defined in apparmor.conf
- if [ -d "${APPARMOR_DIR}" ] ; then
- PROFILE_DIR=${APPARMOR_DIR}
--elif [ -d "${SUBDOMAIN_DIR}" ] ; then
-- PROFILE_DIR=${SUBDOMAIN_DIR}
- elif [ -d /etc/apparmor.d ] ; then
- PROFILE_DIR=/etc/apparmor.d
--elif [ -d /etc/subdomain.d ] ; then
-- PROFILE_DIR=/etc/subdomain.d
- fi
- ABSTRACTIONS="-I${PROFILE_DIR}"
- AA_EV_BIN=/usr/sbin/aa-eventd
- AA_EV_PIDFILE=/var/run/aa-eventd.pid
- AA_STATUS=/usr/sbin/aa-status
--SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl
--SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid
--SD_STATUS=/usr/sbin/subdomain_status
- SECURITYFS=/sys/kernel/security
-
--SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \
-- sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
--
- # keep exit status from parser during profile load. 0 is good, 1 is bad
- STATUS=0
-
-@@ -96,9 +73,6 @@ is_apparmor_present() {
- shift
- done
-
-- # check for subdomainfs version of module
-- grep -qE "^($modules)[[:space:]]" /proc/modules
--
- [ $? -ne 0 -a -d /sys/module/apparmor ]
-
- return $?
-@@ -251,44 +225,17 @@ failstop_system() {
- return -1
- }
-
--module_panic() {
-- # the module failed to load, determine what action should be taken
--
-- case "$SUBDOMAIN_MODULE_PANIC" in
-- "warn"|"WARN")
-- return 1 ;;
-- "panic"|"PANIC") failstop_system
-- rc=$?
-- return $rc ;;
-- *) aa_log_failure_msg "- invalid AppArmor module fail option"
-- return -1 ;;
-- esac
--}
--
- is_apparmor_loaded() {
- if ! is_securityfs_mounted ; then
- mount_securityfs
- fi
-
-- mount_subdomainfs
--
- if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
- SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
- return 0
- fi
-
-- if [ -f "${SECURITYFS}/${OLD_MODULE}/profiles" ]; then
-- SFS_MOUNTPOINT="${SECURITYFS}/${OLD_MODULE}"
-- return 0
-- fi
--
-- if [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then
-- SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT}
-- return 0
-- fi
--
-- # check for subdomainfs version of module
-- is_apparmor_present apparmor subdomain
-+ is_apparmor_present apparmor
-
- return $?
- }
-@@ -307,26 +254,6 @@ mount_securityfs() {
- return 0
- }
-
--
--mount_subdomainfs() {
-- # for backwords compatibility
-- if grep -q subdomainfs /proc/filesystems && \
-- ! grep -q subdomainfs /proc/mounts && \
-- [ -n "${SUBDOMAINFS_MOUNTPOINT}" ]; then
-- aa_action "Mounting subdomainfs on ${SUBDOMAINFS_MOUNTPOINT}" \
-- mount "${SUBDOMAINFS_MOUNTPOINT}"
-- return $?
-- fi
-- return 0
--}
--
--unmount_subdomainfs() {
-- SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null)
-- if [ -n "${SUBDOMAINFS}" ]; then
-- aa_action "Unmounting subdomainfs" umount ${SUBDOMAINFS}
-- fi
--}
--
- apparmor_start() {
- aa_log_daemon_msg "Starting AppArmor"
- if ! is_apparmor_present ; then
-@@ -360,7 +287,7 @@ apparmor_start() {
-
- remove_profiles() {
-
-- # removing profiles as we directly read from subdomainfs
-+ # removing profiles as we directly read from apparmorfs
- # doesn't work, since we are removing entries which screws up
- # our position. Lets hope there are never enough profiles to
- # overflow the variable
-@@ -410,11 +337,8 @@ apparmor_kill() {
- return 1
- fi
-
-- unmount_subdomainfs
- if is_apparmor_present apparmor ; then
- MODULE=apparmor
-- elif is_apparmor_present subdomain ; then
-- MODULE=subdomain
- else
- aa_log_failure_msg "AppArmor is builtin"
- return 1
-@@ -461,27 +385,11 @@ apparmor_try_restart() {
- return $?
- }
-
--configure_owlsm () {
-- if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then
-- # Sigh, the "sh -c" is necessary for the SuSE aa_action
-- # and it can't be abstracted out as a seperate function, as
-- # that breaks under RedHat's action, which needs a
-- # binary to invoke.
-- aa_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
-- elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then
-- aa_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
-- fi
--}
--
- apparmor_status () {
- if test -x ${AA_STATUS} ; then
- ${AA_STATUS} --verbose
- return $?
- fi
-- if test -x ${SD_STATUS} ; then
-- ${SD_STATUS} --verbose
-- return $?
-- fi
- if ! is_apparmor_loaded ; then
- echo "AppArmor is not loaded."
- rc=1
-diff --git a/parser/subdomain.conf b/parser/subdomain.conf
-deleted file mode 100644
-index 20e7cab..0000000
---- a/parser/subdomain.conf
-+++ /dev/null
-@@ -1,53 +0,0 @@
--# subdomain.conf is a shared AppArmor configuration file that is sh sourcable.
--
--################## AppArmor init.d configuration ################
--
--# Move this to /etc/sysconfig/apparmor eventually
--## Path: System/AppArmor
--## Description: Enable the OWLSM extension to AppArmor
--## Type: yesno
--## Default: no
--#
--# Enable OWLSM extension to AppArmor?
--# OWLSM is an extension to AppArmor that prevents processes from
--# following symlinks they don't own and creating hardlinks to files they
--# don't own, in an attempt to prevent /tmp race attacks. However, OWLSM
--# can break some applications, so is disabled by default.
--SUBDOMAIN_ENABLE_OWLSM="no"
--
--## Path: System/AppArmor
--## Description: Enable the AppArmor event daemon for reporting
--## Type: yesno
--## Default: no
--#
--# Enable the AppArmor event daemon for reporting?
--APPARMOR_ENABLE_AAEVENTD="no"
--
--#SUBDOMAIN_MODULE_PANIC=XXX
--#This option controls how subdomain behaves when the init script attempts
--#to load the AppArmor module and fails. There are 4 options
--#warn - log a failure message. (default behavior)
--#build - attempt to build the AppArmor module is the module can't be loaded.
--# If successful
--# the module will be built for the running kernel and loaded.
--# If the build fails
--# a failure message is logged
--#panic - If the AppArmor module fails to load
--# a failure message will be logged
--# and the machine will drop to runlevel 1 (single user)
--#build-panic - If the AppArmor module fails to load
--# attempt to build the module
--# If building the module fails
--# panic (drop to runlevel 1)
--
--#SUBDOMAIN_MODULE_PANIC=warn
--
--################## subdomain_parser configuration ################
--
--#SUBDOMAIN_PATH=XXXX
--#This option specifies the include path that the subdomain_parser will
--#use by default. If no entry is specified /etc/subdomain.d is used by
--#default.
--
--#SUBDOMAIN_PATH=/etc/subdomain.d
--
-diff --git a/parser/subdomain.conf.pod b/parser/subdomain.conf.pod
-deleted file mode 100644
-index b38f748..0000000
---- a/parser/subdomain.conf.pod
-+++ /dev/null
-@@ -1,104 +0,0 @@
--# ----------------------------------------------------------------------
--# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
--# 2008, 2009
--# NOVELL (All rights reserved)
--#
--# Copyright (c) 2010 - 2012
--# Canonical Ltd. (All rights reserved)
--#
--# This program is free software; you can redistribute it and/or
--# modify it under the terms of version 2 of the GNU General Public
--# License published by the Free Software Foundation.
--#
--# This program is distributed in the hope that it will be useful,
--# but WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--# GNU General Public License for more details.
--#
--# You should have received a copy of the GNU General Public License
--# along with this program; if not, contact Novell, Inc.
--# ----------------------------------------------------------------------
--
--
--=pod
--
--=head1 NAME
--
--/etc/apparmor/subdomain.conf - configuration file for fine-tuning the
--behavior of the AppArmor security tool.
--
--=head1 DESCRIPTION
--
--The AppArmor security tool can be configured to have
--certain default behaviors based on configuration options set
--in subdomain.conf. There are two variables that can be set in
--subdomain.conf: B<SUBDOMAIN_PATH>, and B<SUBDOMAIN_MODULE_PANIC>.
--
--=begin comment
--
--FIXME keep quiet about OWLSM support for now.
--
--=head2 SUBDOMAIN_ENABLE_OWLSM
--
--This veriable is a yes/no toggle and is by default set to I<no>.
--
--This variable determines whether the AppArmor initscript will enable
--or disable the OWLsm security extension to AppArmor when the AppArmor
--security tool is started. When enabled the OWLsm feature prevents programs
--from following symlinks in temporary directories that are not owned by
--the program's UID, and prevents processes from creating hardlinks to
--files not owned by their UID.
--
--=end comment
--
--=head2 SUBDOMAIN_PATH
--
--This variable accepts a string (path), and is by default set to
--'/etc/apparmor.d/' This variable defines where the AppArmor security
--tool looks for its policy definitions (a.k.a. AppArmor profiles).
--
--=head2 SUBDOMAIN_MODULE_PANIC
--
--This variable accepts a string that is one of four values: I<warn>,
--I<build>, I<panic>, or I<build-panic>, and is set by default to I<warn>.
--
--This setting controls the behavior of the AppArmor initscript if it
--cannot successfully load the AppArmor kernel module on startup. The four
--possible settings are:
--
--=over 4
--
--=item I<warn>
--
--Log a failure message (the default behavior).
--
--=item I<build>
--
--Attempt to build the AppArmor module against the currently running
--kernel. If the compilation is successful, the module will be loaded and
--AppArmor started; if the compilation fails, a failure message is logged.
--
--=item I<panic>
--
--Log a failure message and drop to runlevel 1 (single user).
--
--=item I<build-panic>
--
--Attempt to build the module against the running kernel (like I<build>)
--and if the compilation fails, drop to runlevel 1 (single user).
--
--=back
--
--=head1 BUGS
--
--Setting the initscript to recompile the module will fail on SUSE, as the
--module source is no longer installed by default. However, the module has
--been included with the SUSE kernel, so no rebuilding should be necessary.
--
--If you find any additional bugs, please report them at
--L<https://bugs.launchpad.net/apparmor/+filebug>.
--
--=head1 SEE ALSO
--
--apparmor(7), apparmor_parser(8), and
--L<https://wiki.apparmor.net>.
-diff --git a/tests/stress/apparmor/Makefile b/tests/stress/apparmor/Makefile
-new file mode 100644
-index 0000000..59a0053
---- /dev/null
-+++ b/tests/stress/apparmor/Makefile
-@@ -0,0 +1,24 @@
-+TARGETS=change_hat child open
-+PROFILES=change_hat.profile child.profile open.profile sh.profile
-+LIB:=apparmor
-+LIBS=-l$(LIB)
-+
-+all: targets profiles
-+
-+targets: $(TARGETS)
-+
-+profiles:
-+ for i in $(PROFILES) ;\
-+ do \
-+ sed "s~BASE~$$PWD~" $$i.pre | sed "s/AA/${LIB}/" > $$i ;\
-+ done
-+
-+change_hat: change_hat.c
-+ cc -Wall -o $@ $< $(LIBS)
-+child: child.c
-+ cc -Wall -o $@ $< $(LIBS)
-+open: open.c
-+ cc -Wall -o $@ $< $(LIBS)
-+
-+clean:
-+ rm -f $(TARGETS) $(PROFILES)
-diff --git a/tests/stress/apparmor/change_hat.c b/tests/stress/apparmor/change_hat.c
-new file mode 100644
-index 0000000..637a55b
---- /dev/null
-+++ b/tests/stress/apparmor/change_hat.c
-@@ -0,0 +1,51 @@
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <linux/unistd.h>
-+
-+#include "sys/apparmor.h"
-+
-+#define SD_ID_MAGIC 0xdeadbeef
-+
-+int main(int argc, char *argv[])
-+{
-+ int fd, error;
-+ char *hat_name;
-+ int hat_magic;
-+ char *o_file = "/bin/ls";
-+
-+ while (1) {
-+ hat_name = "/subprofile/foo";
-+ hat_magic = SD_ID_MAGIC + 1;
-+ if (argc > 1)
-+ hat_name = argv[1];
-+
-+ printf("before entering change_hat\n");
-+ error = change_hat(hat_name, hat_magic);
-+ printf("change_hat(%s, 0x%x): %s\n", hat_name, hat_magic,
-+ strerror(errno));
-+
-+ errno = 0;
-+ fd = open(o_file, O_RDONLY);
-+ printf("open(%s): %s\n", o_file, strerror(errno));
-+ if (fd != -1)
-+ close(fd);
-+
-+ hat_name = NULL;
-+ printf("before leaving change_hat\n");
-+ errno = 0;
-+ error = change_hat(hat_name, hat_magic);
-+ printf("change_hat(%s, 0x%x): %s\n", "NULL", hat_magic,
-+ strerror(errno));
-+
-+ errno = 0;
-+ fd = open(o_file, O_RDONLY);
-+ printf("open(%s): %s\n", o_file, strerror(errno));
-+ if (fd != -1)
-+ close(fd);
-+ }
-+}
-diff --git a/tests/stress/apparmor/change_hat.profile.pre b/tests/stress/apparmor/change_hat.profile.pre
-new file mode 100644
-index 0000000..1591e97
---- /dev/null
-+++ b/tests/stress/apparmor/change_hat.profile.pre
-@@ -0,0 +1,24 @@
-+BASE/change_hat {
-+/lib/lib*.so rm,
-+/usr/lib/lib*.so rm,
-+/lib/lib*.so.* rm,
-+/lib/i[356]86/lib*.so rm,
-+/lib/tls/lib*.*.so rm,
-+/lib/ld-*.so rix,
-+/etc/ld.so.* r,
-+BASE/change_hat r,
-+/bin/ls rix,
-+/dev/pts/* rw,
-+/dev/tty* rw,
-+/dev/null rw,
-+/dev/urandom r,
-+
-+ ^/subprofile/foo {
-+ /bin/bash rix,
-+ /tmp/foobar r,
-+ /bin/ls rix,
-+ /dev/pts/* rw,
-+ /dev/tty* rw,
-+ /dev/null rw,
-+ }
-+}
-diff --git a/tests/stress/apparmor/child.c b/tests/stress/apparmor/child.c
-new file mode 100644
-index 0000000..40fba28
---- /dev/null
-+++ b/tests/stress/apparmor/child.c
-@@ -0,0 +1,35 @@
-+#include <stdio.h>
-+#include <sys/types.h>
-+#include <unistd.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <signal.h>
-+#include <stdlib.h>
-+#include <sys/wait.h>
-+
-+static int zombies;
-+
-+void sigchld(int num)
-+{
-+ zombies++;
-+}
-+
-+int main()
-+{
-+ pid_t pid;
-+ int i;
-+
-+ signal(SIGCHLD, sigchld);
-+again:
-+ for (i = 0; i < 500; i++) {
-+ pid = fork();
-+ if (pid > 0)
-+ continue;
-+ else if (pid == 0)
-+ exit(0);
-+ else
-+ printf("fork: %s\n", strerror(errno));
-+ }
-+ while (waitpid(0, NULL, WNOHANG) > 0);
-+ goto again;
-+}
-diff --git a/tests/stress/apparmor/child.profile.pre b/tests/stress/apparmor/child.profile.pre
-new file mode 100644
-index 0000000..5c2d841
---- /dev/null
-+++ b/tests/stress/apparmor/child.profile.pre
-@@ -0,0 +1,12 @@
-+BASE/child {
-+/lib/libc-*.so rm,
-+/lib/libc-*.so.* rm,
-+/lib/ld-*.so rix,
-+/lib/ld-*.so.* rix,
-+/{usr/,}lib/libAA* rm,
-+/etc/ld.so.* r,
-+BASE/child r,
-+/bin/ls r,
-+/dev/pts/* rw,
-+/dev/tty* rw,
-+}
-diff --git a/tests/stress/apparmor/kill.sh b/tests/stress/apparmor/kill.sh
-new file mode 100755
-index 0000000..4c4d3d1
---- /dev/null
-+++ b/tests/stress/apparmor/kill.sh
-@@ -0,0 +1,19 @@
-+#!/bin/sh
-+
-+. ./uservars.inc
-+
-+if [ `whoami` != root ]
-+then
-+ echo "$0: must be root" >&2
-+ exit 1
-+fi
-+
-+$subdomain_parser -R change_hat.profile 2>&1 > /dev/null
-+$subdomain_parser change_hat.profile
-+
-+./change_hat > /dev/null 2>&1 &
-+
-+while :
-+do
-+ $subdomain_parser -r change_hat.profile > /dev/null 2>&1 &
-+done &
-diff --git a/tests/stress/apparmor/open.c b/tests/stress/apparmor/open.c
-new file mode 100644
-index 0000000..099c14a
---- /dev/null
-+++ b/tests/stress/apparmor/open.c
-@@ -0,0 +1,34 @@
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#include <errno.h>
-+#include <string.h>
-+#include <stdio.h>
-+#include <linux/unistd.h>
-+
-+#define MAX_LOOP 1000000
-+int main(int argc, char *argv[])
-+{
-+ int fd, i, success, fail;
-+ char *o_file = "/bin/ls";
-+
-+ if (argc > 1)
-+ o_file = argv[1];
-+
-+ for (i=0, success=0, fail=0; i<MAX_LOOP; i++) {
-+// for (i=0, success=0, fail=0; !i; i++) {
-+ fd = open(o_file, O_RDONLY);
-+ if (fd != -1) {
-+ success++;
-+ close(fd);
-+ } else {
-+ printf("open: %s\n", strerror(errno));
-+ fail++;
-+ }
-+ }
-+ printf("Iterations: %d\tSuccess: %d\t Fail: %d\n",
-+ MAX_LOOP, success, fail);
-+
-+ return 0;
-+}
-diff --git a/tests/stress/apparmor/open.profile.pre b/tests/stress/apparmor/open.profile.pre
-new file mode 100644
-index 0000000..182e131
---- /dev/null
-+++ b/tests/stress/apparmor/open.profile.pre
-@@ -0,0 +1,15 @@
-+BASE/open {
-+/lib/libc-*.so rm,
-+/lib/libc-*.so.* rm,
-+/lib/ld-*.so rix,
-+/lib/ld-*.so.* rix,
-+/{usr/,}lib/libAA* rm,
-+/etc/ld.so.* r,
-+BASE/open r,
-+/bin/ls r,
-+/dev/pts/* rw,
-+/dev/tty* rw,
-+/tmp/foobar rw,
-+/tmp/baz rw,
-+/tmp/{a,b,c,d,e,f,g} rw,
-+}
-diff --git a/tests/stress/apparmor/s-2.4.20.sh b/tests/stress/apparmor/s-2.4.20.sh
-new file mode 100755
-index 0000000..c7ef30a
---- /dev/null
-+++ b/tests/stress/apparmor/s-2.4.20.sh
-@@ -0,0 +1,18 @@
-+#!/bin/sh
-+
-+subdomain_parser=./subdomain_parser
-+
-+cat change_hat.profile child.profile open.profile | ${subdomain_parser}
-+
-+#./open & ./open /tmp/foobar &
-+
-+#./child & ./child &
-+
-+#./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
-+
-+while :
-+do
-+ cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+done &
-diff --git a/tests/stress/apparmor/s.sh b/tests/stress/apparmor/s.sh
-new file mode 100755
-index 0000000..c7ef30a
---- /dev/null
-+++ b/tests/stress/apparmor/s.sh
-@@ -0,0 +1,18 @@
-+#!/bin/sh
-+
-+subdomain_parser=./subdomain_parser
-+
-+cat change_hat.profile child.profile open.profile | ${subdomain_parser}
-+
-+#./open & ./open /tmp/foobar &
-+
-+#./child & ./child &
-+
-+#./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
-+
-+while :
-+do
-+ cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+done &
-diff --git a/tests/stress/apparmor/sh.profile.pre b/tests/stress/apparmor/sh.profile.pre
-new file mode 100644
-index 0000000..378dbb0
---- /dev/null
-+++ b/tests/stress/apparmor/sh.profile.pre
-@@ -0,0 +1,24 @@
-+BASE/sh {
-+/bin/* rix,
-+/dev/tty rw,
-+/dev/pts/* rw,
-+/etc/fstab r,
-+/etc/inputrc r,
-+/etc/ld.so.* r,
-+/etc/mtab r,
-+/etc/nsswitch.conf r,
-+/etc/passwd r,
-+/etc/termcap r,
-+BASE/sh r,
-+BASE/* rix,
-+/lib/libc-*.so rm,
-+/lib/libc-*.so.* rm,
-+/lib/ld-*.so rix,
-+/lib/ld-*.so.* rix,
-+/lib/** rm,
-+/{usr/,}/lib/libAA* rm,
-+/proc/meminfo r,
-+/usr/lib/locale/** r,
-+/usr/share/locale/** r,
-+/**.bash_history r,
-+}
-diff --git a/tests/stress/apparmor/stress.sh b/tests/stress/apparmor/stress.sh
-new file mode 100755
-index 0000000..d8b01e5
---- /dev/null
-+++ b/tests/stress/apparmor/stress.sh
-@@ -0,0 +1,20 @@
-+#!/bin/sh
-+
-+. ./uservars.inc
-+
-+${subdomain_parser} change_hat.profile child.profile open.profile
-+
-+rm -f /tmp/foobar && touch /tmp/foobar
-+
-+./open & ./open /tmp/foobar &
-+
-+./child & ./child &
-+
-+./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
-+
-+while :
-+do
-+ ${subdomain_parser} -r change_hat.profile > /dev/null 2>&1 &
-+ ${subdomain_parser} -r child.profile > /dev/null 2>&1 &
-+ ${subdomain_parser} -r open.profile > /dev/null 2>&1 &
-+done &
-diff --git a/tests/stress/apparmor/stress.sh-2.4.20 b/tests/stress/apparmor/stress.sh-2.4.20
-new file mode 100755
-index 0000000..ef326d9
---- /dev/null
-+++ b/tests/stress/apparmor/stress.sh-2.4.20
-@@ -0,0 +1,18 @@
-+#!/bin/sh
-+
-+subdomain_parser=./subdomain_parser
-+
-+cat change_hat.profile child.profile open.profile | ${subdomain_parser}
-+
-+#./open & ./open /tmp/foobar &
-+
-+#./child & ./child &
-+
-+./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
-+
-+while :
-+do
-+ cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+ cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-+done &
-diff --git a/tests/stress/apparmor/uservars.inc b/tests/stress/apparmor/uservars.inc
-new file mode 100644
-index 0000000..c0b27a7
---- /dev/null
-+++ b/tests/stress/apparmor/uservars.inc
-@@ -0,0 +1,42 @@
-+if [ -e /sbin/subdomain_parser ] ; then
-+ subdomain_parser=/sbin/subdomain_parser
-+else
-+ subdomain_parser=/sbin/apparmor_parser
-+fi
-+
-+if [ -n "`grep subdomainfs /proc/filesystems`" ]
-+then
-+ subdomainfs=/subdomain
-+elif [ -n "`grep securityfs /proc/filesystems`" ]
-+then
-+ if [ -e /sys/kernel/security/subdomain ] ; then
-+ subdomainfs=/sys/kernel/security/subdomain
-+ else
-+ subdomainfs=/sys/kernel/security/apparmor
-+ fi
-+else
-+ echo "$0: Unable to find subdomainfs" >&2
-+ exit 1
-+fi
-+
-+if [ ! -x $subdomain_parser ]
-+then
-+ echo "$0: $subdomain_parser not executable" >&2
-+ exit 1
-+fi
-+
-+if [ -z "`grep '^subdomain ' /proc/modules`" ]
-+then
-+ if [ -z "`grep '^apparmor ' /proc/modules`" ] ; then
-+ if [ ! -d "/sys/module/apparmor" ] ; then
-+ echo "$0: apparmor module not loaded" >&2
-+ exit 1
-+ fi
-+ fi
-+fi
-+
-+if [ ! -w $subdomainfs/.load ]
-+then
-+ echo "$0: $subdomainfs/.load not present" >&2
-+ exit 1
-+fi
-diff --git a/tests/stress/subdomain/Makefile b/tests/stress/subdomain/Makefile
-deleted file mode 100644
-index 4cbc83f..0000000
---- a/tests/stress/subdomain/Makefile
-+++ /dev/null
-@@ -1,24 +0,0 @@
--TARGETS=change_hat child open
--PROFILES=change_hat.profile child.profile open.profile sh.profile
--LIB:=apparmor
--LIBS=-l$(LIB)
--
--all: targets profiles
--
--targets: $(TARGETS)
--
--profiles:
-- for i in $(PROFILES) ;\
-- do \
-- sed "s~BASE~$$PWD~" $$i.pre | sed "s/AA/${LIB}/" > $$i ;\
-- done
--
--change_hat: change_hat.c
-- cc -Wall -o $@ $< $(LIBS)
--child: child.c
-- cc -Wall -o $@ $< $(LIBS)
--open: open.c
-- cc -Wall -o $@ $< $(LIBS)
--
--clean:
-- rm -f $(TARGETS) $(PROFILES)
-diff --git a/tests/stress/subdomain/change_hat.c b/tests/stress/subdomain/change_hat.c
-deleted file mode 100644
-index bef0024..0000000
---- a/tests/stress/subdomain/change_hat.c
-+++ /dev/null
-@@ -1,51 +0,0 @@
--#include <unistd.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <fcntl.h>
--#include <errno.h>
--#include <string.h>
--#include <stdio.h>
--#include <linux/unistd.h>
--
--#include "sys/apparmor.h"
--
--#define SD_ID_MAGIC 0xdeadbeef
--
--int main(int argc, char *argv[])
--{
-- int fd, error;
-- char *hat_name;
-- int hat_magic;
-- char *o_file = "/bin/ls";
--
-- while (1) {
-- hat_name = "/subprofile/foo";
-- hat_magic = SD_ID_MAGIC + 1;
-- if (argc > 1)
-- hat_name = argv[1];
--
-- printf("before entering change_hat\n");
-- error = change_hat(hat_name, hat_magic);
-- printf("change_hat(%s, 0x%x): %s\n", hat_name, hat_magic,
-- strerror(errno));
--
-- errno = 0;
-- fd = open(o_file, O_RDONLY);
-- printf("open(%s): %s\n", o_file, strerror(errno));
-- if (fd != -1)
-- close(fd);
--
-- hat_name = NULL;
-- printf("before leaving change_hat\n");
-- errno = 0;
-- error = change_hat(hat_name, hat_magic);
-- printf("change_hat(%s, 0x%x): %s\n", "NULL", hat_magic,
-- strerror(errno));
--
-- errno = 0;
-- fd = open(o_file, O_RDONLY);
-- printf("open(%s): %s\n", o_file, strerror(errno));
-- if (fd != -1)
-- close(fd);
-- }
--}
-diff --git a/tests/stress/subdomain/change_hat.profile.pre b/tests/stress/subdomain/change_hat.profile.pre
-deleted file mode 100644
-index 1591e97..0000000
---- a/tests/stress/subdomain/change_hat.profile.pre
-+++ /dev/null
-@@ -1,24 +0,0 @@
--BASE/change_hat {
--/lib/lib*.so rm,
--/usr/lib/lib*.so rm,
--/lib/lib*.so.* rm,
--/lib/i[356]86/lib*.so rm,
--/lib/tls/lib*.*.so rm,
--/lib/ld-*.so rix,
--/etc/ld.so.* r,
--BASE/change_hat r,
--/bin/ls rix,
--/dev/pts/* rw,
--/dev/tty* rw,
--/dev/null rw,
--/dev/urandom r,
--
-- ^/subprofile/foo {
-- /bin/bash rix,
-- /tmp/foobar r,
-- /bin/ls rix,
-- /dev/pts/* rw,
-- /dev/tty* rw,
-- /dev/null rw,
-- }
--}
-diff --git a/tests/stress/subdomain/child.c b/tests/stress/subdomain/child.c
-deleted file mode 100644
-index 2f00e5b..0000000
---- a/tests/stress/subdomain/child.c
-+++ /dev/null
-@@ -1,35 +0,0 @@
--#include <stdio.h>
--#include <sys/types.h>
--#include <unistd.h>
--#include <errno.h>
--#include <string.h>
--#include <signal.h>
--#include <stdlib.h>
--#include <sys/wait.h>
--
--static int zombies;
--
--void sigchld(int num)
--{
-- zombies++;
--}
--
--int main()
--{
-- pid_t pid;
-- int i;
--
-- signal(SIGCHLD, sigchld);
--again:
-- for (i = 0; i < 500; i++) {
-- pid = fork();
-- if (pid > 0)
-- continue;
-- else if (pid == 0)
-- exit(0);
-- else
-- printf("fork: %s\n", strerror(errno));
-- }
-- while (waitpid(0, NULL, WNOHANG) > 0);
-- goto again;
--}
-diff --git a/tests/stress/subdomain/child.profile.pre b/tests/stress/subdomain/child.profile.pre
-deleted file mode 100644
-index 5c2d841..0000000
---- a/tests/stress/subdomain/child.profile.pre
-+++ /dev/null
-@@ -1,12 +0,0 @@
--BASE/child {
--/lib/libc-*.so rm,
--/lib/libc-*.so.* rm,
--/lib/ld-*.so rix,
--/lib/ld-*.so.* rix,
--/{usr/,}lib/libAA* rm,
--/etc/ld.so.* r,
--BASE/child r,
--/bin/ls r,
--/dev/pts/* rw,
--/dev/tty* rw,
--}
-diff --git a/tests/stress/subdomain/kill.sh b/tests/stress/subdomain/kill.sh
-deleted file mode 100755
-index f41f930..0000000
---- a/tests/stress/subdomain/kill.sh
-+++ /dev/null
-@@ -1,20 +0,0 @@
--#!/bin/sh
--
--. ./uservars.inc
--
--if [ `whoami` != root ]
--then
-- echo "$0: must be root" >&2
-- exit 1
--fi
--
--$subdomain_parser -R change_hat.profile 2>&1 > /dev/null
--$subdomain_parser change_hat.profile
--
--./change_hat > /dev/null 2>&1 &
--
--while :
--do
-- $subdomain_parser -r change_hat.profile > /dev/null 2>&1 &
--done &
--
-diff --git a/tests/stress/subdomain/open.c b/tests/stress/subdomain/open.c
-deleted file mode 100644
-index acf838b..0000000
---- a/tests/stress/subdomain/open.c
-+++ /dev/null
-@@ -1,34 +0,0 @@
--#include <unistd.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <fcntl.h>
--#include <errno.h>
--#include <string.h>
--#include <stdio.h>
--#include <linux/unistd.h>
--
--#define MAX_LOOP 1000000
--int main(int argc, char *argv[])
--{
-- int fd, i, success, fail;
-- char *o_file = "/bin/ls";
--
-- if (argc > 1)
-- o_file = argv[1];
--
-- for (i=0, success=0, fail=0; i<MAX_LOOP; i++) {
--// for (i=0, success=0, fail=0; !i; i++) {
-- fd = open(o_file, O_RDONLY);
-- if (fd != -1) {
-- success++;
-- close(fd);
-- } else {
-- printf("open: %s\n", strerror(errno));
-- fail++;
-- }
-- }
-- printf("Iterations: %d\tSuccess: %d\t Fail: %d\n",
-- MAX_LOOP, success, fail);
--
-- return 0;
--}
-diff --git a/tests/stress/subdomain/open.profile.pre b/tests/stress/subdomain/open.profile.pre
-deleted file mode 100644
-index 182e131..0000000
---- a/tests/stress/subdomain/open.profile.pre
-+++ /dev/null
-@@ -1,15 +0,0 @@
--BASE/open {
--/lib/libc-*.so rm,
--/lib/libc-*.so.* rm,
--/lib/ld-*.so rix,
--/lib/ld-*.so.* rix,
--/{usr/,}lib/libAA* rm,
--/etc/ld.so.* r,
--BASE/open r,
--/bin/ls r,
--/dev/pts/* rw,
--/dev/tty* rw,
--/tmp/foobar rw,
--/tmp/baz rw,
--/tmp/{a,b,c,d,e,f,g} rw,
--}
-diff --git a/tests/stress/subdomain/s-2.4.20.sh b/tests/stress/subdomain/s-2.4.20.sh
-deleted file mode 100755
-index 7bd049a..0000000
---- a/tests/stress/subdomain/s-2.4.20.sh
-+++ /dev/null
-@@ -1,19 +0,0 @@
--#!/bin/sh
--
--subdomain_parser=./subdomain_parser
--
--cat change_hat.profile child.profile open.profile | ${subdomain_parser}
--
--#./open & ./open /tmp/foobar &
--
--#./child & ./child &
--
--#./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
--
--while :
--do
-- cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
--done &
--
-diff --git a/tests/stress/subdomain/s.sh b/tests/stress/subdomain/s.sh
-deleted file mode 100755
-index 7bd049a..0000000
---- a/tests/stress/subdomain/s.sh
-+++ /dev/null
-@@ -1,19 +0,0 @@
--#!/bin/sh
--
--subdomain_parser=./subdomain_parser
--
--cat change_hat.profile child.profile open.profile | ${subdomain_parser}
--
--#./open & ./open /tmp/foobar &
--
--#./child & ./child &
--
--#./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
--
--while :
--do
-- cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
--done &
--
-diff --git a/tests/stress/subdomain/sh.profile.pre b/tests/stress/subdomain/sh.profile.pre
-deleted file mode 100644
-index 378dbb0..0000000
---- a/tests/stress/subdomain/sh.profile.pre
-+++ /dev/null
-@@ -1,24 +0,0 @@
--BASE/sh {
--/bin/* rix,
--/dev/tty rw,
--/dev/pts/* rw,
--/etc/fstab r,
--/etc/inputrc r,
--/etc/ld.so.* r,
--/etc/mtab r,
--/etc/nsswitch.conf r,
--/etc/passwd r,
--/etc/termcap r,
--BASE/sh r,
--BASE/* rix,
--/lib/libc-*.so rm,
--/lib/libc-*.so.* rm,
--/lib/ld-*.so rix,
--/lib/ld-*.so.* rix,
--/lib/** rm,
--/{usr/,}/lib/libAA* rm,
--/proc/meminfo r,
--/usr/lib/locale/** r,
--/usr/share/locale/** r,
--/**.bash_history r,
--}
-diff --git a/tests/stress/subdomain/stress.sh b/tests/stress/subdomain/stress.sh
-deleted file mode 100755
-index 9df71e0..0000000
---- a/tests/stress/subdomain/stress.sh
-+++ /dev/null
-@@ -1,21 +0,0 @@
--#!/bin/sh
--
--. ./uservars.inc
--
--${subdomain_parser} change_hat.profile child.profile open.profile
--
--rm -f /tmp/foobar && touch /tmp/foobar
--
--./open & ./open /tmp/foobar &
--
--./child & ./child &
--
--./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
--
--while :
--do
-- ${subdomain_parser} -r change_hat.profile > /dev/null 2>&1 &
-- ${subdomain_parser} -r child.profile > /dev/null 2>&1 &
-- ${subdomain_parser} -r open.profile > /dev/null 2>&1 &
--done &
--
-diff --git a/tests/stress/subdomain/stress.sh-2.4.20 b/tests/stress/subdomain/stress.sh-2.4.20
-deleted file mode 100755
-index 66bf731..0000000
---- a/tests/stress/subdomain/stress.sh-2.4.20
-+++ /dev/null
-@@ -1,19 +0,0 @@
--#!/bin/sh
--
--subdomain_parser=./subdomain_parser
--
--cat change_hat.profile child.profile open.profile | ${subdomain_parser}
--
--#./open & ./open /tmp/foobar &
--
--#./child & ./child &
--
--./change_hat > /dev/null 2>&1 & ./change_hat /tmp/foo > /dev/null 2>&1 &
--
--while :
--do
-- cat change_hat.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat child.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
-- cat open.profile | ${subdomain_parser} -r > /dev/null 2>&1 &
--done &
--
-diff --git a/tests/stress/subdomain/uservars.inc b/tests/stress/subdomain/uservars.inc
-deleted file mode 100644
-index c0b27a7..0000000
---- a/tests/stress/subdomain/uservars.inc
-+++ /dev/null
-@@ -1,42 +0,0 @@
--if [ -e /sbin/subdomain_parser ] ; then
-- subdomain_parser=/sbin/subdomain_parser
--else
-- subdomain_parser=/sbin/apparmor_parser
--fi
--
--if [ -n "`grep subdomainfs /proc/filesystems`" ]
--then
-- subdomainfs=/subdomain
--elif [ -n "`grep securityfs /proc/filesystems`" ]
--then
-- if [ -e /sys/kernel/security/subdomain ] ; then
-- subdomainfs=/sys/kernel/security/subdomain
-- else
-- subdomainfs=/sys/kernel/security/apparmor
-- fi
--else
-- echo "$0: Unable to find subdomainfs" >&2
-- exit 1
--fi
--
--if [ ! -x $subdomain_parser ]
--then
-- echo "$0: $subdomain_parser not executable" >&2
-- exit 1
--fi
--
--if [ -z "`grep '^subdomain ' /proc/modules`" ]
--then
-- if [ -z "`grep '^apparmor ' /proc/modules`" ] ; then
-- if [ ! -d "/sys/module/apparmor" ] ; then
-- echo "$0: apparmor module not loaded" >&2
-- exit 1
-- fi
-- fi
--fi
--
--if [ ! -w $subdomainfs/.load ]
--then
-- echo "$0: $subdomainfs/.load not present" >&2
-- exit 1
--fi
-diff --git a/utils/apparmor/config.py b/utils/apparmor/config.py
-index 64334c9..b8fcc0d 100644
---- a/utils/apparmor/config.py
-+++ b/utils/apparmor/config.py
-@@ -40,7 +40,7 @@ from apparmor.common import AppArmorException, open_file_read # , warn, msg,
-
- # CFG = None
- # REPO_CFG = None
--# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf', 'subdomain.conf']
-+# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf']
- class Config(object):
- def __init__(self, conf_type, conf_dir='/etc/apparmor'):
- self.CONF_DIR = conf_dir
diff --git a/debian/patches/upstream-mr-252-Make-rc.apparmor.functions-suitable-for-Debian-and-Ubuntu.patch b/debian/patches/upstream-mr-252-Make-rc.apparmor.functions-suitable-for-Debian-and-Ubuntu.patch
deleted file mode 100644
index c9388b4de8f8bab24a6565b28623b4a642c76b2c..0000000000000000000000000000000000000000
--- a/debian/patches/upstream-mr-252-Make-rc.apparmor.functions-suitable-for-Debian-and-Ubuntu.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-From: intrigeri <intrigeri@boum.org>
-Date: Fri, 28 Dec 2018 16:11:26 +0000
-Subject: Make rc.apparmor.functions suitable for Debian and Ubuntu
-Forwarded: yes
-Origin: https://gitlab.com/apparmor/apparmor/merge_requests/252
----
- parser/rc.apparmor.functions | 217 +++++++++++++++++++++++++------------------
- 1 file changed, 125 insertions(+), 92 deletions(-)
-
-diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
-index c954c5f..73f6a84 100644
---- a/parser/rc.apparmor.functions
-+++ b/parser/rc.apparmor.functions
-@@ -1,7 +1,7 @@
- #!/bin/sh
- # ----------------------------------------------------------------------
- # Copyright (c) 1999-2008 NOVELL (All rights reserved)
--# Copyright (c) 2009-2012 Canonical Ltd. (All rights reserved)
-+# Copyright (c) 2009-2018 Canonical Ltd. (All rights reserved)
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of version 2 of the GNU General Public
-@@ -31,28 +31,23 @@
-
- # Some nice defines that we use
-
--CONFIG_DIR=/etc/apparmor
- MODULE=apparmor
--if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then
-- APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf"
--else
-- aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
-+PARSER=/sbin/apparmor_parser
-+PARSER_OPTS=
-+# Suppress warnings when booting in quiet mode
-+if [ "${QUIET:-no}" = yes ] || [ "${quiet:-n}" = y ]; then
-+ PARSER_OPTS="$PARSER_OPTS --quiet"
- fi
-
--if [ -f "${APPARMOR_CONF}" ] ; then
-- #parse the conf file to see what we should do
-- . "${APPARMOR_CONF}"
-+if [ -d /etc/apparmor.d ] ; then
-+ PROFILE_DIRS=/etc/apparmor.d
-+else
-+ aa_log_warning_msg "Unable to find profiles directory, installation problem?"
- fi
--
--PARSER=/sbin/apparmor_parser
--
--# APPARMOR_DIR might be defined in apparmor.conf
--if [ -d "${APPARMOR_DIR}" ] ; then
-- PROFILE_DIR=${APPARMOR_DIR}
--elif [ -d /etc/apparmor.d ] ; then
-- PROFILE_DIR=/etc/apparmor.d
-+ADDITIONAL_PROFILE_DIR=/var/lib/snapd/apparmor/profiles
-+if [ -d "$ADDITIONAL_PROFILE_DIR" ]; then
-+ PROFILE_DIRS="${PROFILE_DIRS} ${ADDITIONAL_PROFILE_DIR}"
- fi
--ABSTRACTIONS="-I${PROFILE_DIR}"
- AA_STATUS=/usr/sbin/aa-status
- SECURITYFS=/sys/kernel/security
-
-@@ -61,17 +56,54 @@ STATUS=0
-
- # Test if the apparmor "module" is present.
- is_apparmor_present() {
-- local modules=$1
-- shift
-+ [ -d /sys/module/apparmor ]
-+}
-
-- while [ $# -gt 0 ] ; do
-- modules="$modules|$1"
-- shift
-- done
-+# Checks to see if the current container is capable of having internal AppArmor
-+# profiles that should be loaded. Callers of this function should have already
-+# verified that they're running inside of a container environment with
-+# something like `systemd-detect-virt --container`.
-+#
-+# The only known container environments capable of supporting internal policy
-+# are LXD and LXC environment.
-+#
-+# Returns 0 if the container environment is capable of having its own internal
-+# policy and non-zero otherwise.
-+#
-+# IMPORTANT: This function will return 0 in the case of a non-LXD/non-LXC
-+# system container technology being nested inside of a LXD/LXC container that
-+# utilized an AppArmor namespace and profile stacking. The reason 0 will be
-+# returned is because .ns_stacked will be "yes" and .ns_name will still match
-+# "lx[dc]-*" since the nested system container technology will not have set up
-+# a new AppArmor profile namespace. This will result in the nested system
-+# container's boot process to experience failed policy loads but the boot
-+# process should continue without any loss of functionality. This is an
-+# unsupported configuration that cannot be properly handled by this function.
-+is_container_with_internal_policy() {
-+ local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
-+ local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
-+ local ns_stacked
-+ local ns_name
-+
-+ if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
-+ return 1
-+ fi
-
-- [ $? -ne 0 -a -d /sys/module/apparmor ]
-+ read -r ns_stacked < "$ns_stacked_path"
-+ if [ "$ns_stacked" != "yes" ]; then
-+ return 1
-+ fi
-
-- return $?
-+ # LXD and LXC set up AppArmor namespaces starting with "lxd-" and
-+ # "lxc-", respectively. Return non-zero for all other namespace
-+ # identifiers.
-+ read -r ns_name < "$ns_name_path"
-+ if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
-+ [ "${ns_name#lxc-*}" = "$ns_name" ]; then
-+ return 1
-+ fi
-+
-+ return 0
- }
-
- # This set of patterns to skip needs to be kept in sync with
-@@ -85,7 +117,6 @@ skip_profile() {
- "${profile%.rpmsave}" != "${profile}" -o \
- "${profile%.orig}" != "${profile}" -o \
- "${profile%.rej}" != "${profile}" -o \
-- -e "${PROFILE_DIR}/disable/`basename ${profile}`" -o \
- "${profile%\~}" != "${profile}" ] ; then
- return 1
- fi
-@@ -106,30 +137,68 @@ skip_profile() {
- return 0
- }
-
--force_complain() {
-- local profile=$1
-+__parse_profiles_dir() {
-+ local parser_cmd="$1"
-+ local profile_dir="$2"
-+ local status=0
-
-- # if profile not in complain mode
-- if ! egrep -q '^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+\{' $profile ; then
-- local link="${PROFILE_DIR}/force-complain/`basename ${profile}`"
-- if [ -e "$link" ] ; then
-- aa_log_warning_msg "found $link, forcing complain mode"
-- return 0
-- fi
-+ if [ ! -d "$profile_dir" ]; then
-+ aa_log_failure_msg "Profile directory not found: $profile_dir"
-+ return 1
-+ fi
-+
-+ if [ -z "$(ls $profile_dir/)" ]; then
-+ aa_log_failure_msg "No profiles found in $profile_dir"
-+ return 1
- fi
-
-- return 1
-+ # Note: the parser automatically skips files that match skip_profile()
-+ # when we pass it a directory, but not when we pass it an individual
-+ # profile. So we need to use skip_profile only in the latter case,
-+ # as long as the parser is in sync' with skip_profile().
-+ "$PARSER" $PARSER_OPTS $parser_cmd -- "$profile_dir" || {
-+ # FIXME: once the parser properly handles broken profiles
-+ # (LP: #1377338), remove the following code and the
-+ # skip_profile() function. For now, if the parser returns
-+ # an error, just run it again separately on each profile.
-+ for profile in $profile_dir/*; do
-+ skip_profile "${profile}"
-+ skip=$?
-+ if [ "$skip" -eq 2 ]; then
-+ # Ignore skip status == 2 (silent skip)
-+ continue
-+ elif [ "$skip" -ne 0 ] ; then
-+ aa_log_skipped_msg "$profile"
-+ logger -t "AppArmor(init)" -p daemon.warn \
-+ "Skipping profile $profile"
-+ continue
-+ fi
-+ if [ ! -f "${profile}" ] ; then
-+ continue
-+ fi
-+ echo "$profile"
-+ done | \
-+ # Use xargs to parallelize calls to the parser over all CPUs
-+ xargs -n1 -d"\n" --max-procs=$(getconf _NPROCESSORS_ONLN) \
-+ "$PARSER" $PARSER_OPTS $parser_cmd --
-+ if [ $? -ne 0 ]; then
-+ status=1
-+ aa_log_failure_msg "At least one profile failed to load"
-+ fi
-+ }
-+
-+ return $status
- }
-
- parse_profiles() {
- # get parser arg
- case "$1" in
- load)
-- PARSER_ARGS="--add"
-+ PARSER_CMD="--add"
- PARSER_MSG="Loading AppArmor profiles "
- ;;
- reload)
-- PARSER_ARGS="--replace"
-+ PARSER_CMD="--replace"
- PARSER_MSG="Reloading AppArmor profiles "
- ;;
- *)
-@@ -145,45 +214,10 @@ parse_profiles() {
- exit 1
- fi
-
-- if [ ! -d "$PROFILE_DIR" ]; then
-- aa_log_failure_msg "Profile directory not found"
-- aa_log_action_end 1
-- exit 1
-- fi
--
-- if [ -z "$(ls $PROFILE_DIR/)" ]; then
-- aa_log_failure_msg "No profiles found"
-- aa_log_action_end 1
-- return 1
-- fi
--
-- for profile in $PROFILE_DIR/*; do
-- skip_profile "${profile}"
-- skip=$?
-- # Ignore skip status == 2 (silent skip)
-- if [ "$skip" -eq 1 ] ; then
-- aa_log_skipped_msg "$profile"
-- logger -t "AppArmor(init)" -p daemon.warn "Skipping profile $profile"
-- STATUS=2
-- continue
-- elif [ "$skip" -ne 0 ]; then
-- continue
-- fi
-- if [ -f "${profile}" ] ; then
-- COMPLAIN=""
-- if force_complain "${profile}" ; then
-- COMPLAIN="-C"
-- fi
-- $PARSER $ABSTRACTIONS $PARSER_ARGS $COMPLAIN "$profile" > /dev/null
-- if [ $? -ne 0 ]; then
-- aa_log_failure_msg "$profile failed to load"
-- STATUS=1
-- fi
-- fi
-+ for profile_dir in $PROFILE_DIRS; do
-+ __parse_profiles_dir "$PARSER_CMD" "$profile_dir" || STATUS=$?
- done
-- if [ $STATUS -eq 2 ]; then
-- STATUS=0
-- fi
-+
- aa_log_action_end "$STATUS"
- return $STATUS
- }
-@@ -195,18 +229,20 @@ profiles_names_list() {
- exit 1
- fi
-
-- if [ ! -d "$PROFILE_DIR" ]; then
-- aa_log_failure_msg "- Profile directory not found"
-- exit 1
-- fi
-+ for profile_dir in $PROFILE_DIRS; do
-+ if [ ! -d "$profile_dir" ]; then
-+ aa_log_warning_msg "- Profile directory not found: $profile_dir"
-+ continue
-+ fi
-
-- for profile in $PROFILE_DIR/*; do
-- if skip_profile "${profile}" && [ -f "${profile}" ] ; then
-- LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" )
-- if [ $? -eq 0 ]; then
-- echo "$LIST_ADD"
-+ for profile in $profile_dir/*; do
-+ if skip_profile "${profile}" && [ -f "${profile}" ] ; then
-+ LIST_ADD=$($PARSER -N "$profile" )
-+ if [ $? -eq 0 ]; then
-+ echo "$LIST_ADD"
-+ fi
- fi
-- fi
-+ done
- done
- }
-
-@@ -231,7 +267,7 @@ is_apparmor_loaded() {
- return 0
- fi
-
-- is_apparmor_present apparmor
-+ is_apparmor_present
-
- return $?
- }
-@@ -268,8 +304,6 @@ apparmor_start() {
- return 1
- fi
-
-- configure_owlsm
--
- # if there is anything in the profiles file don't load
- if ! read line < "$SFS_MOUNTPOINT/profiles"; then
- parse_profiles load
-@@ -333,7 +367,7 @@ apparmor_kill() {
- return 1
- fi
-
-- if is_apparmor_present apparmor ; then
-+ if is_apparmor_present ; then
- MODULE=apparmor
- else
- aa_log_failure_msg "AppArmor is builtin"
-@@ -353,7 +387,6 @@ __apparmor_restart() {
-
- aa_log_daemon_msg "Restarting AppArmor"
-
-- configure_owlsm
- parse_profiles reload
-
- rc=$?
diff --git a/debian/profiles/chromium-browser b/debian/profiles/chromium-browser
deleted file mode 100644
index 5c67b363fd7489e1baab7ea602a8dc997b5e043b..0000000000000000000000000000000000000000
--- a/debian/profiles/chromium-browser
+++ /dev/null
@@ -1,15 +0,0 @@
-# This file is updated currently not managed by the package but in the future
-# will be overwritten on upgrades.
-#
-# For site-specific adjustments, please see:
-# /etc/apparmor.d/local/usr.bin.chromium-browser
-
-#include <abstractions/ubuntu-browsers.d/plugins-common>
-#include <abstractions/ubuntu-browsers.d/mailto>
-#include <abstractions/ubuntu-browsers.d/multimedia>
-#include <abstractions/ubuntu-browsers.d/productivity>
-#include <abstractions/ubuntu-browsers.d/java>
-#include <abstractions/ubuntu-browsers.d/kde>
-#include <abstractions/ubuntu-browsers.d/text-editors>
-#include <abstractions/ubuntu-browsers.d/ubuntu-integration>
-#include <abstractions/ubuntu-browsers.d/user-files>
diff --git a/debian/rules b/debian/rules
index 7eecc8948b252c7e5c54fb288a97571db8fc7cda..cd693f5eeceb367e680aa367b68204c25c2ecc20 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,7 +2,7 @@
include /usr/share/dpkg/pkg-info.mk
-export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow
+export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow optimize=+lto
export DEB_HOST_ARCH_OS ?= $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
@@ -17,7 +17,7 @@ export PYTHON_VERSIONS=python3
override_dh_auto_configure:
cd libraries/libapparmor && sh ./autogen.sh
- dh_auto_configure -D libraries/libapparmor -- --with-perl
+ dh_auto_configure -D libraries/libapparmor --
override_dh_auto_build:
@@ -25,13 +25,13 @@ override_dh_auto_build:
sed -i --regexp-extended \
-e "s,^#VERSION#,our \$$VERSION = \"$(DEB_VERSION)\";," \
debian/debhelper/dh_apparmor
- # Build perl
+ # Build library
dh_auto_build -D libraries/libapparmor
# Build pythons
set -e; for py in $(shell py3versions -s) ; do \
- cp -a $(CURDIR)/libraries/libapparmor $(CURDIR)/libraries/libapparmor.$$py && \
+ cp -a $(CURDIR)/libraries/libapparmor $(CURDIR)/libraries/libapparmor.$$py ; \
PYTHON=/usr/bin/$$py dh_auto_configure \
- -D libraries/libapparmor.$$py -- --with-python && \
+ -D libraries/libapparmor.$$py -- --with-python ; \
PYTHON=/usr/bin/$$py dh_auto_build \
-D libraries/libapparmor.$$py; \
done
@@ -48,10 +48,11 @@ ifneq (,$(filter $(DEB_HOST_ARCH_OS), kfreebsd knetbsd hurd ))
cd binutils && $(MAKE) indep
cd parser && $(MAKE) indep
else
- cd binutils && $(MAKE) V=1
- cd parser && $(MAKE) V=1
+ dh_auto_build --sourcedirectory=binutils -- V=1
+ dh_auto_build --sourcedirectory=parser -- V=1
endif
cd profiles && $(MAKE)
+ dh_auto_build --sourcedirectory=changehat/pam_apparmor
override_dh_auto_test:
@@ -69,10 +70,6 @@ endif
override_dh_auto_clean:
- # Clean up from a Makefile.PL rebuild.
- cd libraries/libapparmor/swig/perl && if test -f Makefile.perl; then \
- $(MAKE) -fMakefile.perl realclean; \
- fi
# Clean up from an autogen'd build.
cd $(CURDIR)/libraries/libapparmor && \
[ ! -f Makefile ] || $(MAKE) distclean
@@ -133,11 +130,6 @@ endif
cd libraries/libapparmor && $(MAKE) \
DESTDIR=$(CURDIR)/debian/tmp \
install
- # fixup rpath for libapparmor-perl, working around restrictive
- # permissions set by ExtUtils::Install (that dh_fixperms will fix later)
- find $(CURDIR)/debian/tmp/$(PERL_VENDORARCH) -name '*.so' -print0 | \
- xargs -0 -I SO /bin/sh \
- -c "chmod +w SO && chrpath --delete SO && chmod -w SO"
# Install python swig modules
set -e; for py in $(shell py3versions -s); do \
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index c72f099871ab86069bb22665c43dec57ad21d4fe..c4cbed7906319a9f3349e4f00c3709b4a134ac9c 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -1,6 +1,8 @@
-# We replace usr/lib/perl5 with the corresponding multiarch path in debian/rules,
-# as a consequence this file contains this string.
-apparmor source: mentions-deprecated-usr-lib-perl5-directory rules
-
-# This is the manpage for a Debian/Ubuntu-specific script
-apparmor source: maintainer-manual-page debian/aa-update-browser.8
+# We don't build these libraries
+apparmor source: package-does-not-install-examples [libraries/libapparmor/swig/perl/examples/]
+apparmor source: package-does-not-install-examples [libraries/libapparmor/swig/ruby/examples/]
+# Source is the corresponding .pod file
+apparmor source: source-is-missing [changehat/mod_apparmor/mod_apparmor.8.html]
+apparmor source: source-is-missing [parser/apparmor.d.5.html]
+apparmor source: source-is-missing [parser/apparmor_parser.8.html]
+apparmor source: source-is-missing [utils/aa-unconfined.8.html]
diff --git a/debian/tests/test-installed b/debian/tests/test-installed
index d6492d7fcdbb1cbba2e72f200d8f1fb103f32831..57cbf3388b329c046f10fedb38cb6f0e1fa78315 100755
--- a/debian/tests/test-installed
+++ b/debian/tests/test-installed
@@ -10,6 +10,7 @@ WORKDIR=$(mktemp -d)
trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM
cp -a common $WORKDIR/
+cp -a libraries $WORKDIR/
for dir in $TEST_DIRS ; do
mkdir -p $WORKDIR/$(dirname $dir)
diff --git a/debian/watch b/debian/watch
index 815190b2bff1c84df8fc9dad1e7eb388562ca4d6..5b8e77cc0ca48055f2c259275fb68149f04b1e4e 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,4 +1,4 @@
version=4
opts=pgpsigurlmangle=s/$/.asc/ \
https://launchpad.net/apparmor/+download \
-.*/apparmor-(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
+.*/apparmor-(3\.0\.\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)
diff --git a/deprecated/rc.aaeventd.redhat b/deprecated/rc.aaeventd.redhat
deleted file mode 100644
index b0a7cc701c891301ede2d9f3f9748fdd95dd8069..0000000000000000000000000000000000000000
--- a/deprecated/rc.aaeventd.redhat
+++ /dev/null
@@ -1,137 +0,0 @@
-#!/bin/sh
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007
-# NOVELL (All rights reserved)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# rc.apparmor by Steve Beattie
-#
-# /etc/init.d/aaeventd
-# and its symbolic link
-# /sbin/rcaaeventd
-#
-# chkconfig: 2345 01 99
-# description: AppArmor Notification and Reporting daemon
-#
-### BEGIN INIT INFO
-# Provides: aaeventd
-# Required-Start: apparmor
-# Required-Stop:
-# Default-Start: 2 3 5
-# Default-Stop:
-# Short-Description: AppArmor Notification and Reporting
-# Description: AppArmor Notification and Reporting daemon
-### END INIT INFO
-APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
-
-# source function library
-if [ -f /etc/init.d/functions ]; then
- . /etc/init.d/functions
-elif [ -f /etc/rc.d/init.d/functions ]; then
- . /etc/rc.d/init.d/functions
-elif [ -f /lib/lsb/init-functions ]; then
- . /lib/lsb/init-functions
-else
- exit 0
-fi
-
-sd_log_success_msg() {
- echo -n "$*"
- success
- echo
-}
-
-sd_log_warning_msg() {
- echo -n "$*"
- warning
- echo
-}
-
-sd_log_skipped_msg() {
- echo -n "$*"
- warning
- echo
-}
-
-sd_log_failure_msg() {
- echo -n "$*"
- failure
- echo
-}
-
-sd_action() {
- STRING=$1
- shift
- action "${STRING} " "$@"
- return $?
-}
-
-start_aa_event() {
- if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
- sd_action "Starting AppArmor Event daemon" daemon --pidfile $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE
- elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
- sd_action "Starting AppArmor Event daemon" daemon --pidfile $SD_EV_PIDFILE $SD_EV_BIN -p $SD_EV_PIDFILE
- fi
-}
-
-stop_aa_event() {
- if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then
- sd_action "Shutting down AppArmor Event daemon" killproc -p $AA_EV_PIDFILE -INT $AA_EV_BIN
- fi
- if [ -f "$SD_EV_PIDFILE" ] ; then
- sd_action "Shutting down AppArmor Event daemon" killproc -p $SD_EV_PIDFILE -INT $SD_EV_BIN
- fi
-}
-
-usage() {
- echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status}"
-}
-
-# source apparmor function library
-if [ -f "${APPARMOR_FUNCTIONS}" ]; then
- . ${APPARMOR_FUNCTIONS}
-else
- sd_log_failure_msg "Unable to find AppArmor initscript functions"
- exit 1
-fi
-
-case "$1" in
- start)
- start_aa_event
- rc=$?
- ;;
- stop)
- stop_aa_event
- rc=$?
- ;;
- restart|reload|force-reload|try-restart)
- stop_aa_event
- start_aa_event
- rc=$?
- ;;
- status)
- echo -n "Checking for service AppArmor Event daemon:"
- if [ "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ]; then
- /sbin/checkproc -p $AA_EV_PIDFILE $AA_EV_BIN
- rc_status -v
- else
- rc_status -u
- fi
- ;;
- *)
- usage
- exit 1
- ;;
-esac
-exit $rc
diff --git a/deprecated/rc.aaeventd.suse b/deprecated/rc.aaeventd.suse
deleted file mode 100644
index 5add5ed2c5c46ca62032fc47bf584274a7be9547..0000000000000000000000000000000000000000
--- a/deprecated/rc.aaeventd.suse
+++ /dev/null
@@ -1,133 +0,0 @@
-#!/bin/sh
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2000, 2001, 2002, 2003 2004, 2005, 2006, 2007
-# NOVELL (All rights reserved)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-# rc.apparmor by Steve Beattie
-#
-# /etc/init.d/aaeventd
-# and its symbolic link
-# /sbin/rcaaeventd
-#
-# chkconfig: 2345 01 99
-# description: AppArmor Notification and Reporting daemon
-#
-### BEGIN INIT INFO
-# Provides: aaeventd
-# Required-Start: apparmor
-# Required-Stop: $null
-# Default-Start: 2 3 5
-# Default-Stop:
-# Short-Description: AppArmor Notification and Reporting
-# Description: AppArmor Notification and Reporting daemon
-### END INIT INFO
-APPARMOR_FUNCTIONS=/lib/apparmor/rc.apparmor.functions
-
-# source function library
-if [ -f /etc/init.d/functions ]; then
- . /etc/init.d/functions
-elif [ -f /etc/rc.d/init.d/functions ]; then
- . /etc/rc.d/init.d/functions
-elif [ -f /lib/lsb/init-functions ]; then
- . /lib/lsb/init-functions
-else
- exit 0
-fi
-
-# Ugh, SUSE doesn't implement action
-sd_action() {
- STRING=$1
- shift
- "$@"
- rc=$?
- if [ $rc -eq 0 ] ; then
- log_success_msg $"$STRING "
- else
- log_failure_msg $"$STRING "
- fi
- return $rc
-}
-
-sd_log_success_msg() {
- log_success_msg $*
-}
-
-sd_log_warning_msg() {
- log_warning_msg $*
-}
-
-sd_log_failure_msg() {
- log_failure_msg $*
-}
-
-usage() {
- echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status}"
-}
-
-start_aa_event() {
- if [ -x "$AA_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
- sd_action "Starting AppArmor Event daemon" startproc -p $AA_EV_PIDFILE $AA_EV_BIN -p $AA_EV_PIDFILE
- elif [ -x "$SD_EV_BIN" -a "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ] ; then
- sd_action "Starting AppArmor Event daemon" startproc -p $SD_EV_PIDFILE $SD_EV_BIN -p $SD_EV_PIDFILE
- fi
-}
-
-stop_aa_event() {
- if [ -x "$AA_EV_BIN" -a -f "$AA_EV_PIDFILE" ] ; then
- sd_action "Shutting down AppArmor Event daemon" killproc -G -p $AA_EV_PIDFILE -INT $AA_EV_BIN
- fi
- if [ -f "$SD_EV_PIDFILE" ] ; then
- sd_action "Shutting down AppArmor Event daemon" killproc -G -p $SD_EV_PIDFILE -INT $SD_EV_BIN
- fi
-}
-
-# source apparmor function library
-if [ -f "${APPARMOR_FUNCTIONS}" ]; then
- . ${APPARMOR_FUNCTIONS}
-else
- sd_log_failure_msg "Unable to find AppArmor initscript functions"
- exit 1
-fi
-
-case "$1" in
- start)
- start_aa_event
- rc=$?
- ;;
- stop)
- stop_aa_event
- rc=$?
- ;;
- restart|reload|force-reload|try-restart)
- stop_aa_event
- start_aa_event
- rc=$?
- ;;
- status)
- echo -n "Checking for service AppArmor Event daemon:"
- if [ "${APPARMOR_ENABLE_AAEVENTD}" = "yes" ]; then
- /sbin/checkproc -p $AA_EV_PIDFILE $AA_EV_BIN
- rc_status -v
- else
- rc_status -u
- fi
- ;;
- *)
- usage
- exit 1
- ;;
-esac
-exit $rc
-
diff --git a/deprecated/utils/Immunix/AppArmor.pm b/deprecated/utils/Immunix/AppArmor.pm
deleted file mode 100755
index 42c0bd3621b536173387bf8be59e0a20b4ce6f26..0000000000000000000000000000000000000000
--- a/deprecated/utils/Immunix/AppArmor.pm
+++ /dev/null
@@ -1,6860 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (c) 2006 Novell, Inc. All Rights Reserved.
-# Copyright (c) 2010 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-package Immunix::AppArmor;
-
-use strict;
-use warnings;
-
-use Carp;
-use Cwd qw(cwd realpath);
-use File::Basename;
-use File::Temp qw/ tempfile tempdir /;
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-use Storable qw(dclone);
-
-use Term::ReadKey;
-
-use Immunix::Severity;
-use Immunix::Repository;
-use Immunix::Config;
-use LibAppArmor;
-
-require Exporter;
-our @ISA = qw(Exporter);
-our @EXPORT = qw(
- %sd
- %qualifiers
- %include
- %helpers
-
- $filename
- $profiledir
- $parser
- $logger
- $UI_Mode
- $running_under_genprof
-
- which
- getprofilefilename
- get_full_path
- fatal_error
- get_pager
-
- getprofileflags
- setprofileflags
- complain
- enforce
-
- autodep
- reload
-
- UI_GetString
- UI_GetFile
- UI_YesNo
- UI_ShortMessage
- UI_LongMessage
-
- UI_Important
- UI_Info
- UI_PromptUser
- display_changes
- getkey
-
- do_logprof_pass
-
- loadincludes
- readprofile
- readprofiles
- writeprofile
- serialize_profile
- attach_profile_data
- parse_repo_profile
- activate_repo_profiles
-
- check_for_subdomain
-
- setup_yast
- shutdown_yast
- GetDataFromYast
- SendDataToYast
-
- checkProfileSyntax
- checkIncludeSyntax
- check_qualifiers
-
- isSkippableFile
- isSkippableDir
-);
-
-our $confdir = "/etc/apparmor";
-
-our $running_under_genprof = 0;
-
-our $DEBUGGING;
-
-our $unimplemented_warning = 0;
-
-# keep track of if we're running under yast or not - default to text mode
-our $UI_Mode = "text";
-
-our $sevdb;
-
-# initialize Term::ReadLine if it's available
-our $term;
-eval {
- require Term::ReadLine;
- import Term::ReadLine;
- $term = new Term::ReadLine 'AppArmor';
-};
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "")
- unless defined(LC_MESSAGES);
-textdomain("apparmor-utils");
-
-# where do we get our log messages from?
-our $filename;
-
-our $cfg;
-our $repo_cfg;
-
-our $parser;
-our $ldd;
-our $logger;
-our $profiledir;
-our $extraprofiledir;
-
-# we keep track of the included profile fragments with %include
-my %include;
-
-my %existing_profiles;
-
-our $seenevents = 0;
-
-
-# these are globs that the user specifically entered. we'll keep track of
-# them so that if one later matches, we'll suggest it again.
-our @userglobs;
-
-### THESE VARIABLES ARE USED WITHIN LOGPROF
-our %t;
-our %transitions;
-our %sd; # we keep track of the original profiles in %sd
-our %original_sd;
-our %extras; # inactive profiles from extras
-
-my @log;
-my %pid;
-
-my %seen;
-my %profilechanges;
-my %prelog;
-my %log;
-my %changed;
-my @created;
-my %skip;
-our %helpers; # we want to preserve this one between passes
-
-### THESE VARIABLES ARE USED WITHIN LOGPROF
-
-my %filelist; # file level stuff including variables in config files
-
-my $AA_MAY_EXEC = 1;
-my $AA_MAY_WRITE = 2;
-my $AA_MAY_READ = 4;
-my $AA_MAY_APPEND = 8;
-my $AA_MAY_LINK = 16;
-my $AA_MAY_LOCK = 32;
-my $AA_EXEC_MMAP = 64;
-my $AA_EXEC_UNSAFE = 128;
-my $AA_EXEC_INHERIT = 256;
-my $AA_EXEC_UNCONFINED = 512;
-my $AA_EXEC_PROFILE = 1024;
-my $AA_EXEC_CHILD = 2048;
-my $AA_EXEC_NT = 4096;
-my $AA_LINK_SUBSET = 8192;
-
-my $AA_OTHER_SHIFT = 14;
-my $AA_USER_MASK = 16384 -1;
-
-my $AA_EXEC_TYPE = $AA_MAY_EXEC | $AA_EXEC_UNSAFE | $AA_EXEC_INHERIT |
- $AA_EXEC_UNCONFINED | $AA_EXEC_PROFILE | $AA_EXEC_CHILD | $AA_EXEC_NT;
-
-my $ALL_AA_EXEC_TYPE = $AA_EXEC_TYPE;
-
-my %MODE_HASH = (
- x => $AA_MAY_EXEC,
- X => $AA_MAY_EXEC,
- w => $AA_MAY_WRITE,
- W => $AA_MAY_WRITE,
- r => $AA_MAY_READ,
- R => $AA_MAY_READ,
- a => $AA_MAY_APPEND,
- A => $AA_MAY_APPEND,
- l => $AA_MAY_LINK,
- L => $AA_MAY_LINK,
- k => $AA_MAY_LOCK,
- K => $AA_MAY_LOCK,
- m => $AA_EXEC_MMAP,
- M => $AA_EXEC_MMAP,
-# Unsafe => 128,
- i => $AA_EXEC_INHERIT,
- I => $AA_EXEC_INHERIT,
- u => $AA_EXEC_UNCONFINED + $AA_EXEC_UNSAFE, # U + Unsafe
- U => $AA_EXEC_UNCONFINED,
- p => $AA_EXEC_PROFILE + $AA_EXEC_UNSAFE, # P + Unsafe
- P => $AA_EXEC_PROFILE,
- c => $AA_EXEC_CHILD + $AA_EXEC_UNSAFE,
- C => $AA_EXEC_CHILD,
- n => $AA_EXEC_NT + $AA_EXEC_UNSAFE,
- N => $AA_EXEC_NT,
- );
-
-
-# Currently only used by netdomain but there's no reason it couldn't
-# be extended to support other types.
-my %operation_types = (
-
- # Old socket names
- "socket_create", => "net",
- "socket_post_create" => "net",
- "socket_bind" => "net",
- "socket_connect" => "net",
- "socket_listen" => "net",
- "socket_accept" => "net",
- "socket_sendmsg" => "net",
- "socket_recvmsg" => "net",
- "socket_getsockname" => "net",
- "socket_getpeername" => "net",
- "socket_getsockopt" => "net",
- "socket_setsockopt" => "net",
- "socket_shutdown" => "net",
-
- # New socket names
- "create" => "net",
- "post_create" => "net",
- "bind" => "net",
- "connect" => "net",
- "listen" => "net",
- "accept" => "net",
- "sendmsg" => "net",
- "recvmsg" => "net",
- "getsockname" => "net",
- "getpeername" => "net",
- "getsockopt" => "net",
- "setsockopt" => "net",
- "sock_shutdown" => "net",
-);
-
-sub optype($) {
- my $op = shift;
- my $type = $operation_types{$op};
-
- return "unknown" if !defined($type);
- return $type;
-}
-
-sub debug ($) {
- my $message = shift;
- chomp($message);
-
- print DEBUG "$message\n" if $DEBUGGING;
-}
-
-my %arrows = ( A => "UP", B => "DOWN", C => "RIGHT", D => "LEFT" );
-
-sub getkey() {
- # change to raw mode
- ReadMode(4);
-
- my $key = ReadKey(0);
-
- # decode arrow key control sequences
- if ($key eq "\x1B") {
- $key = ReadKey(0);
- if ($key eq "[") {
- $key = ReadKey(0);
- if ($arrows{$key}) {
- $key = $arrows{$key};
- }
- }
- }
-
- # return to cooked mode
- ReadMode(0);
- return $key;
-}
-
-BEGIN {
- # set things up to log extra info if they want...
- if ($ENV{LOGPROF_DEBUG}) {
- $DEBUGGING = 1;
- open(DEBUG, ">>$ENV{LOGPROF_DEBUG}");
- my $oldfd = select(DEBUG);
- $| = 1;
- select($oldfd);
- } else {
- $DEBUGGING = 0;
- }
-}
-
-END {
- $DEBUGGING && debug "Exiting...";
-
- # close the debug log if necessary
- close(DEBUG) if $DEBUGGING;
-}
-
-# returns true if the specified program contains references to LD_PRELOAD or
-# LD_LIBRARY_PATH to give the PX/UX code better suggestions
-sub check_for_LD_XXX ($) {
- my $file = shift;
-
- return undef unless -f $file;
-
- # limit our checking to programs/scripts under 10k to speed things up a bit
- my $size = -s $file;
- return undef unless ($size && $size < 10000);
-
- my $found = undef;
- if (open(F, $file)) {
- while (<F>) {
- $found = 1 if /LD_(PRELOAD|LIBRARY_PATH)/;
- }
- close(F);
- }
-
- return $found;
-}
-
-sub fatal_error ($) {
- my $message = shift;
-
- my $details = "$message\n";
-
- if ($DEBUGGING) {
-
- # we'll include the stack backtrace if we're debugging...
- $details = Carp::longmess($message);
-
- # write the error to the log
- print DEBUG $details;
- }
-
- # we'll just shoot ourselves in the head if it was one of the yast
- # interface functions that ran into an error. it gets really ugly if
- # the yast frontend goes away and we try to notify the user of that
- # problem by trying to send the yast frontend a pretty dialog box
- my $caller = (caller(1))[3];
-
- exit 1 if defined($caller) && $caller =~ /::(Send|Get)Data(To|From)Yast$/;
-
- # tell the user what the hell happened
- UI_Important($details);
-
- # make sure the frontend exits cleanly...
- shutdown_yast();
-
- # die a horrible flaming death
- exit 1;
-}
-
-sub setup_yast() {
-
- # set up the yast connection if we're running under yast...
- if ($ENV{YAST_IS_RUNNING}) {
-
- # load the yast module if available.
- eval { require ycp; };
- unless ($@) {
- import ycp;
-
- $UI_Mode = "yast";
-
- # let the frontend know that we're starting
- SendDataToYast({
- type => "initial_handshake",
- status => "backend_starting"
- });
-
- # see if the frontend is just starting up also...
- my ($ypath, $yarg) = GetDataFromYast();
- unless ($yarg
- && (ref($yarg) eq "HASH")
- && ($yarg->{type} eq "initial_handshake")
- && ($yarg->{status} eq "frontend_starting"))
- {
-
- # something's broken, die a horrible, painful death
- fatal_error "Yast frontend is out of sync from backend agent.";
- }
- $DEBUGGING && debug "Initial handshake ok";
-
- # the yast connection seems to be working okay
- return 1;
- }
-
- }
-
- # couldn't init yast
- return 0;
-}
-
-sub shutdown_yast() {
- if ($UI_Mode eq "yast") {
- SendDataToYast({ type => "final_shutdown" });
- my ($ypath, $yarg) = GetDataFromYast();
- }
-}
-
-sub check_for_subdomain () {
-
- my ($support_subdomainfs, $support_securityfs);
- if (open(MOUNTS, "/proc/filesystems")) {
- while (<MOUNTS>) {
- $support_subdomainfs = 1 if m/subdomainfs/;
- $support_securityfs = 1 if m/securityfs/;
- }
- close(MOUNTS);
- }
-
- my $sd_mountpoint = "";
- if (open(MOUNTS, "/proc/mounts")) {
- while (<MOUNTS>) {
- if ($support_subdomainfs) {
- $sd_mountpoint = $1 if m/^\S+\s+(\S+)\s+subdomainfs\s/;
- } elsif ($support_securityfs) {
- if (m/^\S+\s+(\S+)\s+securityfs\s/) {
- if (-e "$1/apparmor") {
- $sd_mountpoint = "$1/apparmor";
- } elsif (-e "$1/subdomain") {
- $sd_mountpoint = "$1/subdomain";
- }
- }
- }
- }
- close(MOUNTS);
- }
-
- # make sure that subdomain is actually mounted there
- $sd_mountpoint = undef unless -f "$sd_mountpoint/profiles";
-
- return $sd_mountpoint;
-}
-
-sub check_for_apparmor () {
- return check_for_subdomain();
-}
-
-sub which ($) {
- my $file = shift;
-
- foreach my $dir (split(/:/, $ENV{PATH})) {
- return "$dir/$file" if -x "$dir/$file";
- }
-
- return undef;
-}
-
-# we need to convert subdomain regexps to perl regexps
-sub convert_regexp ($) {
- my $regexp = shift;
-
- # escape regexp-special characters we don't support
- $regexp =~ s/(?<!\\)(\.|\+|\$)/\\$1/g;
-
- # * and ** globs can't collapse to match an empty string when they're
- # the only part of the glob at a specific directory level, which
- # complicates things a little.
-
- # ** globs match multiple directory levels
- $regexp =~ s{(?<!\\)\*\*+}{
- my ($pre, $post) = ($`, $');
- if (($pre =~ /\/$/) && (!$post || $post =~ /^\//)) {
- 'SD_INTERNAL_MULTI_REQUIRED';
- } else {
- 'SD_INTERNAL_MULTI_OPTIONAL';
- }
- }gex;
-
- # convert * globs to match anything at the current path level
- $regexp =~ s{(?<!\\)\*}{
- my ($pre, $post) = ($`, $');
- if (($pre =~ /\/$/) && (!$post || $post =~ /^\//)) {
- 'SD_INTERNAL_SINGLE_REQUIRED';
- } else {
- 'SD_INTERNAL_SINGLE_OPTIONAL';
- }
- }gex;
-
- # convert ? globs to match a single character at current path level
- $regexp =~ s/(?<!\\)\?/[^\/]/g;
-
- # convert {foo,baz} to (foo|baz)
- $regexp =~ y/\{\}\,/\(\)\|/ if $regexp =~ /\{.*\,.*\}/;
-
- # convert internal markers to their appropriate regexp equivalents
- $regexp =~ s/SD_INTERNAL_SINGLE_OPTIONAL/[^\/]*/g;
- $regexp =~ s/SD_INTERNAL_SINGLE_REQUIRED/[^\/]+/g;
- $regexp =~ s/SD_INTERNAL_MULTI_OPTIONAL/.*/g;
- $regexp =~ s/SD_INTERNAL_MULTI_REQUIRED/[^\/].*/g;
-
- return $regexp;
-}
-
-sub get_full_path ($) {
- my $originalpath = shift;
-
- my $path = $originalpath;
-
- # keep track so we can break out of loops
- my $linkcount = 0;
-
- # if we don't have any directory foo, look in the current dir
- $path = cwd() . "/$path" if $path !~ m/\//;
-
- # beat symlinks into submission
- while (-l $path) {
-
- if ($linkcount++ > 64) {
- fatal_error "Followed too many symlinks resolving $originalpath";
- }
-
- # split out the directory/file components
- if ($path =~ m/^(.*)\/(.+)$/) {
- my ($dir, $file) = ($1, $2);
-
- # figure out where the link is pointing...
- my $link = readlink($path);
- if ($link =~ /^\//) {
- # if it's an absolute link, just replace it
- $path = $link;
- } else {
- # if it's relative, let abs_path handle it
- $path = $dir . "/$link";
- }
- }
- }
-
- return realpath($path);
-}
-
-sub findexecutable ($) {
- my $bin = shift;
-
- my $fqdbin;
- if (-e $bin) {
- $fqdbin = get_full_path($bin);
- chomp($fqdbin);
- } else {
- if ($bin !~ /\//) {
- my $which = which($bin);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
-
- unless ($fqdbin && -e $fqdbin) {
- return undef;
- }
-
- return $fqdbin;
-}
-
-sub name_to_prof_filename($) {
- my $bin = shift;
- my $filename;
-
- unless ($bin =~ /^($profiledir)/) {
- my $fqdbin = findexecutable($bin);
- if ($fqdbin) {
- $filename = getprofilefilename($fqdbin);
- return ($filename, $fqdbin) if -f $filename;
- }
- }
-
- if ($bin =~ /^$profiledir(.*)/) {
- my $profile = $1;
- return ($bin, $profile);
- } elsif ($bin =~ /^\//) {
- $filename = getprofilefilename($bin);
- return ($filename, $bin);
- } else {
- # not an absolute path try it as a profile_
- $bin = $1 if ($bin !~ /^profile_(.*)/);
- $filename = getprofilefilename($bin);
- return ($filename, "profile_${bin}");
- }
- return undef;
-}
-
-sub complain ($) {
- my $bin = shift;
-
- return if (!$bin);
-
- my ($filename, $name) = name_to_prof_filename($bin)
- or fatal_error(sprintf(gettext('Can\'t find %s.'), $bin));
-
- UI_Info(sprintf(gettext('Setting %s to complain mode.'), $name));
-
- setprofileflags($filename, "complain");
-}
-
-sub enforce ($) {
- my $bin = shift;
-
- return if (!$bin);
-
- my ($filename, $name) = name_to_prof_filename($bin)
- or fatal_error(sprintf(gettext('Can\'t find %s.'), $bin));
-
- UI_Info(sprintf(gettext('Setting %s to enforce mode.'), $name));
-
- setprofileflags($filename, "");
-}
-
-sub head ($) {
- my $file = shift;
-
- my $first = "";
- if (open(FILE, $file)) {
- $first = <FILE>;
- close(FILE);
- }
-
- return $first;
-}
-
-sub get_output ($@) {
- my ($program, @args) = @_;
-
- my $ret = -1;
-
- my $pid;
- my @output;
-
- if (-x $program) {
- $pid = open(KID_TO_READ, "-|");
- unless (defined $pid) {
- fatal_error "can't fork: $!";
- }
-
- if ($pid) {
- while (<KID_TO_READ>) {
- chomp;
- push @output, $_;
- }
- close(KID_TO_READ);
- $ret = $?;
- } else {
- ($>, $)) = ($<, $();
- open(STDERR, ">&STDOUT")
- || fatal_error "can't dup stdout to stderr";
- exec($program, @args) || fatal_error "can't exec program: $!";
-
- # NOTREACHED
- }
- }
-
- return ($ret, @output);
-}
-
-sub get_reqs ($) {
- my $file = shift;
-
- my @reqs;
- my ($ret, @ldd) = get_output($ldd, $file);
-
- if ($ret == 0) {
- for my $line (@ldd) {
- last if $line =~ /not a dynamic executable/;
- last if $line =~ /cannot read header/;
- last if $line =~ /statically linked/;
-
- # avoid new kernel 2.6 poo
- next if $line =~ /linux-(gate|vdso(32|64)).so/;
-
- if ($line =~ /^\s*\S+ => (\/\S+)/) {
- push @reqs, $1;
- } elsif ($line =~ /^\s*(\/\S+)/) {
- push @reqs, $1;
- }
- }
- }
-
- return @reqs;
-}
-
-sub handle_binfmt ($$) {
- my ($profile, $fqdbin) = @_;
-
- my %reqs;
- my @reqs = get_reqs($fqdbin);
-
- while (my $library = shift @reqs) {
-
- $library = get_full_path($library);
-
- push @reqs, get_reqs($library) unless $reqs{$library}++;
-
- # does path match anything pulled in by includes in original profile?
- my $combinedmode = match_prof_incs_to_path($profile, 'allow', $library);
-
- # if we found any matching entries, do the modes match?
- next if $combinedmode;
-
- $library = globcommon($library);
- chomp $library;
- next unless $library;
-
- $profile->{allow}{path}->{$library}{mode} |= str_to_mode("mr");
- $profile->{allow}{path}->{$library}{audit} |= 0;
- }
-}
-
-sub get_inactive_profile($) {
- my $fqdbin = shift;
- if ( $extras{$fqdbin} ) {
- return {$fqdbin => $extras{$fqdbin}};
- }
-}
-
-
-
-sub create_new_profile($) {
- my $fqdbin = shift;
-
- my $profile;
- $profile = {
- $fqdbin => {
- flags => "complain",
- include => { "abstractions/base" => 1 },
- }
- };
-
- # if the executable exists on this system, pull in extra dependencies
- if (-f $fqdbin) {
- my $hashbang = head($fqdbin);
- if ($hashbang && $hashbang =~ /^#!\s*(\S+)/) {
- my $interpreter = get_full_path($1);
- $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= str_to_mode("r");
- $profile->{$fqdbin}{allow}{path}->{$fqdbin}{audit} |= 0;
- $profile->{$fqdbin}{allow}{path}->{$interpreter}{mode} |= str_to_mode("ix");
- $profile->{$fqdbin}{allow}{path}->{$interpreter}{audit} |= 0;
- if ($interpreter =~ /perl/) {
- $profile->{$fqdbin}{include}->{"abstractions/perl"} = 1;
- } elsif ($interpreter =~ m/\/bin\/(bash|dash|sh)/) {
- $profile->{$fqdbin}{include}->{"abstractions/bash"} = 1;
- } elsif ($interpreter =~ m/python/) {
- $profile->{$fqdbin}{include}->{"abstractions/python"} = 1;
- } elsif ($interpreter =~ m/ruby/) {
- $profile->{$fqdbin}{include}->{"abstractions/ruby"} = 1;
- }
- handle_binfmt($profile->{$fqdbin}, $interpreter);
- } else {
- $profile->{$fqdbin}{allow}{path}->{$fqdbin}{mode} |= str_to_mode("mr");
- $profile->{$fqdbin}{allow}{path}->{$fqdbin}{audit} |= 0;
- handle_binfmt($profile->{$fqdbin}, $fqdbin);
- }
- }
-
- # create required infrastructure hats if it's a known change_hat app
- for my $hatglob (keys %{$cfg->{required_hats}}) {
- if ($fqdbin =~ /$hatglob/) {
- for my $hat (sort split(/\s+/, $cfg->{required_hats}{$hatglob})) {
- $profile->{$hat} = { flags => "complain" };
- }
- }
- }
- push @created, $fqdbin;
- $DEBUGGING && debug( Data::Dumper->Dump([$profile], [qw(*profile)]));
- return { $fqdbin => $profile };
-}
-
-sub delete_profile ($) {
- my $profile = shift;
- my $profilefile = getprofilefilename( $profile );
- if ( -e $profilefile ) {
- unlink( $profilefile );
- }
- if ( defined $sd{$profile} ) {
- delete $sd{$profile};
- }
-}
-
-sub get_profile($) {
- my $fqdbin = shift;
- my $profile_data;
-
- my $distro = $cfg->{repository}{distro};
- my $repo_url = $cfg->{repository}{url};
- my @profiles;
- my %profile_hash;
-
- if (repo_is_enabled()) {
- my $results;
- UI_BusyStart( gettext("Connecting to repository.....") );
-
- my ($status_ok,$ret) =
- fetch_profiles_by_name($repo_url, $distro, $fqdbin );
- UI_BusyStop();
- if ( $status_ok ) {
- %profile_hash = %$ret;
- } else {
- my $errmsg =
- sprintf(gettext("WARNING: Error fetching profiles from the repository:\n%s\n"),
- $ret?$ret:gettext("UNKNOWN ERROR"));
- UI_Important( $errmsg );
- }
- }
-
- my $inactive_profile = get_inactive_profile($fqdbin);
- if ( defined $inactive_profile && $inactive_profile ne "" ) {
- # set the profile to complain mode
- my $uname = gettext( "Inactive local profile for ") . $fqdbin;
- $inactive_profile->{$fqdbin}{$fqdbin}{flags} = "complain";
- # inactive profiles store where they came from
- delete $inactive_profile->{$fqdbin}{$fqdbin}{filename};
- $profile_hash{$uname} =
- {
- "username" => $uname,
- "profile_type" => "INACTIVE_LOCAL",
- "profile" => serialize_profile($inactive_profile->{$fqdbin},
- $fqdbin
- ),
- "profile_data" => $inactive_profile,
- };
- }
-
- return undef if ( keys %profile_hash == 0 ); # No repo profiles, no inactive
- # profile
- my @options;
- my @tmp_list;
- my $preferred_present = 0;
- my $preferred_user = $cfg->{repository}{preferred_user} || "NOVELL";
-
- foreach my $p ( keys %profile_hash ) {
- if ( $profile_hash{$p}->{username} eq $preferred_user ) {
- $preferred_present = 1;
- } else {
- push @tmp_list, $profile_hash{$p}->{username};
- }
- }
-
- if ( $preferred_present ) {
- push @options, $preferred_user;
- }
- push @options, @tmp_list;
-
- my $q = {};
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), $fqdbin;
-
- $q->{functions} = [ "CMD_VIEW_PROFILE", "CMD_USE_PROFILE",
- "CMD_CREATE_PROFILE", "CMD_ABORT", "CMD_FINISHED" ];
-
- $q->{default} = "CMD_VIEW_PROFILE";
-
- $q->{options} = [@options];
- $q->{selected} = 0;
-
- my ($p, $ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
- $p = $profile_hash{$options[$arg]};
- for (my $i = 0; $i < scalar(@options); $i++) {
- if ($options[$i] eq $options[$arg]) {
- $q->{selected} = $i;
- }
- }
-
- if ($ans eq "CMD_VIEW_PROFILE") {
- if ($UI_Mode eq "yast") {
- SendDataToYast(
- {
- type => "dialog-view-profile",
- user => $options[$arg],
- profile => $p->{profile},
- profile_type => $p->{profile_type}
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
- } else {
- my $pager = get_pager();
- open(PAGER, "| $pager");
- print PAGER gettext("Profile submitted by") .
- " $options[$arg]:\n\n" . $p->{profile} . "\n\n";
- close(PAGER);
- }
- } elsif ($ans eq "CMD_USE_PROFILE") {
- if ( $p->{profile_type} eq "INACTIVE_LOCAL" ) {
- $profile_data = $p->{profile_data};
- push @created, $fqdbin; # This really is ugly here
- # need to find a better place to mark
- # this as newly created
- } else {
- $profile_data =
- parse_repo_profile($fqdbin, $repo_url, $p);
- }
- }
- } until ($ans =~ /^CMD_(USE_PROFILE|CREATE_PROFILE)$/);
-
- return $profile_data;
-}
-
-sub activate_repo_profiles ($$$) {
- my ($url,$profiles,$complain) = @_;
-
- readprofiles();
- eval {
- for my $p ( @$profiles ) {
- my $pname = $p->[0];
- my $profile_data = parse_repo_profile( $pname, $url, $p->[1] );
- attach_profile_data(\%sd, $profile_data);
- writeprofile($pname);
- if ( $complain ) {
- my $filename = getprofilefilename($pname);
- setprofileflags($filename, "complain");
- UI_Info(sprintf(gettext('Setting %s to complain mode.'),
- $pname));
- }
- }
- };
- # if there were errors....
- if ($@) {
- $@ =~ s/\n$//;
- print STDERR sprintf(gettext("Error activating profiles: %s\n"), $@);
- }
-}
-
-sub autodep_base($$) {
- my ($bin, $pname) = @_;
- %extras = ();
-
- $bin = $pname if (! $bin) && ($pname =~ /^\//);
-
- unless ($repo_cfg || not defined $cfg->{repository}{url}) {
- $repo_cfg = read_config("repository.conf");
- if ( (not defined $repo_cfg->{repository}) ||
- ($repo_cfg->{repository}{enabled} eq "later") ) {
- UI_ask_to_enable_repo();
- }
- }
-
- my $fqdbin;
- if ($bin) {
- # findexecutable() might fail if we're running on a different system
- # than the logs were collected on. ugly. we'll just hope for the best.
- $fqdbin = findexecutable($bin) || $bin;
-
- # try to make sure we have a full path in case findexecutable failed
- return unless $fqdbin =~ /^\//;
-
- # ignore directories
- return if -d $fqdbin;
- }
-
- $pname = $fqdbin if $fqdbin;
-
- my $profile_data;
-
- readinactiveprofiles(); # need to read the profiles to see if an
- # inactive local profile is present
- $profile_data = eval { get_profile($pname) };
- # propagate any errors we hit inside the get_profile call
- if ($@) { die $@; }
-
- unless ($profile_data) {
- $profile_data = create_new_profile($pname);
- }
-
- my $file = getprofilefilename($pname);
-
- # stick the profile into our data structure.
- attach_profile_data(\%sd, $profile_data);
- # and store a "clean" version also so we can display the changes we've
- # made during this run
- attach_profile_data(\%original_sd, $profile_data);
-
- if (-f "$profiledir/tunables/global") {
- unless (exists $filelist{$file}) {
- $filelist{$file} = { };
- }
- $filelist{$file}{include}{'tunables/global'} = 1; # sorry
- }
-
- # write out the profile...
- writeprofile_ui_feedback($pname);
-}
-
-sub autodep ($) {
- my $bin = shift;
- return autodep_base($bin, "");
-}
-
-sub getprofilefilename ($) {
- my $profile = shift;
-
- my $filename = $profile;
- if ($filename =~ /^\//) {
- $filename =~ s/^\///; # strip leading /
- } else {
- $filename = "profile_$filename";
- }
- $filename =~ s/\//./g; # convert /'s to .'s
-
- return "$profiledir/$filename";
-}
-
-sub setprofileflags ($$) {
- my $filename = shift;
- my $newflags = shift;
-
- if (open(PROFILE, "$filename")) {
- if (open(NEWPROFILE, ">$filename.new")) {
- while (<PROFILE>) {
- if (m/^(\s*)(("??\/.+?"??)|(profile\s+("??.+?"??)))\s+(flags=\(.+\)\s+)*\{\s*$/) {
- my ($space, $binary, $flags) = ($1, $2, $6);
-
- if ($newflags) {
- $_ = "$space$binary flags=($newflags) {\n";
- } else {
- $_ = "$space$binary {\n";
- }
- } elsif (m/^(\s*\^\S+)\s+(flags=\(.+\)\s+)*\{\s*$/) {
- my ($hat, $flags) = ($1, $2);
-
- if ($newflags) {
- $_ = "$hat flags=($newflags) {\n";
- } else {
- $_ = "$hat {\n";
- }
- }
- print NEWPROFILE;
- }
- close(NEWPROFILE);
- rename("$filename.new", "$filename");
- }
- close(PROFILE);
- }
-}
-
-sub profile_exists($) {
- my $program = shift || return 0;
-
- # if it's already in the cache, return true
- return 1 if $existing_profiles{$program};
-
- # if the profile exists, mark it in the cache and return true
- my $profile = getprofilefilename($program);
- if (-e $profile) {
- $existing_profiles{$program} = 1;
- return 1;
- }
-
- # couldn't find a profile, so we'll return false
- return 0;
-}
-
-sub sync_profiles() {
-
- my ($user, $pass) = get_repo_user_pass();
- return unless ( $user && $pass );
-
- my @repo_profiles;
- my @changed_profiles;
- my @new_profiles;
- my $serialize_opts = { };
- my ($status_ok,$ret) =
- fetch_profiles_by_user($cfg->{repository}{url},
- $cfg->{repository}{distro},
- $user
- );
- if ( !$status_ok ) {
- my $errmsg =
- sprintf(gettext("WARNING: Error syncronizing profiles with the repository:\n%s\n"),
- $ret?$ret:gettext("UNKNOWN ERROR"));
- UI_Important($errmsg);
- return;
- } else {
- my $users_repo_profiles = $ret;
- $serialize_opts->{NO_FLAGS} = 1;
- #
- # Find changes made to non-repo profiles
- #
- for my $profile (sort keys %sd) {
- if (is_repo_profile($sd{$profile}{$profile})) {
- push @repo_profiles, $profile;
- }
- if ( grep(/^$profile$/, @created) ) {
- my $p_local = serialize_profile($sd{$profile},
- $profile,
- $serialize_opts);
- if ( not defined $users_repo_profiles->{$profile} ) {
- push @new_profiles, [ $profile, $p_local, "" ];
- } else {
- my $p_repo = $users_repo_profiles->{$profile}->{profile};
- if ( $p_local ne $p_repo ) {
- push @changed_profiles, [ $profile, $p_local, $p_repo ];
- }
- }
- }
- }
-
- #
- # Find changes made to local profiles with repo metadata
- #
- if (@repo_profiles) {
- for my $profile (@repo_profiles) {
- my $p_local = serialize_profile($sd{$profile},
- $profile,
- $serialize_opts);
- if ( not exists $users_repo_profiles->{$profile} ) {
- push @new_profiles, [ $profile, $p_local, "" ];
- } else {
- my $p_repo = "";
- if ( $sd{$profile}{$profile}{repo}{user} eq $user ) {
- $p_repo = $users_repo_profiles->{$profile}->{profile};
- } else {
- my ($status_ok,$ret) =
- fetch_profile_by_id($cfg->{repository}{url},
- $sd{$profile}{$profile}{repo}{id}
- );
- if ( $status_ok ) {
- $p_repo = $ret->{profile};
- } else {
- my $errmsg =
- sprintf(
- gettext("WARNING: Error syncronizing profiles with the repository:\n%s\n"),
- $ret?$ret:gettext("UNKNOWN ERROR"));
- UI_Important($errmsg);
- next;
- }
- }
- if ( $p_repo ne $p_local ) {
- push @changed_profiles, [ $profile, $p_local, $p_repo ];
- }
- }
- }
- }
-
- if ( @changed_profiles ) {
- submit_changed_profiles( \@changed_profiles );
- }
- if ( @new_profiles ) {
- submit_created_profiles( \@new_profiles );
- }
- }
-}
-
-sub submit_created_profiles($) {
- my $new_profiles = shift;
- my $url = $cfg->{repository}{url};
-
- if ($UI_Mode eq "yast") {
- my $title = gettext("New profiles");
- my $explanation =
- gettext("Please choose the newly created profiles that you would".
- " like\nto store in the repository");
- yast_select_and_upload_profiles($title,
- $explanation,
- $new_profiles);
- } else {
- my $title =
- gettext("Submit newly created profiles to the repository");
- my $explanation =
- gettext("Would you like to upload the newly created profiles?");
- console_select_and_upload_profiles($title,
- $explanation,
- $new_profiles);
- }
-}
-
-sub submit_changed_profiles($) {
- my $changed_profiles = shift;
- my $url = $cfg->{repository}{url};
- if (@$changed_profiles) {
- if ($UI_Mode eq "yast") {
- my $explanation =
- gettext("Select which of the changed profiles you would".
- " like to upload\nto the repository");
- my $title = gettext("Changed profiles");
- yast_select_and_upload_profiles($title,
- $explanation,
- $changed_profiles);
- } else {
- my $title =
- gettext("Submit changed profiles to the repository");
- my $explanation =
- gettext("The following profiles from the repository were".
- " changed.\nWould you like to upload your changes?");
- console_select_and_upload_profiles($title,
- $explanation,
- $changed_profiles);
- }
- }
-}
-
-sub yast_select_and_upload_profiles($$$) {
-
- my ($title, $explanation, $profiles_ref) = @_;
- my $url = $cfg->{repository}{url};
- my %profile_changes;
- my @profiles = @$profiles_ref;
-
- foreach my $prof (@profiles) {
- $profile_changes{ $prof->[0] } =
- get_profile_diff($prof->[2], $prof->[1]);
- }
-
- my (@selected_profiles, $changelog, $changelogs, $single_changelog);
- SendDataToYast(
- {
- type => "dialog-select-profiles",
- title => $title,
- explanation => $explanation,
- default_select => "false",
- disable_ask_upload => "true",
- profiles => \%profile_changes
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
- if ($yarg->{STATUS} eq "cancel") {
- return;
- } else {
- my $selected_profiles_ref = $yarg->{PROFILES};
- @selected_profiles = @$selected_profiles_ref;
- $changelogs = $yarg->{CHANGELOG};
- if (defined $changelogs->{SINGLE_CHANGELOG}) {
- $changelog = $changelogs->{SINGLE_CHANGELOG};
- $single_changelog = 1;
- }
- }
-
- for my $profile (@selected_profiles) {
- my ($user, $pass) = get_repo_user_pass();
- my $profile_string = serialize_profile($sd{$profile}, $profile);
- if (!$single_changelog) {
- $changelog = $changelogs->{$profile};
- }
- my ($status_ok, $ret) = upload_profile( $url,
- $user,
- $pass,
- $cfg->{repository}{distro},
- $profile,
- $profile_string,
- $changelog
- );
- if ($status_ok) {
- my $newprofile = $ret;
- my $newid = $newprofile->{id};
- set_repo_info($sd{$profile}{$profile}, $url, $user, $newid);
- writeprofile_ui_feedback($profile);
- } else {
- my $errmsg =
- sprintf(
- gettext("WARNING: An error occured while uploading the profile %s\n%s\n"),
- $profile, $ret?$ret:gettext("UNKNOWN ERROR"));
- UI_Important( $errmsg );
- }
- }
- UI_Info(gettext("Uploaded changes to repository."));
-
- # Check to see if unselected profiles should be marked as local only
- # this is outside of the main repo code as we want users to be able to mark
- # profiles as local only even if they aren't able to connect to the repo.
- if (defined $yarg->{NEVER_ASK_AGAIN}) {
- my @unselected_profiles;
- foreach my $prof (@profiles) {
- if ( grep(/^$prof->[0]$/, @selected_profiles) == 0 ) {
- push @unselected_profiles, $prof->[0];
- }
- }
- set_profiles_local_only( @unselected_profiles );
- }
-}
-
-sub console_select_and_upload_profiles($$$) {
- my ($title, $explanation, $profiles_ref) = @_;
- my $url = $cfg->{repository}{url};
- my @profiles = @$profiles_ref;
- my $q = {};
- $q->{title} = $title;
- $q->{headers} = [ gettext("Repository"), $url, ];
-
- $q->{explanation} = $explanation;
-
- $q->{functions} = [ "CMD_UPLOAD_CHANGES",
- "CMD_VIEW_CHANGES",
- "CMD_ASK_LATER",
- "CMD_ASK_NEVER",
- "CMD_ABORT", ];
-
- $q->{default} = "CMD_VIEW_CHANGES";
-
- $q->{options} = [ map { $_->[0] } @profiles ];
- $q->{selected} = 0;
-
- my ($ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW_CHANGES") {
- display_changes($profiles[$arg]->[2], $profiles[$arg]->[1]);
- }
- } until $ans =~ /^CMD_(UPLOAD_CHANGES|ASK_NEVER|ASK_LATER)/;
-
- if ($ans eq "CMD_ASK_NEVER") {
- set_profiles_local_only( map { $_->[0] } @profiles );
- } elsif ($ans eq "CMD_UPLOAD_CHANGES") {
- my $changelog = UI_GetString(gettext("Changelog Entry: "), "");
- my ($user, $pass) = get_repo_user_pass();
- if ($user && $pass) {
- for my $p_data (@profiles) {
- my $profile = $p_data->[0];
- my $profile_string = $p_data->[1];
- my ($status_ok,$ret) =
- upload_profile( $url,
- $user,
- $pass,
- $cfg->{repository}{distro},
- $profile,
- $profile_string,
- $changelog
- );
- if ($status_ok) {
- my $newprofile = $ret;
- my $newid = $newprofile->{id};
- set_repo_info($sd{$profile}{$profile}, $url, $user, $newid);
- writeprofile_ui_feedback($profile);
- UI_Info(
- sprintf(gettext("Uploaded %s to repository."), $profile)
- );
- } else {
- my $errmsg =
- sprintf(
- gettext("WARNING: An error occured while uploading the profile %s\n%s\n"),
- $profile, $ret?$ret:gettext("UNKNOWN ERROR"));
- UI_Important( $errmsg );
- }
- }
- } else {
- UI_Important(gettext("Repository Error\n" .
- "Registration or Signin was unsuccessful. User login\n" .
- "information is required to upload profiles to the\n" .
- "repository. These changes have not been sent.\n"));
- }
- }
-}
-
-#
-# Mark the profiles passed in @profiles as local only
-# and don't prompt to upload changes to the repository
-#
-sub set_profiles_local_only(@) {
- my @profiles = @_;
- for my $profile (@profiles) {
- $sd{$profile}{$profile}{repo}{neversubmit} = 1;
- writeprofile_ui_feedback($profile);
- }
-}
-
-##########################################################################
-# Here are the console/yast interface functions
-
-sub UI_Info ($) {
- my $text = shift;
-
- $DEBUGGING && debug "UI_Info: $UI_Mode: $text";
-
- if ($UI_Mode eq "text") {
- print "$text\n";
- } else {
- ycp::y2milestone($text);
- }
-}
-
-sub UI_Important ($) {
- my $text = shift;
-
- $DEBUGGING && debug "UI_Important: $UI_Mode: $text";
-
- if ($UI_Mode eq "text") {
- print "\n$text\n";
- } else {
- SendDataToYast({ type => "dialog-error", message => $text });
- my ($path, $yarg) = GetDataFromYast();
- }
-}
-
-sub UI_YesNo ($$) {
- my $text = shift;
- my $default = shift;
-
- $DEBUGGING && debug "UI_YesNo: $UI_Mode: $text $default";
-
- my $ans;
- if ($UI_Mode eq "text") {
-
- my $yes = gettext("(Y)es");
- my $no = gettext("(N)o");
-
- # figure out our localized hotkeys
- my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
- $yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
- my $yeskey = lc($1);
- $no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
- my $nokey = lc($1);
-
- print "\n$text\n";
- if ($default eq "y") {
- print "\n[$yes] / $no\n";
- } else {
- print "\n$yes / [$no]\n";
- }
- $ans = getkey() || (($default eq "y") ? $yeskey : $nokey);
-
- # convert back from a localized answer to english y or n
- $ans = (lc($ans) eq $yeskey) ? "y" : "n";
- } else {
-
- SendDataToYast({ type => "dialog-yesno", question => $text });
- my ($ypath, $yarg) = GetDataFromYast();
- $ans = $yarg->{answer} || $default;
-
- }
-
- return $ans;
-}
-
-sub UI_YesNoCancel ($$) {
- my $text = shift;
- my $default = shift;
-
- $DEBUGGING && debug "UI_YesNoCancel: $UI_Mode: $text $default";
-
- my $ans;
- if ($UI_Mode eq "text") {
-
- my $yes = gettext("(Y)es");
- my $no = gettext("(N)o");
- my $cancel = gettext("(C)ancel");
-
- # figure out our localized hotkeys
- my $usrmsg = "PromptUser: " . gettext("Invalid hotkey for");
- $yes =~ /\((\S)\)/ or fatal_error "$usrmsg '$yes'";
- my $yeskey = lc($1);
- $no =~ /\((\S)\)/ or fatal_error "$usrmsg '$no'";
- my $nokey = lc($1);
- $cancel =~ /\((\S)\)/ or fatal_error "$usrmsg '$cancel'";
- my $cancelkey = lc($1);
-
- $ans = "XXXINVALIDXXX";
- while ($ans !~ /^(y|n|c)$/) {
- print "\n$text\n";
- if ($default eq "y") {
- print "\n[$yes] / $no / $cancel\n";
- } elsif ($default eq "n") {
- print "\n$yes / [$no] / $cancel\n";
- } else {
- print "\n$yes / $no / [$cancel]\n";
- }
-
- $ans = getkey();
-
- if ($ans) {
- # convert back from a localized answer to english y or n
- $ans = lc($ans);
- if ($ans eq $yeskey) {
- $ans = "y";
- } elsif ($ans eq $nokey) {
- $ans = "n";
- } elsif ($ans eq $cancelkey) {
- $ans = "c";
- }
- } else {
- $ans = $default;
- }
- }
- } else {
-
- SendDataToYast({ type => "dialog-yesnocancel", question => $text });
- my ($ypath, $yarg) = GetDataFromYast();
- $ans = $yarg->{answer} || $default;
-
- }
-
- return $ans;
-}
-
-sub UI_GetString ($$) {
- my $text = shift;
- my $default = shift;
-
- $DEBUGGING && debug "UI_GetString: $UI_Mode: $text $default";
-
- my $string;
- if ($UI_Mode eq "text") {
-
- if ($term) {
- $string = $term->readline($text, $default);
- } else {
- local $| = 1;
- print "$text";
- $string = <STDIN>;
- chomp($string);
- }
-
- } else {
-
- SendDataToYast({
- type => "dialog-getstring",
- label => $text,
- default => $default
- });
- my ($ypath, $yarg) = GetDataFromYast();
- $string = $yarg->{string};
-
- }
- return $string;
-}
-
-sub UI_GetFile ($) {
- my $f = shift;
-
- $DEBUGGING && debug "UI_GetFile: $UI_Mode";
-
- my $filename;
- if ($UI_Mode eq "text") {
-
- local $| = 1;
- print "$f->{description}\n";
- $filename = <STDIN>;
- chomp($filename);
-
- } else {
-
- $f->{type} = "dialog-getfile";
-
- SendDataToYast($f);
- my ($ypath, $yarg) = GetDataFromYast();
- if ($yarg->{answer} eq "okay") {
- $filename = $yarg->{filename};
- }
- }
-
- return $filename;
-}
-
-sub UI_BusyStart ($) {
- my $message = shift;
- $DEBUGGING && debug "UI_BusyStart: $UI_Mode";
-
- if ($UI_Mode eq "text") {
- UI_Info( $message );
- } else {
- SendDataToYast({
- type => "dialog-busy-start",
- message => $message,
- });
- my ($ypath, $yarg) = GetDataFromYast();
- }
-}
-
-sub UI_BusyStop() {
- $DEBUGGING && debug "UI_BusyStop: $UI_Mode";
-
- if ($UI_Mode ne "text") {
- SendDataToYast({ type => "dialog-busy-stop" });
- my ($ypath, $yarg) = GetDataFromYast();
- }
-}
-
-
-my %CMDS = (
- CMD_ALLOW => "(A)llow",
- CMD_OTHER => "(M)ore",
- CMD_AUDIT_NEW => "Audi(t)",
- CMD_AUDIT_OFF => "Audi(t) off",
- CMD_AUDIT_FULL => "Audit (A)ll",
- CMD_OTHER => "(O)pts",
- CMD_USER_ON => "(O)wner permissions on",
- CMD_USER_OFF => "(O)wner permissions off",
- CMD_DENY => "(D)eny",
- CMD_ABORT => "Abo(r)t",
- CMD_FINISHED => "(F)inish",
- CMD_ix => "(I)nherit",
- CMD_px => "(P)rofile",
- CMD_px_safe => "(P)rofile Clean Exec",
- CMD_cx => "(C)hild",
- CMD_cx_safe => "(C)hild Clean Exec",
- CMD_nx => "(N)ame",
- CMD_nx_safe => "(N)amed Clean Exec",
- CMD_ux => "(U)nconfined",
- CMD_ux_safe => "(U)nconfined Clean Exec",
- CMD_pix => "(P)rofile ix",
- CMD_pix_safe => "(P)rofile ix Clean Exec",
- CMD_cix => "(C)hild ix",
- CMD_cix_safe => "(C)hild ix Cx Clean Exec",
- CMD_nix => "(N)ame ix",
- CMD_nix_safe => "(N)ame ix",
- CMD_EXEC_IX_ON => "(X)ix",
- CMD_EXEC_IX_OFF => "(X)ix",
- CMD_SAVE => "(S)ave Changes",
- CMD_CONTINUE => "(C)ontinue Profiling",
- CMD_NEW => "(N)ew",
- CMD_GLOB => "(G)lob",
- CMD_GLOBEXT => "Glob w/(E)xt",
- CMD_ADDHAT => "(A)dd Requested Hat",
- CMD_USEDEFAULT => "(U)se Default Hat",
- CMD_SCAN => "(S)can system log for AppArmor events",
- CMD_HELP => "(H)elp",
- CMD_VIEW_PROFILE => "(V)iew Profile",
- CMD_USE_PROFILE => "(U)se Profile",
- CMD_CREATE_PROFILE => "(C)reate New Profile",
- CMD_UPDATE_PROFILE => "(U)pdate Profile",
- CMD_IGNORE_UPDATE => "(I)gnore Update",
- CMD_SAVE_CHANGES => "(S)ave Changes",
- CMD_UPLOAD_CHANGES => "(U)pload Changes",
- CMD_VIEW_CHANGES => "(V)iew Changes",
- CMD_VIEW => "(V)iew",
- CMD_ENABLE_REPO => "(E)nable Repository",
- CMD_DISABLE_REPO => "(D)isable Repository",
- CMD_ASK_NEVER => "(N)ever Ask Again",
- CMD_ASK_LATER => "Ask Me (L)ater",
- CMD_YES => "(Y)es",
- CMD_NO => "(N)o",
- CMD_ALL_NET => "Allow All (N)etwork",
- CMD_NET_FAMILY => "Allow Network Fa(m)ily",
- CMD_OVERWRITE => "(O)verwrite Profile",
- CMD_KEEP => "(K)eep Profile",
- CMD_CONTINUE => "(C)ontinue",
-);
-
-sub UI_PromptUser ($) {
- my $q = shift;
-
- my ($cmd, $arg);
- if ($UI_Mode eq "text") {
-
- ($cmd, $arg) = Text_PromptUser($q);
-
- } else {
-
- $q->{type} = "wizard";
-
- SendDataToYast($q);
- my ($ypath, $yarg) = GetDataFromYast();
-
- $cmd = $yarg->{selection} || "CMD_ABORT";
- $arg = $yarg->{selected};
- }
-
- if ($cmd eq "CMD_ABORT") {
- confirm_and_abort();
- $cmd = "XXXINVALIDXXX";
- } elsif ($cmd eq "CMD_FINISHED") {
- confirm_and_finish();
- $cmd = "XXXINVALIDXXX";
- }
-
- if (wantarray) {
- return ($cmd, $arg);
- } else {
- return $cmd;
- }
-}
-
-
-sub UI_ShortMessage($$) {
- my ($headline, $message) = @_;
-
- SendDataToYast(
- {
- type => "short-dialog-message",
- headline => $headline,
- message => $message
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
-}
-
-sub UI_LongMessage($$) {
- my ($headline, $message) = @_;
-
- $headline = "MISSING" if not defined $headline;
- $message = "MISSING" if not defined $message;
-
- SendDataToYast(
- {
- type => "long-dialog-message",
- headline => $headline,
- message => $message
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
-}
-
-##########################################################################
-# here are the interface functions to send data back and forth between
-# the yast frontend and the perl backend
-
-# this is super ugly, but waits for the next ycp Read command and sends data
-# back to the ycp front end.
-
-sub SendDataToYast($) {
- my $data = shift;
-
- $DEBUGGING && debug "SendDataToYast: Waiting for YCP command";
-
- while (<STDIN>) {
- $DEBUGGING && debug "SendDataToYast: YCP: $_";
- my ($ycommand, $ypath, $yargument) = ycp::ParseCommand($_);
-
- if ($ycommand && $ycommand eq "Read") {
-
- if ($DEBUGGING) {
- my $debugmsg = Data::Dumper->Dump([$data], [qw(*data)]);
- debug "SendDataToYast: Sending--\n$debugmsg";
- }
-
- ycp::Return($data);
- return 1;
-
- } else {
-
- $DEBUGGING && debug "SendDataToYast: Expected 'Read' but got-- $_";
-
- }
- }
-
- # if we ever break out here, something's horribly wrong.
- fatal_error "SendDataToYast: didn't receive YCP command before connection died";
-}
-
-# this is super ugly, but waits for the next ycp Write command and grabs
-# whatever the ycp front end gives us
-
-sub GetDataFromYast() {
-
- $DEBUGGING && debug "GetDataFromYast: Waiting for YCP command";
-
- while (<STDIN>) {
- $DEBUGGING && debug "GetDataFromYast: YCP: $_";
- my ($ycmd, $ypath, $yarg) = ycp::ParseCommand($_);
-
- if ($DEBUGGING) {
- my $debugmsg = Data::Dumper->Dump([$yarg], [qw(*data)]);
- debug "GetDataFromYast: Received--\n$debugmsg";
- }
-
- if ($ycmd && $ycmd eq "Write") {
-
- ycp::Return("true");
- return ($ypath, $yarg);
-
- } else {
- $DEBUGGING && debug "GetDataFromYast: Expected 'Write' but got-- $_";
- }
- }
-
- # if we ever break out here, something's horribly wrong.
- fatal_error "GetDataFromYast: didn't receive YCP command before connection died";
-}
-
-sub confirm_and_abort() {
- my $ans = UI_YesNo(gettext("Are you sure you want to abandon this set of profile changes and exit?"), "n");
- if ($ans eq "y") {
- UI_Info(gettext("Abandoning all changes."));
- shutdown_yast();
- foreach my $prof (@created) {
- delete_profile($prof);
- }
- exit 0;
- }
-}
-
-sub confirm_and_finish() {
- die "FINISHING\n";
-}
-
-sub build_x_functions($$$) {
- my ($default, $options, $exec_toggle) = @_;
- my @{list};
- if ($exec_toggle) {
- push @list, "CMD_ix" if $options =~ /i/;
- push @list, "CMD_pix" if $options =~ /p/ and $options =~ /i/;
- push @list, "CMD_cix" if $options =~ /c/ and $options =~ /i/;
- push @list, "CMD_nix" if $options =~ /n/ and $options =~ /i/;
- push @list, "CMD_ux" if $options =~ /u/;
- } else {
- push @list, "CMD_ix" if $options =~ /i/;
- push @list, "CMD_px" if $options =~ /p/;
- push @list, "CMD_cx" if $options =~ /c/;
- push @list, "CMD_nx" if $options =~ /n/;
- push @list, "CMD_ux" if $options =~ /u/;
- }
- if ($exec_toggle) {
- push @list, "CMD_EXEC_IX_OFF" if $options =~/p|c|n/;
- } else {
- push @list, "CMD_EXEC_IX_ON" if $options =~/p|c|n/;
- }
- push @list, "CMD_DENY", "CMD_ABORT", "CMD_FINISHED";
- return @list;
-}
-
-##########################################################################
-# this is the hideously ugly function that descends down the flow/event
-# trees that we've generated by parsing the logfile
-
-sub handlechildren($$$);
-
-sub handlechildren($$$) {
- my $profile = shift;
- my $hat = shift;
- my $root = shift;
-
- my @entries = @$root;
- for my $entry (@entries) {
- fatal_error "$entry is not a ref" if not ref($entry);
-
- if (ref($entry->[0])) {
- handlechildren($profile, $hat, $entry);
- } else {
-
- my @entry = @$entry;
- my $type = shift @entry;
-
- if ($type eq "fork") {
- my ($pid, $p, $h) = @entry;
-
- if ( ($p !~ /null(-complain)*-profile/)
- && ($h !~ /null(-complain)*-profile/))
- {
- $profile = $p;
- $hat = $h;
- }
-
- if ($hat) {
- $profilechanges{$pid} = $profile . "//" . $hat;
- } else {
- $profilechanges{$pid} = $profile;
- }
- } elsif ($type eq "unknown_hat") {
- my ($pid, $p, $h, $sdmode, $uhat) = @entry;
-
- if ($p !~ /null(-complain)*-profile/) {
- $profile = $p;
- }
-
- if ($sd{$profile}{$uhat}) {
- $hat = $uhat;
- next;
- }
-
- my $new_p = update_repo_profile($sd{$profile}{$profile});
- if ( $new_p and
- UI_SelectUpdatedRepoProfile($profile, $new_p) and
- $sd{$profile}{$uhat} ) {
- $hat = $uhat;
- next;
- }
-
- # figure out what our default hat for this application is.
- my $defaulthat;
- for my $hatglob (keys %{$cfg->{defaulthat}}) {
- $defaulthat = $cfg->{defaulthat}{$hatglob}
- if $profile =~ /$hatglob/;
- }
- # keep track of previous answers for this run...
- my $context = $profile;
- $context .= " -> ^$uhat";
- my $ans = $transitions{$context} || "XXXINVALIDXXX";
-
- while ($ans !~ /^CMD_(ADDHAT|USEDEFAULT|DENY)$/) {
- my $q = {};
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), $profile;
- if ($defaulthat) {
- push @{ $q->{headers} }, gettext("Default Hat"), $defaulthat;
- }
- push @{ $q->{headers} }, gettext("Requested Hat"), $uhat;
-
- $q->{functions} = [];
- push @{ $q->{functions} }, "CMD_ADDHAT";
- push @{ $q->{functions} }, "CMD_USEDEFAULT" if $defaulthat;
- push @{$q->{functions}}, "CMD_DENY", "CMD_ABORT",
- "CMD_FINISHED";
-
- $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ADDHAT" : "CMD_DENY";
-
- $seenevents++;
-
- $ans = UI_PromptUser($q);
-
- }
- $transitions{$context} = $ans;
-
- if ($ans eq "CMD_ADDHAT") {
- $hat = $uhat;
- $sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags};
- } elsif ($ans eq "CMD_USEDEFAULT") {
- $hat = $defaulthat;
- } elsif ($ans eq "CMD_DENY") {
- return;
- }
-
- } elsif ($type eq "capability") {
- my ($pid, $p, $h, $prog, $sdmode, $capability) = @entry;
-
- if ( ($p !~ /null(-complain)*-profile/)
- && ($h !~ /null(-complain)*-profile/))
- {
- $profile = $p;
- $hat = $h;
- }
-
- # print "$pid $profile $hat $prog $sdmode capability $capability\n";
-
- next unless $profile && $hat;
-
- $prelog{$sdmode}{$profile}{$hat}{capability}{$capability} = 1;
- } elsif (($type eq "path") || ($type eq "exec")) {
- my ($pid, $p, $h, $prog, $sdmode, $mode, $detail, $to_name) = @entry;
-
- $mode = 0 unless ($mode);
-
- if ( ($p !~ /null(-complain)*-profile/)
- && ($h !~ /null(-complain)*-profile/))
- {
- $profile = $p;
- $hat = $h;
- }
-
- next unless $profile && $hat && $detail;
- my $domainchange = ($type eq "exec") ? "change" : "nochange";
-
- # escape special characters that show up in literal paths
- $detail =~ s/(\[|\]|\+|\*|\{|\})/\\$1/g;
-
- # we need to give the Execute dialog if they're requesting x
- # access for something that's not a directory - we'll force
- # a "ix" Path dialog for directories
- my $do_execute = 0;
- my $exec_target = $detail;
-
- if ($mode & str_to_mode("x")) {
- if (-d $exec_target) {
- $mode &= (~$ALL_AA_EXEC_TYPE);
- $mode |= str_to_mode("ix");
- } else {
- $do_execute = 1;
- }
- }
-
- if ($mode & $AA_MAY_LINK) {
- if ($detail =~ m/^from (.+) to (.+)$/) {
- my ($path, $target) = ($1, $2);
-
- my $frommode = str_to_mode("lr");
- if (defined $prelog{$sdmode}{$profile}{$hat}{path}{$path}) {
- $frommode |= $prelog{$sdmode}{$profile}{$hat}{path}{$path};
- }
- $prelog{$sdmode}{$profile}{$hat}{path}{$path} = $frommode;
-
- my $tomode = str_to_mode("lr");
- if (defined $prelog{$sdmode}{$profile}{$hat}{path}{$target}) {
- $tomode |= $prelog{$sdmode}{$profile}{$hat}{path}{$target};
- }
- $prelog{$sdmode}{$profile}{$hat}{path}{$target} = $tomode;
-
- # print "$pid $profile $hat $prog $sdmode $path:$frommode -> $target:$tomode\n";
- } else {
- next;
- }
- } elsif ($mode) {
- my $path = $detail;
-
- if (defined $prelog{$sdmode}{$profile}{$hat}{path}{$path}) {
- $mode |= $prelog{$sdmode}{$profile}{$hat}{path}{$path};
- }
- $prelog{$sdmode}{$profile}{$hat}{path}{$path} = $mode;
-
- # print "$pid $profile $hat $prog $sdmode $mode $path\n";
- }
-
- if ($do_execute) {
- next if ( profile_known_exec($sd{$profile}{$hat},
- "exec", $exec_target ) );
-
- my $p = update_repo_profile($sd{$profile}{$profile});
-
- if ($to_name) {
- next if ( $to_name and
- UI_SelectUpdatedRepoProfile($profile, $p) and
- profile_known_exec($sd{$profile}{$hat},
- "exec", $to_name ) );
- } else {
- next if ( UI_SelectUpdatedRepoProfile($profile, $p) and
- profile_known_exec($sd{$profile}{$hat},
- "exec", $exec_target ) );
- }
-
- my $context = $profile;
- $context .= "^$hat" if $profile ne $hat;
- $context .= " -> $exec_target";
- my $ans = $transitions{$context} || "";
-
- my ($combinedmode, $combinedaudit, $cm, $am, @m);
- $combinedmode = 0;
- $combinedaudit = 0;
-
- # does path match any regexps in original profile?
- ($cm, $am, @m) = rematchfrag($sd{$profile}{$hat}, 'allow', $exec_target);
- $combinedmode |= $cm if $cm;
- $combinedaudit |= $am if $am;
-
- # find the named transition if is present
- if ($combinedmode & str_to_mode("x")) {
- my $nt_name;
- foreach my $entry (@m) {
- if ($sd{$profile}{$hat}{allow}{path}{$entry}{to}) {
- $nt_name = $sd{$profile}{$hat}{allow}{path}{$entry}{to};
- last;
- }
- }
- if ($to_name and $nt_name and ($to_name ne $nt_name)) {
- #fatal_error "transition name from "
- } elsif ($nt_name) {
- $to_name = $nt_name;
- }
- }
-
- # does path match anything pulled in by includes in
- # original profile?
- ($cm, $am, @m) = match_prof_incs_to_path($sd{$profile}{$hat}, 'allow', $exec_target);
- $combinedmode |= $cm if $cm;
- $combinedaudit |= $am if $am;
- if ($combinedmode & str_to_mode("x")) {
- my $nt_name;
- foreach my $entry (@m) {
- if ($sd{$profile}{$hat}{allow}{path}{$entry}{to}) {
- $nt_name = $sd{$profile}{$hat}{allow}{path}{$entry}{to};
- last;
- }
- }
- if ($to_name and $nt_name and ($to_name ne $nt_name)) {
- #fatal_error "transition name from "
- } elsif ($nt_name) {
- $to_name = $nt_name;
- }
- }
-
-
- #nx does not exist in profiles. It does in log
- #files however. The log parsing routines will convert
- #it to its profile form.
- #nx is internally represented by cx/px/cix/pix + to_name
- my $exec_mode = 0;
- if (contains($combinedmode, "pix")) {
- if ($to_name) {
- $ans = "CMD_nix";
- } else {
- $ans = "CMD_pix";
- }
- $exec_mode = str_to_mode("pixr");
- } elsif (contains($combinedmode, "cix")) {
- if ($to_name) {
- $ans = "CMD_nix";
- } else {
- $ans = "CMD_cix";
- }
- $exec_mode = str_to_mode("cixr");
- } elsif (contains($combinedmode, "Pix")) {
- if ($to_name) {
- $ans = "CMD_nix_safe";
- } else {
- $ans = "CMD_pix_safe";
- }
- $exec_mode = str_to_mode("Pixr");
- } elsif (contains($combinedmode, "Cix")) {
- if ($to_name) {
- $ans = "CMD_nix_safe";
- } else {
- $ans = "CMD_cix_safe";
- }
- $exec_mode = str_to_mode("Cixr");
- } elsif (contains($combinedmode, "ix")) {
- $ans = "CMD_ix";
- $exec_mode = str_to_mode("ixr");
- } elsif (contains($combinedmode, "px")) {
- if ($to_name) {
- $ans = "CMD_nx";
- } else {
- $ans = "CMD_px";
- }
- $exec_mode = str_to_mode("px");
- } elsif (contains($combinedmode, "cx")) {
- if ($to_name) {
- $ans = "CMD_nx";
- } else {
- $ans = "CMD_cx";
- }
- $exec_mode = str_to_mode("cx");
- } elsif (contains($combinedmode, "ux")) {
- $ans = "CMD_ux";
- $exec_mode = str_to_mode("ux");
- } elsif (contains($combinedmode, "Px")) {
- if ($to_name) {
- $ans = "CMD_nx_safe";
- } else {
- $ans = "CMD_px_safe";
- }
- $exec_mode = str_to_mode("Px");
- } elsif (contains($combinedmode, "Cx")) {
- if ($to_name) {
- $ans = "CMD_nx_safe";
- } else {
- $ans = "CMD_cx_safe";
- }
- $exec_mode = str_to_mode("Cx");
- } elsif (contains($combinedmode, "Ux")) {
- $ans = "CMD_ux_safe";
- $exec_mode = str_to_mode("Ux");
- } else {
- my $options = $cfg->{qualifiers}{$exec_target} || "ipcnu";
- fatal_error "$entry has transition name but not transition mode" if $to_name;
-
- # force "ix" as the only option when the profiled
- # program executes itself
- $options = "i" if $exec_target eq $profile;
-
- # for now don't allow hats to cx
- $options =~ s/c// if $hat and $hat ne $profile;
-
- # we always need deny...
- $options .= "d";
-
- # figure out what our default option should be...
- my $default;
- if ($options =~ /p/
- && -e getprofilefilename($exec_target))
- {
- $default = "CMD_px";
- } elsif ($options =~ /i/) {
- $default = "CMD_ix";
- } elsif ($options =~ /c/) {
- $default = "CMD_cx";
- } elsif ($options =~ /n/) {
- $default = "CMD_nx";
- } else {
- $default = "CMD_DENY";
- }
-
- # ugh, this doesn't work if someone does an ix before
- # calling this particular child process. at least
- # it's only a hint instead of mandatory to get this
- # right.
- my $parent_uses_ld_xxx = check_for_LD_XXX($profile);
-
- my $severity = $sevdb->rank($exec_target, "x");
-
- # build up the prompt...
- my $q = {};
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), combine_name($profile, $hat);
- if ($prog && $prog ne "HINT") {
- push @{ $q->{headers} }, gettext("Program"), $prog;
- }
- # $to_name should NOT exist here other wise we know what
- # mode we are supposed to be transitioning to
- # which is handled above.
- push @{ $q->{headers} }, gettext("Execute"), $exec_target;
- push @{ $q->{headers} }, gettext("Severity"), $severity;
-
- $q->{functions} = [];
-
- my $prompt = "\n$context\n";
- my $exec_toggle = 0;
-
- push @{ $q->{functions} }, build_x_functions($default, $options, $exec_toggle);
-
- $options = join("|", split(//, $options));
-
- $seenevents++;
-
- while ($ans !~ m/^CMD_(ix|px|cx|nx|pix|cix|nix|px_safe|cx_safe|nx_safe|pix_safe|cix_safe|nix_safe|ux|ux_safe|EXEC_TOGGLE|DENY)$/) {
- $ans = UI_PromptUser($q);
-
- if ($ans =~ /CMD_EXEC_IX_/) {
- $exec_toggle = !$exec_toggle;
-
- $q->{functions} = [ ];
- push @{ $q->{functions} }, build_x_functions($default, $options, $exec_toggle);
- $ans = "";
- next;
- }
- if ($ans =~ /CMD_(nx|nix)/) {
- my $arg = $exec_target;
-
- my $ynans = "n";
- if ($profile eq $hat) {
- $ynans = UI_YesNo("Are you specifying a transition to a local profile?", "n");
- }
-
- if ($ynans eq "y") {
- if ($ans eq "CMD_nx") {
- $ans = "CMD_cx";
- } else {
- $ans = "CMD_cix";
- }
- } else {
- if ($ans eq "CMD_nx") {
- $ans = "CMD_px";
- } else {
- $ans = "CMD_pix";
- }
- }
- $to_name = UI_GetString(gettext("Enter profile name to transition to: "), $arg);
- }
- if ($ans =~ /CMD_ix/) {
- $exec_mode = str_to_mode("ix");
- } elsif ($ans =~ /CMD_(px|cx|nx|pix|cix|nix)/) {
- my $match = $1;
- $exec_mode = str_to_mode($match);
- my $px_default = "n";
- my $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut some applications depend on the presence\nof LD_PRELOAD or LD_LIBRARY_PATH.");
- if ($parent_uses_ld_xxx) {
- $px_mesg = gettext("Should AppArmor sanitize the environment when\nswitching profiles?\n\nSanitizing the environment is more secure,\nbut this application appears to use LD_PRELOAD\nor LD_LIBRARY_PATH and clearing these could\ncause functionality problems.");
- }
- my $ynans = UI_YesNo($px_mesg, $px_default);
- $ans = "CMD_$match";
- if ($ynans eq "y") {
- $exec_mode &= ~($AA_EXEC_UNSAFE | ($AA_EXEC_UNSAFE << $AA_OTHER_SHIFT));
- }
- } elsif ($ans eq "CMD_ux") {
- $exec_mode = str_to_mode("ux");
- my $ynans = UI_YesNo(sprintf(gettext("Launching processes in an unconfined state is a very\ndangerous operation and can cause serious security holes.\n\nAre you absolutely certain you wish to remove all\nAppArmor protection when executing \%s?"), $exec_target), "n");
- if ($ynans eq "y") {
- my $ynans = UI_YesNo(gettext("Should AppArmor sanitize the environment when\nrunning this program unconfined?\n\nNot sanitizing the environment when unconfining\na program opens up significant security holes\nand should be avoided if at all possible."), "y");
- if ($ynans eq "y") {
- $exec_mode &= ~($AA_EXEC_UNSAFE | ($AA_EXEC_UNSAFE << $AA_OTHER_SHIFT));
- }
- } else {
- $ans = "INVALID";
- }
- }
- }
- $transitions{$context} = $ans;
-
- if ($ans =~ /CMD_(ix|px|cx|nx|pix|cix|nix)/) {
- # if we're inheriting, things'll bitch unless we have r
- if ($exec_mode & str_to_mode("i")) {
- $exec_mode |= str_to_mode("r");
- }
-
- } else {
- if ($ans eq "CMD_DENY") {
- $sd{$profile}{$hat}{deny}{path}{$exec_target}{mode} |= str_to_mode("x");
-
- $sd{$profile}{$hat}{deny}{path}{$exec_target}{audit} |= 0;
- $changed{$profile} = 1;
- # skip all remaining events if they say to deny
- # the exec
- return if $domainchange eq "change";
- }
-
- }
-
- unless ($ans eq "CMD_DENY") {
-# ???? if its defined in the prelog we shouldn't have asked
- if (defined $prelog{PERMITTING}{$profile}{$hat}{path}{$exec_target}) {
-# $exec_mode = $prelog{PERMITTING}{$profile}{$hat}{path}{$exec_target};
- }
-
- $prelog{PERMITTING}{$profile}{$hat}{path}{$exec_target} |= $exec_mode;
- $log{PERMITTING}{$profile} = {};
- $sd{$profile}{$hat}{allow}{path}{$exec_target}{mode} |= $exec_mode;
- $sd{$profile}{$hat}{allow}{path}{$exec_target}{audit} |= 0;
- $sd{$profile}{$hat}{allow}{path}{$exec_target}{to} = $to_name if ($to_name);
-
- # mark this profile as changed
- $changed{$profile} = 1;
-
- if ($exec_mode & str_to_mode("i")) {
- if ($exec_target =~ /perl/) {
- $sd{$profile}{$hat}{include}{"abstractions/perl"} = 1;
- } elsif ($detail =~ m/\/bin\/(bash|sh)/) {
- $sd{$profile}{$hat}{include}{"abstractions/bash"} = 1;
- }
- my $hashbang = head($exec_target);
- if ($hashbang =~ /^#!\s*(\S+)/) {
- my $interpreter = get_full_path($1);
- $sd{$profile}{$hat}{path}->{$interpreter}{mode} |= str_to_mode("ix");
- $sd{$profile}{$hat}{path}->{$interpreter}{audit} |= 0;
- if ($interpreter =~ /perl/) {
- $sd{$profile}{$hat}{include}{"abstractions/perl"} = 1;
- } elsif ($interpreter =~ m/\/bin\/(bash|sh)/) {
- $sd{$profile}{$hat}{include}{"abstractions/bash"} = 1;
- }
- }
- }
- }
- }
-
- # print "$pid $profile $hat EXEC $exec_target $ans $exec_mode\n";
-
- # update our tracking info based on what kind of change
- # this is...
- if ($ans eq "CMD_ix") {
- if ($hat) {
- $profilechanges{$pid} = $profile . "//" . $hat;
- } else {
- $profilechanges{$pid} = $profile;
- }
- } elsif ($ans =~ /^CMD_(px|nx|pix|nix)/) {
- $exec_target = $to_name if ($to_name);
- if ($sdmode eq "PERMITTING") {
- if ($domainchange eq "change") {
- $profile = $exec_target;
- $hat = $exec_target;
- $profilechanges{$pid} = $profile;
- }
- }
- # if they want to use px, make sure a profile
- # exists for the target.
- unless (-e getprofilefilename($exec_target)) {
- my $ynans = "y";
- if ($exec_mode & str_to_mode("i")) {
- $ynans = UI_YesNo(sprintf(gettext("A profile for %s does not exist. Create one?"), $exec_target), "n");
- }
- if ($ynans eq "y") {
- $helpers{$exec_target} = "enforce";
- if ($to_name) {
- autodep_base("", $exec_target);
- } else {
- autodep_base($exec_target, "");
- }
- reload_base($exec_target);
- }
- }
- } elsif ($ans =~ /^CMD_(cx|cix)/) {
- $exec_target = $to_name if ($to_name);
- if ($sdmode eq "PERMITTING") {
- if ($domainchange eq "change") {
- $profilechanges{$pid} = "${profile}//${exec_target}";
-# $profile = $exec_target;
-# $hat = $exec_target;
- }
- }
-
- # if they want to use cx, make sure a profile
- # exists for the target.
- unless ($sd{$profile}{$exec_target}) {
- my $ynans = "y";
- if ($exec_mode & str_to_mode("i")) {
- $ynans = UI_YesNo(sprintf(gettext("A local profile for %s does not exist. Create one?"), $exec_target), "n");
- }
- if ($ynans eq "y") {
- $hat = $exec_target;
- # keep track of profile flags
- #$profile_data->{$profile}{$hat}{flags} = ;
-
- # we have seen more than a declaration so clear it
- $sd{$profile}{$hat}{'declared'} = 0;
- $sd{$profile}{$hat}{profile} = 1;
-
- # Otherwise sub-profiles end up getting
- # put in enforce mode with genprof
- $sd{$profile}{$hat}{flags} = $sd{$profile}{$profile}{flags} if $profile ne $hat;
-
- # autodep our new child
- my $stub_profile = create_new_profile($hat);
-
- $sd{$profile}{$hat}{flags} = 'complain';
- $sd{$profile}{$hat}{allow}{path} = { };
- if (defined $stub_profile->{$hat}{$hat}{allow}{path}) {
- $sd{$profile}{$hat}{allow}{path} = $stub_profile->{$hat}{$hat}{allow}{path};
- }
- $sd{$profile}{$hat}{include} = { };
- if (defined $stub_profile->{$hat}{$hat}{include}) {
- $sd{$profile}{$hat}{include} = $stub_profile->{$hat}{$hat}{include};
- }
- $sd{$profile}{$hat}{allow}{netdomain} = { };
- my $file = $sd{$profile}{$profile}{filename};
- $filelist{$file}{profiles}{$profile}{$hat} = 1;
-
- }
- }
- } elsif ($ans =~ /^CMD_ux/) {
- $profilechanges{$pid} = "unconfined";
- return if $domainchange eq "change";
- }
- }
- } elsif ( $type eq "netdomain" ) {
- my ($pid, $p, $h, $prog, $sdmode, $family, $sock_type, $protocol) =
- @entry;
-
- if ( ($p !~ /null(-complain)*-profile/)
- && ($h !~ /null(-complain)*-profile/))
- {
- $profile = $p;
- $hat = $h;
- }
-
- next unless $profile && $hat;
- $prelog{$sdmode}
- {$profile}
- {$hat}
- {netdomain}
- {$family}
- {$sock_type} = 1 unless ( !$family || !$sock_type );
-
- }
- }
- }
-}
-
-sub add_to_tree ($$$@) {
- my ($pid, $parent, $type, @event) = @_;
- if ( $DEBUGGING ) {
- my $eventmsg = Data::Dumper->Dump([@event], [qw(*event)]);
- $eventmsg =~ s/\n/ /g;
- debug " add_to_tree: pid [$pid] type [$type] event [ $eventmsg ]";
- }
-
- unless (exists $pid{$pid}) {
- my $profile = $event[0];
- my $hat = $event[1];
- if ($parent && exists $pid{$parent}) {
- # fork entry is missing fake one so that fork tracking will work
- $hat ||= "null-complain-profile";
- my $arrayref = [];
- push @{ $pid{$parent} }, $arrayref;
- $pid{$pid} = $arrayref;
- push @{$arrayref}, [ "fork", $pid, $profile, $hat ];
- } else {
- my $arrayref = [];
- push @log, $arrayref;
- $pid{$pid} = $arrayref;
- }
- }
-
- push @{ $pid{$pid} }, [ $type, $pid, @event ];
-}
-
-#
-# variables used in the logparsing routines
-#
-our $LOG;
-our $next_log_entry;
-our $logmark;
-our $seenmark;
-my $RE_LOG_v2_0_syslog = qr/SubDomain/;
-my $RE_LOG_v2_1_syslog = qr/kernel:\s+(\[[\d\.\s]+\]\s+)?(audit\([\d\.\:]+\):\s+)?type=150[1-6]/;
-my $RE_LOG_v2_6_syslog = qr/kernel:\s+(\[[\d\.\s]+\]\s+)?type=\d+\s+audit\([\d\.\:]+\):\s+apparmor=/;
-my $RE_LOG_v2_0_audit =
- qr/type=(APPARMOR|UNKNOWN\[1500\]) msg=audit\([\d\.\:]+\):/;
-my $RE_LOG_v2_1_audit =
- qr/type=(UNKNOWN\[150[1-6]\]|APPARMOR_(AUDIT|ALLOWED|DENIED|HINT|STATUS|ERROR))/;
-my $RE_LOG_v2_6_audit =
- qr/type=AVC\s+(msg=)?audit\([\d\.\:]+\):\s+apparmor=/;
-
-sub prefetch_next_log_entry() {
- # if we already have an existing cache entry, something's broken
- if ($next_log_entry) {
- print STDERR "Already had next log entry: $next_log_entry";
- }
-
- # read log entries until we either hit the end or run into an
- # AA event message format we recognize
- do {
- $next_log_entry = <$LOG>;
- $DEBUGGING && debug "prefetch_next_log_entry: next_log_entry = " . ($next_log_entry ? $next_log_entry : "empty");
- } until (!$next_log_entry || $next_log_entry =~ m{
- $RE_LOG_v2_0_syslog |
- $RE_LOG_v2_0_audit |
- $RE_LOG_v2_1_audit |
- $RE_LOG_v2_1_syslog |
- $RE_LOG_v2_6_syslog |
- $RE_LOG_v2_6_audit |
- $logmark
- }x);
-}
-
-sub get_next_log_entry() {
- # make sure we've got a next log entry if there is one
- prefetch_next_log_entry() unless $next_log_entry;
-
- # save a copy of the next log entry...
- my $log_entry = $next_log_entry;
-
- # zero out our cache of the next log entry
- $next_log_entry = undef;
-
- return $log_entry;
-}
-
-sub peek_at_next_log_entry() {
- # make sure we've got a next log entry if there is one
- prefetch_next_log_entry() unless $next_log_entry;
-
- # return a copy of the next log entry without pulling it out of the cache
- return $next_log_entry;
-}
-
-sub throw_away_next_log_entry() {
- $next_log_entry = undef;
-}
-
-sub parse_log_record_v_2_0 ($$) {
- my ($record, $last) = @_;
- $DEBUGGING && debug "parse_log_record_v_2_0: $record";
-
- # What's this early out for? As far as I can tell, parse_log_record_v_2_0
- # won't ever be called without something in $record
- return $last if ( ! $record );
-
- $_ = $record;
-
- if (s/(PERMITTING|REJECTING)-SYSLOGFIX/$1/) {
- s/%%/%/g;
- }
-
- if (m/LOGPROF-HINT unknown_hat (\S+) pid=(\d+) profile=(.+) active=(.+)/) {
- my ($uhat, $pid, $profile, $hat) = ($1, $2, $3, $4);
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- add_to_tree($pid, 0, "unknown_hat", $profile, $hat,
- "PERMITTING", $uhat);
- } elsif (m/LOGPROF-HINT (unknown_profile|missing_mandatory_profile) image=(.+) pid=(\d+) profile=(.+) active=(.+)/) {
- my ($image, $pid, $profile, $hat) = ($2, $3, $4, $5);
-
- return $& if $last =~ /PERMITTING x access to $image/;
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- add_to_tree($pid, 0, "exec", $profile, $hat, "HINT", "PERMITTING", "x", $image);
-
- } elsif (m/(PERMITTING|REJECTING) (\S+) access (.+) \((.+)\((\d+)\) profile (.+) active (.+)\)/) {
- my ($sdmode, $mode, $detail, $prog, $pid, $profile, $hat) =
- ($1, $2, $3, $4, $5, $6, $7);
-
- if ($mode eq "link") {
- $mode = "l";
- }
- if (!validate_log_mode($mode)) {
- fatal_error(sprintf(gettext('Log contains unknown mode %s.'), $mode));
- }
-
- my $domainchange = "nochange";
- if ($mode =~ /x/) {
-
- # we need to try to check if we're doing a domain transition
- if ($sdmode eq "PERMITTING") {
- my $following = peek_at_next_log_entry();
-
- if ($following && ($following =~ m/changing_profile/)) {
- $domainchange = "change";
- throw_away_next_log_entry();
- }
- }
- } else {
-
- # we want to ignore duplicates for things other than executes...
- return $& if $seen{$&};
- $seen{$&} = 1;
- }
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- if (($profile ne 'null-complain-profile')
- && (!profile_exists($profile)))
- {
- return $&;
- }
-
- # currently no way to stick pipe mediation in a profile, ignore
- # any messages like this
- return $& if $detail =~ /to pipe:/;
-
- # strip out extra extended attribute info since we don't
- # currently have a way to specify it in the profile and
- # instead just need to provide the access to the base filename
- $detail =~ s/\s+extended attribute \S+//;
-
- # kerberos code checks to see if the krb5.conf file is world
- # writable in a stupid way so we'll ignore any w accesses to
- # krb5.conf
- return $& if (($detail eq "to /etc/krb5.conf") && contains($mode, "w"));
-
- # strip off the (deleted) tag that gets added if it's a
- # deleted file
- $detail =~ s/\s+\(deleted\)$//;
-
- # next if (($detail =~ /to \/lib\/ld-/) && ($mode =~ /x/));
-
- $detail =~ s/^to\s+//;
-
- if ($domainchange eq "change") {
- add_to_tree($pid, 0, "exec", $profile, $hat, $prog,
- $sdmode, str_to_mode($mode), $detail);
- } else {
- add_to_tree($pid, 0, "path", $profile, $hat, $prog,
- $sdmode, str_to_mode($mode), $detail);
- }
-
- } elsif (m/(PERMITTING|REJECTING) (?:mk|rm)dir on (.+) \((.+)\((\d+)\) profile (.+) active (.+)\)/) {
- my ($sdmode, $path, $prog, $pid, $profile, $hat) =
- ($1, $2, $3, $4, $5, $6);
-
- # we want to ignore duplicates for things other than executes...
- return $& if $seen{$&}++;
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- add_to_tree($pid, 0, "path", $profile, $hat, $prog, $sdmode,
- "w", $path);
-
- } elsif (m/(PERMITTING|REJECTING) xattr (\S+) on (.+) \((.+)\((\d+)\) profile (.+) active (.+)\)/) {
- my ($sdmode, $xattr_op, $path, $prog, $pid, $profile, $hat) =
- ($1, $2, $3, $4, $5, $6, $7);
-
- # we want to ignore duplicates for things other than executes...
- return $& if $seen{$&}++;
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- my $xattrmode;
- if ($xattr_op eq "get" || $xattr_op eq "list") {
- $xattrmode = "r";
- } elsif ($xattr_op eq "set" || $xattr_op eq "remove") {
- $xattrmode = "w";
- }
-
- if ($xattrmode) {
- add_to_tree($pid, 0, "path", $profile, $hat, $prog, $sdmode,
- str_to_mode($xattrmode), $path);
- }
-
- } elsif (m/(PERMITTING|REJECTING) attribute \((.*?)\) change to (.+) \((.+)\((\d+)\) profile (.+) active (.+)\)/) {
- my ($sdmode, $change, $path, $prog, $pid, $profile, $hat) =
- ($1, $2, $3, $4, $5, $6, $7);
-
- # we want to ignore duplicates for things other than executes...
- return $& if $seen{$&};
- $seen{$&} = 1;
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- # kerberos code checks to see if the krb5.conf file is world
- # writable in a stupid way so we'll ignore any w accesses to
- # krb5.conf
- return $& if $path eq "/etc/krb5.conf";
-
- add_to_tree($pid, 0, "path", $profile, $hat, $prog, $sdmode,
- str_to_mode("w"), $path);
-
- } elsif (m/(PERMITTING|REJECTING) access to capability '(\S+)' \((.+)\((\d+)\) profile (.+) active (.+)\)/) {
- my ($sdmode, $capability, $prog, $pid, $profile, $hat) =
- ($1, $2, $3, $4, $5, $6);
-
- return $& if $seen{$&};
-
- $seen{$&} = 1;
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist - they're
- # most likely broken entries or old entries for deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- add_to_tree($pid, 0, "capability", $profile, $hat, $prog,
- $sdmode, $capability);
-
- } elsif (m/Fork parent (\d+) child (\d+) profile (.+) active (.+)/
- || m/LOGPROF-HINT fork pid=(\d+) child=(\d+) profile=(.+) active=(.+)/
- || m/LOGPROF-HINT fork pid=(\d+) child=(\d+)/)
- {
- my ($parent, $child, $profile, $hat) = ($1, $2, $3, $4);
-
- $profile ||= "null-complain-profile";
- $hat ||= "null-complain-profile";
-
- $last = $&;
-
- # we want to ignore entries for profiles that don't exist
- # they're most likely broken entries or old entries for
- # deleted profiles
- return $&
- if ( ($profile ne 'null-complain-profile')
- && (!profile_exists($profile)));
-
- my $arrayref = [];
- if (exists $pid{$parent}) {
- push @{ $pid{$parent} }, $arrayref;
- } else {
- push @log, $arrayref;
- }
- $pid{$child} = $arrayref;
- push @{$arrayref}, [ "fork", $child, $profile, $hat ];
- } else {
- $DEBUGGING && debug "UNHANDLED: $_";
- }
- return $last;
-}
-
-sub parse_log_record ($) {
- my $record = shift;
- $DEBUGGING && debug "parse_log_record: $record";
- my $e = parse_event($record);
-
- return $e;
-}
-
-
-sub add_event_to_tree ($) {
- my $e = shift;
-
- my $sdmode = $e->{sdmode}?$e->{sdmode}:"UNKNOWN";
- if ( $e->{type} ) {
- if ( $e->{type} =~ /(UNKNOWN\[1501\]|APPARMOR_AUDIT|1501)/ ) {
- $sdmode = "AUDIT";
- } elsif ( $e->{type} =~ /(UNKNOWN\[1502\]|APPARMOR_ALLOWED|1502)/ ) {
- $sdmode = "PERMITTING";
- } elsif ( $e->{type} =~ /(UNKNOWN\[1503\]|APPARMOR_DENIED|1503)/ ) {
- $sdmode = "REJECTING";
- } elsif ( $e->{type} =~ /(UNKNOWN\[1504\]|APPARMOR_HINT|1504)/ ) {
- $sdmode = "HINT";
- } elsif ( $e->{type} =~ /(UNKNOWN\[1505\]|APPARMOR_STATUS|1505)/ ) {
- $sdmode = "STATUS";
- } elsif ( $e->{type} =~ /(UNKNOWN\[1506\]|APPARMOR_ERROR|1506)/ ) {
- $sdmode = "ERROR";
- } else {
- $sdmode = "UNKNOWN";
- }
- }
- return if ( $sdmode =~ /UNKNOWN|AUDIT|STATUS|ERROR/ );
- return if ($e->{operation} =~ /profile_set/);
-
- my ($profile, $hat);
-
- # The version of AppArmor that was accepted into the mainline kernel
- # issues audit events for things like change_hat while unconfined.
- # Previous versions just returned -EPERM without the audit so the
- # events wouldn't have been picked up here.
- return if (!$e->{profile});
-
- # just convert new null profile style names to old before we begin processing
- # profile and name can contain multiple layers of null- but all we care about
- # currently is single level.
- if ($e->{profile} =~ m/\/\/null-/) {
- $e->{profile} = "null-complain-profile";
- }
- ($profile, $hat) = split /\/\//, $e->{profile};
- if ( $e->{operation} eq "change_hat" ) {
- #screen out change_hat events that aren't part of learning, as before
- #AppArmor 2.4 these events only happend as hints during learning
- return if ($sdmode ne "HINT" && $sdmode ne "PERMITTING");
- ($profile, $hat) = split /\/\//, $e->{name};
- }
- $hat = $profile if ( !$hat );
- # TODO - refactor add_to_tree as prog is no longer supplied
- # HINT is from previous format where prog was not
- # consistently passed
- my $prog = "HINT";
-
- return if ($profile ne 'null-complain-profile' && !profile_exists($profile));
-
- if ($e->{operation} eq "exec") {
- if ( defined $e->{info} && $e->{info} eq "mandatory profile missing" ) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "exec",
- $profile,
- $hat,
- $sdmode,
- "PERMITTING",
- $e->{denied_mask},
- $e->{name},
- $e->{name2}
- );
- } elsif ( defined $e->{name2} && $e->{name2} =~ m/\/\/null-/) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "exec",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- ""
- );
- } elsif (defined $e->{name}) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "exec",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- ""
- );
- } else {
- $DEBUGGING && debug "add_event_to_tree: dropped exec event in $e->{profile}";
- }
- } elsif ($e->{operation} =~ m/file_/) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "path",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- "",
- );
- } elsif ($e->{operation} eq "open" ||
- $e->{operation} eq "truncate" ||
- $e->{operation} eq "mkdir" ||
- $e->{operation} eq "mknod" ||
- $e->{operation} eq "rename_src" ||
- $e->{operation} eq "rename_dest" ||
- $e->{operation} =~ m/^(unlink|rmdir|symlink_create|link)$/) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "path",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- "",
- );
- } elsif ($e->{operation} eq "capable") {
- add_to_tree( $e->{pid},
- $e->{parent},
- "capability",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{name}
- );
- } elsif ($e->{operation} =~ m/xattr/ ||
- $e->{operation} eq "setattr") {
- add_to_tree( $e->{pid},
- $e->{parent},
- "path",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- ""
- );
- } elsif ($e->{operation} =~ m/inode_/) {
- my $is_domain_change = 0;
-
- if ($e->{operation} eq "inode_permission" &&
- $e->{denied_mask} & $AA_MAY_EXEC &&
- $sdmode eq "PERMITTING") {
-
- my $following = peek_at_next_log_entry();
- if ($following) {
- my $entry = parse_log_record($following);
- if ($entry &&
- $entry->{info} &&
- $entry->{info} eq "set profile" ) {
-
- $is_domain_change = 1;
- throw_away_next_log_entry();
- }
- }
- }
-
- if ($is_domain_change) {
- add_to_tree( $e->{pid},
- $e->{parent},
- "exec",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- $e->{name2}
- );
- } else {
- add_to_tree( $e->{pid},
- $e->{parent},
- "path",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- ""
- );
- }
- } elsif ($e->{operation} eq "sysctl") {
- add_to_tree( $e->{pid},
- $e->{parent},
- "path",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{denied_mask},
- $e->{name},
- ""
- );
- } elsif ($e->{operation} eq "clone") {
- my ($parent, $child) = ($e->{pid}, $e->{task});
- $profile ||= "null-complain-profile";
- $hat ||= "null-complain-profile";
- my $arrayref = [];
- if (exists $pid{$parent}) {
- push @{ $pid{$parent} }, $arrayref;
- } else {
- push @log, $arrayref;
- }
- $pid{$child} = $arrayref;
- push @{$arrayref}, [ "fork", $child, $profile, $hat ];
- } elsif (optype($e->{operation}) eq "net") {
- add_to_tree( $e->{pid},
- $e->{parent},
- "netdomain",
- $profile,
- $hat,
- $prog,
- $sdmode,
- $e->{family},
- $e->{sock_type},
- $e->{protocol},
- );
- } elsif ($e->{operation} eq "change_hat") {
- add_to_tree($e->{pid}, $e->{parent}, "unknown_hat", $profile, $hat, $sdmode, $hat);
- } else {
- if ( $DEBUGGING ) {
- my $msg = Data::Dumper->Dump([$e], [qw(*event)]);
- debug "UNHANDLED: $msg";
- }
- }
-}
-
-sub read_log($) {
- $logmark = shift;
- $seenmark = $logmark ? 0 : 1;
- my $last;
- my $event_type;
-
- # okay, done loading the previous profiles, get on to the good stuff...
- open($LOG, $filename)
- or fatal_error "Can't read AppArmor logfile $filename: $!";
- while ($_ = get_next_log_entry()) {
- chomp;
-
- $DEBUGGING && debug "read_log: $_";
-
- $seenmark = 1 if /$logmark/;
-
- $DEBUGGING && debug "read_log: seenmark = $seenmark";
- next unless $seenmark;
-
- my $last_match = ""; # v_2_0 syslog record parsing requires
- # the previous aa record in the mandatory profile
- # case
- # all we care about is apparmor messages
- if (/$RE_LOG_v2_0_syslog/ || /$RE_LOG_v2_0_audit/) {
- $last_match = parse_log_record_v_2_0( $_, $last_match );
- } else {
- my $event = parse_log_record($_);
- add_event_to_tree($event) if ( $event );
- }
- }
- close($LOG);
- $logmark = "";
-}
-
-
-sub UI_SelectUpdatedRepoProfile ($$) {
-
- my ($profile, $p) = @_;
- my $distro = $cfg->{repository}{distro};
- my $url = $sd{$profile}{$profile}{repo}{url};
- my $user = $sd{$profile}{$profile}{repo}{user};
- my $id = $sd{$profile}{$profile}{repo}{id};
- my $updated = 0;
-
- if ($p) {
- my $q = { };
- $q->{headers} = [
- "Profile", $profile,
- "User", $user,
- "Old Revision", $id,
- "New Revision", $p->{id},
- ];
- $q->{explanation} =
- gettext( "An updated version of this profile has been found in the profile repository. Would you like to use it?");
- $q->{functions} = [
- "CMD_VIEW_CHANGES", "CMD_UPDATE_PROFILE", "CMD_IGNORE_UPDATE",
- "CMD_ABORT", "CMD_FINISHED"
- ];
-
- my $ans;
- do {
- $ans = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW_CHANGES") {
- my $oldprofile = serialize_profile($sd{$profile}, $profile);
- my $newprofile = $p->{profile};
- display_changes($oldprofile, $newprofile);
- }
- } until $ans =~ /^CMD_(UPDATE_PROFILE|IGNORE_UPDATE)/;
-
- if ($ans eq "CMD_UPDATE_PROFILE") {
- eval {
- my $profile_data =
- parse_profile_data($p->{profile}, getprofilefilename($profile), 0);
- if ($profile_data) {
- attach_profile_data(\%sd, $profile_data);
- $changed{$profile} = 1;
- }
-
- set_repo_info($sd{$profile}{$profile}, $url, $user, $p->{id});
-
- UI_Info(
- sprintf(
- gettext("Updated profile %s to revision %s."),
- $profile, $p->{id}
- )
- );
- };
-
- if ($@) {
- UI_Info(gettext("Error parsing repository profile."));
- } else {
- $updated = 1;
- }
- }
- }
- return $updated;
-}
-
-sub UI_repo_signup() {
-
- my ($url, $res, $save_config, $newuser, $user, $pass, $email, $signup_okay);
- $url = $cfg->{repository}{url};
- do {
- if ($UI_Mode eq "yast") {
- SendDataToYast(
- {
- type => "dialog-repo-sign-in",
- repo_url => $url
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
- $email = $yarg->{email};
- $user = $yarg->{user};
- $pass = $yarg->{pass};
- $newuser = $yarg->{newuser};
- $save_config = $yarg->{save_config};
- if ($yarg->{cancelled} && $yarg->{cancelled} eq "y") {
- return;
- }
- $DEBUGGING && debug("AppArmor Repository: \n\t " .
- ($newuser eq "1") ?
- "New User\n\temail: [" . $email . "]" :
- "Signin" . "\n\t user[" . $user . "]" .
- "password [" . $pass . "]\n");
- } else {
- $newuser = UI_YesNo(gettext("Create New User?"), "n");
- $user = UI_GetString(gettext("Username: "), $user);
- $pass = UI_GetString(gettext("Password: "), $pass);
- $email = UI_GetString(gettext("Email Addr: "), $email)
- if ($newuser eq "y");
- $save_config = UI_YesNo(gettext("Save Configuration? "), "y");
- }
-
- if ($newuser eq "y") {
- my ($status_ok,$res) = user_register($url, $user, $pass, $email);
- if ($status_ok) {
- $signup_okay = 1;
- } else {
- my $errmsg =
- gettext("The Profile Repository server returned the following error:") .
- "\n" . $res?$res:gettext("UNKOWN ERROR") . "\n" .
- gettext("Please re-enter registration information or contact the administrator.");
- UI_Important(gettext("Login Error\n") . $errmsg);
- }
- } else {
- my ($status_ok,$res) = user_login($url, $user, $pass);
- if ($status_ok) {
- $signup_okay = 1;
- } else {
- my $errmsg = gettext("Login failure\n Please check username and password and try again.") . "\n" . $res;
- UI_Important($errmsg);
- }
- }
- } until $signup_okay;
-
- $repo_cfg->{repository}{user} = $user;
- $repo_cfg->{repository}{pass} = $pass;
- $repo_cfg->{repository}{email} = $email;
-
- write_config("repository.conf", $repo_cfg) if ( $save_config eq "y" );
-
- return ($user, $pass);
-}
-
-sub UI_ask_to_enable_repo() {
-
- my $q = { };
- return if ( not defined $cfg->{repository}{url} );
- $q->{headers} = [
- gettext("Repository"), $cfg->{repository}{url},
- ];
- $q->{explanation} = gettext( "Would you like to enable access to the
-profile repository?" ); $q->{functions} = [ "CMD_ENABLE_REPO",
-"CMD_DISABLE_REPO", "CMD_ASK_LATER", ];
-
- my $cmd;
- do {
- $cmd = UI_PromptUser($q);
- } until $cmd =~ /^CMD_(ENABLE_REPO|DISABLE_REPO|ASK_LATER)/;
-
- if ($cmd eq "CMD_ENABLE_REPO") {
- $repo_cfg->{repository}{enabled} = "yes";
- } elsif ($cmd eq "CMD_DISABLE_REPO") {
- $repo_cfg->{repository}{enabled} = "no";
- } elsif ($cmd eq "CMD_ASK_LATER") {
- $repo_cfg->{repository}{enabled} = "later";
- }
-
- eval { write_config("repository.conf", $repo_cfg) };
- if ($@) {
- fatal_error($@);
- }
-}
-
-
-sub UI_ask_to_upload_profiles() {
-
- my $q = { };
- $q->{headers} = [
- gettext("Repository"), $cfg->{repository}{url},
- ];
- $q->{explanation} =
- gettext( "Would you like to upload newly created and changed profiles to
- the profile repository?" );
- $q->{functions} = [
- "CMD_YES", "CMD_NO", "CMD_ASK_LATER",
- ];
-
- my $cmd;
- do {
- $cmd = UI_PromptUser($q);
- } until $cmd =~ /^CMD_(YES|NO|ASK_LATER)/;
-
- if ($cmd eq "CMD_NO") {
- $repo_cfg->{repository}{upload} = "no";
- } elsif ($cmd eq "CMD_YES") {
- $repo_cfg->{repository}{upload} = "yes";
- } elsif ($cmd eq "CMD_ASK_LATER") {
- $repo_cfg->{repository}{upload} = "later";
- }
-
- eval { write_config("repository.conf", $repo_cfg) };
- if ($@) {
- fatal_error($@);
- }
-}
-
-
-sub parse_repo_profile($$$) {
- my ($fqdbin, $repo_url, $profile) = @_;
-
- my $profile_data = eval {
- parse_profile_data($profile->{profile}, getprofilefilename($fqdbin), 0);
- };
- if ($@) {
- print STDERR "PARSING ERROR: $@\n";
- $profile_data = undef;
- }
-
- if ($profile_data) {
- set_repo_info($profile_data->{$fqdbin}{$fqdbin}, $repo_url,
- $profile->{username}, $profile->{id});
- }
-
- return $profile_data;
-}
-
-
-sub set_repo_info($$$$) {
- my ($profile_data, $repo_url, $username, $id) = @_;
-
- # save repository metadata
- $profile_data->{repo}{url} = $repo_url;
- $profile_data->{repo}{user} = $username;
- $profile_data->{repo}{id} = $id;
-}
-
-
-sub is_repo_profile($) {
- my $profile_data = shift;
-
- return $profile_data->{repo}{url} &&
- $profile_data->{repo}{user} &&
- $profile_data->{repo}{id};
-}
-
-
-sub get_repo_user_pass() {
- my ($user, $pass);
-
- if ($repo_cfg) {
- $user = $repo_cfg->{repository}{user};
- $pass = $repo_cfg->{repository}{pass};
- }
-
- unless ($user && $pass) {
- ($user, $pass) = UI_repo_signup();
- }
-
- return ($user, $pass);
-}
-
-
-sub get_preferred_user ($) {
- my $repo_url = shift;
- return $cfg->{repository}{preferred_user} || "NOVELL";
-}
-
-
-sub repo_is_enabled () {
- my $enabled;
- if ($cfg->{repository}{url} &&
- $repo_cfg &&
- $repo_cfg->{repository}{enabled} &&
- $repo_cfg->{repository}{enabled} eq "yes") {
- $enabled = 1;
- }
- return $enabled;
-}
-
-
-sub update_repo_profile($) {
- my $profile = shift;
-
- return undef if ( not is_repo_profile($profile) );
- my $distro = $cfg->{repository}{distro};
- my $url = $profile->{repo}{url};
- my $user = $profile->{repo}{user};
- my $id = $profile->{repo}{id};
-
- UI_BusyStart( gettext("Connecting to repository.....") );
- my ($status_ok,$res) = fetch_newer_profile( $url,
- $distro,
- $user,
- $id,
- $profile->{name}
- );
- UI_BusyStop();
- if ( ! $status_ok ) {
- my $errmsg =
- sprintf(
- gettext("WARNING: Profile update check failed\nError Detail:\n%s"),
- defined $res?$res:gettext("UNKNOWN ERROR"));
- UI_Important($errmsg);
- $res = undef;
- }
- return( $res );
-}
-
-sub UI_ask_mode_toggles ($$$) {
- my ($audit_toggle, $owner_toggle, $oldmode) = @_;
- my $q = { };
- $q->{headers} = [ ];
-# "Repository", $cfg->{repository}{url},
-# ];
- $q->{explanation} = gettext( "Change mode modifiers");
-
- if ($audit_toggle) {
- $q->{functions} = [ "CMD_AUDIT_OFF" ];
- } else {
- $q->{functions} = [ "CMD_AUDIT_NEW" ];
- push @{$q->{functions}}, "CMD_AUDIT_FULL" if ($oldmode);
- }
-
- if ($owner_toggle) {
- push @{$q->{functions}}, "CMD_USER_OFF";
- } else {
- push @{$q->{functions}}, "CMD_USER_ON";
- }
- push @{$q->{functions}}, "CMD_CONTINUE";
-
- my $cmd;
- do {
- $cmd = UI_PromptUser($q);
- } until $cmd =~ /^CMD_(AUDIT_OFF|AUDIT_NEW|AUDIT_FULL|USER_ON|USER_OFF|CONTINUE)/;
-
- if ($cmd eq "CMD_AUDIT_OFF") {
- $audit_toggle = 0;
- } elsif ($cmd eq "CMD_AUDIT_NEW") {
- $audit_toggle = 1;
- } elsif ($cmd eq "CMD_AUDIT_FULL") {
- $audit_toggle = 2;
- } elsif ($cmd eq "CMD_USER_ON") {
- $owner_toggle = 1;
- } elsif ($cmd eq "CMD_USER_OFF") {
- $owner_toggle = 0;
-# $owner_toggle++;
-# $owner_toggle++ if (!$oldmode && $owner_toggle == 2);
-# $owner_toggle = 0 if ($owner_toggle > 3);
- }
- return ($audit_toggle, $owner_toggle);
-}
-
-sub ask_the_questions() {
- my $found; # do the magic foo-foo
- for my $sdmode (sort keys %log) {
-
- # let them know what sort of changes we're about to list...
- if ($sdmode eq "PERMITTING") {
- UI_Info(gettext("Complain-mode changes:"));
- } elsif ($sdmode eq "REJECTING") {
- UI_Info(gettext("Enforce-mode changes:"));
- } else {
-
- # if we're not permitting and not rejecting, something's broken.
- # most likely the code we're using to build the hash tree of log
- # entries - this should never ever happen
- fatal_error(sprintf(gettext('Invalid mode found: %s'), $sdmode));
- }
-
- for my $profile (sort keys %{ $log{$sdmode} }) {
- my $p = update_repo_profile($sd{$profile}{$profile});
- UI_SelectUpdatedRepoProfile($profile, $p) if ( $p );
-
- $found++;
-
- # this sorts the list of hats, but makes sure that the containing
- # profile shows up in the list first to keep the question order
- # rational
- my @hats =
- grep { $_ ne $profile } keys %{ $log{$sdmode}{$profile} };
- unshift @hats, $profile
- if defined $log{$sdmode}{$profile}{$profile};
-
- for my $hat (@hats) {
-
- # step through all the capabilities first...
- for my $capability (sort keys %{ $log{$sdmode}{$profile}{$hat}{capability} }) {
-
- # we don't care about it if we've already added it to the
- # profile
- next if profile_known_capability($sd{$profile}{$hat},
- $capability);
-
- my $severity = $sevdb->rank(uc("cap_$capability"));
-
- my $defaultoption = 1;
- my @options = ();
- my @newincludes;
- @newincludes = matchcapincludes($sd{$profile}{$hat},
- $capability);
-
-
- my $q = {};
-
- if (@newincludes) {
- push @options,
- map { "#include <$_>" } sort(uniq(@newincludes));
- }
-
- if ( @options ) {
- push @options, "capability $capability";
- $q->{options} = [@options];
- $q->{selected} = $defaultoption - 1;
- }
-
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), combine_name($profile, $hat);
- push @{ $q->{headers} }, gettext("Capability"), $capability;
- push @{ $q->{headers} }, gettext("Severity"), $severity;
-
- my $audit_toggle = 0;
- $q->{functions} = [
- "CMD_ALLOW", "CMD_DENY", "CMD_AUDIT_NEW", "CMD_ABORT", "CMD_FINISHED"
- ];
-
- # complain-mode events default to allow - enforce defaults
- # to deny
- $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" : "CMD_DENY";
-
- $seenevents++;
- my $done = 0;
- while ( not $done ) {
- # what did the grand exalted master tell us to do?
- my ($ans, $selected) = UI_PromptUser($q);
-
- if ($ans =~ /^CMD_AUDIT/) {
- $audit_toggle = !$audit_toggle;
- my $audit = "";
- if ($audit_toggle) {
- $q->{functions} = [
- "CMD_ALLOW", "CMD_DENY", "CMD_AUDIT_OFF", "CMD_ABORT", "CMD_FINISHED"
- ];
- $audit = "audit ";
- } else {
- $q->{functions} = [
- "CMD_ALLOW", "CMD_DENY", "CMD_AUDIT_NEW", "CMD_ABORT", "CMD_FINISHED"
- ];
- }
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), combine_name($profile, $hat);
- push @{ $q->{headers} }, gettext("Capability"), $audit . $capability;
- push @{ $q->{headers} }, gettext("Severity"), $severity;
-
- } if ($ans eq "CMD_ALLOW") {
-
- # they picked (a)llow, so...
-
- my $selection = $options[$selected];
- $done = 1;
- if ($selection &&
- $selection =~ m/^#include <(.+)>$/) {
- my $deleted = 0;
- my $inc = $1;
- $deleted = delete_duplicates($sd{$profile}{$hat},
- $inc
- );
- $sd{$profile}{$hat}{include}{$inc} = 1;
-
- $changed{$profile} = 1;
- UI_Info(sprintf(
- gettext('Adding #include <%s> to profile.'),
- $inc));
- UI_Info(sprintf(
- gettext('Deleted %s previous matching profile entries.'),
- $deleted)) if $deleted;
- }
- # stick the capability into the profile
- $sd{$profile}{$hat}{allow}{capability}{$capability}{set} = 1;
- $sd{$profile}{$hat}{allow}{capability}{$capability}{audit} = $audit_toggle;
-
- # mark this profile as changed
- $changed{$profile} = 1;
- $done = 1;
- # give a little feedback to the user
- UI_Info(sprintf(gettext('Adding capability %s to profile.'), $capability));
- } elsif ($ans eq "CMD_DENY") {
- $sd{$profile}{$hat}{deny}{capability}{$capability}{set} = 1;
- # mark this profile as changed
- $changed{$profile} = 1;
- UI_Info(sprintf(gettext('Denying capability %s to profile.'), $capability));
- $done = 1;
- } else {
- redo;
- }
- }
- }
-
- # and then step through all of the path entries...
- for my $path (sort keys %{ $log{$sdmode}{$profile}{$hat}{path} }) {
-
- my $mode = $log{$sdmode}{$profile}{$hat}{path}{$path};
-
- # do original profile lookup once.
-
- my $allow_mode = 0;
- my $allow_audit = 0;
- my $deny_mode = 0;
- my $deny_audit = 0;
-
- my ($fmode, $famode, $imode, $iamode, @fm, @im, $cm, $am, $cam, @m);
- ($fmode, $famode, @fm) = rematchfrag($sd{$profile}{$hat}, 'allow', $path);
- $allow_mode |= $fmode if $fmode;
- $allow_audit |= $famode if $famode;
- ($imode, $iamode, @im) = match_prof_incs_to_path($sd{$profile}{$hat}, 'allow', $path);
- $allow_mode |= $imode if $imode;
- $allow_audit |= $iamode if $iamode;
-
- ($cm, $cam, @m) = rematchfrag($sd{$profile}{$hat}, 'deny', $path);
- $deny_mode |= $cm if $cm;
- $deny_audit |= $cam if $cam;
- ($cm, $cam, @m) = match_prof_incs_to_path($sd{$profile}{$hat}, 'deny', $path);
- $deny_mode |= $cm if $cm;
- $deny_audit |= $cam if $cam;
-
- if ($deny_mode & $AA_MAY_EXEC) {
- $deny_mode |= $ALL_AA_EXEC_TYPE;
- }
-
- # mask off the modes that have been denied
- $mode &= ~$deny_mode;
- $allow_mode &= ~$deny_mode;
-
- # if we had an access(X_OK) request or some other kind of
- # event that generates a "PERMITTING x" syslog entry,
- # first check if it was already dealt with by a i/p/x
- # question due to a exec(). if not, ask about adding ix
- # permission.
- if ($mode & $AA_MAY_EXEC) {
-
- # get rid of the access() markers.
- $mode &= (~$ALL_AA_EXEC_TYPE);
-
- unless ($allow_mode & $allow_mode & $AA_MAY_EXEC) {
- $mode |= str_to_mode("ix");
- }
- }
-
- # if we had an mmap(PROT_EXEC) request, first check if we
- # already have added an ix rule to the profile
- if ($mode & $AA_EXEC_MMAP) {
- # ix implies m. don't ask if they want to add an "m"
- # rule when we already have a matching ix rule.
- if ($allow_mode && contains($allow_mode, "ix")) {
- $mode &= (~$AA_EXEC_MMAP);
- }
- }
-
- next unless $mode;
-
-
- my @matches;
-
- if ($fmode) {
- push @matches, @fm;
- }
- if ($imode) {
- push @matches, @im;
- }
-
- unless ($allow_mode && mode_contains($allow_mode, $mode)) {
-
- my $defaultoption = 1;
- my @options = ();
-
- # check the path against the available set of include
- # files
- my @newincludes;
- my $includevalid;
- for my $incname (keys %include) {
- $includevalid = 0;
-
- # don't suggest it if we're already including it,
- # that's dumb
- next if $sd{$profile}{$hat}{$incname};
-
- # only match includes that can be suggested to
- # the user
- if ($cfg->{settings}{custom_includes}) {
- for my $incm (split(/\s+/,
- $cfg->{settings}{custom_includes})
- ) {
- $includevalid = 1 if $incname =~ /$incm/;
- }
- }
- $includevalid = 1 if $incname =~ /abstractions/;
- next if ($includevalid == 0);
-
- ($cm, $am, @m) = match_include_to_path($incname, 'allow', $path);
- if ($cm && mode_contains($cm, $mode)) {
- #make sure it doesn't deny $mode
- my $dm = match_include_to_path($incname, 'deny', $path);
- unless (($mode & $dm) || (grep { $_ eq "/**" } @m)) {
- push @newincludes, $incname;
- }
- }
- }
-
-
- # did any match? add them to the option list...
- if (@newincludes) {
- push @options,
- map { "#include <$_>" }
- sort(uniq(@newincludes));
- }
-
- # include the literal path in the option list...
- push @options, $path;
-
- # match the current path against the globbing list in
- # logprof.conf
- my @globs = globcommon($path);
- if (@globs) {
- push @matches, @globs;
- }
-
- # suggest any matching globs the user manually entered
- for my $userglob (@userglobs) {
- push @matches, $userglob
- if matchliteral($userglob, $path);
- }
-
- # we'll take the cheesy way and order the suggested
- # globbing list by length, which is usually right,
- # but not always always
- push @options,
- sort { length($b) <=> length($a) }
- grep { $_ ne $path }
- uniq(@matches);
- $defaultoption = $#options + 1;
-
- my $severity = $sevdb->rank($path, mode_to_str($mode));
-
- my $audit_toggle = 0;
- my $owner_toggle = $cfg->{settings}{default_owner_prompt};
- my $done = 0;
- while (not $done) {
-
- my $q = {};
- $q->{headers} = [];
- push @{ $q->{headers} }, gettext("Profile"), combine_name($profile, $hat);
- push @{ $q->{headers} }, gettext("Path"), $path;
-
- # merge in any previous modes from this run
- if ($allow_mode) {
- my $str;
-#print "mode: " . print_mode($mode) . " allow: " . print_mode($allow_mode) . "\n";
- $mode |= $allow_mode;
- my $tail;
- my $prompt_mode;
- if ($owner_toggle == 0) {
- $prompt_mode = flatten_mode($mode);
- $tail = " " . gettext("(owner permissions off)");
- } elsif ($owner_toggle == 1) {
- $prompt_mode = $mode;
- $tail = "";
- } elsif ($owner_toggle == 2) {
- $prompt_mode = $allow_mode | owner_flatten_mode($mode & ~$allow_mode);
- $tail = " " . gettext("(force new perms to owner)");
- } else {
- $prompt_mode = owner_flatten_mode($mode);
- $tail = " " . gettext("(force all rule perms to owner)");
- }
-
- if ($audit_toggle == 1) {
- $str = mode_to_str_user($allow_mode);
- $str .= ", " if ($allow_mode);
- $str .= "audit " . mode_to_str_user($prompt_mode & ~$allow_mode) . $tail;
- } elsif ($audit_toggle == 2) {
- $str = "audit " . mode_to_str_user($prompt_mode) . $tail;
- } else {
- $str = mode_to_str_user($prompt_mode) . $tail;
- }
- push @{ $q->{headers} }, gettext("Old Mode"), mode_to_str_user($allow_mode);
- push @{ $q->{headers} }, gettext("New Mode"), $str;
- } else {
- my $str = "";
- if ($audit_toggle) {
- $str = "audit ";
- }
- my $tail;
- my $prompt_mode;
- if ($owner_toggle == 0) {
- $prompt_mode = flatten_mode($mode);
- $tail = " " . gettext("(owner permissions off)");
- } elsif ($owner_toggle == 1) {
- $prompt_mode = $mode;
- $tail = "";
- } else {
- $prompt_mode = owner_flatten_mode($mode);
- $tail = " " . gettext("(force perms to owner)");
- }
- $str .= mode_to_str_user($prompt_mode) . $tail;
- push @{ $q->{headers} }, gettext("Mode"), $str;
- }
- push @{ $q->{headers} }, gettext("Severity"), $severity;
-
- $q->{options} = [@options];
- $q->{selected} = $defaultoption - 1;
-
- $q->{functions} = [
- "CMD_ALLOW", "CMD_DENY", "CMD_GLOB", "CMD_GLOBEXT", "CMD_NEW",
- "CMD_ABORT", "CMD_FINISHED", "CMD_OTHER"
- ];
-
- $q->{default} =
- ($sdmode eq "PERMITTING")
- ? "CMD_ALLOW"
- : "CMD_DENY";
-
- $seenevents++;
- # if they just hit return, use the default answer
- my ($ans, $selected) = UI_PromptUser($q);
-
- if ($ans eq "CMD_OTHER") {
-
- ($audit_toggle, $owner_toggle) = UI_ask_mode_toggles($audit_toggle, $owner_toggle, $allow_mode);
- } elsif ($ans eq "CMD_USER_TOGGLE") {
- $owner_toggle++;
- $owner_toggle++ if (!$allow_mode && $owner_toggle == 2);
- $owner_toggle = 0 if ($owner_toggle > 3);
- } elsif ($ans eq "CMD_ALLOW") {
- $path = $options[$selected];
- $done = 1;
- if ($path =~ m/^#include <(.+)>$/) {
- my $inc = $1;
- my $deleted = 0;
-
- $deleted = delete_duplicates($sd{$profile}{$hat},
- $inc );
-
- # record the new entry
- $sd{$profile}{$hat}{include}{$inc} = 1;
-
- $changed{$profile} = 1;
- UI_Info(sprintf(gettext('Adding #include <%s> to profile.'), $inc));
- UI_Info(sprintf(gettext('Deleted %s previous matching profile entries.'), $deleted)) if $deleted;
- } else {
- if ($sd{$profile}{$hat}{allow}{path}{$path}{mode}) {
- $mode |= $sd{$profile}{$hat}{allow}{path}{$path}{mode};
- }
-
- my $deleted = 0;
- for my $entry (keys %{ $sd{$profile}{$hat}{allow}{path} }) {
-
- next if $path eq $entry;
-
- if (matchregexp($path, $entry)) {
-
- # regexp matches, add it's mode to
- # the list to check against
- if (mode_contains($mode,
- $sd{$profile}{$hat}{allow}{path}{$entry}{mode})) {
- delete $sd{$profile}{$hat}{allow}{path}{$entry};
- $deleted++;
- }
- }
- }
-
- # record the new entry
- if ($owner_toggle == 0) {
- $mode = flatten_mode($mode);
- } elsif ($owner_toggle == 1) {
- $mode = $mode;
- } elsif ($owner_toggle == 2) {
- $mode = $allow_mode | owner_flatten_mode($mode & ~$allow_mode);
- } elsif ($owner_toggle == 3) {
- $mode = owner_flatten_mode($mode);
- }
- $sd{$profile}{$hat}{allow}{path}{$path}{mode} |= $mode;
- my $tmpmode = ($audit_toggle == 1) ? $mode & ~$allow_mode : 0;
- $tmpmode = ($audit_toggle == 2) ? $mode : $tmpmode;
- $sd{$profile}{$hat}{allow}{path}{$path}{audit} |= $tmpmode;
-
- $changed{$profile} = 1;
- UI_Info(sprintf(gettext('Adding %s %s to profile.'), $path, mode_to_str_user($mode)));
- UI_Info(sprintf(gettext('Deleted %s previous matching profile entries.'), $deleted)) if $deleted;
- }
- } elsif ($ans eq "CMD_DENY") {
- # record the new entry
- $sd{$profile}{$hat}{deny}{path}{$path}{mode} |= $mode & ~$allow_mode;
- $sd{$profile}{$hat}{deny}{path}{$path}{audit} |= 0;
-
- $changed{$profile} = 1;
-
- # go on to the next entry without saving this
- # one
- $done = 1;
- } elsif ($ans eq "CMD_NEW") {
- my $arg = $options[$selected];
- if ($arg !~ /^#include/) {
- $ans = UI_GetString(gettext("Enter new path: "), $arg);
- if ($ans) {
- unless (matchliteral($ans, $path)) {
- my $ynprompt = gettext("The specified path does not match this log entry:") . "\n\n";
- $ynprompt .= " " . gettext("Log Entry") . ": $path\n";
- $ynprompt .= " " . gettext("Entered Path") . ": $ans\n\n";
- $ynprompt .= gettext("Do you really want to use this path?") . "\n";
-
- # we default to no if they just hit return...
- my $key = UI_YesNo($ynprompt, "n");
-
- next if $key eq "n";
- }
-
- # save this one for later
- push @userglobs, $ans;
-
- push @options, $ans;
- $defaultoption = $#options + 1;
- }
- }
- } elsif ($ans eq "CMD_GLOB") {
-
- # do globbing if they don't have an include
- # selected
- my $newpath = $options[$selected];
- chomp $newpath ;
- unless ($newpath =~ /^#include/) {
- # is this entry directory specific
- if ( $newpath =~ m/\/$/ ) {
- # do we collapse to /* or /**?
- if ($newpath =~ m/\/\*{1,2}\/$/) {
- $newpath =~
- s/\/[^\/]+\/\*{1,2}\/$/\/\*\*\//;
- } else {
- $newpath =~ s/\/[^\/]+\/$/\/\*\//;
- }
- } else {
- # do we collapse to /* or /**?
- if ($newpath =~ m/\/\*{1,2}$/) {
- $newpath =~ s/\/[^\/]+\/\*{1,2}$/\/\*\*/;
- } else {
- $newpath =~ s/\/[^\/]+$/\/\*/;
- }
- }
- if (not grep { $newpath eq $_ } @options) {
- push @options, $newpath;
- $defaultoption = $#options + 1;
- }
- }
- } elsif ($ans eq "CMD_GLOBEXT") {
-
- # do globbing if they don't have an include
- # selected
- my $newpath = $options[$selected];
- unless ($newpath =~ /^#include/) {
- # do we collapse to /*.ext or /**.ext?
- if ($newpath =~ m/\/\*{1,2}\.[^\/]+$/) {
- $newpath =~ s/\/[^\/]+\/\*{1,2}(\.[^\/]+)$/\/\*\*$1/;
- } else {
- $newpath =~ s/\/[^\/]+(\.[^\/]+)$/\/\*$1/;
- }
- if (not grep { $newpath eq $_ } @options) {
- push @options, $newpath;
- $defaultoption = $#options + 1;
- }
- }
- } elsif ($ans =~ /\d/) {
- $defaultoption = $ans;
- }
- }
- }
- }
-
- # and then step through all of the netdomain entries...
- for my $family (sort keys %{$log{$sdmode}
- {$profile}
- {$hat}
- {netdomain}}) {
-
- # TODO - severity handling for net toggles
- #my $severity = $sevdb->rank();
- for my $sock_type (sort keys %{$log{$sdmode}
- {$profile}
- {$hat}
- {netdomain}
- {$family}}) {
-
- # we don't care about it if we've already added it to the
- # profile
- next if ( profile_known_network($sd{$profile}{$hat},
- $family,
- $sock_type));
- my $defaultoption = 1;
- my @options = ();
- my @newincludes;
- @newincludes = matchnetincludes($sd{$profile}{$hat},
- $family,
- $sock_type);
-
- my $q = {};
-
- if (@newincludes) {
- push @options,
- map { "#include <$_>" } sort(uniq(@newincludes));
- }
-
- if ( @options ) {
- push @options, "network $family $sock_type";
- $q->{options} = [@options];
- $q->{selected} = $defaultoption - 1;
- }
-
- $q->{headers} = [];
- push @{ $q->{headers} },
- gettext("Profile"),
- combine_name($profile, $hat);
- push @{ $q->{headers} },
- gettext("Network Family"),
- $family;
- push @{ $q->{headers} },
- gettext("Socket Type"),
- $sock_type;
-
- my $audit_toggle = 0;
-
- $q->{functions} = [
- "CMD_ALLOW",
- "CMD_DENY",
- "CMD_AUDIT_NEW",
- "CMD_ABORT",
- "CMD_FINISHED"
- ];
-
- # complain-mode events default to allow - enforce defaults
- # to deny
- $q->{default} = ($sdmode eq "PERMITTING") ? "CMD_ALLOW" :
- "CMD_DENY";
-
- $seenevents++;
-
- # what did the grand exalted master tell us to do?
- my $done = 0;
- while ( not $done ) {
- my ($ans, $selected) = UI_PromptUser($q);
- if ($ans =~ /^CMD_AUDIT/) {
- $audit_toggle = !$audit_toggle;
- my $audit = $audit_toggle ? "audit " : "";
- if ($audit_toggle) {
- $q->{functions} = [
- "CMD_ALLOW",
- "CMD_DENY",
- "CMD_AUDIT_OFF",
- "CMD_ABORT",
- "CMD_FINISHED"
- ];
- } else {
- $q->{functions} = [
- "CMD_ALLOW",
- "CMD_DENY",
- "CMD_AUDIT_NEW",
- "CMD_ABORT",
- "CMD_FINISHED"
- ];
- }
- $q->{headers} = [];
- push @{ $q->{headers} },
- gettext("Profile"),
- combine_name($profile, $hat);
- push @{ $q->{headers} },
- gettext("Network Family"),
- $audit . $family;
- push @{ $q->{headers} },
- gettext("Socket Type"),
- $sock_type;
- } elsif ($ans eq "CMD_ALLOW") {
- my $selection = $options[$selected];
- $done = 1;
- if ($selection &&
- $selection =~ m/^#include <(.+)>$/) {
- my $inc = $1;
- my $deleted = 0;
- $deleted = delete_duplicates($sd{$profile}{$hat},
- $inc
- );
- # record the new entry
- $sd{$profile}{$hat}{include}{$inc} = 1;
-
- $changed{$profile} = 1;
- UI_Info(
- sprintf(
- gettext('Adding #include <%s> to profile.'),
- $inc));
- UI_Info(
- sprintf(
- gettext('Deleted %s previous matching profile entries.'),
- $deleted)) if $deleted;
- } else {
-
- # stick the whole rule into the profile
- $sd{$profile}
- {$hat}
- {allow}
- {netdomain}
- {audit}
- {$family}
- {$sock_type} = $audit_toggle;
-
- $sd{$profile}
- {$hat}
- {allow}
- {netdomain}
- {rule}
- {$family}
- {$sock_type} = 1;
-
- # mark this profile as changed
- $changed{$profile} = 1;
-
- # give a little feedback to the user
- UI_Info(sprintf(
- gettext('Adding network access %s %s to profile.'),
- $family,
- $sock_type
- )
- );
- }
- } elsif ($ans eq "CMD_DENY") {
- $done = 1;
- # record the new entry
- $sd{$profile}
- {$hat}
- {deny}
- {netdomain}
- {rule}
- {$family}
- {$sock_type} = 1;
-
- $changed{$profile} = 1;
- UI_Info(sprintf(
- gettext('Denying network access %s %s to profile.'),
- $family,
- $sock_type
- )
- );
- } else {
- redo;
- }
- }
- }
- }
- }
- }
- }
-}
-
-sub delete_net_duplicates($$) {
- my ($netrules, $incnetrules) = @_;
- my $deleted = 0;
- if ( $incnetrules && $netrules ) {
- my $incnetglob = defined $incnetrules->{all};
-
- # See which if any profile rules are matched by the include and can be
- # deleted
- for my $fam ( keys %$netrules ) {
- if ( $incnetglob || (ref($incnetrules->{rule}{$fam}) ne "HASH" &&
- $incnetrules->{rule}{$fam} == 1)) { # include allows
- # all net or
- # all fam
- if ( ref($netrules->{rule}{$fam}) eq "HASH" ) {
- $deleted += ( keys %{$netrules->{rule}{$fam}} );
- } else {
- $deleted++;
- }
- delete $netrules->{rule}{$fam};
- } elsif ( ref($netrules->{rule}{$fam}) ne "HASH" &&
- $netrules->{rule}{$fam} == 1 ){
- next; # profile has all family
- } else {
- for my $socket_type ( keys %{$netrules->{rule}{$fam}} ) {
- if ( defined $incnetrules->{$fam}{$socket_type} ) {
- delete $netrules->{$fam}{$socket_type};
- $deleted++;
- }
- }
- }
- }
- }
- return $deleted;
-}
-
-sub delete_cap_duplicates ($$) {
- my ($profilecaps, $inccaps) = @_;
- my $deleted = 0;
- if ( $profilecaps && $inccaps ) {
- for my $capname ( keys %$profilecaps ) {
- if ( defined $inccaps->{$capname}{set} && $inccaps->{$capname}{set} == 1 ) {
- delete $profilecaps->{$capname};
- $deleted++;
- }
- }
- }
- return $deleted;
-}
-
-sub delete_path_duplicates ($$$) {
- my ($profile, $incname, $allow) = @_;
- my $deleted = 0;
-
- for my $entry (keys %{ $profile->{$allow}{path} }) {
- next if $entry eq "#include <$incname>";
- my ($cm, $am, @m) = match_include_to_path($incname, $allow, $entry);
- if ($cm
- && mode_contains($cm, $profile->{$allow}{path}{$entry}{mode})
- && mode_contains($am, $profile->{$allow}{path}{$entry}{audit}))
- {
- delete $profile->{$allow}{path}{$entry};
- $deleted++;
- }
- }
- return $deleted;
-}
-
-sub delete_duplicates (\%$) {
- my ( $profile, $incname ) = @_;
- my $deleted = 0;
-
- # don't cross delete allow rules covered by denied rules as the coverage
- # may not be complete. ie. want to deny a subset of allow, allow a subset
- # of deny with different perms.
-
- ## network rules
- $deleted += delete_net_duplicates($profile->{allow}{netdomain}, $include{$incname}{$incname}{allow}{netdomain});
- $deleted += delete_net_duplicates($profile->{deny}{netdomain}, $include{$incname}{$incname}{deny}{netdomain});
-
- ## capabilities
- $deleted += delete_cap_duplicates($profile->{allow}{capability},
- $include{$incname}{$incname}{allow}{capability});
- $deleted += delete_cap_duplicates($profile->{deny}{capability},
- $include{$incname}{$incname}{deny}{capability});
-
- ## paths
- $deleted += delete_path_duplicates($profile, $incname, 'allow');
- $deleted += delete_path_duplicates($profile, $incname, 'deny');
-
- return $deleted;
-}
-
-sub matchnetinclude ($$$) {
- my ($incname, $family, $type) = @_;
-
- my @matches;
-
- # scan the include fragments for this profile looking for matches
- my @includelist = ($incname);
- my @checked;
- while (my $name = shift @includelist) {
- push @checked, $name;
- return 1
- if netrules_access_check($include{$name}{$name}{allow}{netdomain}, $family, $type);
- # if this fragment includes others, check them too
- if (keys %{ $include{$name}{$name}{include} } &&
- (grep($name, @checked) == 0) ) {
- push @includelist, keys %{ $include{$name}{$name}{include} };
- }
- }
- return 0;
-}
-
-sub matchcapincludes (\%$) {
- my ($profile, $cap) = @_;
-
- # check the path against the available set of include
- # files
- my @newincludes;
- my $includevalid;
- for my $incname (keys %include) {
- $includevalid = 0;
-
- # don't suggest it if we're already including it,
- # that's dumb
- next if $profile->{include}{$incname};
-
- # only match includes that can be suggested to
- # the user
- if ($cfg->{settings}{custom_includes}) {
- for my $incm (split(/\s+/,
- $cfg->{settings}{custom_includes})) {
- $includevalid = 1 if $incname =~ /$incm/;
- }
- }
- $includevalid = 1 if $incname =~ /abstractions/;
- next if ($includevalid == 0);
-
- push @newincludes, $incname
- if ( defined $include{$incname}{$incname}{allow}{capability}{$cap}{set} &&
- $include{$incname}{$incname}{allow}{capability}{$cap}{set} == 1 );
- }
- return @newincludes;
-}
-
-sub matchnetincludes (\%$$) {
- my ($profile, $family, $type) = @_;
-
- # check the path against the available set of include
- # files
- my @newincludes;
- my $includevalid;
- for my $incname (keys %include) {
- $includevalid = 0;
-
- # don't suggest it if we're already including it,
- # that's dumb
- next if $profile->{include}{$incname};
-
- # only match includes that can be suggested to
- # the user
- if ($cfg->{settings}{custom_includes}) {
- for my $incm (split(/\s+/, $cfg->{settings}{custom_includes})) {
- $includevalid = 1 if $incname =~ /$incm/;
- }
- }
- $includevalid = 1 if $incname =~ /abstractions/;
- next if ($includevalid == 0);
-
- push @newincludes, $incname
- if matchnetinclude($incname, $family, $type);
- }
- return @newincludes;
-}
-
-
-sub do_logprof_pass($) {
- my $logmark = shift || "";
-
- # zero out the state variables for this pass...
- %t = ( );
- %transitions = ( );
- %seen = ( );
- %sd = ( );
- %profilechanges = ( );
- %prelog = ( );
- @log = ( );
- %log = ( );
- %changed = ( );
- %skip = ( );
- %filelist = ( );
-
- UI_Info(sprintf(gettext('Reading log entries from %s.'), $filename));
- UI_Info(sprintf(gettext('Updating AppArmor profiles in %s.'), $profiledir));
-
- readprofiles();
- unless ($sevdb) {
- $sevdb = new Immunix::Severity("$confdir/severity.db", gettext("unknown
-"));
- }
-
- # we need to be able to break all the way out of deep into subroutine calls
- # if they select "Finish" so we can take them back out to the genprof prompt
- eval {
- unless ($repo_cfg || not defined $cfg->{repository}{url}) {
- $repo_cfg = read_config("repository.conf");
- unless ($repo_cfg->{repository}{enabled} &&
- ($repo_cfg->{repository}{enabled} eq "yes" ||
- $repo_cfg->{repository}{enabled} eq "no")) {
- UI_ask_to_enable_repo();
- }
- }
-
- read_log($logmark);
-
- for my $root (@log) {
- handlechildren(undef, undef, $root);
- }
-
- for my $pid (sort { $a <=> $b } keys %profilechanges) {
- setprocess($pid, $profilechanges{$pid});
- }
-
- collapselog();
-
- ask_the_questions();
-
- if ($UI_Mode eq "yast") {
- if (not $running_under_genprof) {
- if ($seenevents) {
- my $w = { type => "wizard" };
- $w->{explanation} = gettext("The profile analyzer has completed processing the log files.\n\nAll updated profiles will be reloaded");
- $w->{functions} = [ "CMD_ABORT", "CMD_FINISHED" ];
- SendDataToYast($w);
- my $foo = GetDataFromYast();
- } else {
- my $w = { type => "wizard" };
- $w->{explanation} = gettext("No unhandled AppArmor events were found in the system log.");
- $w->{functions} = [ "CMD_ABORT", "CMD_FINISHED" ];
- SendDataToYast($w);
- my $foo = GetDataFromYast();
- }
- }
- }
- };
-
- my $finishing = 0;
- if ($@) {
- if ($@ =~ /FINISHING/) {
- $finishing = 1;
- } else {
- die $@;
- }
- }
-
- save_profiles();
-
- if (repo_is_enabled()) {
- if ( (not defined $repo_cfg->{repository}{upload}) ||
- ($repo_cfg->{repository}{upload} eq "later") ) {
- UI_ask_to_upload_profiles();
- }
- if ($repo_cfg->{repository}{upload} eq "yes") {
- sync_profiles();
- }
- @created = ();
- }
-
- # if they hit "Finish" we need to tell the caller that so we can exit
- # all the way instead of just going back to the genprof prompt
- return $finishing ? "FINISHED" : "NORMAL";
-}
-
-sub save_profiles() {
- # make sure the profile changes we've made are saved to disk...
- my @changed = sort keys %changed;
- #
- # first make sure that profiles in %changed are active (or actual profiles
- # in %sd) - this is to handle the sloppiness of setting profiles as changed
- # when they are parsed in the case of legacy hat code that we want to write
- # out in an updated format
- foreach my $profile_name ( keys %changed ) {
- if ( ! is_active_profile( $profile_name ) ) {
- delete $changed{ $profile_name };
- }
- }
- @changed = sort keys %changed;
-
- if (@changed) {
- if ($UI_Mode eq "yast") {
- my (@selected_profiles, $title, $explanation, %profile_changes);
- foreach my $prof (@changed) {
- my $oldprofile = serialize_profile($original_sd{$prof}, $prof);
- my $newprofile = serialize_profile($sd{$prof}, $prof);
-
- $profile_changes{$prof} = get_profile_diff($oldprofile,
- $newprofile);
- }
- $explanation = gettext("Select which profile changes you would like to save to the\nlocal profile set");
- $title = gettext("Local profile changes");
- SendDataToYast(
- {
- type => "dialog-select-profiles",
- title => $title,
- explanation => $explanation,
- default_select => "true",
- get_changelog => "false",
- profiles => \%profile_changes
- }
- );
- my ($ypath, $yarg) = GetDataFromYast();
- if ($yarg->{STATUS} eq "cancel") {
- return;
- } else {
- my $selected_profiles_ref = $yarg->{PROFILES};
- for my $profile (@$selected_profiles_ref) {
- writeprofile_ui_feedback($profile);
- reload_base($profile);
- }
- }
- } else {
- my $q = {};
- $q->{title} = "Changed Local Profiles";
- $q->{headers} = [];
-
- $q->{explanation} =
- gettext( "The following local profiles were changed. Would you like to save them?");
-
- $q->{functions} = [ "CMD_SAVE_CHANGES",
- "CMD_VIEW_CHANGES",
- "CMD_ABORT", ];
-
- $q->{default} = "CMD_VIEW_CHANGES";
-
- $q->{options} = [@changed];
- $q->{selected} = 0;
-
- my ($p, $ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW_CHANGES") {
- my $which = $changed[$arg];
- my $oldprofile =
- serialize_profile($original_sd{$which}, $which);
- my $newprofile = serialize_profile($sd{$which}, $which);
- display_changes($oldprofile, $newprofile);
- }
-
- } until $ans =~ /^CMD_SAVE_CHANGES/;
-
- for my $profile (sort keys %changed) {
- writeprofile_ui_feedback($profile);
- reload_base($profile);
- }
- }
- }
-}
-
-
-sub get_pager() {
-
- if ( $ENV{PAGER} and (-x "/usr/bin/$ENV{PAGER}" ||
- -x "/usr/sbin/$ENV{PAGER}" )
- ) {
- return $ENV{PAGER};
- } else {
- return "less"
- }
-}
-
-
-sub display_text($$) {
- my ($header, $body) = @_;
- my $pager = get_pager();
- if (open(PAGER, "| $pager")) {
- print PAGER "$header\n\n$body";
- close(PAGER);
- }
-}
-
-sub get_profile_diff($$) {
- my ($oldprofile, $newprofile) = @_;
- my $oldtmp = new File::Temp(UNLINK => 0);
- print $oldtmp $oldprofile;
- close($oldtmp);
-
- my $newtmp = new File::Temp(UNLINK => 0);
- print $newtmp $newprofile;
- close($newtmp);
-
- my $difftmp = new File::Temp(UNLINK => 0);
- my @diff;
- system("diff -u $oldtmp $newtmp > $difftmp");
- while (<$difftmp>) {
- push(@diff, $_) unless (($_ =~ /^(---|\+\+\+)/) ||
- ($_ =~ /^\@\@.*\@\@$/));
- }
- unlink($difftmp);
- unlink($oldtmp);
- unlink($newtmp);
- return join("", @diff);
-}
-
-sub display_changes($$) {
- my ($oldprofile, $newprofile) = @_;
-
- my $oldtmp = new File::Temp( UNLINK => 0 );
- print $oldtmp $oldprofile;
- close($oldtmp);
-
- my $newtmp = new File::Temp( UNLINK => 0 );
- print $newtmp $newprofile;
- close($newtmp);
-
- my $difftmp = new File::Temp(UNLINK => 0);
- my @diff;
- system("diff -u $oldtmp $newtmp > $difftmp");
- if ($UI_Mode eq "yast") {
- while (<$difftmp>) {
- push(@diff, $_) unless (($_ =~ /^(---|\+\+\+)/) ||
- ($_ =~ /^\@\@.*\@\@$/));
- }
- UI_LongMessage(gettext("Profile Changes"), join("", @diff));
- } else {
- system("less $difftmp");
- }
-
- unlink($difftmp);
- unlink($oldtmp);
- unlink($newtmp);
-}
-
-sub setprocess ($$) {
- my ($pid, $profile) = @_;
-
- # don't do anything if the process exited already...
- return unless -e "/proc/$pid/attr/current";
-
- return unless open(CURR, "/proc/$pid/attr/current");
- my $current = <CURR>;
- return unless $current;
- chomp $current;
- close(CURR);
-
- # only change null profiles
- return unless $current =~ /null(-complain)*-profile/;
-
- return unless open(STAT, "/proc/$pid/stat");
- my $stat = <STAT>;
- chomp $stat;
- close(STAT);
-
- return unless $stat =~ /^\d+ \((\S+)\) /;
- my $currprog = $1;
-
- open(CURR, ">/proc/$pid/attr/current") or return;
- print CURR "setprofile $profile";
- close(CURR);
-}
-
-sub collapselog () {
- for my $sdmode (keys %prelog) {
- for my $profile (keys %{ $prelog{$sdmode} }) {
- for my $hat (keys %{ $prelog{$sdmode}{$profile} }) {
- for my $path (keys %{ $prelog{$sdmode}{$profile}{$hat}{path} }) {
-
- my $mode = $prelog{$sdmode}{$profile}{$hat}{path}{$path};
-
- # we want to ignore anything from the log that's already
- # in the profile
- my $combinedmode = 0;
-
- # is it in the original profile?
- if ($sd{$profile}{$hat}{allow}{path}{$path}) {
- $combinedmode |= $sd{$profile}{$hat}{allow}{path}{$path}{mode};
- }
-
- # does path match any regexps in original profile?
- $combinedmode |= rematchfrag($sd{$profile}{$hat}, 'allow', $path);
-
- # does path match anything pulled in by includes in
- # original profile?
- $combinedmode |= match_prof_incs_to_path($sd{$profile}{$hat}, 'allow', $path);
-
- # if we found any matching entries, do the modes match?
- unless ($combinedmode && mode_contains($combinedmode, $mode)) {
-
- # merge in any previous modes from this run
- if ($log{$sdmode}{$profile}{$hat}{$path}) {
- $mode |= $log{$sdmode}{$profile}{$hat}{path}{$path};
- }
-
- # record the new entry
- $log{$sdmode}{$profile}{$hat}{path}{$path} = $mode;
- }
- }
-
- for my $capability (keys %{ $prelog{$sdmode}{$profile}{$hat}{capability} }) {
-
- # if we don't already have this capability in the profile,
- # add it
- unless ($sd{$profile}{$hat}{allow}{capability}{$capability}{set}) {
- $log{$sdmode}{$profile}{$hat}{capability}{$capability} = 1;
- }
- }
-
- # Network toggle handling
- my $ndref = $prelog{$sdmode}{$profile}{$hat}{netdomain};
- for my $family ( keys %{$ndref} ) {
- for my $sock_type ( keys %{$ndref->{$family}} ) {
- unless ( profile_known_network($sd{$profile}{$hat},
- $family, $sock_type)) {
- $log{$sdmode}
- {$profile}
- {$hat}
- {netdomain}
- {$family}
- {$sock_type}=1;
- }
- }
- }
- }
- }
- }
-}
-
-sub profilemode ($) {
- my $mode = shift;
-
- my $modifier = ($mode =~ m/[iupUP]/)[0];
- if ($modifier) {
- $mode =~ s/[iupUPx]//g;
- $mode .= $modifier . "x";
- }
-
- return $mode;
-}
-
-# kinky.
-sub commonprefix (@) { (join("\0", @_) =~ m/^([^\0]*)[^\0]*(\0\1[^\0]*)*$/)[0] }
-sub commonsuffix (@) { reverse(((reverse join("\0", @_)) =~ m/^([^\0]*)[^\0]*(\0\1[^\0]*)*$/)[0]); }
-
-sub uniq (@) {
- my %seen;
- my @result = sort grep { !$seen{$_}++ } @_;
- return @result;
-}
-
-our $MODE_MAP_RE = "r|w|l|m|k|a|x|i|u|p|c|n|I|U|P|C|N";
-our $LOG_MODE_RE = "r|w|l|m|k|a|x|ix|ux|px|cx|nx|pix|cix|Ix|Ux|Px|PUx|Cx|Nx|Pix|Cix";
-our $PROFILE_MODE_RE = "r|w|l|m|k|a|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix";
-our $PROFILE_MODE_NT_RE = "r|w|l|m|k|a|x|ix|ux|px|cx|pix|cix|Ux|Px|PUx|Cx|Pix|Cix";
-our $PROFILE_MODE_DENY_RE = "r|w|l|m|k|a|x";
-
-sub split_log_mode($) {
- my $mode = shift;
- my $user = "";
- my $other = "";
-
- if ($mode =~ /(.*?)::(.*)/) {
- $user = $1 if ($1);
- $other = $2 if ($2);
- } else {
- $user = $mode;
- $other = $mode;
- }
- return ($user, $other);
-}
-
-sub map_log_mode ($) {
- my $mode = shift;
- return $mode;
-# $mode =~ s/(.*l.*)::.*/$1/ge;
-# $mode =~ s/.*::(.*l.*)/$1/ge;
-# $mode =~ s/:://;
-# return $mode;
-# return $1;
-}
-
-sub hide_log_mode($) {
- my $mode = shift;
-
- $mode =~ s/:://;
- return $mode;
-}
-
-sub validate_log_mode ($) {
- my $mode = shift;
-
- return ($mode =~ /^($LOG_MODE_RE)+$/) ? 1 : 0;
-}
-
-sub validate_profile_mode ($$$) {
- my ($mode, $allow, $nt_name) = @_;
-
- if ($allow eq 'deny') {
- return ($mode =~ /^($PROFILE_MODE_DENY_RE)+$/) ? 1 : 0;
- } elsif ($nt_name) {
- return ($mode =~ /^($PROFILE_MODE_NT_RE)+$/) ? 1 : 0;
- }
-
- return ($mode =~ /^($PROFILE_MODE_RE)+$/) ? 1 : 0;
-}
-
-# modes internally are stored as a bit Mask
-sub sub_str_to_mode($) {
- my $str = shift;
- my $mode = 0;
-
- return 0 if (not $str);
-
- while ($str =~ s/(${MODE_MAP_RE})//) {
- my $tmp = $1;
-#print "found mode $1\n";
-
- if ($tmp && $MODE_HASH{$tmp}) {
- $mode |= $MODE_HASH{$tmp};
- } else {
-#print "found mode $tmp\n";
- }
- }
-
-#my $tmp = mode_to_str($mode);
-#print "parsed_mode $mode\n";
- return $mode;
-}
-
-sub print_mode ($) {
- my $mode = shift;
-
- my ($user, $other) = split_mode($mode);
- my $str = sub_mode_to_str($user) . "::" . sub_mode_to_str($other);
-
- return $str;
-}
-
-sub str_to_mode ($) {
- my $str = shift;
-
- return 0 if (not $str);
-
- my ($user, $other) = split_log_mode($str);
-
-#print "str: $str user: $user, other $other\n";
- # we only allow user or all
- $user = $other if (!$user);
-
- my $mode = sub_str_to_mode($user);
- $mode |= (sub_str_to_mode($other) << $AA_OTHER_SHIFT);
-
-#print "user: $user " .sub_str_to_mode($user) . " other: $other " . (sub_str_to_mode($other) << $AA_OTHER_SHIFT) . " mode = $mode\n";
-
- return $mode;
-}
-
-sub log_str_to_mode($$$) {
- my ($profile, $str, $nt_name) = @_;
-
- my $mode = str_to_mode($str);
-
- # this will cover both nx and nix
- if (contains($mode, "Nx")) {
- # need to transform to px, cx
-
- if ($nt_name =~ /(.+?)\/\/(.+?)/) {
- my ($lprofile, $lhat) = @_;
- my $tmode = 0;
- if ($profile eq $profile) {
- if ($mode & ($AA_MAY_EXEC)) {
- $tmode = str_to_mode("Cx::");
- }
- if ($mode & ($AA_MAY_EXEC << $AA_OTHER_SHIFT)) {
- $tmode |= str_to_mode("Cx");
- }
- $nt_name = $lhat;
- } else {
- if ($mode & ($AA_MAY_EXEC)) {
- $tmode = str_to_mode("Px::");
- }
- if ($mode & ($AA_MAY_EXEC << $AA_OTHER_SHIFT)) {
- $tmode |= str_to_mode("Px");
- }
- $nt_name = $lhat;
- }
- $mode = ($mode & ~(str_to_mode("Nx")));
- $mode |= $tmode;
- }
- }
- return ($mode, $nt_name);
-}
-
-sub split_mode ($) {
- my $mode = shift;
-
- my $user = $mode & $AA_USER_MASK;
- my $other = ($mode >> $AA_OTHER_SHIFT) & $AA_USER_MASK;
-
- return ($user, $other);
-}
-
-sub is_user_mode ($) {
- my $mode = shift;
-
- my ($user, $other) = split_mode($mode);
-
- if ($user && !$other) {
- return 1;
- }
- return 0;
-}
-
-sub sub_mode_to_str($) {
- my $mode = shift;
- my $str = "";
-
- # "w" implies "a"
- $mode &= (~$AA_MAY_APPEND) if ($mode & $AA_MAY_WRITE);
- $str .= "m" if ($mode & $AA_EXEC_MMAP);
- $str .= "r" if ($mode & $AA_MAY_READ);
- $str .= "w" if ($mode & $AA_MAY_WRITE);
- $str .= "a" if ($mode & $AA_MAY_APPEND);
- $str .= "l" if ($mode & $AA_MAY_LINK);
- $str .= "k" if ($mode & $AA_MAY_LOCK);
-
- # modes P and C *must* come before I and U; otherwise syntactically
- # invalid profiles result
- if ($mode & ($AA_EXEC_PROFILE | $AA_EXEC_NT)) {
- if ($mode & $AA_EXEC_UNSAFE) {
- $str .= "p";
- } else {
- $str .= "P";
- }
- }
- if ($mode & $AA_EXEC_CHILD) {
- if ($mode & $AA_EXEC_UNSAFE) {
- $str .= "c";
- } else {
- $str .= "C";
- }
- }
-
- # modes P and C *must* come before I and U; otherwise syntactically
- # invalid profiles result
- if ($mode & $AA_EXEC_UNCONFINED) {
- if ($mode & $AA_EXEC_UNSAFE) {
- $str .= "u";
- } else {
- $str .= "U";
- }
- }
- $str .= "i" if ($mode & $AA_EXEC_INHERIT);
-
- $str .= "x" if ($mode & $AA_MAY_EXEC);
-
- return $str;
-}
-
-sub flatten_mode ($) {
- my $mode = shift;
-
- return 0 if (!$mode);
-
- $mode = ($mode & $AA_USER_MASK) | (($mode >> $AA_OTHER_SHIFT) & $AA_USER_MASK);
- $mode |= ($mode << $AA_OTHER_SHIFT);
-}
-
-sub mode_to_str ($) {
- my $mode = shift;
- $mode = flatten_mode($mode);
- return sub_mode_to_str($mode);
-}
-
-sub owner_flatten_mode($) {
- my $mode = shift;
- $mode = flatten_mode($mode) & $AA_USER_MASK;
- return $mode;
-}
-
-sub mode_to_str_user ($) {
- my $mode = shift;
-
- my ($user, $other) = split_mode($mode);
-
- my $str = "";
- $user = 0 if (!$user);
- $other = 0 if (!$other);
-
- if ($user & ~$other) {
- # more user perms than other
- $str = sub_mode_to_str($other). " + " if ($other);
- $str .= "owner " . sub_mode_to_str($user & ~$other);
- } elsif (is_user_mode($mode)) {
- $str = "owner " . sub_mode_to_str($user);
- } else {
- $str = sub_mode_to_str(flatten_mode($mode));
- }
- return $str;
-}
-
-sub mode_contains ($$) {
- my ($mode, $subset) = @_;
-
- # "w" implies "a"
- if ($mode & $AA_MAY_WRITE) {
- $mode |= $AA_MAY_APPEND;
- }
- if ($mode & ($AA_MAY_WRITE << $AA_OTHER_SHIFT)) {
- $mode |= ($AA_MAY_APPEND << $AA_OTHER_SHIFT);
- }
-
- # "?ix" implies "m"
- if ($mode & $AA_EXEC_INHERIT) {
- $mode |= $AA_EXEC_MMAP;
- }
- if ($mode & ($AA_EXEC_INHERIT << $AA_OTHER_SHIFT)) {
- $mode |= ($AA_EXEC_MMAP << $AA_OTHER_SHIFT);
- }
-
- return (($mode & $subset) == $subset);
-}
-
-sub contains ($$) {
- my ($mode, $str) = @_;
-
- return mode_contains($mode, str_to_mode($str));
-}
-
-# isSkippableFile - return true if filename matches something that
-# should be skipped (rpm backup files, dotfiles, emacs backup files
-# Annoyingly, this needs to be kept in sync with the skipped files
-# in the apparmor initscript.
-sub isSkippableFile($) {
- my $path = shift;
-
- return ($path =~ /(^|\/)\.[^\/]*$/
- || $path =~ /\.rpm(save|new)$/
- || $path =~ /\.dpkg-(old|new)$/
- || $path =~ /\.swp$/
- || $path =~ /\~$/);
-}
-
-# isSkippableDir - return true if directory matches something that
-# should be skipped (cache directory, symlink directories, etc.)
-sub isSkippableDir($) {
- my $path = shift;
-
- return ($path eq "disable"
- || $path eq "cache"
- || $path eq "force-complain");
-}
-
-sub checkIncludeSyntax($) {
- my $errors = shift;
-
- if (opendir(SDDIR, $profiledir)) {
- my @incdirs = grep { (!/^\./) && (-d "$profiledir/$_") } readdir(SDDIR);
- close(SDDIR);
- while (my $id = shift @incdirs) {
- next if isSkippableDir($id);
- if (opendir(SDDIR, "$profiledir/$id")) {
- for my $path (grep { !/^\./ } readdir(SDDIR)) {
- chomp($path);
- next if isSkippableFile($path);
- if (-f "$profiledir/$id/$path") {
- my $file = "$id/$path";
- $file =~ s/$profiledir\///;
- eval { loadinclude($file); };
- if ( defined $@ && $@ ne "" ) {
- push @$errors, $@;
- }
- } elsif (-d "$id/$path") {
- push @incdirs, "$id/$path";
- }
- }
- closedir(SDDIR);
- }
- }
- }
- return $errors;
-}
-
-sub checkProfileSyntax ($) {
- my $errors = shift;
-
- # Check the syntax of profiles
-
- opendir(SDDIR, $profiledir)
- or fatal_error "Can't read AppArmor profiles in $profiledir.";
- for my $file (grep { -f "$profiledir/$_" } readdir(SDDIR)) {
- next if isSkippableFile($file);
- my $err = readprofile("$profiledir/$file", \&printMessageErrorHandler, 1);
- if (defined $err and $err ne "") {
- push @$errors, $err;
- }
- }
- closedir(SDDIR);
- return $errors;
-}
-
-sub printMessageErrorHandler ($) {
- my $message = shift;
- return $message;
-}
-
-sub readprofiles () {
- opendir(SDDIR, $profiledir)
- or fatal_error "Can't read AppArmor profiles in $profiledir.";
- for my $file (grep { -f "$profiledir/$_" } readdir(SDDIR)) {
- next if isSkippableFile($file);
- readprofile("$profiledir/$file", \&fatal_error, 1);
- }
- closedir(SDDIR);
-}
-
-sub readinactiveprofiles () {
- return if ( ! -e $extraprofiledir );
- opendir(ESDDIR, $extraprofiledir) or
- fatal_error "Can't read AppArmor profiles in $extraprofiledir.";
- for my $file (grep { -f "$extraprofiledir/$_" } readdir(ESDDIR)) {
- next if $file =~ /\.rpm(save|new)|README$/;
- readprofile("$extraprofiledir/$file", \&fatal_error, 0);
- }
- closedir(ESDDIR);
-}
-
-sub readprofile ($$$) {
- my $file = shift;
- my $error_handler = shift;
- my $active_profile = shift;
- if (open(SDPROF, "$file")) {
- local $/;
- my $data = <SDPROF>;
- close(SDPROF);
-
- eval {
- my $profile_data = parse_profile_data($data, $file, 0);
- if ($profile_data && $active_profile) {
- attach_profile_data(\%sd, $profile_data);
- attach_profile_data(\%original_sd, $profile_data);
- } elsif ( $profile_data ) {
- attach_profile_data(\%extras, $profile_data);
- }
- };
-
- # if there were errors loading the profile, call the error handler
- if ($@) {
- $@ =~ s/\n$//;
- return &$error_handler($@);
- }
- } else {
- $DEBUGGING && debug "readprofile: can't read $file - skipping";
- }
-}
-
-sub attach_profile_data($$) {
- my ($profiles, $profile_data) = @_;
-
- # make deep copies of the profile data so that if we change one set of
- # profile data, we're not changing others because of sharing references
- for my $p ( keys %$profile_data) {
- $profiles->{$p} = dclone($profile_data->{$p});
- }
-}
-
-sub parse_profile_data($$$) {
- my ($data, $file, $do_include) = @_;
-
-
- my ($profile_data, $profile, $hat, $in_contained_hat, $repo_data,
- @parsed_profiles);
- my $initial_comment = "";
-
- if ($do_include) {
- $profile = $file;
- $hat = $file;
- }
-
- for (split(/\n/, $data)) {
- chomp;
-
- # we don't care about blank lines
- next if /^\s*$/;
-
- # start of a profile...
- if (m/^\s*(("??\/.+?"??)|(profile\s+("??.+?"??)))\s+((flags=)?\((.+)\)\s+)*\{\s*(#.*)?$/) {
- # if we run into the start of a profile while we're already in a
- # profile, something's wrong...
- if ($profile) {
- unless (($profile eq $hat) and $4) {
- die "$profile profile in $file contains syntax errors.\n";
- }
- }
-
- # we hit the start of a profile, keep track of it...
- if ($profile && ($profile eq $hat) && $4) {
- # local profile
- $hat = $4;
- $in_contained_hat = 1;
- $profile_data->{$profile}{$hat}{profile} = 1;
- } else {
- $profile = $2 || $4;
- # hat is same as profile name if we're not in a hat
- ($profile, $hat) = split /\/\//, $profile;
- $in_contained_hat = 0;
- if ($hat) {
- $profile_data->{$profile}{$hat}{external} = 1;
- }
-
- $hat ||= $profile;
- }
-
- my $flags = $7;
-
- # deal with whitespace in profile and hat names.
- $profile = strip_quotes($profile);
- $hat = strip_quotes($hat) if $hat;
-
- # save off the name and filename
- $profile_data->{$profile}{$hat}{name} = $profile;
- $profile_data->{$profile}{$hat}{filename} = $file;
- $filelist{$file}{profiles}{$profile}{$hat} = 1;
-
- # keep track of profile flags
- $profile_data->{$profile}{$hat}{flags} = $flags;
-
- $profile_data->{$profile}{$hat}{allow}{netdomain} = { };
- $profile_data->{$profile}{$hat}{allow}{path} = { };
-
- # store off initial comment if they have one
- $profile_data->{$profile}{$hat}{initial_comment} = $initial_comment
- if $initial_comment;
- $initial_comment = "";
-
- if ($repo_data) {
- $profile_data->{$profile}{$profile}{repo}{url} = $repo_data->{url};
- $profile_data->{$profile}{$profile}{repo}{user} = $repo_data->{user};
- $profile_data->{$profile}{$profile}{repo}{id} = $repo_data->{id};
- $repo_data = undef;
- }
-
- } elsif (m/^\s*\}\s*(#.*)?$/) { # end of a profile...
-
- # if we hit the end of a profile when we're not in one, something's
- # wrong...
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
-
- if ($in_contained_hat) {
- $hat = $profile;
- $in_contained_hat = 0;
- } else {
- push @parsed_profiles, $profile;
- # mark that we're outside of a profile now...
- $profile = undef;
- }
-
- $initial_comment = "";
-
- } elsif (m/^\s*(audit\s+)?(deny\s+)?capability(\s+(\S+))?\s*,\s*(#.*)?$/) { # capability entry
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
-
- my $audit = $1 ? 1 : 0;
- my $allow = $2 ? 'deny' : 'allow';
- $allow = 'deny' if ($2);
- my $capability = $3 ? $3 : 'all';
- $profile_data->{$profile}{$hat}{$allow}{capability}{$capability}{set} = 1;
- $profile_data->{$profile}{$hat}{$allow}{capability}{$capability}{audit} = $audit;
- } elsif (m/^\s*set capability\s+(\S+)\s*,\s*(#.*)?$/) { # capability entry
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
-
- my $capability = $1;
- $profile_data->{$profile}{$hat}{set_capability}{$capability} = 1;
-
- } elsif (m/^\s*(audit\s+)?(deny\s+)?link\s+(((subset)|(<=))\s+)?([\"\@\/].*?"??)\s+->\s*([\"\@\/].*?"??)\s*,\s*(#.*)?$/) { # for now just keep link
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
- my $audit = $1 ? 1 : 0;
- my $allow = $2 ? 'deny' : 'allow';
-
- my $subset = $4;
- my $link = strip_quotes($7);
- my $value = strip_quotes($8);
- $profile_data->{$profile}{$hat}{$allow}{link}{$link}{to} = $value;
- $profile_data->{$profile}{$hat}{$allow}{link}{$link}{mode} |= $AA_MAY_LINK;
- if ($subset) {
- $profile_data->{$profile}{$hat}{$allow}{link}{$link}{mode} |= $AA_LINK_SUBSET;
- }
- if ($audit) {
- $profile_data->{$profile}{$hat}{$allow}{link}{$link}{audit} |= $AA_LINK_SUBSET;
- } else {
- $profile_data->{$profile}{$hat}{$allow}{link}{$link}{audit} |= 0;
- }
-
- } elsif (m/^\s*change_profile\s+->\s*("??.+?"??),(#.*)?$/) { # for now just keep change_profile
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
- my $cp = strip_quotes($1);
-
- $profile_data->{$profile}{$hat}{change_profile}{$cp} = 1;
- } elsif (m/^\s*alias\s+("??.+?"??)\s+->\s*("??.+?"??)\s*,(#.*)?$/) { # never do anything with aliases just keep them
- my $from = strip_quotes($1);
- my $to = strip_quotes($2);
-
- if ($profile) {
- $profile_data->{$profile}{$hat}{alias}{$from} = $to;
- } else {
- unless (exists $filelist{$file}) {
- $filelist{$file} = { };
- }
- $filelist{$file}{alias}{$from} = $to;
- }
-
- } elsif (m/^\s*set\s+rlimit\s+(.+)\s+<=\s*(.+)\s*,(#.*)?$/) { # never do anything with rlimits just keep them
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
- my $from = $1;
- my $to = $2;
-
- $profile_data->{$profile}{$hat}{rlimit}{$from} = $to;
-
- } elsif (/^\s*(\$\{?[[:alpha:]][[:alnum:]_]*\}?)\s*=\s*(true|false)\s*,?\s*(#.*)?$/i) { # boolean definition
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
- my $bool_var = $1;
- my $value = $2;
-
- $profile_data->{$profile}{$hat}{lvar}{$bool_var} = $value;
- } elsif (/^\s*(@\{?[[:alpha:]][[:alnum:]_]+\}?)\s*\+?=\s*(.+?)\s*,?\s*(#.*)?$/) { # variable additions both += and = doesn't mater
- my $list_var = strip_quotes($1);
- my $value = strip_quotes($2);
-
- if ($profile) {
- unless (exists $profile_data->{$profile}{$hat}{lvar}) {
- # create lval hash by sticking an empty list into list_var
- my @empty = ();
- $profile_data->{$profile}{$hat}{lvar}{$list_var} = \@empty;
- }
-
- store_list_var($profile_data->{$profile}{$hat}{lvar}, $list_var, $value);
- } else {
- unless (exists $filelist{$file}{lvar}) {
- # create lval hash by sticking an empty list into list_var
- my @empty = ();
- $filelist{$file}{lvar}{$list_var} = \@empty;
- }
-
- store_list_var($filelist{$file}{lvar}, $list_var, $value);
- }
- } elsif (m/^\s*if\s+(not\s+)?(\$\{?[[:alpha:]][[:alnum:]_]*\}?)\s*\{\s*(#.*)?$/) { # conditional -- boolean
- } elsif (m/^\s*if\s+(not\s+)?defined\s+(@\{?[[:alpha:]][[:alnum:]_]+\}?)\s*\{\s*(#.*)?$/) { # conditional -- variable defined
- } elsif (m/^\s*if\s+(not\s+)?defined\s+(\$\{?[[:alpha:]][[:alnum:]_]+\}?)\s*\{\s*(#.*)?$/) { # conditional -- boolean defined
- } elsif (m/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(file|([\"\@\/].*?)\s+(\S+))(\s+->\s*(.*?))?\s*,\s*(#.*)?$/) { # path entry
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
-
- my $audit = $1 ? 1 : 0;
- my $allow = $2 ? 'deny' : 'allow';
- my $user = $3 ? 1 : 0;
- my ($path, $mode, $nt_name) = ($5, $6, $8);
- my $file_keyword = 0;
- my $use_mode = 1;
-
- if ($4 eq "file") {
- $path = "/{**,}";
- $file_keyword = 1;
- if (!$mode) {
- # what the parser uses, but we don't care
- $mode = "rwixlka";
- $use_mode = 0;
- }
- }
-
- # strip off any trailing spaces.
- $path =~ s/\s+$//;
- $nt_name =~ s/\s+$// if $nt_name;
-
- $path = strip_quotes($path);
- $nt_name = strip_quotes($nt_name) if $nt_name;
-
- # make sure they don't have broken regexps in the profile
- my $p_re = convert_regexp($path);
- eval { "foo" =~ m/^$p_re$/; };
- if ($@) {
- die sprintf(gettext('Profile %s contains invalid regexp %s.'),
- $file, $path) . "\n";
- }
-
- if (!validate_profile_mode($mode, $allow, $nt_name)) {
- fatal_error(sprintf(gettext('Profile %s contains invalid mode %s.'), $file, $mode));
- }
-
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{use_mode} = $use_mode;
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{file_keyword} = 1 if $file_keyword;
-
- my $tmpmode;
- if ($user) {
- $tmpmode = str_to_mode("${mode}::");
- } else {
- $tmpmode = str_to_mode($mode);
- }
-
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{mode} |= $tmpmode;
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{to} = $nt_name if $nt_name;
- if ($audit) {
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{audit} |= $tmpmode;
- } else {
- $profile_data->{$profile}{$hat}{$allow}{path}{$path}{audit} |= 0;
- }
- } elsif (m/^\s*#include <(.+)>\s*$/) { # include stuff
- my $include = $1;
-
- if ($profile) {
- $profile_data->{$profile}{$hat}{include}{$include} = 1;
- } else {
- unless (exists $filelist{$file}) {
- $filelist{$file} = { };
- }
- $filelist{$file}{include}{$include} = 1;
- }
-
- # include is a dir
- if (-d "$profiledir/$include") {
- if (opendir(SDINCDIR, "$profiledir/$include")) {
- for my $path (readdir(SDINCDIR)) {
- chomp($path);
- next if isSkippableFile($path);
- if (-f "$profiledir/$include/$path") {
- my $file = "$include/$path";
- $file =~ s/$profiledir\///;
- my $ret = eval { loadinclude($file); };
- if ($@) { die $@; }
- return $ret if ( $ret != 0 );
- }
- }
- }
- closedir(SDINCDIR);
- } else {
- # try to load the include...
- my $ret = eval { loadinclude($include); };
- # propagate errors up the chain
- if ($@) { die $@; }
- return $ret if ( $ret != 0 );
- }
- } elsif (/^\s*(audit\s+)?(deny\s+)?network(.*)/) {
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
- my $audit = $1 ? 1 : 0;
- my $allow = $2 ? 'deny' : 'allow';
- my $network = $3;
-
- unless ($profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}) {
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule} = { };
- }
-
- if ($network =~ /\s+(\S+)\s+(\S+)\s*,\s*(#.*)?$/ ) {
- my $fam = $1;
- my $type = $2;
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{$fam}{$type} = 1;
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam}{$type} = $audit;
- } elsif ( $network =~ /\s+(\S+)\s*,\s*(#.*)?$/ ) {
- my $fam = $1;
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{$fam} = 1;
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{$fam} = $audit;
- } else {
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{rule}{all} = 1;
- $profile_data->{$profile}{$hat}{$allow}{netdomain}{audit}{all} = $audit;
- }
- } elsif (/^\s*(tcp_connect|tcp_accept|udp_send|udp_receive)/) {
-# just ignore and drop old style network
-# die sprintf(gettext('%s contains old style network rules.'), $file) . "\n";
-
- } elsif (m/^\s*\^(\"??.+?\"??)\s*,\s*(#.*)?$/) {
- if (not $profile) {
- die "$file contains syntax errors.";
- }
- # change_hat declaration - needed to change_hat to an external
- # hat
- $hat = $1;
- $hat = $1 if $hat =~ /^"(.+)"$/;
-
- #store we have a declaration if the hat hasn't been seen
- $profile_data->{$profile}{$hat}{'declared'} = 1
- unless exists($profile_data->{$profile}{$hat}{declared});
-
- } elsif (m/^\s*\^(\"??.+?\"??)\s+((flags=)?\((.+)\)\s+)*\{\s*(#.*)?$/) {
- # start of embedded hat syntax hat definition
- # read in and mark as changed so that will be written out in the new
- # format
-
- # if we hit the start of a contained hat when we're not in a profile
- # something is wrong...
- if (not $profile) {
- die sprintf(gettext('%s contains syntax errors.'), $file) . "\n";
- }
-
- $in_contained_hat = 1;
-
- # we hit the start of a hat inside the current profile
- $hat = $1;
- my $flags = $4;
-
- # strip quotes.
- $hat = $1 if $hat =~ /^"(.+)"$/;
-
- # keep track of profile flags
- $profile_data->{$profile}{$hat}{flags} = $flags;
- # we have seen more than a declaration so clear it
- $profile_data->{$profile}{$hat}{'declared'} = 0;
- $profile_data->{$profile}{$hat}{allow}{path} = { };
- $profile_data->{$profile}{$hat}{allow}{netdomain} = { };
-
- # store off initial comment if they have one
- $profile_data->{$profile}{$hat}{initial_comment} = $initial_comment
- if $initial_comment;
- $initial_comment = "";
- #don't mark profile as changed just because it has an embedded
- #hat.
- #$changed{$profile} = 1;
-
- $filelist{$file}{profiles}{$profile}{$hat} = 1;
-
- } elsif (/^\s*\#/) {
- # we only currently handle initial comments
- if (not $profile) {
- # ignore vim syntax highlighting lines
- next if /^\s*\# vim:syntax/;
- # ignore Last Modified: lines
- next if /^\s*\# Last Modified:/;
- if (/^\s*\# REPOSITORY: (\S+) (\S+) (\S+)$/) {
- $repo_data = { url => $1, user => $2, id => $3 };
- } elsif (/^\s*\# REPOSITORY: NEVERSUBMIT$/) {
- $repo_data = { neversubmit => 1 };
- } else {
- $initial_comment .= "$_\n";
- }
- }
- } elsif (/^\s*(audit\s+)?(deny\s+)?(owner\s+)?(capability|dbus|file|mount|pivot_root|remount|umount|signal|unix|ptrace)/) {
- # ignore valid rules that are currently unsupported by AppArmor.pm
- if (! defined $profile_data->{$profile}{$hat}{unsupported_rules}) {
- $profile_data->{$profile}{$hat}{unsupported_rules} = [];
- }
- $_ =~ s/^\s+|\s+$//g;
- push @{$profile_data->{$profile}{$hat}{unsupported_rules}}, $_ ;
-
- } else {
- # we hit something we don't understand in a profile...
- die sprintf(gettext('%s contains syntax errors. Line [%s]'), $file, $_) . "\n";
- }
- }
-
- #
- # Cleanup : add required hats if not present in the
- # parsed profiles
- #
-if (not $do_include) {
- for my $hatglob (keys %{$cfg->{required_hats}}) {
- for my $parsed_profile ( sort @parsed_profiles ) {
- if ($parsed_profile =~ /$hatglob/) {
- for my $hat (split(/\s+/, $cfg->{required_hats}{$hatglob})) {
- unless ($profile_data->{$parsed_profile}{$hat}) {
- $profile_data->{$parsed_profile}{$hat} = { };
- }
- }
- }
- }
- }
-
-} # if we're still in a profile when we hit the end of the file, it's bad
- if ($profile and not $do_include) {
- die "Reached the end of $file while we were still inside the $profile profile.\n";
- }
-
- return $profile_data;
-}
-
-sub eliminate_duplicates(@) {
- my @data =@_;
-
- my %set = map { $_ => 1 } @_;
- @data = keys %set;
-
- return @data;
-}
-
-sub separate_vars($) {
- my $vs = shift;
- my @data;
-
-# while ($vs =~ /\s*(((\"([^\"]|\\\"))+?\")|\S*)\s*(.*)$/) {
- while ($vs =~ /\s*((\".+?\")|([^\"]\S+))\s*(.*)$/) {
- my $tmp = $1;
- push @data, strip_quotes($tmp);
- $vs = $4;
- }
-
- return @data;
-}
-
-sub is_active_profile ($) {
- my $pname = shift;
- if ( $sd{$pname} ) {
- return 1;
- } else {
- return 0;
- }
-}
-
-sub store_list_var (\%$$) {
- my ($vars, $list_var, $value) = @_;
-
- my @vlist = (separate_vars($value));
-
-# if (exists $profile_data->{$profile}{$hat}{lvar}{$list_var}) {
-# @vlist = (@vlist, @{$profile_data->{$profile}{$hat}{lvar}{$list_var}});
-# }
-#
-# @vlist = eliminate_duplicates(@vlist);
-# $profile_data->{$profile}{$hat}{lvar}{$list_var} = \@vlist;
-
- if (exists $vars->{$list_var}) {
- @vlist = (@vlist, @{$vars->{$list_var}});
- }
-
- @vlist = eliminate_duplicates(@vlist);
- $vars->{$list_var} = \@vlist;
-
-
-}
-
-sub strip_quotes ($) {
- my $data = shift;
- $data = $1 if $data =~ /^\"(.*)\"$/;
- return $data;
-}
-
-sub quote_if_needed ($) {
- my $data = shift;
- $data = "\"$data\"" if $data =~ /\s/;
-
- return $data;
-}
-
-sub escape ($) {
- my $dangerous = shift;
-
- $dangerous = strip_quotes($dangerous);
-
- $dangerous =~ s/((?<!\\))"/$1\\"/g;
- if ($dangerous =~ m/(\s|^$|")/) {
- $dangerous = "\"$dangerous\"";
- }
-
- return $dangerous;
-}
-
-sub writeheader ($$$$$) {
- my ($profile_data, $depth, $name, $embedded_hat, $write_flags) = @_;
-
- my $pre = ' ' x $depth;
- my @data;
- # deal with whitespace in profile names...
- $name = quote_if_needed($name);
-
- $name = "profile $name" if ((!$embedded_hat && $name =~ /^[^\/]|^"[^\/]/)
- || ($embedded_hat && $name =~/^[^^]/));
-
- #push @data, "#include <tunables/global>" unless ( $is_hat );
- if ($write_flags and $profile_data->{flags}) {
- push @data, "${pre}$name flags=($profile_data->{flags}) {";
- } else {
- push @data, "${pre}$name {";
- }
-
- return @data;
-}
-
-sub qin_trans ($) {
- my $value = shift;
- return quote_if_needed($value);
-}
-
-sub write_single ($$$$$$) {
- my ($profile_data, $depth, $allow, $name, $prefix, $tail) = @_;
- my $ref;
- my @data;
-
- if ($allow) {
- $ref = $profile_data->{$allow};
- if ($allow eq 'deny') {
- $allow .= " ";
- } else {
- $allow = "";
- }
- } else {
- $ref = $profile_data;
- $allow = "";
- }
-
- my $pre = " " x $depth;
-
-
- # dump out the data
- if (exists $ref->{$name}) {
- for my $key (sort keys %{$ref->{$name}}) {
- my $qkey = quote_if_needed($key);
- push @data, "${pre}${allow}${prefix}${qkey}${tail}";
- }
- push @data, "" if keys %{$ref->{$name}};
- }
-
- return @data;
-}
-
-sub write_pair ($$$$$$$$) {
- my ($profile_data, $depth, $allow, $name, $prefix, $sep, $tail, $fn) = @_;
- my $ref;
- my @data;
-
- if ($allow) {
- $ref = $profile_data->{$allow};
- if ($allow eq 'deny') {
- $allow .= " ";
- } else {
- $allow = "";
- }
- } else {
- $ref = $profile_data;
- $allow = "";
- }
-
- my $pre = " " x $depth;
-
- # dump out the data
- if (exists $ref->{$name}) {
- for my $key (sort keys %{$ref->{$name}}) {
- my $value = &{$fn}($ref->{$name}{$key});
- push @data, "${pre}${allow}${prefix}${key}${sep}${value}${tail}";
- }
- push @data, "" if keys %{$ref->{$name}};
- }
-
- return @data;
-}
-
-sub writeincludes ($$) {
- my ($prof_data, $depth) = @_;
-
- return write_single($prof_data, $depth,'', 'include', "#include <", ">");
-}
-
-sub writechange_profile ($$) {
- my ($prof_data, $depth) = @_;
-
- return write_single($prof_data, $depth, '', 'change_profile', "change_profile -> ", ",");
-}
-
-sub writealiases ($$) {
- my ($prof_data, $depth) = @_;
-
- return write_pair($prof_data, $depth, '', 'alias', "alias ", " -> ", ",", \&qin_trans);
-}
-
-sub writerlimits ($$) {
- my ($prof_data, $depth) = @_;
-
- return write_pair($prof_data, $depth, '', 'rlimit', "set rlimit ", " <= ", ",", \&qin_trans);
-}
-
-# take a list references and process it
-sub var_transform($) {
- my $ref = shift;
- my @in = @{$ref};
- my @data;
-
- foreach my $value (@in) {
- push @data, quote_if_needed($value);
- }
-
- return join " ", @data;
-}
-
-sub writelistvars ($$) {
- my ($prof_data, $depth) = @_;
-
- return write_pair($prof_data, $depth, '', 'lvar', "", " = ", "", \&var_transform);
-}
-
-sub writecap_rules ($$$) {
- my ($profile_data, $depth, $allow) = @_;
-
- my $allowstr = $allow eq 'deny' ? 'deny ' : '';
- my $pre = " " x $depth;
-
- my @data;
- if (exists $profile_data->{$allow}{capability}) {
- my $audit;
- if (exists $profile_data->{$allow}{capability}{all}) {
- $audit = ($profile_data->{$allow}{capability}{all}{audit}) ? 'audit ' : '';
- push @data, "${pre}${audit}${allowstr}capability,";
- }
- for my $cap (sort keys %{$profile_data->{$allow}{capability}}) {
- next if ($cap eq "all");
- my $audit = ($profile_data->{$allow}{capability}{$cap}{audit}) ? 'audit ' : '';
- if ($profile_data->{$allow}{capability}{$cap}{set}) {
- push @data, "${pre}${audit}${allowstr}capability ${cap},";
- }
- }
- push @data, "";
- }
-
- return @data;
-}
-
-sub writecapabilities ($$) {
- my ($prof_data, $depth) = @_;
- my @data;
- push @data, write_single($prof_data, $depth, '', 'set_capability', "set capability ", ",");
- push @data, writecap_rules($prof_data, $depth, 'deny');
- push @data, writecap_rules($prof_data, $depth, 'allow');
- return @data;
-}
-
-sub writenet_rules ($$$) {
- my ($profile_data, $depth, $allow) = @_;
-
- my $allowstr = $allow eq 'deny' ? 'deny ' : '';
-
- my $pre = " " x $depth;
- my $audit = "";
-
- my @data;
- # dump out the netdomain entries...
- if (exists $profile_data->{$allow}{netdomain}) {
- if ( $profile_data->{$allow}{netdomain}{rule} &&
- $profile_data->{$allow}{netdomain}{rule}{all}) {
- $audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{all};
- push @data, "${pre}${audit}network,";
- } else {
- for my $fam (sort keys %{$profile_data->{$allow}{netdomain}{rule}}) {
- if ( $profile_data->{$allow}{netdomain}{rule}{$fam} == 1 ) {
- $audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{$fam};
- push @data, "${pre}${audit}${allowstr}network $fam,";
- } else {
- for my $type
- (sort keys %{$profile_data->{$allow}{netdomain}{rule}{$fam}}) {
- $audit = "audit " if $profile_data->{$allow}{netdomain}{audit}{$fam}{$type};
- push @data, "${pre}${audit}${allowstr}network $fam $type,";
- }
- }
- }
- }
- push @data, "" if %{$profile_data->{$allow}{netdomain}};
- }
- return @data;
-
-}
-
-sub writenetdomain ($$) {
- my ($prof_data, $depth) = @_;
- my @data;
-
- push @data, writenet_rules($prof_data, $depth, 'deny');
- push @data, writenet_rules($prof_data, $depth, 'allow');
-
- return @data;
-}
-
-sub writelink_rules ($$$) {
- my ($profile_data, $depth, $allow) = @_;
-
- my $allowstr = $allow eq 'deny' ? 'deny ' : '';
- my $pre = " " x $depth;
-
- my @data;
- if (exists $profile_data->{$allow}{link}) {
- for my $path (sort keys %{$profile_data->{$allow}{link}}) {
- my $to = $profile_data->{$allow}{link}{$path}{to};
- my $subset = ($profile_data->{$allow}{link}{$path}{mode} & $AA_LINK_SUBSET) ? 'subset ' : '';
- my $audit = ($profile_data->{$allow}{link}{$path}{audit}) ? 'audit ' : '';
- # deal with whitespace in path names
- $path = quote_if_needed($path);
- $to = quote_if_needed($to);
- push @data, "${pre}${audit}${allowstr}link ${subset}${path} -> ${to},";
- }
- push @data, "";
- }
-
- return @data;
-}
-
-sub writelinks ($$) {
- my ($profile_data, $depth) = @_;
- my @data;
-
- push @data, writelink_rules($profile_data, $depth, 'deny');
- push @data, writelink_rules($profile_data, $depth, 'allow');
-
- return @data;
-}
-
-sub writepath_rules ($$$) {
- my ($profile_data, $depth, $allow) = @_;
-
- my $allowstr = $allow eq 'deny' ? 'deny ' : '';
- my $pre = " " x $depth;
-
- my @data;
- if (exists $profile_data->{$allow}{path}) {
- for my $path (sort keys %{$profile_data->{$allow}{path}}) {
- my $mode = $profile_data->{$allow}{path}{$path}{mode};
- my $audit = $profile_data->{$allow}{path}{$path}{audit};
- my $tail = "";
- $tail = " -> " . $profile_data->{$allow}{path}{$path}{to} if ($profile_data->{$allow}{path}{$path}{to});
- my ($user, $other) = split_mode($mode);
- my ($user_audit, $other_audit) = split_mode($audit);
- # determine whether the rule contains any owner only components
-
- while ($user || $other) {
- my $ownerstr = "";
- my ($tmpmode, $tmpaudit) = 0;
- if ($user & ~$other) {
- # user contains bits not set in other
- $ownerstr = "owner ";
- $tmpmode = $user & ~$other;
- $tmpaudit = $user_audit;
- $user &= ~$tmpmode;
-# } elsif ($other & ~$user) {
-# $ownerstr = "other ";
-# $tmpmode = $other & ~$user;
-# $tmpaudit = $other_audit;
-# $other &= ~$tmpmode;
- } else {
- if ($user_audit & ~$other_audit & $user) {
- $ownerstr = "owner ";
- $tmpaudit = $user_audit & ~$other_audit & $user;
- $tmpmode = $user & $tmpaudit;
- $user &= ~$tmpmode;
-# } elsif ($other_audit & ~$user_audit & $other) {
-# $ownerstr = "other ";
-# $tmpaudit = $other_audit & ~$user_audit & $other;
-# $tmpmode = $other & $tmpaudit;
-# $other &= ~$tmpmode;
- } else {
- # user == other && user_audit == other_audit
- $ownerstr = "";
-#include exclusive other for now
-# $tmpmode = $user;
-# $tmpaudit = $user_audit;
- $tmpmode = $user | $other;
- $tmpaudit = $user_audit | $other_audit;
- $user &= ~$tmpmode;
- $other &= ~$tmpmode;
- }
- }
-
- if ($tmpmode & $tmpaudit) {
- my $modestr = mode_to_str($tmpmode & $tmpaudit);
- if ($path =~ /\s/) {
- push @data, "${pre}audit ${allowstr}${ownerstr}\"$path\" ${modestr}${tail},";
- } else {
- push @data, "${pre}audit ${allowstr}${ownerstr}$path ${modestr}${tail},";
- }
- $tmpmode &= ~$tmpaudit;
- }
- my $kw = $profile_data->{$allow}{path}{$path}{file_keyword};
- my $use_mode = $profile_data->{$allow}{path}{$path}{use_mode};
- if ($kw) {
- my $modestr = "";
- $modestr = " " . mode_to_str($tmpmode) if $use_mode;
- push @data, "${pre}${allowstr}${ownerstr}file${modestr}${tail},";
- } elsif ($tmpmode) {
- my $modestr = mode_to_str($tmpmode);
- if ($path =~ /\s/) {
- push @data, "${pre}${allowstr}${ownerstr}\"$path\" ${modestr}${tail},";
- } else {
- push @data, "${pre}${allowstr}${ownerstr}$path ${modestr}${tail},";
- }
- }
- }
-
- }
- push @data, "";
- }
-
- return @data;
-}
-
-sub writepaths ($$) {
- my ($prof_data, $depth) = @_;
-
- my @data;
- push @data, writepath_rules($prof_data, $depth, 'deny');
- push @data, writepath_rules($prof_data, $depth, 'allow');
-
- return @data;
-}
-
-sub writeunsupportedrules ($$) {
- my ($prof_data, $depth) = @_;
-
- my @data;
- my $pre = " " x $depth;
-
- if (defined $prof_data->{unsupported_rules}) {
-
- for my $rule (@{$prof_data->{unsupported_rules}}){
- push @data, "${pre}${rule}";
- }
-
- push @data, "";
- }
-
- return @data;
-
-}
-
-sub write_rules ($$) {
- my ($prof_data, $depth) = @_;
-
- my @data;
- push @data, writealiases($prof_data, $depth);
- push @data, writelistvars($prof_data, $depth);
- push @data, writeincludes($prof_data, $depth);
- push @data, writerlimits($prof_data, $depth);
- push @data, writecapabilities($prof_data, $depth);
- push @data, writenetdomain($prof_data, $depth);
- push @data, writeunsupportedrules($prof_data, $depth); ## Legacy support for unknown/new rules
- push @data, writelinks($prof_data, $depth);
- push @data, writepaths($prof_data, $depth);
- push @data, writechange_profile($prof_data, $depth);
-
- return @data;
-}
-
-sub writepiece ($$$$$);
-sub writepiece ($$$$$) {
- my ($profile_data, $depth, $name, $nhat, $write_flags) = @_;
-
- my $pre = ' ' x $depth;
- my @data;
- my $wname;
- my $inhat = 0;
- if ($name eq $nhat) {
- $wname = $name;
- } else {
- $wname = "$name//$nhat";
- $name = $nhat;
- $inhat = 1;
- }
- push @data, writeheader($profile_data->{$name}, $depth, $wname, 0, $write_flags);
- push @data, write_rules($profile_data->{$name}, $depth + 1);
-
- my $pre2 = ' ' x ($depth + 1);
- # write external hat declarations
- for my $hat (grep { $_ ne $name } sort keys %{$profile_data}) {
- if ($profile_data->{$hat}{declared}) {
- push @data, "${pre2}^$hat,";
- }
- }
-
- if (!$inhat) {
- # write embedded hats
- for my $hat (grep { $_ ne $name } sort keys %{$profile_data}) {
- if ((not $profile_data->{$hat}{external}) and
- (not $profile_data->{$hat}{declared})) {
- push @data, "";
- if ($profile_data->{$hat}{profile}) {
- push @data, map { "$_" } writeheader($profile_data->{$hat},
- $depth + 1, $hat,
- 1, $write_flags);
- } else {
- push @data, map { "$_" } writeheader($profile_data->{$hat},
- $depth + 1, "^$hat",
- 1, $write_flags);
- }
- push @data, map { "$_" } write_rules($profile_data->{$hat},
- $depth + 2);
- push @data, "${pre2}}";
- }
- }
- push @data, "${pre}}";
-
- #write external hats
- for my $hat (grep { $_ ne $name } sort keys %{$profile_data}) {
- if (($name eq $nhat) and $profile_data->{$hat}{external}) {
- push @data, "";
- push @data, map { " $_" } writepiece($profile_data, $depth - 1,
- $name, $hat, $write_flags);
- push @data, " }";
- }
- }
- }
- return @data;
-}
-
-sub serialize_profile($$$) {
- my ($profile_data, $name, $options) = @_;
-
- my $string = "";
- my $include_metadata = 0; # By default don't write out metadata
- my $include_flags = 1;
- if ( $options and ref($options) eq "HASH" ) {
- $include_metadata = 1 if ( defined $options->{METADATA} );
- $include_flags = 0 if ( defined $options->{NO_FLAGS} );
- }
-
- if ($include_metadata) {
- # keep track of when the file was last updated
- $string .= "# Last Modified: " . localtime(time) . "\n";
-
- # print out repository metadata
- if ($profile_data->{$name}{repo} &&
- $profile_data->{$name}{repo}{url} &&
- $profile_data->{$name}{repo}{user} &&
- $profile_data->{$name}{repo}{id}) {
- my $repo = $profile_data->{$name}{repo};
- $string .= "# REPOSITORY: $repo->{url} $repo->{user} $repo->{id}\n";
- } elsif ($profile_data->{$name}{repo}{neversubmit}) {
- $string .= "# REPOSITORY: NEVERSUBMIT\n";
- }
- }
-
- # print out initial comment
- if ($profile_data->{$name}{initial_comment}) {
- my $comment = $profile_data->{$name}{initial_comment};
- $comment =~ s/\\n/\n/g;
- $string .= "$comment\n";
- }
-
- #bleah this is stupid the data structure needs to be reworked
- my $filename = getprofilefilename($name);
- my @data;
- if ($filelist{$filename}) {
- push @data, writealiases($filelist{$filename}, 0);
- push @data, writelistvars($filelist{$filename}, 0);
- push @data, writeincludes($filelist{$filename}, 0);
- }
-
-
-# XXX - FIXME
-#
-# # dump variables defined in this file
-# if ($variables{$filename}) {
-# for my $var (sort keys %{$variables{$filename}}) {
-# if ($var =~ m/^@/) {
-# my @values = sort @{$variables{$filename}{$var}};
-# @values = map { escape($_) } @values;
-# my $values = join (" ", @values);
-# print SDPROF "$var = ";
-# print SDPROF $values;
-# } elsif ($var =~ m/^\$/) {
-# print SDPROF "$var = ";
-# print SDPROF ${$variables{$filename}{$var}};
-# } elsif ($var =~ m/^\#/) {
-# my $inc = $var;
-# $inc =~ s/^\#//;
-# print SDPROF "#include <$inc>";
-# }
-# print SDPROF "\n";
-# }
-# }
-
- push @data, writepiece($profile_data, 0, $name, $name, $include_flags);
- $string .= join("\n", @data);
-
- return "$string\n";
-}
-
-sub writeprofile_ui_feedback ($) {
- my $profile = shift;
- UI_Info(sprintf(gettext('Writing updated profile for %s.'), $profile));
- writeprofile($profile);
-}
-
-sub writeprofile ($) {
- my ($profile) = shift;
-
- my $filename = $sd{$profile}{$profile}{filename} || getprofilefilename($profile);
-
- open(SDPROF, ">$filename") or
- fatal_error "Can't write new AppArmor profile $filename: $!";
- my $serialize_opts = { };
- $serialize_opts->{METADATA} = 1;
-
- #make sure to write out all the profiles in the file
- my $profile_string = serialize_profile($sd{$profile}, $profile, $serialize_opts);
- print SDPROF $profile_string;
- close(SDPROF);
-
- # mark the profile as up-to-date
- delete $changed{$profile};
- $original_sd{$profile} = dclone($sd{$profile});
-}
-
-sub getprofileflags($) {
- my $filename = shift;
-
- my $flags = "enforce";
-
- if (open(PROFILE, "$filename")) {
- while (<PROFILE>) {
- if (m/^\s*\/\S+\s+flags=\((.+)\)\s+{\s*$/) {
- $flags = $1;
- close(PROFILE);
- return $flags;
- }
- }
- close(PROFILE);
- }
-
- return $flags;
-}
-
-
-sub matchliteral($$) {
- my ($sd_regexp, $literal) = @_;
-
- my $p_regexp = convert_regexp($sd_regexp);
-
- # check the log entry against our converted regexp...
- my $matches = eval { $literal =~ /^$p_regexp$/; };
-
- # doesn't match if we've got a broken regexp
- return undef if $@;
-
- return $matches;
-}
-
-# test if profile has exec rule for $exec_target
-sub profile_known_exec (\%$$) {
- my ($profile, $type, $exec_target) = @_;
- if ( $type eq "exec" ) {
- my ($cm, $am, @m);
-
- # test denies first
- ($cm, $am, @m) = rematchfrag($profile, 'deny', $exec_target);
- if ($cm & $AA_MAY_EXEC) {
- return -1;
- }
- ($cm, $am, @m) = match_prof_incs_to_path($profile, 'deny', $exec_target);
- if ($cm & $AA_MAY_EXEC) {
- return -1;
- }
-
- # now test the generally longer allow lists
- ($cm, $am, @m) = rematchfrag($profile, 'allow', $exec_target);
- if ($cm & $AA_MAY_EXEC) {
- return 1;
- }
-
- ($cm, $am, @m) = match_prof_incs_to_path($profile, 'allow', $exec_target);
- if ($cm & $AA_MAY_EXEC) {
- return 1;
- }
- }
- return 0;
-}
-
-sub profile_known_capability (\%$) {
- my ($profile, $capname) = @_;
-
- return -1 if $profile->{deny}{capability}{$capname}{set};
- return 1 if $profile->{allow}{capability}{$capname}{set};
- for my $incname ( keys %{$profile->{include}} ) {
- return -1 if $include{$incname}{$incname}{deny}{capability}{$capname}{set};
- return 1 if $include{$incname}{$incname}{allow}{capability}{$capname}{set};
- }
- return 0;
-}
-
-sub profile_known_network (\%$$) {
- my ($profile, $family, $sock_type) = @_;
-
- return -1 if netrules_access_check( $profile->{deny}{netdomain},
- $family, $sock_type);
- return 1 if netrules_access_check( $profile->{allow}{netdomain},
- $family, $sock_type);
-
- for my $incname ( keys %{$profile->{include}} ) {
- return -1 if netrules_access_check($include{$incname}{$incname}{deny}{netdomain},
- $family, $sock_type);
- return 1 if netrules_access_check($include{$incname}{$incname}{allow}{netdomain},
- $family, $sock_type);
- }
-
- return 0;
-}
-
-sub netrules_access_check ($$$) {
- my ($netrules, $family, $sock_type) = @_;
- return 0 if ( not defined $netrules );
- my %netrules = %$netrules;
- my $all_net = defined $netrules{rule}{all};
- my $all_net_family = defined $netrules{rule}{$family} && $netrules{rule}{$family} == 1;
- my $net_family_sock = defined $netrules{rule}{$family} &&
- ref($netrules{rule}{$family}) eq "HASH" &&
- defined $netrules{rule}{$family}{$sock_type};
-
- if ( $all_net || $all_net_family || $net_family_sock ) {
- return 1;
- } else {
- return 0;
- }
-}
-
-sub reload_base($) {
- my $bin = shift;
-
- # don't try to reload profile if AppArmor is not running
- return unless check_for_subdomain();
-
- my $filename = getprofilefilename($bin);
-
- system("/bin/cat '$filename' | $parser -I$profiledir -r >/dev/null 2>&1");
-}
-
-sub reload ($) {
- my $bin = shift;
-
- # don't reload the profile if the corresponding executable doesn't exist
- my $fqdbin = findexecutable($bin) or return;
-
- return reload_base($fqdbin);
-}
-
-sub read_include_from_file($) {
- my $which = shift;
-
- my $data;
- if (open(INCLUDE, "$profiledir/$which")) {
- local $/;
- $data = <INCLUDE>;
- close(INCLUDE);
- }
-
- return $data;
-}
-
-sub get_include_data($) {
- my $which = shift;
-
- my $data = read_include_from_file($which);
- unless($data) {
- fatal_error "Can't find include file $which: $!";
- }
- return $data;
-}
-
-sub loadinclude($) {
- my $which = shift;
-
- # don't bother loading it again if we already have
- return 0 if $include{$which}{$which};
-
- my @loadincludes = ($which);
- while (my $incfile = shift @loadincludes) {
-
- my $data = get_include_data($incfile);
- my $incdata = parse_profile_data($data, $incfile, 1);
- if ($incdata) {
- attach_profile_data(\%include, $incdata);
- }
- }
- return 0;
-}
-
-sub rematchfrag ($$$) {
- my ($frag, $allow, $path) = @_;
-
- my $combinedmode = 0;
- my $combinedaudit = 0;
- my @matches;
-
- for my $entry (keys %{ $frag->{$allow}{path} }) {
-
- my $regexp = convert_regexp($entry);
-
- # check the log entry against our converted regexp...
- if ($path =~ /^$regexp$/) {
-
- # regexp matches, add it's mode to the list to check against
- $combinedmode |= $frag->{$allow}{path}{$entry}{mode};
- $combinedaudit |= $frag->{$allow}{path}{$entry}{audit};
- push @matches, $entry;
- }
- }
-
- return wantarray ? ($combinedmode, $combinedaudit, @matches) : $combinedmode;
-}
-
-sub match_include_to_path ($$$) {
- my ($incname, $allow, $path) = @_;
-
- my $combinedmode = 0;
- my $combinedaudit = 0;
- my @matches;
-
- my @includelist = ( $incname );
- while (my $incfile = shift @includelist) {
- my $ret = eval { loadinclude($incfile); };
- if ($@) { fatal_error $@; }
- my ($cm, $am, @m) = rematchfrag($include{$incfile}{$incfile}, $allow, $path);
- if ($cm) {
- $combinedmode |= $cm;
- $combinedaudit |= $am;
- push @matches, @m;
- }
-
- # check if a literal version is in the current include fragment
- if ($include{$incfile}{$incfile}{$allow}{path}{$path}) {
- $combinedmode |= $include{$incfile}{$incfile}{$allow}{path}{$path}{mode};
- $combinedaudit |= $include{$incfile}{$incfile}{$allow}{path}{$path}{audit};
- }
-
- # if this fragment includes others, check them too
- if (keys %{ $include{$incfile}{$incfile}{include} }) {
- push @includelist, keys %{ $include{$incfile}{$incfile}{include} };
- }
- }
-
- return wantarray ? ($combinedmode, $combinedaudit, @matches) : $combinedmode;
-}
-
-sub match_prof_incs_to_path ($$$) {
- my ($frag, $allow, $path) = @_;
-
- my $combinedmode = 0;
- my $combinedaudit = 0;
- my @matches;
-
- # scan the include fragments for this profile looking for matches
- my @includelist = keys %{ $frag->{include} };
- while (my $include = shift @includelist) {
- my ($cm, $am, @m) = match_include_to_path($include, $allow, $path);
- if ($cm) {
- $combinedmode |= $cm;
- $combinedaudit |= $am;
- push @matches, @m;
- }
- }
-
- return wantarray ? ($combinedmode, $combinedaudit, @matches) : $combinedmode;
-}
-
-#find includes that match the path to suggest
-sub suggest_incs_for_path($$$) {
- my ($incname, $path, $allow) = @_;
-
-
- my $combinedmode = 0;
- my $combinedaudit = 0;
- my @matches;
-
- # scan the include fragments looking for matches
- my @includelist = ($incname);
- while (my $include = shift @includelist) {
- my ($cm, $am, @m) = rematchfrag($include{$include}{$include}, 'allow', $path);
- if ($cm) {
- $combinedmode |= $cm;
- $combinedaudit |= $am;
- push @matches, @m;
- }
-
- # check if a literal version is in the current include fragment
- if ($include{$include}{$include}{allow}{path}{$path}) {
- $combinedmode |= $include{$include}{$include}{allow}{path}{$path}{mode};
- $combinedaudit |= $include{$include}{$include}{allow}{path}{$path}{audit};
- }
-
- # if this fragment includes others, check them too
- if (keys %{ $include{$include}{$include}{include} }) {
- push @includelist, keys %{ $include{$include}{$include}{include} };
- }
- }
-
- if ($combinedmode) {
- return wantarray ? ($combinedmode, $combinedaudit, @matches) : $combinedmode;
- } else {
- return;
- }
-}
-
-sub check_qualifiers($) {
- my $program = shift;
-
- if ($cfg->{qualifiers}{$program}) {
- unless($cfg->{qualifiers}{$program} =~ /p/) {
- fatal_error(sprintf(gettext("\%s is currently marked as a program that should not have it's own profile. Usually, programs are marked this way if creating a profile for them is likely to break the rest of the system. If you know what you're doing and are certain you want to create a profile for this program, edit the corresponding entry in the [qualifiers] section in /etc/apparmor/logprof.conf."), $program));
- }
- }
-}
-
-sub loadincludes() {
- if (opendir(SDDIR, $profiledir)) {
- my @incdirs = grep { (!/^\./) && (-d "$profiledir/$_") } readdir(SDDIR);
- close(SDDIR);
-
- while (my $id = shift @incdirs) {
- next if isSkippableDir($id);
- if (opendir(SDDIR, "$profiledir/$id")) {
- for my $path (readdir(SDDIR)) {
- chomp($path);
- next if isSkippableFile($path);
- if (-f "$profiledir/$id/$path") {
- my $file = "$id/$path";
- $file =~ s/$profiledir\///;
- my $ret = eval { loadinclude($file); };
- if ($@) { fatal_error $@; }
- } elsif (-d "$id/$path") {
- push @incdirs, "$id/$path";
- }
- }
- closedir(SDDIR);
- }
- }
- }
-}
-
-sub globcommon ($) {
- my $path = shift;
-
- my @globs;
-
- # glob library versions in both foo-5.6.so and baz.so.9.2 form
- if ($path =~ m/[\d\.]+\.so$/ || $path =~ m/\.so\.[\d\.]+$/) {
- my $libpath = $path;
- $libpath =~ s/[\d\.]+\.so$/*.so/;
- $libpath =~ s/\.so\.[\d\.]+$/.so.*/;
- push @globs, $libpath if $libpath ne $path;
- }
-
- for my $glob (keys %{$cfg->{globs}}) {
- if ($path =~ /$glob/) {
- my $globbedpath = $path;
- $globbedpath =~ s/$glob/$cfg->{globs}{$glob}/g;
- push @globs, $globbedpath if $globbedpath ne $path;
- }
- }
-
- if (wantarray) {
- return sort { length($b) <=> length($a) } uniq(@globs);
- } else {
- my @list = sort { length($b) <=> length($a) } uniq(@globs);
- return $list[$#list];
- }
-}
-
-# this is an ugly, nasty function that attempts to see if one regexp
-# is a subset of another regexp
-sub matchregexp ($$) {
- my ($new, $old) = @_;
-
- # bail out if old pattern has {foo,bar,baz} stuff in it
- return undef if $old =~ /\{.*(\,.*)*\}/;
-
- # are there any regexps at all in the old pattern?
- if ($old =~ /\[.+\]/ or $old =~ /\*/ or $old =~ /\?/) {
-
- # convert {foo,baz} to (foo|baz)
- $new =~ y/\{\}\,/\(\)\|/ if $new =~ /\{.*\,.*\}/;
-
- # \001 == SD_GLOB_RECURSIVE
- # \002 == SD_GLOB_SIBLING
-
- $new =~ s/\*\*/\001/g;
- $new =~ s/\*/\002/g;
-
- $old =~ s/\*\*/\001/g;
- $old =~ s/\*/\002/g;
-
- # strip common prefix
- my $prefix = commonprefix($new, $old);
- if ($prefix) {
-
- # make sure we don't accidentally gobble up a trailing * or **
- $prefix =~ s/(\001|\002)$//;
- $new =~ s/^$prefix//;
- $old =~ s/^$prefix//;
- }
-
- # strip common suffix
- my $suffix = commonsuffix($new, $old);
- if ($suffix) {
-
- # make sure we don't accidentally gobble up a leading * or **
- $suffix =~ s/^(\001|\002)//;
- $new =~ s/$suffix$//;
- $old =~ s/$suffix$//;
- }
-
- # if we boiled the differences down to a ** in the new entry, it matches
- # whatever's in the old entry
- return 1 if $new eq "\001";
-
- # if we've paired things down to a * in new, old matches if there are no
- # slashes left in the path
- return 1 if ($new eq "\002" && $old =~ /^[^\/]+$/);
-
- # we'll bail out if we have more globs in the old version
- return undef if $old =~ /\001|\002/;
-
- # see if we can match * globs in new against literal elements in old
- $new =~ s/\002/[^\/]*/g;
-
- return 1 if $old =~ /^$new$/;
-
- } else {
-
- my $new_regexp = convert_regexp($new);
-
- # check the log entry against our converted regexp...
- return 1 if $old =~ /^$new_regexp$/;
-
- }
-
- return undef;
-}
-
-sub combine_name($$) { return ($_[0] eq $_[1]) ? $_[0] : "$_[0]^$_[1]"; }
-sub split_name ($) { my ($p, $h) = split(/\^/, $_[0]); $h ||= $p; ($p, $h); }
-
-##########################
-#
-# prompt_user($headers, $functions, $default, $options, $selected);
-#
-# $headers:
-# a required arrayref made up of "key, value" pairs in the order you'd
-# like them displayed to user
-#
-# $functions:
-# a required arrayref of the different options to display at the bottom
-# of the prompt like "(A)llow", "(D)eny", and "Ba(c)on". the character
-# contained by ( and ) will be used as the key to select the specified
-# option.
-#
-# $default:
-# a required character which is the default "key" to enter when they
-# just hit enter
-#
-# $options:
-# an optional arrayref of the choices like the glob suggestions to be
-# presented to the user
-#
-# $selected:
-# specifies which option is currently selected
-#
-# when prompt_user() is called without an $options list, it returns a
-# single value which is the key for the specified "function".
-#
-# when prompt_user() is called with an $options list, it returns an array
-# of two elements, the key for the specified function as well as which
-# option was currently selected
-#######################################################################
-
-sub Text_PromptUser ($) {
- my $question = shift;
-
- my $title = $question->{title};
- my $explanation = $question->{explanation};
-
- my @headers = (@{ $question->{headers} });
- my @functions = (@{ $question->{functions} });
-
- my $default = $question->{default};
- my $options = $question->{options};
- my $selected = $question->{selected} || 0;
-
- my $helptext = $question->{helptext};
-
- push @functions, "CMD_HELP" if $helptext;
-
- my %keys;
- my @menu_items;
- for my $cmd (@functions) {
-
- # make sure we know about this particular command
- my $cmdmsg = "PromptUser: " . gettext("Unknown command") . " $cmd";
- fatal_error $cmdmsg unless $CMDS{$cmd};
-
- # grab the localized text to use for the menu for this command
- my $menutext = gettext($CMDS{$cmd});
-
- # figure out what the hotkey for this menu item is
- my $menumsg = "PromptUser: " .
- gettext("Invalid hotkey in") .
- " '$menutext'";
- $menutext =~ /\((\S)\)/ or fatal_error $menumsg;
-
- # we want case insensitive comparisons so we'll force things to
- # lowercase
- my $key = lc($1);
-
- # check if we're already using this hotkey for this prompt
- my $hotkeymsg = "PromptUser: " .
- gettext("Duplicate hotkey for") .
- " $cmd: $menutext";
- fatal_error $hotkeymsg if $keys{$key};
-
- # keep track of which command they're picking if they hit this hotkey
- $keys{$key} = $cmd;
-
- if ($default && $default eq $cmd) {
- $menutext = "[$menutext]";
- }
-
- push @menu_items, $menutext;
- }
-
- # figure out the key for the default option
- my $default_key;
- if ($default && $CMDS{$default}) {
- my $defaulttext = gettext($CMDS{$default});
-
- # figure out what the hotkey for this menu item is
- my $defmsg = "PromptUser: " .
- gettext("Invalid hotkey in default item") .
- " '$defaulttext'";
- $defaulttext =~ /\((\S)\)/ or fatal_error $defmsg;
-
- # we want case insensitive comparisons so we'll force things to
- # lowercase
- $default_key = lc($1);
-
- my $defkeymsg = "PromptUser: " .
- gettext("Invalid default") .
- " $default";
- fatal_error $defkeymsg unless $keys{$default_key};
- }
-
- my $widest = 0;
- my @poo = @headers;
- while (my $header = shift @poo) {
- my $value = shift @poo;
- $widest = length($header) if length($header) > $widest;
- }
- $widest++;
-
- my $format = '%-' . $widest . "s \%s\n";
-
- my $function_regexp = '^(';
- $function_regexp .= join("|", keys %keys);
- $function_regexp .= '|\d' if $options;
- $function_regexp .= ')$';
-
- my $ans = "XXXINVALIDXXX";
- while ($ans !~ /$function_regexp/i) {
- # build up the prompt...
- my $prompt = "\n";
-
- $prompt .= "= $title =\n\n" if $title;
-
- if (@headers) {
- my @poo = @headers;
- while (my $header = shift @poo) {
- my $value = shift @poo;
- $prompt .= sprintf($format, "$header:", $value);
- }
- $prompt .= "\n";
- }
-
- if ($explanation) {
- $prompt .= "$explanation\n\n";
- }
-
- if ($options) {
- for (my $i = 0; $options->[$i]; $i++) {
- my $f = ($selected == $i) ? ' [%d - %s]' : ' %d - %s ';
- $prompt .= sprintf("$f\n", $i + 1, $options->[$i]);
- }
- $prompt .= "\n";
- }
- $prompt .= join(" / ", @menu_items);
- print "$prompt\n";
-
- # get their input...
- $ans = lc(getkey());
-
- if ($ans) {
- # handle escape sequences so you can up/down in the list
- if ($ans eq "up") {
-
- if ($options && ($selected > 0)) {
- $selected--;
- }
- $ans = "XXXINVALIDXXX";
-
- } elsif ($ans eq "down") {
-
- if ($options && ($selected < (scalar(@$options) - 1))) {
- $selected++;
- }
- $ans = "XXXINVALIDXXX";
-
- } elsif ($keys{$ans} && $keys{$ans} eq "CMD_HELP") {
-
- print "\n$helptext\n";
- $ans = "XXXINVALIDXXX";
-
- } elsif (ord($ans) == 10) {
-
- # pick the default if they hit return...
- $ans = $default_key;
-
- } elsif ($options && ($ans =~ /^\d$/)) {
-
- # handle option poo
- if ($ans > 0 && $ans <= scalar(@$options)) {
- $selected = $ans - 1;
- }
- $ans = "XXXINVALIDXXX";
- }
- }
-
- if ($keys{$ans} && $keys{$ans} eq "CMD_HELP") {
- print "\n$helptext\n";
- $ans = "again";
- }
- }
-
- # pull our command back from our hotkey map
- $ans = $keys{$ans} if $keys{$ans};
- return ($ans, $selected);
-
-}
-
-# Parse event record into key-value pairs
-sub parse_event($) {
- my %ev = ();
- my $msg = shift;
- chomp($msg);
- my $event = LibAppArmor::parse_record($msg);
- my ($rmask, $dmask);
-
- $DEBUGGING && debug("parse_event: $msg");
-
- $ev{'resource'} = LibAppArmor::aa_log_record::swig_info_get($event);
- $ev{'active_hat'} = LibAppArmor::aa_log_record::swig_active_hat_get($event);
- $ev{'sdmode'} = LibAppArmor::aa_log_record::swig_event_get($event);
- $ev{'time'} = LibAppArmor::aa_log_record::swig_epoch_get($event);
- $ev{'operation'} = LibAppArmor::aa_log_record::swig_operation_get($event);
- $ev{'profile'} = LibAppArmor::aa_log_record::swig_profile_get($event);
- $ev{'name'} = LibAppArmor::aa_log_record::swig_name_get($event);
- $ev{'name2'} = LibAppArmor::aa_log_record::swig_name2_get($event);
- $ev{'attr'} = LibAppArmor::aa_log_record::swig_attribute_get($event);
- $ev{'parent'} = LibAppArmor::aa_log_record::swig_parent_get($event);
- $ev{'pid'} = LibAppArmor::aa_log_record::swig_pid_get($event);
- $ev{'task'} = LibAppArmor::aa_log_record::swig_task_get($event);
- $ev{'info'} = LibAppArmor::aa_log_record::swig_info_get($event);
- $dmask = LibAppArmor::aa_log_record::swig_denied_mask_get($event);
- $rmask = LibAppArmor::aa_log_record::swig_requested_mask_get($event);
- $ev{'magic_token'} =
- LibAppArmor::aa_log_record::swig_magic_token_get($event);
-
- # NetDomain
- if ( $ev{'operation'} && optype($ev{'operation'}) eq "net" ) {
- $ev{'family'} =
- LibAppArmor::aa_log_record::swig_net_family_get($event);
- $ev{'protocol'} =
- LibAppArmor::aa_log_record::swig_net_protocol_get($event);
- $ev{'sock_type'} =
- LibAppArmor::aa_log_record::swig_net_sock_type_get($event);
- }
-
- LibAppArmor::free_record($event);
-
- if ($ev{'operation'} && $ev{'operation'} =~ /^(capable|dbus|mount|pivotroot|umount)/) {
- $DEBUGGING && debug("parser_event: previous event IGNORED");
- return( undef );
- }
-
- #map new c and d to w as logprof doesn't support them yet
- if ($rmask) {
- $rmask =~ s/c/w/g;
- $rmask =~ s/d/w/g;
- }
- if ($dmask) {
- $dmask =~ s/c/w/g;
- $dmask =~ s/d/w/g;
- }
-
- if ($rmask && !validate_log_mode(hide_log_mode($rmask))) {
- fatal_error(sprintf(gettext('Log contains unknown mode %s.'),
- $rmask));
- }
-
- if ($dmask && !validate_log_mode(hide_log_mode($dmask))) {
- fatal_error(sprintf(gettext('Log contains unknown mode %s.'),
- $dmask));
- }
-#print "str_to_mode deny $dmask = " . str_to_mode($dmask) . "\n" if ($dmask);
-#print "str_to_mode req $rmask = " . str_to_mode($rmask) . "\n" if ($rmask);
-
- my ($mask, $name);
- ($mask, $name) = log_str_to_mode($ev{profile}, $dmask, $ev{name2});
- $ev{'denied_mask'} = $mask;
- $ev{name2} = $name;
-
- ($mask, $name) = log_str_to_mode($ev{profile}, $rmask, $ev{name2});
- $ev{'request_mask'} = $mask;
- $ev{name2} = $name;
-
- if ( ! $ev{'time'} ) { $ev{'time'} = time; }
-
- # remove null responses
- for (keys(%ev)) {
- if ( ! $ev{$_} || $ev{$_} !~ /[\/\w]+/) { delete($ev{$_}); }
- }
-
- if ( $ev{'sdmode'} ) {
- #0 = invalid, 1 = error, 2 = AUDIT, 3 = ALLOW/PERMIT,
- #4 = DENIED/REJECTED, 5 = HINT, 6 = STATUS/config change
- if ( $ev{'sdmode'} == 0 ) { $ev{'sdmode'} = "UNKNOWN"; }
- elsif ( $ev{'sdmode'} == 1 ) { $ev{'sdmode'} = "ERROR"; }
- elsif ( $ev{'sdmode'} == 2 ) { $ev{'sdmode'} = "AUDITING"; }
- elsif ( $ev{'sdmode'} == 3 ) { $ev{'sdmode'} = "PERMITTING"; }
- elsif ( $ev{'sdmode'} == 4 ) { $ev{'sdmode'} = "REJECTING"; }
- elsif ( $ev{'sdmode'} == 5 ) { $ev{'sdmode'} = "HINT"; }
- elsif ( $ev{'sdmode'} == 6 ) { $ev{'sdmode'} = "STATUS"; }
- else { delete($ev{'sdmode'}); }
- }
- if ( $ev{sdmode} ) {
- $DEBUGGING && debug( Data::Dumper->Dump([%ev], [qw(*event)]));
- return \%ev;
- } else {
- return( undef );
- }
-}
-
-###############################################################################
-# required initialization
-
-$cfg = read_config("logprof.conf");
-if ((not defined $cfg->{settings}{default_owner_prompt})) {
- $cfg->{settings}{default_owner_prompt} = 0;
-}
-
-$profiledir = find_first_dir($cfg->{settings}{profiledir}) || "/etc/apparmor.d";
-unless (-d $profiledir) { fatal_error "Can't find AppArmor profiles."; }
-
-$extraprofiledir = find_first_dir($cfg->{settings}{inactive_profiledir}) ||
-"/usr/share/apparmor/extra-profiles/";
-
-$parser = find_first_file($cfg->{settings}{parser}) || "/sbin/apparmor_parser";
-unless (-x $parser) { fatal_error "Can't find apparmor_parser."; }
-
-$filename = find_first_file($cfg->{settings}{logfiles}) || "/var/log/syslog";
-unless (-f $filename) { fatal_error "Can't find system log."; }
-
-$ldd = find_first_file($cfg->{settings}{ldd}) || "/usr/bin/ldd";
-unless (-x $ldd) { fatal_error "Can't find ldd."; }
-
-$logger = find_first_file($cfg->{settings}{logger}) || "/bin/logger";
-unless (-x $logger) { fatal_error "Can't find logger."; }
-
-1;
-
diff --git a/deprecated/utils/Immunix/Config.pm b/deprecated/utils/Immunix/Config.pm
deleted file mode 100644
index 0869a5e012cc1765554f9a0311876145a1115ffa..0000000000000000000000000000000000000000
--- a/deprecated/utils/Immunix/Config.pm
+++ /dev/null
@@ -1,124 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (c) 2006 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-package Immunix::Config;
-
-use strict;
-use warnings;
-
-use Carp;
-use Cwd qw(cwd realpath);
-use File::Basename;
-use File::Temp qw/ tempfile tempdir /;
-use Data::Dumper;
-use Locale::gettext;
-use POSIX;
-
-require Exporter;
-our @ISA = qw(Exporter);
-our @EXPORT = qw(
- read_config
- write_config
- find_first_file
- find_first_dir
-);
-
-our $confdir = "/etc/apparmor";
-
-# config vars
-our $cfg;
-our $repo_cfg;
-
-sub read_config {
- my $filename = shift;
- my $config;
-
- if (open(CONF, "$confdir/$filename")) {
- my $which;
- while (<CONF>) {
- chomp;
- # ignore comments
- next if /^\s*#/;
- if (m/^\[(\S+)\]/) {
- $which = $1;
- } elsif (m/^\s*(\S+)\s*=\s*(.*)\s*$/) {
- my ($key, $value) = ($1, $2);
- $config->{$which}{$key} = $value;
- }
- }
- close(CONF);
- }
-
- # LP: #692406
- # Explicitly disable the repository until there is an alternative, since
- # the OpenSUSE site went away
- if ($filename eq "repository.conf") {
- $config->{repository}{enabled} = "no";
- }
-
- return $config;
-}
-
-sub write_config {
- my ($filename, $config) = @_;
- if (open(my $CONF, ">$confdir/$filename")) {
- for my $section (sort keys %$config) {
- print $CONF "[$section]\n";
-
- for my $key (sort keys %{$config->{$section}}) {
- print $CONF " $key = $config->{$section}{$key}\n"
- if ($config->{$section}{$key});
- }
- }
- chmod(0600, $CONF);
- close($CONF);
- } else {
- die "Can't write config file $filename: $!";
- }
-}
-
-sub find_first_file {
- my $list = shift;
- return if ( not defined $list );
- my $filename;
- for my $f (split(/\s+/, $list)) {
- if (-f $f) {
- $filename = $f;
- last;
- }
- }
-
- return $filename;
-}
-
-sub find_first_dir {
- my $list = shift;
- return if ( not defined $list );
- my $dirname;
- for my $f (split(/\s+/, $list)) {
- if (-d $f) {
- $dirname = $f;
- last;
- }
- }
-
- return $dirname;
-}
-
-1;
diff --git a/deprecated/utils/Immunix/Reports.pm b/deprecated/utils/Immunix/Reports.pm
deleted file mode 100755
index 47fbd08e805bc999a739c83e962cbda49a1860f4..0000000000000000000000000000000000000000
--- a/deprecated/utils/Immunix/Reports.pm
+++ /dev/null
@@ -1,2024 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2005-2006 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-package Immunix::Reports;
-
-################################################################################
-# /usr/lib/perl5/site_perl/Reports.pm
-#
-# - Parses /var/log/messages for AppArmor messages
-# - Writes results to .html or comma-delimited (.csv) files (Optional)
-#
-# Requires:
-# Immunix::Events;
-# Time::Local (temporary)
-#
-# Input (Optional):
-# -Start Date|End Date (Month, Day, Year, Time)
-# -Program Name
-# -Profile Name
-# -PID
-# -Denied Resources
-#
-################################################################################
-
-use strict;
-
-use DBI;
-use DBD::SQLite;
-use Locale::gettext;
-use POSIX;
-use ycp;
-
-setlocale(LC_MESSAGES, "");
-textdomain("Reports");
-
-my $eventDb = '/var/log/apparmor/events.db';
-my $numEvents = 1000;
-
-sub YcpDebug ($$) {
-
- my $argList = "";
- #my ($script, $args) = @_;
- my $script = shift;
- my $args = shift;
-
- if ($args && ref($args) eq "HASH") {
-
- for (sort keys(%$args) ) {
- $argList .= "$_ is ..$args->{$_}.., " if $args->{$_};
- }
-
- } elsif ($args && ref($args) eq "ARRAY") {
-
- for my $row (@$args) {
- for (sort keys(%$row) ) {
- $argList .= "$_ is ..$row->{$_}.., " if $row->{$_};
- }
- }
- } elsif ( $args ) {
- $argList = $args;
- } else {
- my $prob = ref($args);
- $argList = "Type not supported for printing debug: $prob";
- }
-
- ycp::y2milestone("[apparmor $script] vars: $argList");
-
-}
-
-sub month2Num {
- my $lexMon = shift;
- my $months = {
- "Jan" => '01',
- "Feb" => '02',
- "Mar" => '03',
- "Apr" => '04',
- "May" => '05',
- "Jun" => '06',
- "Jul" => '07',
- "Aug" => '08',
- "Sep" => '09',
- "Oct" => '10',
- "Nov" => '11',
- "Dec" => '12'
- };
-
- my $numMonth = $months->{$lexMon};
-
- return $numMonth;
-}
-
-sub num2Month {
- my $monthNum = shift;
-
- my @months = ("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");
- my $lexMonth = $months[ ($monthNum - 1) ];
-
- return $lexMonth;
-}
-
-# Converts Epoch Time to Formatted Date String
-sub getDate {
- my $epTime = shift;
-
- my $date = localtime($epTime);
-
- my ($day, $mon, $mondate, $time, $year) = split(/\s+/, $date);
- my ($hour, $min, $sec) = split(/:/, $time);
-
- $mon = month2Num($mon);
-
- # we want 2 digits for easier reading
- $mon = sprintf("%02d", $mon);
- $mondate = sprintf("%02d", $mondate);
-
- my $newDate = "$year-$mon-$mondate $time";
- return $newDate;
-}
-
-sub round {
- my $num = shift;
- $num = sprintf("%.2f", $num);
- return ("$num");
-}
-
-# round up
-sub pageRound {
- my $num = shift;
- my $pnum = int($num);
-
- if ($pnum < $num) {
- $pnum++;
- }
-
- return $pnum;
-}
-
-sub checkFileExists {
- my $file = shift;
-
- if ($file && -e $file) {
- return 1;
- } else {
- return 0;
- }
-}
-
-sub getNetSockList {
-
- my @netsockList = (
- "All", "UNIX Domain Sockets", "IP v4", "Radio AX.25",
- "Novell IPX", "Appletalk", "Radio NET/ROM",
- "Multiprotocol Bridge", "ATM PVC", "X.25", "IP v6",
- "Radio X.25 PLP", "DECnet", "NetBEUI", "Security Callback",
- "PF Key Management", "Netlink", "Packet", "Ash",
- "Econet", "ATM SVC", "Filler (Ignore)", "Linux SNA",
- "IRDA", "PPPoX", "Wanpipe", "Linux LLC",
- "Filler (Ignore)", "Filler (Ignore)", "Filler (Ignore)", "TIPC",
- "Bluetooth", "IUCV", "RxRPC"
- );
-
-
- return \@netsockList;
-}
-
-sub netsock_name2num {
-
- my $sockName = shift;
- my $sockNum = '';
- my $netsockList = getNetSockList();
-
- my $i;
-
- for ($i = 0; $i < @$netsockList; $i++) {
- last if $_ eq @$netsockList[$i];
- }
-
- if ($i < @$netsockList) {
- $sockNum = $i;
- }
-
- return $sockNum;
-}
-
-sub netsock_num2name {
-
- my $sockNum = shift;
- my $sockName = undef;
- my $netsockList = getNetSockList();
-
- if ( $sockNum < @$netsockList) {
- $sockName = @$netsockList[$sockNum];
- }
-
- if ( $sockName eq "Filler (Ignore)" ) {
- $sockName = undef;
- }
-
- return $sockName;
-}
-
-sub matchFailed ($$) {
-
- my $args = shift;
- my $rec = shift;
-
- # Check filters
- if ($args->{'pid'} && $args->{'pid'} ne '-') {
- return(1) unless ($args->{'pid'} eq $rec->{'pid'});
- }
- if ( $args->{'severity'}
- && $args->{'severity'} ne "00"
- && $args->{'severity'} ne '-')
- {
- if ($args->{'severity'} eq "U") { $args->{'severity'} = '-1'; }
- return(1) unless ($args->{'severity'} eq $rec->{'severity'});
- }
- if ($args->{'mode_deny'} && $args->{'mode_deny'} ne '-') {
- return(1) unless ($args->{'mode_deny'} eq $rec->{'mode_deny'});
- }
- if ($args->{'mode_req'} && $args->{'mode_req'} ne '-') {
- return(1) unless ($args->{'mode_req'} eq $rec->{'mode_req'});
- }
-
- if ($args->{'resource'} && $args->{'resource'} ne '-') {
- return(1) unless ($args->{'resource'} eq $rec->{'resource'});
- }
- if ($args->{'sdmode'} && $args->{'sdmode'} ne '-') {
- # Needs reversal of comparison for sdmode
- return(1) unless ($rec->{'sdmode'} =~ /$args->{'sdmode'}/);
- }
- if ($args->{'op'} && $args->{'op'} ne '-') {
- return(1) unless ($args->{'op'} eq $rec->{'op'});
- }
- if ($args->{'attr'} && $args->{'attr'} ne '-') {
- return(1) unless ($args->{'attr'} eq $rec->{'attr'});
- }
- if ($args->{'name_alt'} && $args->{'name_alt'} ne '-') {
- return(1) unless ($args->{'name_alt'} eq $rec->{'name_alt'});
- }
- if ($args->{'net_family'} && $args->{'net_family'} ne '-') {
- return(1) unless ($args->{'net_family'} eq $rec->{'net_family'});
- }
- if ($args->{'net_proto'} && $args->{'net_proto'} ne '-') {
- return(1) unless ($args->{'net_proto'} eq $rec->{'net_proto'});
- }
- if ($args->{'net_socktype'} && $args->{'net_socktype'} ne '-') {
- return(1) unless ($args->{'net_socktype'} eq $rec->{'net_socktype'});
- }
-
- return 0;
-}
-
-# Translate mode & sdmode for parsing
-sub rewriteModes {
- my $filts = shift;
-
- # Mode wrangling - Rewrite for better matches
- for ('mode_req','mode_deny') {
-
- if ($filts->{$_} && $filts->{$_} ne "All") {
-
- my @mode = ();
- my $tmpMode = undef;
-
- @mode = split(//, $filts->{$_});
-
- if (@mode > 0) {
- #$tmpMode = join("|", @mode);
- $tmpMode = join("", @mode);
- if ($tmpMode =~ /m/) {
- $tmpMode =~ s/m//g;
- $tmpMode = "m" . $tmpMode;
- }
- } else {
- delete($filts->{$_});
- }
-
- if ($tmpMode) {
- $filts->{$_} = $tmpMode;
- }
- }
- }
-
- # Rewrite sdmode for more flexible matches
- if ($filts->{'sdmode'} && $filts->{'sdmode'} ne "All") {
- my @tmpMode = ();
- if ($filts->{'sdmode'} =~ /[pP]/) { push(@tmpMode, 'PERMIT'); }
- if ($filts->{'sdmode'} =~ /[rR]/) { push(@tmpMode, 'REJECT'); }
- if ($filts->{'sdmode'} =~ /[aA]/) { push(@tmpMode, 'AUDIT'); }
- if (@tmpMode > 0) {
- $filts->{'sdmode'} = join('|', @tmpMode);
- } else {
- delete($filts->{'sdmode'});
- }
- }
-
- return $filts;
-}
-
-sub getFilterList ($) {
-
- my $args = shift;
- my $filts = undef;
-
- if ($args->{'prog'}) { $filts->{'prog'} = $args->{'prog'}; }
- if ($args->{'profile'}) { $filts->{'profile'} = $args->{'profile'}; }
- if ($args->{'pid'}) { $filts->{'pid'} = $args->{'pid'}; }
- if ($args->{'resource'}) { $filts->{'resource'} = $args->{'resource'}; }
- if ($args->{'severity'}) { $filts->{'severity'} = $args->{'severity'}; }
- if ($args->{'sdmode'}) { $filts->{'sdmode'} = $args->{'sdmode'}; }
- if ($args->{'mode_req'}) { $filts->{'mode_req'} = $args->{'mode_req'}; }
- if ($args->{'mode_deny'}) { $filts->{'mode_deny'} = $args->{'mode_deny'}; }
- if ($args->{'op'}) { $filts->{'op'} = $args->{'op'}; }
- if ($args->{'attr'}) { $filts->{'attr'} = $args->{'attr'}; }
- if ($args->{'name_alt'}) { $filts->{'name_alt'} = $args->{'name_alt'}; }
- if ($args->{'net_family'}) { $filts->{'net_family'} = $args->{'net_family'}; }
- if ($args->{'net_proto'}) { $filts->{'net_proto'} = $args->{'net_proto'}; }
- if ($args->{'net_socktype'}) { $filts->{'net_socktype'} = $args->{'net_socktype'}; }
-
- for (sort(keys(%$filts))) {
- if ($filts->{$_} eq '-' || $filts->{$_} eq 'All') {
- delete($filts->{$_});
- }
- }
- return $filts;
-}
-
-sub enableEventD {
-
- # make sure the eventd is enabled before we do any reports
- my $need_enable = 0;
- if (open(SDCONF, "/etc/apparmor/subdomain.conf")) {
- while (<SDCONF>) {
- if (/^\s*APPARMOR_ENABLE_AAEVENTD\s*=\s*(\S+)\s*$/) {
- my $flag = lc($1);
-
- # strip quotes from the value if present
- $flag = $1 if $flag =~ /^"(\S+)"$/;
- $need_enable = 1 if $flag ne "yes";
- }
- }
- close(SDCONF);
- }
-
- # if the eventd isn't enabled, we'll turn it on the first time they
- # run a report and start it up - if something fails for some reason,
- # we should just fall through and the db check should correctly tell
- # the caller that the db isn't initialized correctly
- if ($need_enable) {
- my $old = "/etc/apparmor/subdomain.conf";
- my $new = "/etc/apparmor/subdomain.conf.$$";
- if (open(SDCONF, $old)) {
- if (open(SDCONFNEW, ">$new")) {
- my $foundit = 0;
-
- while (<SDCONF>) {
- if (/^\s*APPARMOR_ENABLE_AAEVENTD\s*=/) {
- print SDCONFNEW "APPARMOR_ENABLE_AAEVENTD=\"yes\"\n";
-
- $foundit = 1;
- } else {
- print SDCONFNEW;
- }
- }
-
- unless ($foundit) {
- print SDCONFNEW "APPARMOR_ENABLE_AAEVENTD=\"yes\"\n";
- }
-
- close(SDCONFNEW);
-
- # if we were able to overwrite the old config
- # config file with the new stuff, we'll kick
- # the init script to start up aa-eventd
- if (rename($new, $old)) {
- if (-e "/sbin/rcaaeventd") {
- system("/sbin/rcaaeventd restart >/dev/null 2>&1");
- } else {
- system("/sbin/rcapparmor restart >/dev/null 2>&1");
- }
- }
- }
- close(SDCONF);
- }
-
- }
-
- return $need_enable;
-}
-
-# Check that events db exists and is populated
-# - Returns 1 for good db, 0 for bad db
-sub checkEventDb {
- my $count = undef;
- my $eventDb = '/var/log/apparmor/events.db';
-
- # make sure the event daemon is enabled
- if (enableEventD()) {
-
- my $now = time;
-
- # wait until the event db appears or we hit 1 min
- while (!-e $eventDb) {
- sleep 2;
- return 0 if ((time - $now) >= 60);
- }
-
- # wait until it stops changing or we hit 1 min - the event
- # daemon flushes events to the db every five seconds.
- my $last_modified = 0;
- my $modified = (stat($eventDb))[9];
- while ($last_modified != $modified) {
- sleep 10;
- last if ((time - $now) >= 60);
- $last_modified = $modified;
- $modified = (stat($eventDb))[9];
- }
- }
-
- my $query = "SELECT count(*) FROM events ";
-
- # Pull stuff from db
- my $dbh = DBI->connect("dbi:SQLite:dbname=$eventDb", "", "", { RaiseError => 1, AutoCommit => 1 });
-
- eval {
- my $sth = $dbh->prepare($query);
- $sth->execute;
- $count = $sth->fetchrow_array();
-
- $sth->finish;
- };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- $dbh->disconnect();
-
- if ($count && $count > 0) {
- return 1;
- } else {
- return 0;
- }
-}
-
-# Called from ag_reports_parse
-sub getNumPages ($) {
- my $args = shift;
- my $db = ();
- my $numPages = 0;
- my $count = 0;
- my $type = undef;
- my $eventRep = "/var/log/apparmor/reports/events.rpt";
-
- # Figure out whether we want db count or file parse
- if ($args->{'type'}) {
- if ($args->{'type'} eq 'sir' || $args->{'type'} eq 'ess-multi') {
- $type = 'db';
- } elsif ($args->{'type'} eq 'ess') {
- return 1; # ess reports have one page by definition
- } else {
- $type = 'arch'; # archived or file
- }
- }
-
- # Parse sdmode & mode labels
- if ($args->{'sdmode'}) {
- $args->{'sdmode'} =~ s/\&//g;
- $args->{'sdmode'} =~ s/\://g;
- $args->{'sdmode'} =~ s/\s//g;
- $args->{'sdmode'} =~ s/AccessType//g;
-
- if ($args->{'sdmode'} eq "All") {
- delete($args->{'sdmode'});
- }
- }
-
- if ($args->{'mode_req'}) {
- $args->{'mode_req'} =~ s/\&//g;
- $args->{'mode_req'} =~ s/Mode\://g;
- $args->{'mode_req'} =~ s/\s//g;
-
- if ($args->{'mode_req'} eq "All") {
- delete($args->{'mode_req'});
- }
- }
- ########################################
-
- $args = rewriteModes($args);
-
- if ($type && $type eq 'db') {
-
- my $start = undef;
- my $end = undef;
-
- if ($args->{'startTime'} && $args->{'startTime'} > 0) {
- $start = $args->{'startTime'};
- }
-
- if ($args->{'endTime'} && $args->{'endTime'} > 0) {
- $end = $args->{'endTime'};
- }
-
- my $query = "SELECT count(*) FROM events ";
-
- # We need filter information for getting a correct count
- my $filts = getFilterList($args);
- my $midQuery = getQueryFilters($filts, $start, $end);
- if ($midQuery) { $query .= "$midQuery"; }
- # Pull stuff from db
- my $dbh = DBI->connect("dbi:SQLite:dbname=$eventDb", "", "", { RaiseError => 1, AutoCommit => 1 });
-
- eval {
- my $sth = $dbh->prepare($query);
- $sth->execute;
- $count = $sth->fetchrow_array();
-
- $sth->finish;
- };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- $dbh->disconnect();
-
- $numPages = pageRound($count / $numEvents);
- if ($numPages < 1) { $numPages = 1; }
-
- } elsif ($type && $type eq 'arch') {
-
- if (open(REP, "<$eventRep")) {
-
- while (<REP>) {
- if (/^Page/) {
- $numPages++;
- } else {
- $count++;
- }
- }
-
- close REP;
-
- } else {
- ycp::y2error(sprintf(gettext("Couldn't open file: %s."), $eventRep));
- }
-
- } else {
- ycp::y2error(gettext("No type value passed. Unable to determine page count."));
- return ("1");
- }
-
- if ($numPages < 1) { $numPages = 1; }
-
- my $numCheck = int($count / $numEvents);
-
- if ($numPages < $numCheck) {
- $numPages = $numCheck;
- }
-
- return ($numPages);
-}
-
-sub getEpochFromNum {
- my $date = shift;
- my $place = shift || undef; # Used to set default $sec if undef
-
- my ($numMonth, $numDay, $time, $year) = split(/\s+/, $date);
- my ($hour, $min, $sec) = '0';
- my $junk = undef;
-
- if ($time =~ /:/) {
- ($hour, $min, $sec, $junk) = split(/\:/, $time);
- if (!$hour || $hour eq "") { $hour = '0'; }
- if (!$min || $min eq "") { $min = '0'; }
- if (!$sec || $sec eq "") {
- if ($place eq 'end') {
- $sec = '59';
- } else {
- $sec = '0';
- }
- }
- }
-
- $numMonth--; # Months start from 0 for epoch translation
-
- if (!$year) { $year = (split(/\s+/, localtime))[4]; }
- my $epochDate = timelocal($sec, $min, $hour, $numDay, $numMonth, $year);
-
- return $epochDate;
-}
-
-sub getEpochFromStr {
- my $lexDate = shift;
-
- my ($lexMonth, $dateDay, $fullTime, $year) = split(/\s+/, $lexDate);
- my ($hour, $min, $sec) = split(/\:/, $fullTime);
-
- if (!$year) { $year = (split(/\s+/, localtime))[4]; }
-
- my $numMonth = month2Num($lexMonth);
-
- my $epochDate = timelocal($sec, $min, $hour, $dateDay, $numMonth, $year);
-
- return $epochDate;
-}
-
-# Replaces old files with new files
-sub updateFiles {
- my ($oldFile, $newFile) = @_;
-
- if (unlink("$oldFile")) {
- if (!rename("$newFile", "$oldFile")) {
- if (!system('/bin/mv', "$newFile", "$oldFile")) {
- ycp::y2error(sprintf(gettext("Failed copying %s."), $oldFile));
- return 1;
- }
- }
- } else {
- system('/bin/rm', "$oldFile");
- system('/bin/mv', "$newFile", "$oldFile");
- }
-
- return 0;
-}
-
-# This is a holder, that was originally part of exportLog()
-# Used by /usr/bin/reportgen.pl
-sub exportFormattedText {
- my ($repName, $logFile, $db) = @_;
-
- my $date = localtime;
- open(LOG, ">$logFile") || die "Couldn't open $logFile";
-
- print LOG "$repName: Log generated by Novell AppArmor, $date\n\n";
- printf LOG "%-21s%-32s%-8s%-51s", "Host", "Date", "Program", "Profile",
- "PID", "Severity", "Mode Deny", "Mode Request","Detail", "Access Type",
- "Operation", "Attribute", "Additional Name", "Parent", "Active Hat",
- "Net Family", "Net Protocol", "Net Socket Type";
-
- print LOG "\n";
-
- for (sort (@$db)) {
- print LOG "$_->{'host'},$_->{'time'},$_->{'prog'},$_->{'profile'},";
- print LOG "$_->{'pid'},$_->{'severity'},$_->{'mode_deny'},$_->{'mode_req'},";
- print LOG "$_->{'resource'},$_->{'sdmode'},$_->{'op'},$_->{'attr'},";
- print LOG "$_->{'name_alt'},$_->{'parent'},$_->{'active_hat'},";
- print LOG "$_->{'net_family'},$_->{'net_proto'},$_->{'net_socktype'}\n";
- }
-
- close LOG;
-}
-
-sub exportLog {
-
- my ($exportLog, $db, $header) = @_;
-
- return unless $db;
-
- if (open(LOG, ">$exportLog")) {
-
- my $date = localtime();
-
- if ($exportLog =~ /csv/) {
-
- # $header comes from reportgen.pl (scheduled reports)
- if ($header) { print LOG "$header\n\n"; }
-
- for (@$db) {
- print LOG "$_->{'host'},$_->{'time'},$_->{'prog'},$_->{'profile'},";
- print LOG "$_->{'pid'},$_->{'severity'},$_->{'mode_deny'},$_->{'mode_req'},";
- print LOG "$_->{'resource'},$_->{'sdmode'},$_->{'op'},$_->{'attr'},";
- print LOG "$_->{'name_alt'},$_->{'parent'},$_->{'active_hat'},";
- print LOG "$_->{'net_family'},$_->{'net_proto'},$_->{'net_socktype'}\n";
- }
-
- } elsif ($exportLog =~ /html/) {
-
- print LOG "<html><body bgcolor='fffeec'>\n\n";
- print LOG "<font face='Helvetica,Arial,Sans-Serif'>\n";
-
- # $header comes from reportgen.pl (scheduled reports)
- if ($header) {
- print LOG "$header\n\n";
- } else {
- print LOG "<br><h3>$exportLog</h3><br>\n<h4>Log generated by Novell AppArmor, $date</h4>\n\n";
- }
-
- print LOG "<hr><br><table border='1' cellpadding='2'>\n";
-
- print LOG "<tr bgcolor='edefff'><th>Host</th><th>Date</th><th>Program</th>" .
- "<th>Profile</th><th>PID</th><th>Severity</th><th>Mode Deny</th>" .
- "<th>Mode Request</th><th>Detail</th><th>Access Type</th><th>Operation</th>" .
- "<th>Attribute</th><th>Additional Name</th><th>Parent</th><th>Active Hat</th>" .
- "<th>Net Family</th><th>Net Protocol</th><th>Net Socket Type</th></tr>\n";
-
- my $idx = 1;
-
- for (@$db) {
- $idx++;
-
- my $logLine =
- "<td> $_->{'date'} </td>"
- . "<td> $_->{'prog'} </td>"
- . "<td> $_->{'profile'} </td>"
- . "<td> $_->{'pid'} </td>"
- . "<td> $_->{'severity'} </td>"
- . "<td> $_->{'mode_deny'} </td>"
- . "<td> $_->{'mode_req'} </td>"
- . "<td> $_->{'resource'} </td>"
- . "<td> $_->{'sdmode'} </td>"
- . "<td> $_->{'op'} </td>"
- . "<td> $_->{'attr'} </td>"
- . "<td> $_->{'name_alt'} </td>"
- . "<td> $_->{'parent'} </td>"
- . "<td> $_->{'active_hat'} </td>"
- . "<td> $_->{'net_family'} </td>"
- . "<td> $_->{'net_proto'} </td>"
- . "<td> $_->{'net_socktype'} </td></tr>";
-
- my $plainCell = "<tr><td> $_->{'host'} </td>";
- my $shadedCell = "<tr='edefef'><td> $_->{'host'} </td>";
- my $logLinePlain = $plainCell . $logLine;
- my $logLineShaded = $shadedCell . $logLine;
-
- if ($idx % 2 == 0) {
- print LOG "$logLinePlain\n";
- } else {
- # Shade every other row
- print LOG "$logLineShaded\n";
- }
- }
-
- print LOG "<br></table></font></body></html>\n\n";
- }
-
- close LOG;
- } else {
- ycp::y2error(sprintf(gettext("Export Log Error: Couldn't open %s"), $exportLog));
- }
-
-}
-
-# Pulls info on single report from apparmor xml file
-sub getXmlReport {
- my ($repName, $repConf) = @_;
-
- my $repFlag = 0;
- my %rep = ();
-
- if (defined($repName) && ref($repName)) {
-
- if ($repName->{'base'}) {
- $repName = $repName->{'base'};
- } elsif ($repName->{'name'}) {
- $repName = $repName->{'name'};
- }
- }
-
- if (!$repName) {
- ycp::y2error(gettext("Fatal error. No report name given. Exiting."));
- }
-
- if (!$repConf || !-e $repConf) {
- $repConf = '/etc/apparmor/reports.conf';
- if (!-e $repConf) {
- ycp::y2error(
- sprintf(
- gettext(
- "Unable to get configuration info for %s.
- Unable to find %s."
- ),
- $repName,
- $repConf
- )
- );
- exit 1;
- }
- }
-
- if (open(XML, "<$repConf")) {
-
- while (<XML>) {
-
- chomp;
-
- if (/\<name\>/) {
-
- /\<name\>(.+)\<\/name\>/;
- my $name = $1;
- if ($name eq $repName) {
- $rep{'name'} = $name;
- $repFlag = 1;
- }
-
- } elsif (/\<\/report\>/) {
-
- $repFlag = 0;
-
- } elsif ($repFlag == 1) {
- if (/\s*\<\w+\s+(.*)\/\>.*$/) {
- my $attrs = $1;
- chomp($attrs);
- my @attrlist = split(/\s+/, $attrs);
- for (@attrlist) {
-
- #Match attributes
- if (/\s*(\S+)=\"(\S+)\"/) {
- $rep{$1} = $2 unless $2 eq '-';
- }
- }
- } elsif (/\<(\w+)\>([\w+|\/].*)\<\//) {
-
- if ($1) {
- $rep{"$1"} = $2 unless $2 eq '-';
- } else {
- ycp::y2error(sprintf(gettext("Failed to parse: %s."), $_));
- }
- }
- }
- }
-
- close XML;
-
- } else {
- ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s."), $repConf));
- exit 1;
- }
-
- return \%rep;
-}
-
-# Returns info on currently confined processes
-sub getCfInfo {
-
- my $ref = ();
- my @cfDb = ();
-
- my $cfApp = '/usr/sbin/unconfined';
-
- if (open(CF, "$cfApp |")) {
-
- my $host = `hostname`;
- chomp($host);
-
- my $date = localtime;
-
- while (<CF>) {
-
- my $ref = ();
- my $all = undef;
- $ref->{'host'} = $host;
- $ref->{'date'} = $date;
- chomp;
-
- ($ref->{'pid'}, $ref->{'prog'}, $all) = split(/\s+/, $_, 3);
- $all = /\s*((not)*\s*confined\s*(by)*)/;
- $ref->{'state'} = $1;
- $ref->{'state'} =~ s/\s*by//g;
- $ref->{'state'} =~ s/not\s+/not-/g;
- ($ref->{'prof'}, $ref->{'type'}) = split(/\s+/, $_);
-
- if ($ref->{'prog'} eq "") { $ref->{'prog'} = "-"; }
- if ($ref->{'prof'} eq "") { $ref->{'prof'} = "-"; }
- if ($ref->{'pid'} eq "") { $ref->{'pid'} = "-"; }
- if ($ref->{'state'} eq "") { $ref->{'state'} = "-"; }
- if ($ref->{'type'} eq "") { $ref->{'type'} = "-"; }
-
- push(@cfDb, $ref);
- }
- close CF;
-
- } else {
- my $error = sprintf(gettext("Fatal Error. Can't run %s. Exiting."), $cfApp);
- ycp::y2error($error);
- return $error;
- }
-
- return (\@cfDb);
-}
-
-# generate stats for ESS reports
-sub getEssStats {
- my $args = shift;
-
- #my ($host, $targetDir, $startdate, $enddate) = @_;
-
- my @hostDb = ();
- my @hostList = ();
- my $targetDir = undef;
- my $host = undef;
- my $startdate = undef;
- my $enddate = undef;
-
- if (!$args->{'targetDir'}) {
- $targetDir = '/var/log/apparmor/';
- }
-
- if ($args->{'host'}) { $host = $args->{'host'}; }
-
- if ($args->{'startdate'}) {
- $startdate = $args->{'startdate'};
- } else {
- $startdate = '1104566401'; # Jan 1, 2005
- }
-
- if ($args->{'enddate'}) {
- $enddate = $args->{'enddate'};
- } else {
- $enddate = time;
- }
-
- if (!-e $targetDir) {
- ycp::y2error(sprintf(gettext("Fatal Error. No directory, %s, found. Exiting."), $targetDir));
- return;
- }
-
- # Max Sev, Ave. Sev, Num. Rejects, Start Time, End Time
- my $ctQuery = "SELECT count(*) FROM events WHERE time >= $startdate AND time <= $enddate";
-
- my $query = "SELECT MAX(severity), AVG(severity), COUNT(id), MIN(time), "
- . "MAX(time) FROM events WHERE sdmode='REJECTING' AND "
- . "time >= $startdate AND time <= $enddate";
-
- # Get list of hosts to scan
- if (opendir(TDIR, $targetDir)) {
-
- @hostList = grep(/\.db/, readdir(TDIR));
- close TDIR;
-
- } else {
- ycp::y2error(sprintf(gettext("Fatal Error. Couldn't open %s. Exiting"), $targetDir));
- return;
- }
-
- # Cycle through for each host
- for my $eventDb (@hostList) {
-
- $eventDb = "$targetDir/$eventDb";
-
- my $ess = undef;
- my $ret = undef;
- my $count = undef;
-
- my $dbh = DBI->connect("dbi:SQLite:dbname=$eventDb", "", "", { RaiseError => 1, AutoCommit => 1 });
-
- # get hostname
- my $host = undef;
- my $hostQuery = "SELECT * FROM info WHERE name='host'";
-
- eval {
- my $sth = $dbh->prepare($hostQuery);
- $sth->execute;
- $host = $sth->fetchrow_array();
- $sth->finish;
- };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- # Get number of events
- eval {
- my $sth = $dbh->prepare($ctQuery);
- $sth->execute;
- $count = $sth->fetchrow_array();
- $sth->finish;
- };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- # Get rest of stats
- eval { $ret = $dbh->selectall_arrayref("$query"); };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- $dbh->disconnect();
-
- # hostIp, startDate, endDate, sevHi, sevMean, numRejects
- if ($host) {
- $ess->{'host'} = $host;
- } else {
- $ess->{'host'} = '';
- }
-
- $ess->{'sevHi'} = $$ret[0]->[0];
-
- if (!$ess->{'sevHi'}) {
- $ess->{'sevHi'} = 0;
- }
-
- $ess->{'sevMean'} = $$ret[0]->[1];
-
- if (!$ess->{'sevMean'} || $ess->{'sevHi'} == 0) {
- $ess->{'sevMean'} = 0;
- } else {
- $ess->{'sevMean'} = round("$ess->{'sevMean'}");
- }
-
- $ess->{'numRejects'} = $$ret[0]->[2];
- $ess->{'startdate'} = $$ret[0]->[3];
- $ess->{'enddate'} = $$ret[0]->[4];
- $ess->{'numEvents'} = $count;
-
- # Convert dates
- if ($ess->{'startdate'} && $ess->{'startdate'} !~ /:/) {
- $ess->{'startdate'} = Immunix::Reports::getDate($ess->{'startdate'});
- }
- if ($ess->{'enddate'} && $ess->{'enddate'} !~ /:/) {
- $ess->{'enddate'} = Immunix::Reports::getDate($ess->{'enddate'});
- }
-
- push(@hostDb, $ess);
- }
-
- return \@hostDb;
-}
-
-# get ESS stats for archived reports (warning -- this can be slow for large files
-# debug -- not fully functional yet
-sub getArchEssStats {
- my $args = shift;
-
- my $prevTime = '0';
- my $prevDate = '0';
- my $startDate = '1104566401'; # Jan 1, 2005
- my $endDate = time;
-
- if ($args->{'startdate'}) { $startDate = $args->{'startdate'}; }
- if ($args->{'enddate'}) { $endDate = $args->{'enddate'}; }
-
- # hostIp, startDate, endDate, sevHi, sevMean, numRejects
- my @eventDb = getEvents("$startDate", "$endDate");
-
- my @hostIdx = (); # Simple index to all hosts for quick host matching
- my @hostDb = (); # Host-keyed Data for doing REJECT stats
-
- # Outer Loop for Raw Event db
- for (@eventDb) {
-
- if ($_->{'host'}) {
-
- my $ev = $_; # current event record
-
- # Create new host entry, or add to existing
- if (grep(/$ev->{'host'}/, @hostIdx) == 1) {
-
- # Inner loop, but the number of hosts should be small
- for (@hostDb) {
-
- if ($_->{'host'} eq $ev->{'host'}) {
-
- # Find earliest start date
- if ($_->{'startdate'} > $ev->{'date'}) {
- $_->{'startdate'} = $ev->{'date'};
- }
-
- # tally all events reported for host
- $_->{'numEvents'}++;
-
- if ($ev->{'sdmode'}) {
- if ($ev->{'sdmode'} =~ /PERMIT/) {
- $_->{'numPermits'}++;
- }
- if ($ev->{'sdmode'} =~ /REJECT/) {
- $_->{'numRejects'}++;
- }
- if ($ev->{'sdmode'} =~ /AUDIT/) {
- $_->{'numAudits'}++;
- }
- }
-
- # Add stats to host entry
- #if ( $ev->{'severity'} && $ev->{'severity'} =~ /\b\d+\b/ ) {}
- if ($ev->{'severity'} && $ev->{'severity'} != -1) {
-
- $_->{'sevNum'}++;
- $_->{'sevTotal'} = $_->{'sevTotal'} + $ev->{'severity'};
-
- if ($ev->{'severity'} > $_->{'sevHi'}) {
- $_->{'sevHi'} = $ev->{'severity'};
- }
- } else {
- $_->{'unknown'}++;
- }
- }
- }
-
- } else {
-
- # New host
- my $rec = undef;
- push(@hostIdx, $ev->{'host'}); # Add host entry to index
-
- $rec->{'host'} = $ev->{'host'};
- $rec->{'startdate'} = $startDate;
-
- #$rec->{'startdate'} = $ev->{'date'};
-
- if ($endDate) {
- $rec->{'enddate'} = $endDate;
- } else {
- $rec->{'enddate'} = time;
- }
-
- # Add stats to host entry
- if ($ev->{'sev'} && $ev->{'sev'} ne "U") {
-
- $rec->{'sevHi'} = $ev->{'sev'};
- $rec->{'sevTotal'} = $ev->{'sev'};
- $rec->{'sevNum'} = 1;
- $rec->{'unknown'} = 0;
-
- } else {
-
- $rec->{'sevHi'} = 0;
- $rec->{'sevTotal'} = 0;
- $rec->{'sevNum'} = 0;
- $rec->{'unknown'} = 1;
-
- }
-
- # Start sdmode stats
- $rec->{'numPermits'} = 0;
- $rec->{'numRejects'} = 0;
- $rec->{'numAudits'} = 0;
- $rec->{'numEvents'} = 1; # tally all events reported for host
-
- if ($ev->{'sdmode'}) {
- if ($ev->{'sdmode'} =~ /PERMIT/) { $rec->{'numPermits'}++; }
- if ($ev->{'sdmode'} =~ /REJECT/) { $rec->{'numRejects'}++; }
- if ($ev->{'sdmode'} =~ /AUDIT/) { $rec->{'numAudits'}++; }
- }
-
- push(@hostDb, $rec); # Add new records to host data list
- }
-
- } else {
- next; # Missing host info -- big problem
- }
- } # END @eventDb loop
-
- # Process simple REJECT-related stats (for Executive Security Summaries)
- for (@hostDb) {
-
-# In the end, we want this info:
-# - Hostname, Startdate, Enddate, # Events, # Rejects, Ave. Severity, High Severity
-
- if ($_->{'sevTotal'} > 0 && $_->{'sevNum'} > 0) {
- $_->{'sevMean'} = round($_->{'sevTotal'} / $_->{'sevNum'});
- } else {
- $_->{'sevMean'} = 0;
- }
-
- # Convert dates
- if ($_->{'startdate'} !~ /:/) {
- $_->{'startdate'} = getDate($startDate);
- }
- if ($_->{'enddate'} !~ /:/) {
- $_->{'enddate'} = getDate($_->{'enddate'});
- }
-
- # Delete stuff that we may use in later versions (YaST is a silly,
- # silly data handler)
- delete($_->{'sevTotal'});
- delete($_->{'sevNum'});
- delete($_->{'numPermits'});
- delete($_->{'numAudits'});
- delete($_->{'unknown'});
-
- }
-
- return (\@hostDb);
-}
-
-# special version of getEvents() for /usr/bin/reportgen.pl
-sub grabEvents {
- my ($rep, $start, $end) = @_;
-
- my $db = undef;
- my $prevDate = "0";
- my $prevTime = "0";
-
- my $query = "SELECT * FROM events ";
-
- # Clear unnecessary filters
- for my $filt (%$rep) {
- next unless $filt && $rep->{$filt};
- $rep->{$filt} =~ s/\s+//g; # repname won't be in here, so no spaces
- if ( $rep->{$filt} eq "-" || $rep->{$filt} eq 'All' ||
- $rep->{$filt} eq '*' )
- {
- delete($rep->{$filt});
- }
- }
-
- $rep = rewriteModes($rep);
-
- # Set Dates far enough apart to get all entries (ie. no date filter)
- my $startDate = '1104566401'; # Jan 1, 2005
- my $endDate = time;
-
- if ($start && $start > 0) { $startDate = $start; }
-
- if (ref($rep)) {
- my $midQuery = getQueryFilters($rep, $startDate, $endDate);
- $query .= "$midQuery";
- }
-
- $db = getEvents($query, "$startDate", "$endDate");
-
- return ($db);
-}
-
-sub getQueryFilters {
- my ($filts, $start, $end) = @_;
-
- my $query = undef;
- my $wFlag = 0;
-
- if ($filts) {
-
- # Match any requested filters or drop record
- ############################################################
- for my $key(keys(%$filts)) {
-
- # Special case for severity
- if ( $key eq 'severity' ) {
-
- if ($filts->{$key} eq "-" || $filts->{$key} eq "All") {
- delete($filts->{$key});
- } elsif ($filts->{$key} eq "-1"
- || $filts->{$key} eq "U")
- {
- if ($wFlag == 1) {
- $query .= "AND events.severity = '-1' ";
- } else {
- $query .= "WHERE events.severity = '-1' ";
- }
- $wFlag = 1;
- } else {
- if ($wFlag == 1) {
- $query .= "AND events.severity >= \'$filts->{$key}\' ";
- } else {
- $query .= "WHERE events.severity >= \'$filts->{$key}\' ";
- }
- $wFlag = 1;
- }
-
- # Special case for sdmode
- } elsif ($filts->{'sdmode'}) {
-
- if ($filts->{'sdmode'} =~ /\|/) {
-
- my @sdmunge = split(/\|/, $filts->{'sdmode'});
- for (@sdmunge) { $_ = "\'\%" . "$_" . "\%\'"; }
-
- $filts->{'sdmode'} = join(" OR events.sdmode LIKE ", @sdmunge);
-
- } else {
- $filts->{'sdmode'} = "\'\%" . "$filts->{'sdmode'}" . "\%\'";
- }
-
- if ($wFlag == 1) {
- $query .= "AND events.sdmode LIKE $filts->{'sdmode'} ";
- } else {
- $query .= "WHERE events.sdmode LIKE $filts->{'sdmode'} ";
- }
- $wFlag = 1;
-
- # All other filters
- } elsif ($wFlag == 0) {
- $query .= "WHERE events.$key LIKE \'\%$filts->{$key}\%\' ";
- $wFlag = 1;
- } else {
- $query .= "AND events.$key LIKE \'\%$filts->{$key}\%\' ";
- }
- }
- }
-
- if ($start && $start =~ /\d+/ && $start > 0) {
- if ($wFlag == 1) {
- $query .= "AND events.time >= $start ";
- } else {
- $query .= "WHERE events.time >= $start ";
- }
- $wFlag = 1;
- }
-
- if ($end && $end =~ /\d+/ && $end > $start) {
- if ($wFlag == 1) {
- $query .= "AND events.time <= $end ";
- } else {
- $query .= "WHERE events.time <= $end ";
- }
- }
-
- return $query;
-}
-
-sub getQuery {
- my ($filts, $page, $sortKey, $numEvents) = @_;
-
- if (!$page || $page < 1 || $page !~ /\d+/) { $page = 1; }
- if (!$sortKey) { $sortKey = 'time'; }
- if (!$numEvents) { $numEvents = '1000'; }
-
- my $limit = (($page * $numEvents) - $numEvents);
-
- my $query = "SELECT * FROM events ";
-
- if ($filts) {
- my $midQuery = getQueryFilters($filts);
- if ($midQuery) { $query .= "$midQuery"; }
- }
-
- # Finish query
- $query .= "Order by $sortKey LIMIT $limit,$numEvents";
-
- return $query;
-}
-
-# Creates single hashref for the various filters
-sub setFormFilters {
- my $args = shift;
-
- my $filts = undef;
-
- if ($args) {
-
- if ($args->{'prog'}) { $filts->{'prog'} = $args->{'prog'}; }
- if ($args->{'profile'}) { $filts->{'profile'} = $args->{'profile'}; }
- if ($args->{'pid'}) { $filts->{'pid'} = $args->{'pid'}; }
- if ($args->{'resource'}) { $filts->{'resource'} = $args->{'resource'}; }
- if ($args->{'severity'}) { $filts->{'severity'} = $args->{'severity'}; }
- if ($args->{'sdmode'}) { $filts->{'sdmode'} = $args->{'sdmode'}; }
- if ($args->{'mode'}) { $filts->{'mode_req'} = $args->{'mode'}; }
- if ($args->{'mode_req'}) { $filts->{'mode_req'} = $args->{'mode_req'}; }
- if ($args->{'mode_deny'}) { $filts->{'mode_deny'} = $args->{'mode_deny'}; }
-
- }
-
- return $filts;
-}
-
-# helper for getSirFilters()
-# Makes gui-centric filters querying-friendly
-sub rewriteFilters {
- my $filts = shift;
-
- # Clear unnecessary filters
- for (keys(%$filts)) {
- if ($filts->{$_} eq "All") { delete($filts->{$_}); }
- }
-
- if ($filts->{'prog'}
- && ($filts->{'prog'} eq "-" || $filts->{'prog'} eq "All"))
- {
- delete($filts->{'prog'});
- }
- if ($filts->{'profile'} && ($filts->{'profile'} eq "-")) {
- delete($filts->{'profile'});
- }
- if ($filts->{'pid'} && ($filts->{'pid'} eq "-")) {
- delete($filts->{'pid'});
- }
- if ($filts->{'severity'} && ($filts->{'severity'} eq "-")) {
- delete($filts->{'severity'});
- }
- if ($filts->{'resource'} && ($filts->{'resource'} eq "-")) {
- delete($filts->{'resource'});
- }
-
- if ($filts->{'mode_req'}
- && ($filts->{'mode_req'} eq "-" || $filts->{'mode_req'} eq "All"))
- {
- delete($filts->{'mode_req'});
- }
-
- if ($filts->{'sdmode'}
- && ($filts->{'sdmode'} eq "-" || $filts->{'sdmode'} eq "All"))
- {
- delete($filts->{'sdmode'});
- }
-
- $filts = rewriteModes($filts);
- return $filts;
-}
-
-# returns ref to active filters for the specific SIR report
-sub getSirFilters {
- my $args = shift;
-
- my $repName = undef;
-
- if ($args && $args->{'name'}) {
- $repName = $args->{'name'};
- } else {
- $repName = "Security.Incident.Report";
- }
-
- my $repConf = '/etc/apparmor/reports.conf';
- my $rec = undef;
-
- my $filts = getXmlReport($repName);
-
- # Clean hash of useless refs
- for (sort keys(%$filts)) {
- if ($filts->{$_} eq "-") {
- delete($filts->{$_});
- }
- }
-
- # remove non-filter info
- if ($filts->{'name'}) { delete($filts->{'name'}); }
- if ($filts->{'exportpath'}) { delete($filts->{'exportpath'}); }
- if ($filts->{'exporttype'}) { delete($filts->{'exporttype'}); }
- if ($filts->{'addr1'}) { delete($filts->{'addr1'}); }
- if ($filts->{'addr2'}) { delete($filts->{'addr2'}); }
- if ($filts->{'addr3'}) { delete($filts->{'addr3'}); }
- if ($filts->{'time'}) { delete($filts->{'time'}); }
-
- if (!$args->{'gui'} || $args->{'gui'} ne "1") {
- $filts = rewriteModes($filts);
- $filts = rewriteFilters($filts);
- }
-
- return $filts;
-}
-
-# Main SIR report generator
-sub getEvents {
- my ($query, $start, $end, $dbFile) = @_;
-
- my @events = ();
- my $prevTime = 0;
- my $prevDate = '0';
-
- if (!$query || $query !~ /^SELECT/) { $query = "SELECT * FROM events"; }
- if ($dbFile && -f $dbFile) { $eventDb = $dbFile; }
-
- my $hostName = `/bin/hostname` || 'unknown';
- chomp $hostName unless $hostName eq 'unknown';
-
- if (!$start) { $start = '1104566401'; } # Give default start of 1/1/2005
- if (!$end) { $end = time; }
-
- # make sure they don't give us a bad range
- ($start, $end) = ($end, $start) if $start > $end;
-
- # Events Schema
- # id, time, counter, op, pid, sdmode, type, mode_deny, mode_req,
- # resource, target, profile, prog, name_alt, attr, parent, active_hat,
- # net_family, net_proto, net_socktype, severity
-
- # Pull stuff from db
- my $dbh = DBI->connect("dbi:SQLite:dbname=$eventDb", "", "", { RaiseError => 1, AutoCommit => 1 });
- my $all = undef;
- eval { $all = $dbh->selectall_arrayref("$query"); };
-
- if ($@) {
- ycp::y2error(sprintf(gettext("DBI Execution failed: %s."), $DBI::errstr));
- return;
- }
-
- $dbh->disconnect();
-
- for my $row (@$all) {
- my $rec = undef;
-
- ($rec->{'id'},$rec->{'time'},$rec->{'counter'},$rec->{'op'},$rec->{'pid'},
- $rec->{'sdmode'},$rec->{'type'},$rec->{'mode_deny'},$rec->{'mode_req'},
- $rec->{'resource'},$rec->{'target'},$rec->{'profile'}, $rec->{'prog'},
- $rec->{'name_alt'},$rec->{'attr'},$rec->{'parent'},$rec->{'active_hat'},
- $rec->{'net_family'},$rec->{'net_proto'},$rec->{'net_socktype'},
- $rec->{'severity'}) = @$row;
-
- # Give empty record values a default value
- if (!$rec->{'host'}) { $rec->{'host'} = $hostName; }
- for (keys(%$rec)) {
- if (!$rec->{$_}) { $rec->{$_} = '-'; }
- }
-
- # Change 'time' to date
- if ($rec->{'time'} && $rec->{'time'} == $prevTime) {
- $rec->{'date'} = $prevDate;
- } elsif ($rec->{'time'}) {
- my $newDate = getDate("$rec->{'time'}");
- $rec->{'date'} = $newDate;
- $prevDate = $newDate;
- $prevTime = $rec->{'time'};
- } else {
- $rec->{'date'} = "0000-00-00-00:00:00";
- }
-
- if ($rec->{'severity'} && $rec->{'severity'} eq '-1') {
- $rec->{'severity'} = 'U';
- }
-
- delete($rec->{'time'});
- delete($rec->{'counter'});
-
- push(@events, $rec);
- }
-
- return \@events;
-}
-
-# Archived Reports Stuff -- Some of this would go away in an ideal world
-################################################################################
-sub getArchReport {
- my $args = shift;
- my @rec = ();
- my $eventRep = "/var/log/apparmor/reports/events.rpt";
-
- if ($args->{'logFile'}) {
- $eventRep = $args->{'logFile'};
- }
-
- if (open(REP, "<$eventRep")) {
-
- my $page = 1;
-
- if ($args->{'page'}) { $page = $args->{'page'}; }
-
- my $id = 1;
- my $slurp = 0;
-
- my $prevTime = undef;
- my $prevDate = undef;
-
- while (<REP>) {
-
- my $db = ();
-
- # Why not get rid of page and just do divide by $i later?
- if (/Page/) {
- chomp;
- if ($_ eq "Page $page") {
- $slurp = 1;
- } else {
- $slurp = 0;
- }
- } elsif ($slurp == 1) {
-
- chomp;
-
- ($db->{'host'},$db->{'time'},$db->{'prog'},$db->{'profile'},
- $db->{'pid'},$db->{'severity'},$db->{'mode_deny'},$db->{'mode_req'},
- $db->{'resource'},$db->{'sdmode'},$db->{'op'},$db->{'attr'},
- $db->{'name_alt'},$db->{'parent'},$db->{'active_hat'},
- $db->{'net_family'},$db->{'net_proto'},$db->{'net_socktype'})
- = split(/\,/, $_);
-
- # Convert epoch time to date
- if ($db->{'time'} == $prevTime) {
- $db->{'date'} = $prevDate;
- } else {
- $prevTime = $db->{'time'};
- $prevDate = getDate("$db->{'time'}");
- $db->{'date'} = $prevDate;
- }
-
- $id++;
- $db->{'date'} = $db->{'time'};
- delete $db->{'time'};
- push(@rec, $db);
- }
- }
-
- close REP;
-
- } else {
- ycp::y2error(sprintf(gettext("Fatal Error. getArchReport() couldn't open %s"), $eventRep));
- return ("Couldn't open $eventRep");
- }
-
- return (\@rec);
-}
-
-sub writeEventReport {
-
- my ($db, $args) = @_; # Filters for date, && regexp
- my $eventRep = "/var/log/apparmor/reports/events.rpt";
-
- if (open(REP, ">$eventRep")) {
-
- my $i = 1;
- my $page = 1;
- my $skip = 0;
-
- # Title for scheduled reports
- if ($args->{'title'}) { print REP "$args->{'title'}"; }
-
- print REP "Page $page\n";
- $page++;
-
- for (@$db) {
-
- print REP "$_->{'host'},$_->{'time'},$_->{'prog'},$_->{'profile'},";
- print REP "$_->{'pid'},$_->{'severity'},$_->{'mode_deny'},$_->{'mode_req'},";
- print REP "$_->{'resource'},$_->{'sdmode'},$_->{'op'},$_->{'attr'},";
- print REP "$_->{'name_alt'},$_->{'parent'},$_->{'active_hat'},";
- print REP "$_->{'net_family'},$_->{'net_proto'},$_->{'net_socktype'}\n";
-
- if (($i % $numEvents) == 0 && $skip == 0) {
- print REP "Page $page\n";
- $page++;
- $skip = 1;
- } else {
- $i++;
- $skip = 0;
- }
-
- }
-
- close REP;
-
- } else {
- return ("Couldn't open $eventRep");
- }
-
- return 0;
-}
-
-sub prepSingleLog {
- my $args = shift;
-
- my $dir = '/var/log/apparmor/reports-archived';
- my $error = "0";
- my @errors = (); # For non-fatal errors
- my @repList = ();
- my $readFile = "";
- my $eventRep = "/var/log/apparmor/reports/all-reports.rpt"; # write summary here
-
- if ($args->{'logFile'}) { $readFile = $args->{'logFile'}; }
- if ($args->{'repPath'}) { $dir = $args->{'repPath'}; }
-
- my @rawDb = ();
- my $numPages = 1;
- my $numRecords = 1;
- my $skip = 0;
-
- # Open record compilation file
- if (open(RREP, "<$dir/$readFile")) {
-
- if (open(WREP, ">$eventRep")) {
-
- $numPages++;
-
- while (<RREP>) {
-
- next if (/Page/);
- next if /^#/;
-
- print WREP "$_";
-
- if (($numRecords % $numEvents) == 0 && $skip == 0) {
- print WREP "Page $numPages\n";
- $numPages++;
- $skip = 1;
- } else {
- $numRecords++;
- $skip = 0;
- }
-
- }
- close WREP;
- } else {
- $error = "Problem in prepSingleLog() - couldn't open $eventRep.";
- return $error;
- }
-
- close RREP;
-
- } else {
- $error = "Problem in prepSingleLog() - couldn't open -$dir/$readFile-.";
- return $error;
- }
-
- return $error;
-}
-
-# Cats files in specified directory for easier parsing
-sub prepArchivedLogs {
- my $args = shift;
-
- my $dir = '/var/log/apparmor/reports-archived';
- my $error = "0";
- my @errors = (); # For non-fatal errors
- my @repList = ();
- my @db = ();
- my $eventRep = "/var/log/apparmor/reports/all-reports.rpt";
-
- my $useFilters = 0;
-
- if ($args->{'logFile'}) {
- $eventRep = $args->{'logFile'};
- }
-
- if ($args->{'repPath'}) {
- $dir = $args->{'repPath'};
- }
-
- # Check to see if we need to use filters
- if ($args->{'mode_req'}
- && ($args->{'mode_req'} =~ /All/ || $args->{'mode_req'} =~ /^\s*-\s*$/))
- {
- delete($args->{'mode_req'});
- }
- if ($args->{'mode_deny'}
- && ($args->{'mode_deny'} =~ /All/ || $args->{'mode_deny'} =~ /^\s*-\s*$/))
- {
- delete($args->{'mode_deny'});
- }
-
- if ($args->{'sdmode'}
- && ($args->{'sdmode'} =~ /All/ || $args->{'sdmode'} =~ /^\s*-\s*$/))
- {
- delete($args->{'sdmode'});
- }
- if ($args->{'resource'}
- && ($args->{'resource'} =~ /All/ || $args->{'resource'} =~ /^\s*-\s*$/))
- {
- delete($args->{'resource'});
- }
- if ($args->{'severity'}
- && ($args->{'severity'} =~ /All/ || $args->{'severity'} =~ /^\s*-\s*$/))
- {
- delete($args->{'severity'});
- }
-
- my $regExp = 'prog|profile|pid|resource|mode|severity|date|op|target|attr|net_|name_alt';
-
- # get list of keys
- my @keyList = keys(%$args);
-
- # find filters in @keyList
- if ( grep(/$regExp/, @keyList) == 1 ) {
- $useFilters = 1;
- }
-
- ############################################################
-
- # Get list of files in archived report directory
- if (opendir(RDIR, $dir)) {
-
- my @firstPass = grep(/csv/, readdir(RDIR));
- @repList =
- grep(!/Applications.Audit|Executive.Security.Summary/, @firstPass);
- close RDIR;
-
- } else {
- $error = "Failure in prepArchivedLogs() - couldn't open $dir.";
- return ($error); # debug - exit instead?
- }
-
- my @rawDb = ();
- my $numPages = 1;
- my $numRecords = 1;
-
- # Open record compilation file
- if (open(AREP, ">$eventRep")) {
-
- for (@repList) {
-
- my $file = $_;
-
- # Cycle through each $file in $dir
- if (open(RPT, "<$dir/$file")) {
- push(@rawDb, <RPT>);
- close RPT;
- } else {
- $error = "Problem in prepArchivedLogs() - couldn't open $dir/$file.";
- push(@errors, $error);
- }
- }
-
- # sort & store cat'd files
- if (@rawDb > 0) {
-
- # Run Filters
- if ($useFilters == 1) {
-
- my @tmpDb = parseMultiDb($args, @rawDb);
- @db = sort(@tmpDb);
-
- } else {
- @db = sort(@rawDb);
- }
-
- my $skip = 0;
- print AREP "Page $numPages\n";
- $numPages++;
-
- for (@db) {
-
- next if /^Page/;
- next if /^#/;
-
- print AREP "$_";
-
- if (($numRecords % $numEvents) == 0 && $skip == 0) {
- print AREP "Page $numPages\n";
- $numPages++;
- $skip = 1;
- } else {
- $numRecords++;
- $skip = 0;
- }
- }
-
- } else {
- $error = "DB created from $dir is empty.";
- }
-
- close AREP;
-
- } else {
- $error = "Problem in prepArchivedLogs() - couldn't open $eventRep.";
- push(@errors, $error);
- }
-
- return $error;
-}
-
-# Similar to parseLog(), but expects @db to be passed
-sub parseMultiDb {
- my ($args, @db) = @_;
-
- my @newDb = ();
-
- my $error = undef;
- my $startDate = undef;
- my $endDate = undef;
-
- # deref dates for speed
- if ($args->{'startdate'} && $args->{'enddate'}) {
- $startDate = getEpochFromNum("$args->{'startdate'}", 'start');
- $endDate = getEpochFromNum("$args->{'enddate'}", 'end');
- }
-
- $args = rewriteModes($args);
-
- for (@db) {
-
- my $rec = undef;
- my $line = $_;
-
- next if /true|false/; # avoid horrible yast bug
- next if /^Page/;
- next if /^#/;
- chomp;
- next if (!$_ || $_ eq "");
-
- # Lazy filters -- maybe these should be with the rest below
- if ($args->{'prog'}) { next unless /$args->{'prog'}/; }
- if ($args->{'profile'}) { next unless /$args->{'profile'}/; }
-
- # Need (epoch) 'time' element here, do we want to store 'date' instead?
- ($rec->{'host'},$rec->{'time'},$rec->{'prog'},$rec->{'profile'},
- $rec->{'pid'},$rec->{'severity'},$rec->{'mode_deny'},$rec->{'mode_req'},
- $rec->{'resource'},$rec->{'sdmode'},$rec->{'op'},$rec->{'attr'},
- $rec->{'name_alt'},$rec->{'parent'},$rec->{'active_hat'},
- $rec->{'net_family'},$rec->{'net_proto'},$rec->{'net_socktype'})
- = split(/\,/, $_);
-
-
- # Get the time/date ref. name right. If it's $args->"time",
- # the arg will be converted to a human-friendly "date" ref in writeEventReport().
- if ($rec->{'time'} =~ /\:|\-/) {
- $rec->{'date'} = $rec->{'time'};
- delete $rec->{'time'};
- }
-
- # Check filters
- next if matchFailed($args,$rec);
-
- push(@newDb, $line);
-
- }
-
- return @newDb;
-}
-
-# Grab & filter events from archived reports (.csv files)
-sub parseLog {
- my $args = shift;
-
- my @db = ();
- my $eventRep = "/var/log/apparmor/reports/events.rpt";
-
- if ($args->{'logFile'}) {
- $eventRep = $args->{'logFile'};
- }
-
- my $error = undef;
- my $startDate = undef;
- my $endDate = undef;
-
- # deref dates for speed
- if ($args->{'startdate'} && $args->{'enddate'}) {
- $startDate = getEpochFromNum("$args->{'startdate'}", 'start');
- $endDate = getEpochFromNum("$args->{'enddate'}", 'end');
- }
-
- if ($args->{'mode_req'}
- && ($args->{'mode_req'} =~ /All/ || $args->{'mode_req'} =~ /^\s*-\s*$/))
- {
- delete($args->{'mode_req'});
- }
-
- if ($args->{'mode_deny'}
- && ($args->{'mode_deny'} =~ /All/ || $args->{'mode_deny'} =~ /^\s*-\s*$/))
- {
- delete($args->{'mode_deny'});
- }
-
- if ($args->{'sdmode'}
- && ($args->{'sdmode'} =~ /All/ || $args->{'sdmode'} =~ /^\s*-\s*$/))
- {
- delete($args->{'sdmode'});
- }
- if ($args->{'resource'}
- && ($args->{'resource'} =~ /All/ || $args->{'resource'} =~ /^\s*-\s*$/))
- {
- delete($args->{'resource'});
- }
- if ($args->{'severity'}
- && ($args->{'severity'} =~ /All/ || $args->{'severity'} =~ /^\s*-\s*$/))
- {
- delete($args->{'severity'});
- }
-
- $args = rewriteModes($args);
-
- if (open(LOG, "<$eventRep")) {
-
- # Log Parsing
- while (<LOG>) {
-
- my $rec = undef;
-
- next if /true|false/; # avoid horrible yast bug
- next if /Page/;
- next if /^#/;
- chomp;
- next if (!$_ || $_ eq "");
-
- # Lazy filters -- maybe these should be with the rest below
- if ($args->{'prog'}) { next unless /$args->{'prog'}/; }
- if ($args->{'profile'}) { next unless /$args->{'profile'}/; }
-
- ($rec->{'host'}, $rec->{'time'}, $rec->{'prog'}, $rec->{'profile'},
- $rec->{'pid'}, $rec->{'severity'}, $rec->{'mode_req'}, $rec->{'resource'},
- $rec->{'sdmode'}) = split(/\,/, $_);
-
- # Get the time/date ref. name right. If it's $args->{'time'}, the arg
- # will be converted to a human-friendly date ref in writeEventReport().
- if ($rec->{'time'} =~ /\:|\-/) {
- $rec->{'date'} = $rec->{'time'};
- delete $rec->{'time'};
- }
-
- # Check filters
- next if matchFailed($args,$rec);
-
- push(@db, $rec);
-
- }
-
- close LOG;
-
- # Export results to file if requested
- if ($args->{'exporttext'} || $args->{'exporthtml'}) {
-
- my $rawLog = undef;
- my $expLog = undef;
-
- if ($args->{'exportPath'}) {
- $rawLog = $args->{'exportPath'} . '/export-log';
- } else {
- $rawLog = '/var/log/apparmor/reports-exported/export-log';
- }
-
- if ($args->{'exporttext'} && $args->{'exporttext'} eq 'true') {
- $expLog = "$rawLog.csv";
- exportLog($expLog, \@db); # redo w/ @$db instead of %db?
- }
-
- if ($args->{'exporthtml'} && $args->{'exporthtml'} eq 'true') {
- $expLog = "$rawLog.html";
- exportLog($expLog, \@db); # redo w/ @$db instead of %db?
- }
- }
-
- $error = writeEventReport(\@db, $args);
-
- } else {
- $error = "Couldn't open $eventRep.";
- }
-
- return $error;
-}
-
-1;
-
diff --git a/deprecated/utils/Immunix/Repository.pm b/deprecated/utils/Immunix/Repository.pm
deleted file mode 100644
index 74b59f11ca7a4b0865489295e189821ae4253d89..0000000000000000000000000000000000000000
--- a/deprecated/utils/Immunix/Repository.pm
+++ /dev/null
@@ -1,354 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (c) 2008 Dominic Reynolds
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-#
-# ----------------------------------------------------------------------
-
-package Immunix::Repository;
-
-use strict;
-use warnings;
-
-use Carp;
-use Cwd qw(cwd realpath);
-use Data::Dumper;
-use File::Basename;
-use File::Temp qw/ tempfile tempdir /;
-use Immunix::Config;
-use Locale::gettext;
-use POSIX;
-use RPC::XML;
-use RPC::XML::Client;
-
-
-require Exporter;
-our @ISA = qw(Exporter);
-our @EXPORT = qw(
- get_repo_client
- did_result_succeed
- get_result_error
- user_login
- user_register
- upload_profile
- fetch_profile_by_id
- fetch_profiles_by_user
- fetch_profiles_by_name
- fetch_profiles_by_name_and_user
- fetch_newer_profile
- get_repo_config
- set_repo_config
-);
-
-our %clients;
-our %uid2login;
-our $DEBUGGING = 0;
-our $repo_cfg;
-our $aa_cfg;
-
-sub get_repo_client ($) {
- my $repo_url = shift;
- unless ( $clients{$repo_url} ) {
- $clients{$repo_url} = new RPC::XML::Client $repo_url;
- }
- return $clients{$repo_url};
-}
-
-sub did_result_succeed {
- my $result = shift;
-
- my $ref = ref $result;
- return ($ref && $ref ne "RPC::XML::fault") ? 1 : 0;
-}
-
-sub get_result_error {
- my $result = shift;
-
- if (ref $result) {
- if (ref $result eq "RPC::XML::fault") {
- $result = $result->string;
- } else {
- $result = $$result;
- }
- }
- return $result;
-}
-
-sub user_login ($$$) {
- my ($repo_url,$user,$pass) = @_;
- my ($status,$detail);
- my $repo_client = get_repo_client( $repo_url );
- if ( $repo_client ) {
- my $res = $repo_client->send_request('LoginConfirm', $user, $pass);
- if (did_result_succeed($res)) {
- $status = 1;
- $detail = "";
- } else {
- $status = 0;
- $detail = get_result_error($res);
- }
- }
- return $status,$detail;
-}
-
-
-sub user_register ($$$$) {
- my ($repo_url,$user,$pass,$email) = @_;
- my $repo_client = get_repo_client( $repo_url );
- my ($status,$detail);
- if ( $repo_client ) {
- my $res = $repo_client->send_request('Signup', $user, $pass, $email);
- if (did_result_succeed($res)) {
- $status = 1;
- $detail = "";
- } else {
- $status = 0;
- $detail = get_result_error($res);
- }
- }
- return $status,$detail;
-}
-
-sub upload_profile ($$$$$$$) {
- my ($repo_url,$user,$pass,$distro,$pname,$profile,$changelog) = @_;
- my ($status,$detail);
- my $repo_client = get_repo_client( $repo_url );
- my $res = $repo_client->send_request( 'Create', $user, $pass, $distro,
- $pname, $profile, $changelog);
- if (did_result_succeed($res)) {
- $detail = $res->value;
- $status = 1;
- } else {
- $detail = get_result_error($res);
- $status = 0;
- }
- return $status,$detail;
-}
-
-sub fetch_profile_by_id ($$) {
- my ($repo_url,$id) = @_;
- my $repo_client = get_repo_client( $repo_url );
- my $repo_profile;
- my ($status,$detail);
- my $res = $repo_client->send_request('Show', $id);
- if (did_result_succeed($res)) {
- $status = 1;
- $detail = $res->value();
- } else {
- $status = 0;
- $detail = get_result_error($res);
- }
-
- return $status, $detail;
-}
-
-
-sub fetch_profiles ($$$$) {
- my ($repo_url,$distro,$username,$fqdn) = @_;
- my $p_hash = {};
- my ($status,$detail);
- my $repo_client = get_repo_client( $repo_url );
- my $res =
- $repo_client->send_request('FindProfiles', $distro, $fqdn, $username);
- if (did_result_succeed($res)) {
- $status = 1;
- for my $p ( @$res ) {
- my $p_repo = $p->{profile}->value();
- $p_repo =~ s/flags=\(complain\)// if ( $p_repo ); #strip complain flag
- $p->{profile} = $p_repo;
- $p->{user_id} = $p->{user_id}->value();
- $p->{id} = $p->{id}->value();
- $p->{name} = $p->{name}->value();
- $p->{created_at} = $p->{created_at}->value();
- $p->{downloaded_count} = $p->{downloaded_count}->value();
- }
- $detail = $res;
- } else {
- $status = 0;
- $detail = get_result_error($res);
- }
- return $status,$detail;
-}
-
-sub fetch_profiles_by_user ($$$) {
- my ($repo_url,$distro,$username) = @_;
- my $p_hash = {};
- my ($status,$detail) = fetch_profiles( $repo_url, $distro, $username, "" );
- if ( $status ) {
- for my $p ( @$detail ) {
- my $p_repo = $p->{profile};
- if ($p_repo ne "") {
- $p->{username} = $username;
- $p_hash->{$p->{name}} = $p;
- }
- }
- } else {
- return ($status,$detail);
- }
- return($status,$p_hash);
-}
-
-
-sub fetch_profiles_by_name_and_user ($$$$) {
- my ($repo_url,$distro,$fqdbin, $username) = @_;
- my $p_hash = {};
- my ($status,$detail) = fetch_profiles( $repo_url, $distro, $username, $fqdbin );
- if ( $status ) {
- for my $p ( @$detail ) {
- my $p_repo = $p->{profile}?$p->{profile}:"";
- $p_hash->{$p->{name}} = $p if ($p_repo ne "");
- }
- } else {
- return ($status,$detail);
- }
- return($status,$p_hash);
-}
-
-
-sub fetch_profiles_by_name ($$$) {
- my ($repo_url,$distro,$fqdbin) = @_;
- my ($status,$detail,$data);
- $detail = {};
- ($status,$data) = fetch_profiles( $repo_url, $distro, "", $fqdbin);
- if ($status) {
- my @uids;
- for my $p (@$data) {
- push @uids, $p->{user_id};
- }
- my ($status_unames,$unames) = fetch_usernames_from_uids($repo_url, @uids);
- if ( $status_unames ) {
- for my $p (@$data) {
- if ( $unames->{$p->{user_id}} ) {
- $p->{username} = $unames->{$p->{user_id}};
- } else {
- $p->{username} = "unkown-" . $p->{user_id};
- }
- }
-
- } else {
- print STDOUT "ERROR UID\n";
- }
- for my $p (@$data) {
- $p->{profile_type} = "REPOSITORY";
- $detail->{$p->{username}} = $p;
- }
- } else {
- $detail = $data;
- }
- return $status,$detail;
-}
-
-
-sub fetch_newer_profile ($$$$$) {
- my ($repo_url,$distro,$user,$id,$profile) = @_;
- my $repo_client = get_repo_client( $repo_url );
- my $p;
- my ($status,$detail);
-
- if ($repo_client) {
- my $res =
- $repo_client->send_request('FindProfiles', $distro, $profile, $user);
- if (did_result_succeed($res)) {
- my @profiles;
- my @profile_list = @{$res->value};
- $status = 1;
-
- if (@profile_list) {
- if ($profile_list[0]->{id} > $id) {
- $p = $profile_list[0];
- }
- }
- $detail = $p;
- } else {
- $status = 0;
- $detail = get_result_error($res);
- }
- }
- return $status,$detail;
-}
-
-sub fetch_usernames_from_uids ($) {
- my ($repo_url,@searchuids) = @_;
- my ($status,$result) = (1,{});
- my @uids;
-
- for my $uid ( @searchuids ) {
- if ( $uid2login{$uid} ) {
- $result->{$uid} = $uid2login{$uid};
- } else {
- push @uids, $uid;
- }
- }
- if (@uids) {
- my $repo_client = get_repo_client( $repo_url );
- #RPC::XML will serialize the array into XML with the is_utf8 flag set
- #which causes, HTTP:Message to fail. Looping on the array elements
- #stops this from happening, and since these are all numbers it
- #will not cause problems.
- for my $foo (@uids) {
- Encode::_utf8_off($foo);
- }
- my $res = $repo_client->send_request('LoginNamesFromUserIds', [@uids]);
- if (did_result_succeed($res)) {
- my @usernames = @{ $res->value };
- for my $uid (@uids) {
- my $username = shift @usernames;
- $uid2login{$uid} = $username;
- $result->{$uid} = $uid2login{$uid};
- }
- } else {
- $status = 0;
- $result = get_result_error($res);
- }
- }
- return $status,$result;
-}
-
-sub get_repo_config {
- unless ( $repo_cfg ) {
- $repo_cfg = Immunix::Config::read_config("repository.conf");
- }
- unless ( $aa_cfg ) {
- $aa_cfg = Immunix::Config::read_config("logprof.conf");
- }
- return {
- "url" => $aa_cfg->{repository}{url},
- "distro" => $aa_cfg->{repository}{distro},
- "enabled" => $repo_cfg->{repository}{enabled},
- "upload" => $repo_cfg->{repository}{upload},
- "user" => $repo_cfg->{repository}{user},
- "password" => $repo_cfg->{repository}{pass},
- "email" => $repo_cfg->{repository}{email}
- };
-}
-
-sub set_repo_config ($) {
- my $cfg = shift;
- my ($url,$distro,$enabled,$upload,$user,$pass);
- unless ( $repo_cfg ) {
- $repo_cfg = Immunix::Config::read_config("repository.conf");
- }
- unless ( $aa_cfg ) {
- $aa_cfg = Immunix::Config::read_config("logprof.conf");
- }
- $repo_cfg->{repository}{enabled} = $cfg->{enabled} if ( $cfg->{enabled} );
- $repo_cfg->{repository}{upload} = $cfg->{upload} if ( $cfg->{upload} );
- $repo_cfg->{repository}{user} = $cfg->{user} if ( $cfg->{user} );
- $repo_cfg->{repository}{pass} = $cfg->{password}if ( $cfg->{password} );
- $repo_cfg->{repository}{email} = $cfg->{email} if ( $cfg->{email} );
- $aa_cfg->{repository}{distro} = $cfg->{distro} if ( $cfg->{distro} );
- $aa_cfg->{repository}{url} = $cfg->{url} if ( $cfg->{url} );
- write_config("repository.conf", $repo_cfg);
- write_config("logprof.conf", $aa_cfg);
-}
-
-
-1;
diff --git a/deprecated/utils/Immunix/Severity.pm b/deprecated/utils/Immunix/Severity.pm
deleted file mode 100644
index 955fa5597989c2349eb9752afb312c2480fe765a..0000000000000000000000000000000000000000
--- a/deprecated/utils/Immunix/Severity.pm
+++ /dev/null
@@ -1,221 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2005-2006 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-package Immunix::Severity;
-use strict;
-use Data::Dumper;
-
-my ($debug) = 0;
-
-sub debug {
- print @_ if $debug;
-}
-
-sub new {
- my $self = {};
- $self->{DATABASENAME} = undef;
- $self->{CAPABILITIES} = {};
- $self->{FILES} = {};
- $self->{REGEXPS} = {};
- $self->{DEFAULT_RANK} = 10;
- bless($self);
- shift;
- $self->init(@_) if @_;
- return $self;
-}
-
-sub init ($;$) {
- my ($self, $resource, $read, $write, $execute, $severity);
- $self = shift;
- $self->{DATABASENAME} = shift;
- $self->{DEFAULT_RANK} = shift if defined $_[0];
- open(DATABASE, $self->{DATABASENAME})
- or die "Could not open severity db $self->{DATABASENAME}: $!\n";
- while (<DATABASE>) {
- chomp();
- next if m/^\s*#/;
- next if m/^\s*$/;
-
- # leading whitespace is fine; maybe it shouldn't be?
- if (/^\s*\/(\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s*$/) {
- my ($path, $read, $write, $execute) = ($1, $2, $3, $4);
-
- if (index($path, "*") == -1) {
-
- $self->{FILES}{$path} = {
- r => $read,
- w => $write,
- x => $execute
- };
-
- } else {
-
- my $ptr = $self->{REGEXPS};
- my @pieces = split(/\//, $path);
-
- while (my $piece = shift @pieces) {
- if (index($piece, "*") != -1) {
- my $path = join("/", $piece, @pieces);
- my $regexp = convert_regexp($path);
- $ptr->{$regexp}{SD_RANK} = {
- r => $read,
- w => $write,
- x => $execute
- };
- last;
- } else {
- $ptr->{$piece} = {} unless exists $ptr->{$piece};
- $ptr = $ptr->{$piece};
- }
- }
- }
- } elsif (m|^\s*CAP|) {
- ($resource, $severity) = split;
- $self->{CAPABILITIES}{$resource} = $severity;
- } else {
- print "unexpected database line: $_\n";
- }
- }
- close(DATABASE);
- debug Dumper($self);
- return $self;
-}
-
-#rank:
-# handle capability
-# handle file
-#
-# handle capability
-# if the name is in the database, return it
-# otherwise, send a diagnostic message to stderr and return the default
-#
-# handle file
-# initialize the current return value to 0
-# loop over each entry in the database;
-# find the max() value for each mode that matches and set a 'found' flag
-# if the found flag has not been set, return the default;
-# otherwise, return the maximum from the database
-
-sub handle_capability ($) {
- my ($self, $resource) = @_;
-
- my $ret = $self->{CAPABILITIES}{$resource};
- if (!defined($ret)) {
- return "unexpected capability rank input: $resource\n";
- }
- return $ret;
-}
-
-sub check_subtree {
- my ($tree, $mode, $sev, $first, @rest) = @_;
-
- # reassemble the remaining path from this directory level
- my $path = join("/", $first, @rest);
-
- # first check if we have a literal directory match to descend into
- if ($tree->{$first}) {
- $sev = check_subtree($tree->{$first}, $mode, $sev, @rest);
- }
-
- # if we didn't get a severity already, check for matching globs
- unless ($sev) {
-
- # check each glob at this directory level
- for my $chunk (grep { index($_, "*") != -1 } keys %{$tree}) {
-
- # does it match the rest of our path?
- if ($path =~ /^$chunk$/) {
-
- # if we've got a ranking, check if it's higher than
- # current one, if any
- if ($tree->{$chunk}->{SD_RANK}) {
- for my $m (split(//, $mode)) {
- if ((!defined $sev)
- || $tree->{$chunk}->{SD_RANK}->{$m} > $sev)
- {
- $sev = $tree->{$chunk}->{SD_RANK}->{$m};
- }
- }
- }
- }
- }
- }
-
- return $sev;
-}
-
-sub handle_file ($$) {
- my ($self, $resource, $mode) = @_;
-
- # strip off the initial / from the path we're checking
- $resource = substr($resource, 1);
-
- # break the path into directory-level chunks
- my @pieces = split(/\//, $resource);
-
- my $sev;
-
- # if there's a exact match for this path in the db, use that instead of
- # checking the globs
- if ($self->{FILES}{$resource}) {
-
- # check each piece of the passed mode against the db entry
- for my $m (split(//, $mode)) {
- if ((!defined $sev) || $self->{FILES}{$resource}{$m} > $sev) {
- $sev = $self->{FILES}{$resource}{$m};
- }
- }
-
- } else {
-
- # descend into the regexp tree looking for matches
- $sev = check_subtree($self->{REGEXPS}, $mode, $sev, @pieces);
-
- }
-
- return (defined $sev) ? $sev : $self->{DEFAULT_RANK};
-}
-
-sub rank ($;$) {
- my ($self, $resource, $mode) = @_;
-
- if (substr($resource, 0, 1) eq "/") {
- return $self->handle_file($resource, $mode);
- } elsif (substr($resource, 0, 3) eq "CAP") {
- return $self->handle_capability($resource);
- } else {
- return "unexpected rank input: $resource\n";
- }
-}
-
-sub convert_regexp ($) {
- my ($input) = shift;
-
- # we need to convert subdomain regexps to perl regexps
- my $regexp = $input;
-
- # escape + . [ and ] characters
- $regexp =~ s/(\+|\.|\[|\])/\\$1/g;
-
- # convert ** globs to match anything
- $regexp =~ s/\*\*/.SDPROF_INTERNAL_GLOB/g;
-
- # convert * globs to match anything at current path level
- $regexp =~ s/\*/[^\/]SDPROF_INTERNAL_GLOB/g;
-
- # convert {foo,baz} to (foo|baz)
- $regexp =~ y/\{\}\,/\(\)\|/ if $regexp =~ /\{.*\,.*\}/;
-
- # twiddle the escaped * chars back
- $regexp =~ s/SDPROF_INTERNAL_GLOB/\*/g;
- return $regexp;
-}
-
-1; # so the require or use succeeds
diff --git a/deprecated/utils/Makefile b/deprecated/utils/Makefile
deleted file mode 100644
index 393d2d4a060728249c1b0ce7ca17b70d57a80424..0000000000000000000000000000000000000000
--- a/deprecated/utils/Makefile
+++ /dev/null
@@ -1,62 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2004-2009 NOVELL (All rights reserved)
-# Copyright (c) 2010-2011, 2014 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-
-# NOTE: this Makefile has been adjusted from the original to assist in
-# the installation of the Immunix perl modules, if they're still needed
-# by users. Because the utilities conflict with their replacments, make
-# install *will* *not* install them.
-
-NAME = apparmor-utils
-all:
-COMMONDIR=../../common/
-
-include $(COMMONDIR)/Make.rules
-
-MODDIR = Immunix
-PERLTOOLS = aa-genprof aa-logprof aa-autodep aa-audit aa-complain aa-enforce \
- aa-unconfined aa-disable
-MODULES = ${MODDIR}/AppArmor.pm ${MODDIR}/Repository.pm \
- ${MODDIR}/Config.pm ${MODDIR}/Severity.pm
-
-all:
-
-# need some better way of determining this
-DESTDIR=/
-BINDIR=${DESTDIR}/usr/sbin
-CONFDIR=${DESTDIR}/etc/apparmor
-VENDOR_PERL=$(shell perl -e 'use Config; print $$Config{"vendorlib"};')
-PERLDIR=${DESTDIR}${VENDOR_PERL}/${MODDIR}
-
-.PHONY: install
-install:
- install -d ${PERLDIR}
- install -m 644 ${MODULES} ${PERLDIR}
-
-.PHONY: clean
-ifndef VERBOSE
-.SILENT: clean
-endif
-clean: pod_clean
- rm -f core core.* *.o *.s *.a *~
- rm -rf staging/ build/
-
-.PHONY: check
-.SILENT: check
-check:
- for i in ${MODULES} ${PERLTOOLS} ; do \
- perl -c $$i || exit 1; \
- done
diff --git a/deprecated/utils/aa-audit b/deprecated/utils/aa-audit
deleted file mode 100755
index 8ddec1cac0b8cb89fa9fac1777157a557cb719c7..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-audit
+++ /dev/null
@@ -1,132 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-# Copyright (c) 2011 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use FindBin;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-$UI_Mode = "text";
-
-# options variables
-my $help = '';
-
-GetOptions(
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- UI_Important("Can't find AppArmor profiles in $profiledir.");
- exit 1;
-}
-
-# what are we profiling?
-my @profiling = @ARGV;
-
-unless (@profiling) {
- @profiling = (UI_GetString("Please enter the program to switch to audit mode: ", ""));
-}
-
-for my $profiling (@profiling) {
-
- next unless $profiling;
-
- my $fqdbin;
- if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
- } else {
- if ($profiling !~ /\//) {
- opendir(DIR,$profiledir);
- my @tmp_fqdbin = grep ( /$profiling/, readdir(DIR));
- closedir(DIR);
- if (scalar @tmp_fqdbin eq 1) {
- $fqdbin = "$profiledir/$tmp_fqdbin[0]";
- } else {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
- }
-
- if (-e $fqdbin) {
-
- my $filename;
- if ($fqdbin =~ /^$profiledir\//) {
- $filename = $fqdbin;
- } else {
- $filename = getprofilefilename($fqdbin);
- }
-
- # argh, skip directories
- next unless -f $filename;
-
- # skip rpm backup files
- next if isSkippableFile($filename);
-
- printf(gettext('Setting %s to audit mode.'), $fqdbin);
- print "\n";
- setprofileflags($filename, "audit");
-
- my $cmd_info = qx(cat $filename | $parser -I$profiledir -r 2>&1 1>/dev/null);
- if ($? != 0) {
- UI_Info($cmd_info);
- exit $?;
- }
-
-# if check_for_subdomain();
- } else {
- if ($profiling =~ /^[^\/]+$/) {
- UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
- exit 1;
- } else {
- UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- exit 1;
- }
- }
-}
-
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to switch to audit mode ]"), $0));
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-autodep b/deprecated/utils/aa-autodep
deleted file mode 100755
index 3d28b642a72ae37510f03310e3857ca1eaff985c..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-autodep
+++ /dev/null
@@ -1,122 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-# Copyright (c) 2011 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use FindBin;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-# force $PATH to be sane
-$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-$UI_Mode = "text";
-
-# options variables
-my $help = '';
-my $force = undef;
-
-GetOptions(
- 'force' => \$force,
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-my $sd_mountpoint = check_for_subdomain();
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- UI_Important(sprintf(gettext('Can\'t find AppArmor profiles in %s.'), $profiledir));
- exit 1;
-}
-
-# what are we profiling?
-my @profiling = @ARGV;
-
-unless (@profiling) {
- @profiling = (UI_GetString(gettext("Please enter the program to create a profile for: "), ""));
-}
-
-for my $profiling (@profiling) {
-
- next unless $profiling;
-
- my $fqdbin;
- if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
- } else {
- if ($profiling !~ /\//) {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
-
- # make sure that the app they're requesting to profile is not marked as
- # not allowed to have it's own profile
- if ($qualifiers{$fqdbin}) {
- unless ($qualifiers{$fqdbin} =~ /p/) {
- UI_Info(sprintf(gettext('%s is currently marked as a program that should not have it\'s own profile. Usually, programs are marked this way if creating a profile for them is likely to break the rest of the system. If you know what you\'re doing and are certain you want to create a profile for this program, edit the corresponding entry in the [qualifiers] section in /etc/apparmor/logprof.conf.'), $fqdbin));
- exit 1;
- }
- }
-
- if (-e $fqdbin) {
- if (-e getprofilefilename($fqdbin) && !$force) {
- UI_Info(sprintf(gettext('Profile for %s already exists - skipping.'), $fqdbin));
- } else {
- autodep($fqdbin);
- reload($fqdbin) if $sd_mountpoint;
- }
- } else {
- if ($profiling =~ /^[^\/]+$/) {
- UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
- exit 1;
- } else {
- UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- exit 1;
- }
- }
-}
-
-exit 0;
-
-sub usage {
- UI_Info("usage: $0 [ --force ] [ -d /path/to/profiles ]");
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-complain b/deprecated/utils/aa-complain
deleted file mode 100755
index 5e497e05f68689c9c12e76cc31ee41173cc2f15a..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-complain
+++ /dev/null
@@ -1,131 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use FindBin;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-$UI_Mode = "text";
-
-# options variables
-my $help = '';
-
-GetOptions(
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- UI_Important("Can't find AppArmor profiles in $profiledir.");
- exit 1;
-}
-
-# what are we profiling?
-my @profiling = @ARGV;
-
-unless (@profiling) {
- @profiling = (UI_GetString(gettext("Please enter the program to switch to complain mode: "), ""));
-}
-
-for my $profiling (@profiling) {
-
- next unless $profiling;
-
- my $fqdbin;
- if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
- } else {
- if ($profiling !~ /\//) {
- opendir(DIR,$profiledir);
- my @tmp_fqdbin = grep ( /$profiling/, readdir(DIR));
- closedir(DIR);
- if (scalar @tmp_fqdbin eq 1) {
- $fqdbin = "$profiledir/$tmp_fqdbin[0]";
- } else {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
- }
-
- if (-e $fqdbin) {
-
- my $filename;
- if ($fqdbin =~ /^$profiledir\//) {
- $filename = $fqdbin;
- } else {
- $filename = getprofilefilename($fqdbin);
- }
-
- # argh, skip directories
- next unless -f $filename;
-
- # skip rpm backup files
- next if isSkippableFile($filename);
-
- printf(gettext('Setting %s to complain mode.'), $fqdbin);
- print "\n";
- setprofileflags($filename, "complain");
-
- my $cmd_info = qx(cat $filename | $parser -I$profiledir -r 2>&1 1>/dev/null);
- if ($? != 0) {
- UI_Info($cmd_info);
- exit $?;
- }
-
-# if check_for_subdomain();
- } else {
- if ($profiling =~ /^[^\/]+$/) {
- UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
- exit 1;
- } else {
- UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- exit 1;
- }
- }
-}
-
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to switch to complain mode ]"), $0));
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-disable b/deprecated/utils/aa-disable
deleted file mode 100755
index 2cc19a55abd8272908118e5e6b3818d81df99393..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-disable
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005-2010 Novell, Inc. All Rights Reserved.
-# Copyright (c) 2011 Canonical, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Canonical, Inc.
-#
-# To contact Canonical about this file by physical or electronic mail,
-# you may find current contact information at www.canonical.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use FindBin;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-use File::Basename;
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-$UI_Mode = "text";
-
-# options variables
-my $help = '';
-
-GetOptions(
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- UI_Important("Can't find AppArmor profiles in $profiledir.");
- exit 1;
-}
-
-my $disabledir = "$profiledir/disable";
-unless (-d $disabledir) {
- UI_Important("Can't find AppArmor disable directory '$disabledir'.");
- exit 1;
-}
-
-# what are we profiling?
-my @profiling = @ARGV;
-
-unless (@profiling) {
- @profiling = (UI_GetString(gettext("Please enter the program whose profile should be disabled: "), ""));
-}
-
-for my $profiling (@profiling) {
-
- next unless $profiling;
-
- my $fqdbin;
- if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
- } else {
- if ($profiling !~ /\//) {
- opendir(DIR,$profiledir);
- my @tmp_fqdbin = grep ( /$profiling/, readdir(DIR));
- closedir(DIR);
- if (scalar @tmp_fqdbin eq 1) {
- $fqdbin = "$profiledir/$tmp_fqdbin[0]";
- } else {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
- }
-
- if (-e $fqdbin) {
-
- my $filename;
- if ($fqdbin =~ /^$profiledir\//) {
- $filename = $fqdbin;
- } else {
- $filename = getprofilefilename($fqdbin);
- }
-
- # argh, skip directories
- next unless -f $filename;
-
- # skip package manager backup files
- next if isSkippableFile($filename);
-
- my ($bname, $dname, $suffix) = File::Basename::fileparse($filename);
- if ($bname eq "") {
- UI_Info(sprintf(gettext('Could not find basename for %s.'), $filename));
- exit 1;
- }
-
- printf(gettext('Disabling %s.'), $fqdbin);
- print "\n";
-
- my $link = "$disabledir/$bname";
- if (! -e $link) {
- if (symlink($filename, $link) != 1) {
- UI_Info(sprintf(gettext('Could not create %s symlink.'), $link));
- exit 1;
- }
- }
-
- my $cmd_info = qx(cat $filename | $parser -I$profiledir -R 2>&1 1>/dev/null);
- if ($? != 0) {
- UI_Info($cmd_info);
- exit $?;
- }
-
-# if check_for_subdomain();
- } else {
- if ($profiling =~ /^[^\/]+$/) {
- UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
- exit 1;
- } else {
- UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- exit 1;
- }
- }
-}
-
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to have profile disabled ]"), $0));
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-enforce b/deprecated/utils/aa-enforce
deleted file mode 100755
index 06415ba5b5f8bfca0d1e952749a993385a0323bf..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-enforce
+++ /dev/null
@@ -1,142 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-# Copyright (c) 2011 Canonical, Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use FindBin;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-$UI_Mode = "text";
-
-# options variables
-my $help = '';
-
-GetOptions(
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- UI_Important("Can't find AppArmor profiles in $profiledir.");
- exit 1;
-}
-
-# what are we profiling?
-my @profiling = @ARGV;
-
-unless (@profiling) {
- @profiling = (UI_GetString(gettext("Please enter the program to switch to enforce mode: "), ""));
-}
-
-for my $profiling (@profiling) {
-
- next unless $profiling;
-
- my $fqdbin;
- if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
- } else {
- if ($profiling !~ /\//) {
- opendir(DIR,$profiledir);
- my @tmp_fqdbin = grep ( /$profiling/, readdir(DIR));
- closedir(DIR);
- if (scalar @tmp_fqdbin eq 1) {
- $fqdbin = "$profiledir/$tmp_fqdbin[0]";
- } else {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
- }
- }
-
- if (-e $fqdbin) {
- my $filename;
- if ($fqdbin =~ /^$profiledir\//) {
- $filename = $fqdbin;
- } else {
- $filename = getprofilefilename($fqdbin);
- }
-
- # argh, skip directories
- next unless -f $filename;
-
- # skip rpm backup files
- next if isSkippableFile($filename);
-
- printf(gettext('Setting %s to enforce mode.'), $fqdbin);
- print "\n";
- setprofileflags($filename, "");
-
- # remove symlink in $profiledir/force-complain as well
- my $complainlink = $filename;
- $complainlink =~ s/^$profiledir/$profiledir\/force-complain/;
- -e $complainlink and unlink($complainlink);
-
- # remove symlink in $profiledir/disable as well
- my $disablelink = $filename;
- $disablelink =~ s/^$profiledir/$profiledir\/disable/;
- -e $disablelink and unlink($disablelink);
-
- my $cmd_info = qx(cat $filename | $parser -I$profiledir -r 2>&1 1>/dev/null);
- if ($? != 0) {
- UI_Info($cmd_info);
- exit $?;
- }
-
-
-# if check_for_subdomain();
- } else {
- if ($profiling =~ /^[^\/]+$/) {
- UI_Info(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' as a user with the correct PATH environment set up in order to find the fully-qualified path.'), $profiling, $profiling));
- exit 1;
- } else {
- UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- exit 1;
- }
- }
-}
-
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ program to switch to enforce mode ]"), $0));
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-eventd b/deprecated/utils/aa-eventd
deleted file mode 100755
index 70fcf125b4a34304bfa11b68f95b8a08c737ca1d..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-eventd
+++ /dev/null
@@ -1,940 +0,0 @@
-#!/usr/bin/perl -w
-
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-
-use Data::Dumper;
-use DBI;
-use Fcntl;
-use File::Temp qw(tempfile);
-use Getopt::Long;
-use POSIX 'setsid';
-use Time::Local;
-use File::Tail;
-
-use Immunix::Severity;
-require LibAppArmor;
-
-##########################################################################
-# locations
-
-my $productname = "apparmor";
-
-my $cfgdir = "/etc/$productname";
-my $dbdir = "/var/log/$productname";
-
-my $cfgfile = "$cfgdir/notify.cfg";
-my $errlog = "$dbdir/event-dispatch.log";
-
-my $logfile = "/var/log/audit/audit.log";
-my $syslogfile = "/var/log/messages";
-
-##########################################################################
-
-# options variables
-my $pidfile = '';
-
-GetOptions('pidfile|p=s' => \$pidfile);
-
-my $DEBUG = 0;
-
-my $config;
-
-my $verbose = { last_notify => 0 };
-my $summary = { last_notify => 0 };
-my $terse = { last_notify => 0 };
-
-# we don't want to call str2time on every line and also batch up event dbs
-# a month at a time, so we need to keep track of a few extra things
-my $timestamp = 0;
-my $lasttime = "";
-my $counter = 0;
-my $thismonth = 0;
-my $nextmonth = 0;
-
-# pop open a connection to the severity database
-my $sevdb = new Immunix::Severity("$cfgdir/severity.db", -1);
-
-my $REdate = '\w{3}\s+\d+\s+\d{2}:\d{2}:\d{2}';
-
-my $last_inserted_time;
-my $last_inserted_counter;
-
-##########################################################################
-
-# commit how often?
-my $timeout = 5;
-
-# keep track of when we commited last
-my $last_flush_time = 0;
-
-# keep track of some statistics
-my $max = 0;
-my $inserts = 0;
-my $total = 0;
-
-my @commit_buffer;
-my @debug_buffer;
-
-my @verbose_buffer;
-my @summary_buffer;
-my @terse_buffer;
-
-my $date_module = "None";
-
-my %templates = (
- "path" => "(time,counter,type,op,profile,sdmode,mode_req,mode_deny,resource,prog,pid,severity) VALUES(?,?,?,?,?,?,?,?,?,?,?,?)",
- "link" => "(time,counter,type,op,profile,sdmode,resource,target,prog,pid,severity) VALUES(?,?,?,?,?,?,?,?,?,?,?)",
- "chattr" => "(time,counter,type,op,profile,sdmode,resource,mode_req,mode_deny,prog,pid,severity) VALUES(?,?,?,?,?,?,?,?,?,?,?,?)",
- "capability" => "(time,counter,type,op,profile,sdmode,resource,prog,pid,severity) VALUES(?,?,?,?,?,?,?,?,?,?)",
- "capable" => "(time,counter,type,op,prog,pid,profile) VALUES(?,?,?,?,?,?,?)",
- "unknown_hat" => "(time,counter,type,op,profile,sdmode,resource,pid) VALUES(?,?,?,?,?,?,?,?)",
- "fork" => "(time,counter,type,op,profile,sdmode,pid,resource) VALUES(?,?,?,?,?,?,?,?)",
- "changing_profile" => "(time,counter,type,op,profile,sdmode,pid) VALUES(?,?,?,?,?,?,?)",
- "profile_replacement" => "(time,counter,type,op,profile,sdmode,prog,pid,severity) VALUES(?,?,?,?,?,?,?,?,?)",
- "net" => "(time,counter,type,op,net_family,net_socktype,net_proto,pid,profile) VALUES(?,?,?,?,?,?,?,?,?)",
- "removed" => "(time,counter,type,op,severity) VALUES(?,?,?,?,?)",
- "initialized" => "(time,counter,type,op,resource,severity) VALUES(?,?,?,?,?,?)",
- "ctrl_var" => "(time,counter,type,op,resource,mode_req,mode_deny,severity) VALUES(?,?,?,?,?,?,?,?)",
- "profile_load" => "(time,counter,type,op,resource,prog,pid) VALUES(?,?,?,?,?,?,?)",
-);
-
-##########################################################################
-# generic functions
-
-sub errlog ($) {
- my $mesg = shift;
- my $localtime = localtime(time);
- print ERRLOG "[$localtime] $mesg\n";
-}
-
-sub readconfig () {
- my $cfg = {};
-
- # record when we read the config file
- $cfg->{load_time} = time;
-
- if (open(CFG, $cfgfile)) {
-
- # yank in the values we need
- while (<CFG>) {
- $cfg->{$1} = $2 if /^(\S+)\s+(.+)\s*$/;
- }
- close(CFG);
- }
-
- return $cfg;
-}
-
-sub daemonize {
- chdir '/' or die "Can't chdir to /: $!";
- open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
- open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!";
- defined(my $pid = fork) or die "Can't fork: $!";
- exit if $pid;
- setsid or die "Can't start a new session: $!";
- open STDERR, '>&STDOUT' or die "Can't dup stdout: $!";
-}
-
-sub parsedate ($) {
- my $time = shift;
- my $timestamp = 0;
- if ($date_module eq 'TimeDate') {
- $timestamp = Date::Parse::str2time($time);
- } elsif ($date_module eq 'DateManip') {
- $timestamp = Date::Manip::UnixDate(Date::Manip::ParseDateString($time), '%s');
- } else {
- errlog "No date module found, exiing";
- kill HUP => -$$;
- }
-
- return $timestamp;
-}
-
-##########################################################################
-# database handling functions
-
-sub connect_database ($) {
- my $dbdir = shift;
-
- my $dbh = DBI->connect("dbi:SQLite:dbname=$dbdir/events.db", "", "", {RaiseError=>1});
-
- # we'll do the commits ourselves so performance doesn't suck
- $dbh->{AutoCommit} = 0;
-
- # bump up our cache size a little
- $dbh->do("PRAGMA cache_size = 20000;");
-
- # figure out if the tables already exist or not
- my %existing_tables;
- my $sth = $dbh->prepare("SELECT name FROM sqlite_master WHERE type='table' ORDER BY name;");
- $sth->execute;
- while (my @row = $sth->fetchrow_array) {
- $existing_tables{ $row[0] } = 1;
- }
- $sth->finish;
-
- # create the info table and fill in the appropriate values for this db
- unless ($existing_tables{info}) {
-
- my $host = `hostname -f`;
- chomp $host;
-
- $dbh->do("CREATE TABLE info (name,value)");
- $sth = $dbh->prepare("INSERT INTO info(name,value) VALUES(?,?)");
- $sth->execute("version", "0.2");
- $sth->execute("host", "$host");
- }
-
- # create the events table
- unless ($existing_tables{events}) {
- $dbh->do(
- "CREATE TABLE events (
- id INTEGER PRIMARY KEY AUTOINCREMENT,
- time INTEGER NOT NULL,
- counter INTEGER NOT NULL,
- op,
- pid,
- sdmode,
- type,
- mode_deny,
- mode_req,
- resource,
- target,
- profile,
- prog,
- name_alt,
- attr,
- parent,
- active_hat,
- net_family,
- net_proto,
- net_socktype,
- severity INTEGER
- )"
- );
-
- # set up the indexes we want
- #my @indexes = qw(time type sdmode mode resource profile prog severity);
- my @indexes = qw(time type op sdmode mode_req mode_deny resource profile prog severity);
- for my $index (@indexes) {
- $dbh->do("CREATE INDEX " . $index . "_idx ON events($index)");
- }
- }
- # make sure our changes actually get saved
- $dbh->commit || errlog "Error commiting changes: $!";
-
- # mark the db as up to date as of now
- $last_flush_time = time;
-
- return $dbh;
-}
-
-##########################################################################
-
-sub verbose_notify_handler {
- my ($email, $file, $last, $level, $unknown) = @_;
-
- $last = localtime($last);
-
- my $now = time;
-
- my $host = `hostname -f`;
- chomp $host;
-
- my $subj = "Verbose Security Report for $host.";
- my $mesg = "The following security events occured since $last:\n\n";
-
- my @events;
- if (open(V, $file)) {
- while (<V>) {
- chomp;
- if (/^(\d+) (\d+) (.+)$/) {
- my ($timestamp, $counter, $logmsg) = ($1, $2, $3);
- push @events, [ $timestamp, $counter ];
- $mesg .= "$logmsg\n";
- }
- }
- close(V);
-
- if (@events) {
- if ($DEBUG) {
- my $count = scalar @events;
- errlog "[$count events] sending verbose notification to $email.";
- }
-
- # actually send out the notification...
- open(MAIL, "| sendmail -F 'AppArmor Security Notification' $email");
- print MAIL "To: $email\n";
- print MAIL "Subject: $subj\n\n";
- print MAIL "$mesg\n";
- print MAIL ".\n";
- close(MAIL);
- }
-
- # delete the verbose notification logfile once we've processed it
- unlink($file);
- }
-}
-
-sub summary_notify_handler {
- my ($email, $file, $last, $level, $unknown) = @_;
-
- $last = localtime($last);
-
- my $now = time;
-
- my $host = `hostname -f`;
- chomp $host;
-
- my $subj = "Summary Security Report for $host.";
- my $mesg = "The following security events occured since $last:\n\n";
-
- my @events;
- if (open(V, $file)) {
- while (<V>) {
- chomp;
- if (/^(\d+) (\d+) (.+)$/) {
- my ($timestamp, $counter, $logmsg) = ($1, $2, $3);
- push @events, [ $timestamp, $counter ];
- $mesg .= "$logmsg\n";
- }
- }
- close(V);
-
- if (@events) {
- if ($DEBUG) {
- my $count = scalar @events;
- errlog "[$count events] sending summary notification to $email.";
- }
-
- # actually send out the notification...
- open(MAIL, "| sendmail -F 'AppArmor Security Notification' $email");
- print MAIL "To: $email\n";
- print MAIL "Subject: $subj\n\n";
- print MAIL "$mesg\n";
- print MAIL ".\n";
- close(MAIL);
- }
-
- # delete the verbose notification logfile once we've processed it
- unlink($file);
- }
-}
-
-sub terse_notify_handler {
- my ($email, $file, $last, $level, $unknown) = @_;
-
- $last = localtime($last);
-
- my $now = time;
-
- my $host = `hostname -f`;
- chomp $host;
-
- my @events;
- my $count = 0;
- if (open(V, $file)) {
- while (<V>) {
- chomp;
- if (/^(\d+) (\d+) (.+)$/) {
- my ($timestamp, $counter, $logmsg) = ($1, $2, $3);
- push @events, [ $timestamp, $counter ];
- $count++;
- }
- }
- close(V);
-
- if ($count) {
- if ($DEBUG) {
- errlog "[$count events] sending terse notification to $email.";
- }
- my $subj = "Security Report for $host.";
- my $mesg = "$host has had $count security events since $last.";
-
- # actually send out the notification...
- open(MAIL, "| sendmail -F 'AppArmor Security Notification' $email");
- print MAIL "To: $email\n";
- print MAIL "Subject: $subj\n\n";
- print MAIL "$mesg\n";
- print MAIL ".\n";
- close(MAIL);
- }
-
- # delete the terse notification logfile once we've processed it
- unlink($file);
- }
-}
-
-sub fork_into_background {
- my ($name, $func, @args) = @_;
-
- my $pid = fork;
-
- if (not defined $pid) {
-
- # something bad happened, just log it...
- errlog "couldn't fork for \"$name\": $!"
-
- } elsif ($pid == 0) {
-
- # we're in the child process now...
-
- # set our process name
- $0 = $name;
-
- # call our subroutine
- my $ret = &$func(@args);
-
- exit($ret);
- }
-
- return $pid;
-}
-
-##########################################################################
-# Parse event record into key-value pairs
-sub parseEvent($) {
-
- my %ev = ();
- my $msg = shift;
- chomp($msg);
-
- my $event = LibAppArmor::parse_record($msg);
-
- # resource is an alternate term for 'name1' below
- # mode is an alternate term for 'mode_deny' below
- $ev{'time'} = LibAppArmor::aa_log_record::swig_epoch_get($event);
- $ev{'op'} = LibAppArmor::aa_log_record::swig_operation_get($event);
- $ev{'pid'} = LibAppArmor::aa_log_record::swig_pid_get($event);
- $ev{'mode_deny'} = LibAppArmor::aa_log_record::swig_denied_mask_get($event);
- $ev{'mode_req'} = LibAppArmor::aa_log_record::swig_requested_mask_get($event);
- $ev{'profile'}= LibAppArmor::aa_log_record::swig_profile_get($event);
- $ev{'prog'} = LibAppArmor::aa_log_record::swig_name_get($event);
- $ev{'name2'} = LibAppArmor::aa_log_record::swig_name2_get($event);
- $ev{'attr'} = LibAppArmor::aa_log_record::swig_attribute_get($event);
- $ev{'parent'} = LibAppArmor::aa_log_record::swig_parent_get($event);
- $ev{'magic_token'} = LibAppArmor::aa_log_record::swig_magic_token_get($event);
- $ev{'resource'} = LibAppArmor::aa_log_record::swig_info_get($event);
- $ev{'active_hat'} = LibAppArmor::aa_log_record::swig_active_hat_get($event);
- $ev{'sdmode'} = LibAppArmor::aa_log_record::swig_event_get($event);
-
- # NetDomain
- if ( $ev{'op'} && $ev{'op'} =~ /socket/ ) {
- next if $ev{'op'} =~ /create/;
- $ev{'net_family'} = LibAppArmor::aa_log_record::swig_net_family_get($event);
- $ev{'net_proto'} = LibAppArmor::aa_log_record::swig_net_protocol_get($event);
- $ev{'net_socktype'} = LibAppArmor::aa_log_record::swig_net_sock_type_get($event);
- }
-
- LibAppArmor::free_record($event);
-
- if ( ! $ev{'time'} ) { $ev{'time'} = time; }
-
- # remove null responses
- for (keys(%ev)) {
- if ( ! $ev{$_} || $ev{$_} !~ /\w+/) {delete($ev{$_}); }
- #errlog "EVENT: $_ is $ev{$_}";
- }
-
- if ( $ev{'sdmode'} ) {
- #0 = invalid, 1 = error, 2 = AUDIT, 3 = ALLOW/PERMIT,
- #4 = DENIED/REJECTED, 5 = HINT, 6 = STATUS/config change
- if ( $ev{'sdmode'} == 2 ) { $ev{'sdmode'} = "AUDITING"; }
- elsif ( $ev{'sdmode'} == 3 ) { $ev{'sdmode'} = "PERMITING"; }
- elsif ( $ev{'sdmode'} == 4 ) { $ev{'sdmode'} = "REJECTING"; }
- else { delete($ev{'sdmode'}); }
- }
-
- return \%ev;
-}
-
-sub process_event ($$) {
-
- my $dbh = shift;
- my $logmsg = shift;
- my $sth;
- my $severity = "";
- my @eventList = ();
- my $type = undef;
- my $time = undef;
-
- return unless $logmsg && $logmsg =~ /APPARMOR/;
- my $ev = parseEvent($logmsg);
-
- # skip logprof hints
- if ( ! $ev->{'op'} || $ev->{'op'} eq 'clone') { return; }
-
- $time = time; # XXX - do we want current time or $ev->{'time'}?
-
- if ($time ne $lasttime) {
- $counter = 0;
- $timestamp = $time;
- $lasttime = $time;
- }
-
- $counter++;
-
- # some statistics...
- $max = $counter if $counter > $max;
-
- # if we already have events in the db, make sure we don't try to re-enter
- # duplicates if we start up again and parse the same logfile over again
- if ($last_inserted_time) {
- return if $timestamp < $last_inserted_time;
-
- if ($timestamp == $last_inserted_time) {
- return if $counter <= $last_inserted_counter;
- }
-
- $last_inserted_time = undef;
- }
-
- if ( $ev->{'sdmode'} && $ev->{'sdmode'} eq "REJECTING") {
- $severity = $sevdb->rank($ev->{'prog'}, $ev->{'mode_req'});
- if ( ! $severity ) { $severity = "-1"; }
-
- # we only do notification for enforce mode events
- if ($config->{verbose_freq}) {
- if ( ($severity >= $config->{verbose_level})
- || (($severity == -1) && $config->{verbose_unknown}))
- {
- push @verbose_buffer, [ $timestamp, $counter, $logmsg ];
- }
- }
-
- if ($config->{summary_freq}) {
- if ( ($severity >= $config->{summary_level})
- || (($severity == -1) && $config->{summary_unknown}))
- {
- push @summary_buffer, [ $timestamp, $counter, "path",
- $ev->{'prog'}, $ev->{'mode_req'}, $ev->{'resource'} ];
- }
- }
-
- if ($config->{terse_freq}) {
- if ( ($severity >= $config->{terse_level})
- || (($severity == -1) && $config->{terse_unknown}))
- {
- push @terse_buffer, [ $timestamp, $counter, "dummy" ];
- }
- }
-
- }
-
- unless ( $ev->{'op'} ) {
- my $errmsg = "ERROR: No operation found: ";
- for my $k (sort keys(%$ev)) {
- $errmsg .= "$k is $ev->{$k}, ";
- }
- errlog("$errmsg\n");
- return;
- }
-
- # Format the message to match the db template
- if ($ev->{'op'} eq 'link' ) {
- $type = 'link';
- push(@eventList, [$time,$counter,$type,$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'resource'},$ev->{'target'},$ev->{'prog'},$ev->{'pid'},$severity]);
- } elsif ($ev->{'op'} eq 'attribute') {
- $type = 'chattr';
- push(@eventList, []);
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'resource'},$ev->{'mode_req'},$ev->{'mode_deny'},$ev->{'prog'},
- $ev->{'pid'},$severity]);
- } elsif ($ev->{'op'} eq 'capability') {
- $type = 'capability';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'resource'},$ev->{'prog'},$ev->{'pid'},$severity]);
- } elsif ($ev->{'op'} eq 'capable') {
- $type = 'capable';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'prog'},
- $ev->{'profile'},$ev->{'pid'}]);
- } elsif ($ev->{'op'} =~ /ontrol variable/ ) {
- $type = 'ctrl_var';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'resource'},
- $ev->{'mode_req'},$ev->{'mode_deny'},$severity]);
- } elsif ($ev->{'op'} eq 'unknown_hat') {
- $type = 'unknown_hat';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'resource'},$ev->{'pid'},$severity]);
- } elsif ($ev->{'op'} eq 'fork') {
- $type = 'fork';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'pid'},$ev->{'resource'}]);
- } elsif ($ev->{'op'} eq 'changing_profile') {
- $type = 'changing_profile';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'pid'}]);
- } elsif ($ev->{'op'} eq 'profile_load') {
- $type = 'profile_load';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'resource'},
- $ev->{'prog'},$ev->{'pid'}]);
- } elsif ($ev->{'op'} eq 'profile_replace') {
- $type = 'profile_replacement';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},$ev->{'sdmode'},
- $ev->{'prog'},$ev->{'pid'},$severity]);
- } elsif ($ev->{'op'} eq 'removed') {
- $type = 'removed';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$severity]);
- } elsif ($ev->{'op'} eq 'initialized') {
- $type = 'initialized';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'resource'},$severity]);
- } elsif ( $ev->{'op'} =~ /socket/) {
- $type = 'net';
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'net_family'},
- $ev->{'net_sock_type'},$ev->{'net_proto'},$ev->{'pid'},$ev->{'profile'}]);
- } else {
- $type = 'path';
- if ( ! $ev->{'prog'} ) { $ev->{'prog'} = "NIL"; }
- push(@eventList, [$time,$counter,$type,$ev->{'op'},$ev->{'profile'},
- $ev->{'sdmode'},$ev->{'mode_req'},$ev->{'mode_deny'},$ev->{'resource'},
- $ev->{'prog'},$ev->{'pid'},$severity]);
- }
-
- push(@commit_buffer, @eventList);
- $inserts++;
-
-}
-
-sub dump_events {
- my ($which, @events) = @_;
-
- if ($DEBUG) {
- my $count = scalar @events;
- errlog "dumping $count events to $which db.";
- }
-
- if (open(F, ">>$dbdir/$which.db")) {
- for my $event (@events) {
- my @event = @$event;
- print F "@event\n";
- }
- close(F);
- } else {
- errlog "can't write to $dbdir/$which.db: $!";
- }
-}
-
-sub check_timers ($) {
- my $dbh = shift;
-
- # what time is it right... NOW
- my $now = time;
-
- # make sure we commit periodically
- if (($inserts > 10000) || ($now >= ($last_flush_time + $timeout))) {
-
- my $last_prepare = "";
- my $sth;
-
- for my $event (sort { $a->[0] cmp $b->[0] } @commit_buffer) {
- my @event = @{$event};
-
- #my $type = shift @event;
- my $type = $event[2];
-
- eval {
- if ($type ne $last_prepare) {
- $sth = $dbh->prepare("INSERT INTO events $templates{$type}");
- $last_prepare = $type;
- }
-
- $sth->execute(@event);
- };
-
- if ($@) {
- print ERRLOG "DBI Execution failed: $DBI::errstr\n";
- }
-
- #$sth->execute(@event);
- }
-
- $dbh->commit || errlog "Error commiting changes: $!";
-
- # need to get the time again to include how much time it takes to
- # actually write all this crap to the db
- $now = time;
-
- if ($DEBUG && $inserts) {
- $total += $inserts;
- my $delta = $now - $last_flush_time;
- my $rate = int($inserts / $delta);
- errlog "$rate/s $inserts in ${delta}s total=$total max=$max";
- }
-
- $last_flush_time = $now;
-
- @commit_buffer = ();
-
- $max = 0;
- $inserts = 0;
-
- if (@verbose_buffer) {
-
- # if we've got verbose events, dump them
- dump_events("verbose", @verbose_buffer);
-
- # and clear out our buffer
- @verbose_buffer = ();
- }
-
- if (@terse_buffer) {
-
- # if we've got terse events, dump them
- dump_events("terse", @terse_buffer);
-
- # and clear out our buffer
- @terse_buffer = ();
- }
-
- # bail out if we don't have notification configured
- return unless -f $cfgfile;
-
- # what time did we last read the config file?
- my $load_time = $config->{load_time};
-
- # check when the config file was last modified...
- my $mtime = (stat($cfgfile))[9];
-
- # if it's been changed since we last read the config file, we need to
- # load the new settings
- if ($load_time < $mtime) {
- errlog "Reloading changed config file.";
- $config = readconfig();
- }
-
- }
-
- # bail out if we don't have notification configured
- return unless -f $cfgfile;
-
- if ($config->{terse_freq}) {
- if (($terse->{last_notify} + $config->{terse_freq}) <= $now) {
- if (-f "$dbdir/terse.db") {
- $DEBUG && errlog "doing terse notification...";
-
- # get a temporary filename...
- my ($fh, $filename) = tempfile("terseXXXXXX", DIR => $dbdir);
-
- # overwrite the temp file we just created...
- rename("$dbdir/terse.db", $filename);
-
- if ($DEBUG) {
- errlog "terse file is $filename";
- }
-
- # do the actual notification in the background
- fork_into_background("terse-notification",
- \&terse_notify_handler,
- $config->{terse_email},
- $filename,
- $terse->{last_notify},
- $config->{terse_level},
- $config->{terse_unknown});
-
- # ...keep track of when we last sent out a notify
- $terse->{last_notify} = $now;
- }
- }
- }
-
- if ($config->{summary_freq}) {
- if (($summary->{last_notify} + $config->{summary_freq}) <= $now) {
- if (-f "$dbdir/summary.db") {
- $DEBUG && errlog "doing summary notification...";
-
- # get a temporary filename...
- my ($fh, $filename) = tempfile("summaryXXXXXX", DIR => $dbdir);
-
- # overwrite the temp file we just created...
- rename("$dbdir/summary.db", $filename);
-
- # do the actual notification in the background
- fork_into_background("summary-notification",
- \&summary_notify_handler,
- $config->{summary_email},
- $filename,
- $summary->{last_notify},
- $config->{summary_level},
- $config->{summary_unknown});
-
- # ...keep track of when we last sent out a notify
- $summary->{last_notify} = $now;
- }
- }
- }
-
- if ($config->{verbose_freq}) {
- if (($verbose->{last_notify} + $config->{verbose_freq}) <= $now) {
- if (-f "$dbdir/verbose.db") {
- $DEBUG && errlog "doing verbose notification...";
-
- # get a temporary filename...
- my ($fh, $filename) = tempfile("verboseXXXXXX", DIR => $dbdir);
-
- # overwrite the temp file we just created...
- rename("$dbdir/verbose.db", $filename);
-
- if ($DEBUG) {
- errlog "verbose file is $filename";
- }
-
- # do the actual notification in the background
- fork_into_background("verbose-notification",
- \&verbose_notify_handler,
- $config->{verbose_email},
- $filename,
- $verbose->{last_notify},
- $config->{verbose_level},
- $config->{verbose_unknown});
-
- # ...keep track of when we last sent out a notify
- $verbose->{last_notify} = $now;
- }
- }
- }
-
-}
-
-sub get_last_event {
- my $dbh = shift;
-
- my ($time, $counter);
-
- # get the oldest timestamp...
- my $sth = $dbh->prepare('SELECT MAX(time) FROM events');
- $sth->execute;
- my @row = $sth->fetchrow_array || (0);
- $time = $row[0];
- if ($time) {
-
- # get the highest counter for this timestamp...
- $sth = $dbh->prepare("SELECT MAX(counter) FROM events WHERE time = $time");
- $sth->execute;
- @row = $sth->fetchrow_array || (0);
- $counter = $row[0];
- }
-
- return ($time, $counter);
-}
-
-##########################################################################
-# start the real magic...
-
-my $finished;
-
-# make sure we exit if someone sends us the right signal
-sub sig_handler {
- my $signame = shift;
-
- errlog("Caught signal '$signame'. Exiting...");
- $finished = 1;
-}
-
-# set up our error log without buffering
-open(ERRLOG, ">>$dbdir/event-dispatch.log");
-my $oldfd = select(ERRLOG);
-$| = 1;
-select($oldfd);
-
-$config = readconfig();
-
-# fork off into the background. we need to do this before we connect to
-# the db, otherwise, we'll get an ugly error about rolling back a
-# connection that's being destroyed
-daemonize;
-
-# automagically reap child processes
-$SIG{INT} = \&sig_handler;
-$SIG{TERM} = \&sig_handler;
-$SIG{CHLD} = 'IGNORE';
-
-# Sigh, portable dates in perl sucks
-eval "use Date::Parse";
-if (!$@) {
- $date_module = 'TimeDate';
-} else {
- eval "use Date::Manip";
- if (!$@) {
- $date_module = 'DateManip';
- } else {
- errlog "Unable to load Date module; use either TimeDate or Date::Manip";
- $finished = 1;
- }
-}
-
-# if they want us to write a pid, do it
-if ($pidfile) {
- if (open(PIDFILE, ">$pidfile")) {
- print PIDFILE "$$\n";
- close(PIDFILE);
- }
-}
-
-my $dbh = connect_database($dbdir);
-
-($last_inserted_time, $last_inserted_counter) = get_last_event($dbh);
-
-my $auditlog = File::Tail->new(
- name => $logfile,
- debug => 1,
- tail => -1,
- interval => 1,
- maxinterval => 5,
- adjustafter => 20,
- errmode => "return",
- ignore_noexistant => 1
-);
-my $syslog = File::Tail->new(
- name => $syslogfile,
- debug => 1,
- tail => -1,
- interval => 1,
- maxinterval => 5,
- adjustafter => 20,
- errmode => "return",
- ignore_noexistant => 1
-);
-my $line = '';
-
-# process complete lines from the buffer...
-while (not $finished) {
- my ($nfound, $timeleft, @pending) = File::Tail::select(undef, undef, undef, $timeout, ($auditlog, $syslog));
-
- foreach (@pending) {
- process_event($dbh, $_->read);
- }
-
- # see if we should flush pending entries to disk and/or do notification
- check_timers($dbh);
-}
-
-# make sure we don't exit with any pending events not written to the db
-$dbh->commit || errlog "Error commiting changes: $!";
-$dbh->disconnect || errlog "Error disconnecting from db: $!";
-
-# close our error/debugging log file
-close(ERRLOG);
-
-unlink($pidfile) if $pidfile;
-
-exit 0;
diff --git a/deprecated/utils/aa-genprof b/deprecated/utils/aa-genprof
deleted file mode 100755
index a2225a7f71367f1390cec70b1bb90b013a3711f7..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-genprof
+++ /dev/null
@@ -1,216 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-sub sysctl_read($) {
- my $path = shift;
- my $value = undef;
- if (open(SYSCTL, "<$path")) {
- $value = int(<SYSCTL>);
- }
- close(SYSCTL);
- return $value;
-}
-
-sub sysctl_write($$) {
- my $path = shift;
- my $value = shift;
- return if (!defined($value));
- if (open(SYSCTL, ">$path")) {
- print SYSCTL $value;
- close(SYSCTl);
- }
-}
-
-# force $PATH to be sane
-$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-# options variables
-my $help = '';
-
-GetOptions(
- 'file|f=s' => \$filename,
- 'dir|d=s' => \$profiledir,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-my $sd_mountpoint = check_for_subdomain();
-unless ($sd_mountpoint) {
- fatal_error(gettext("AppArmor does not appear to be started. Please enable AppArmor and try again."));
-}
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- fatal_error "Can't find AppArmor profiles in $profiledir.";
-}
-
-# what are we profiling?
-my $profiling = shift;
-
-unless ($profiling) {
- $profiling = UI_GetString(gettext("Please enter the program to profile: "), "")
- || exit 0;
-}
-
-my $fqdbin;
-if (-e $profiling) {
- $fqdbin = get_full_path($profiling);
- chomp($fqdbin);
-} else {
- if ($profiling !~ /\//) {
- my $which = which($profiling);
- if ($which) {
- $fqdbin = get_full_path($which);
- }
- }
-}
-
-unless ($fqdbin && -e $fqdbin) {
- if ($profiling =~ /^[^\/]+$/) {
- fatal_error(sprintf(gettext('Can\'t find %s in the system path list. If the name of the application is correct, please run \'which %s\' in the other window in order to find the fully-qualified path.'), $profiling, $profiling));
- } else {
- fatal_error(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));
- }
-}
-
-
-# make sure that the app they're requesting to profile is not marked as
-# not allowed to have it's own profile
-check_qualifiers($fqdbin);
-
-# load all the include files
-loadincludes();
-
-my $profilefilename = getprofilefilename($fqdbin);
-if (-e $profilefilename) {
- $helpers{$fqdbin} = getprofileflags($profilefilename) || "enforce";
-} else {
- autodep($fqdbin);
- $helpers{$fqdbin} = "enforce";
-}
-
-if ($helpers{$fqdbin} eq "enforce") {
- complain($fqdbin);
- reload($fqdbin);
-}
-
-# When reading from syslog, it is possible to hit the default kernel
-# printk ratelimit. This will result in audit entries getting skipped,
-# making profile generation inaccurate. When using genprof, disable
-# the printk ratelimit, and restore it on exit.
-my $ratelimit_sysctl = "/proc/sys/kernel/printk_ratelimit";
-my $ratelimit_saved = sysctl_read($ratelimit_sysctl);
-END { sysctl_write($ratelimit_sysctl, $ratelimit_saved); }
-sysctl_write($ratelimit_sysctl, 0);
-
-UI_Info(gettext("\nBefore you begin, you may wish to check if a\nprofile already exists for the application you\nwish to confine. See the following wiki page for\nmore information:\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles"));
-
-UI_Important(gettext("Please start the application to be profiled in \nanother window and exercise its functionality now.\n\nOnce completed, select the \"Scan\" button below in \norder to scan the system logs for AppArmor events. \n\nFor each AppArmor event, you will be given the \nopportunity to choose whether the access should be \nallowed or denied."));
-
-my $syslog = 1;
-my $logmark = "";
-my $done_profiling = 0;
-
-$syslog = 0 if (-e "/var/log/audit/audit.log");
-
-while (not $done_profiling) {
- if ($syslog) {
- $logmark = `date | md5sum`;
- chomp $logmark;
- $logmark = $1 if $logmark =~ /^([0-9a-f]+)/;
- system("$logger -p kern.warn 'GenProf: $logmark'");
- } else {
- $logmark = last_audit_entry_time();
- }
- eval {
-
- my $q = {};
- $q->{headers} = [ gettext("Profiling"), $fqdbin ];
- $q->{functions} = [ "CMD_SCAN", "CMD_FINISHED" ];
- $q->{default} = "CMD_SCAN";
-
- my ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_SCAN") {
-
- my $lp_ret = do_logprof_pass($logmark);
-
- $done_profiling = 1 if $lp_ret eq "FINISHED";
-
- } else {
-
- $done_profiling = 1;
-
- }
- };
- if ($@) {
- if ($@ =~ /FINISHING/) {
- $done_profiling = 1;
- } else {
- die $@;
- }
- }
-}
-
-for my $p (sort keys %helpers) {
- if ($helpers{$p} eq "enforce") {
- enforce($p);
- reload($p);
- }
-}
-
-UI_Info(gettext("Reloaded AppArmor profiles in enforce mode."));
-UI_Info(gettext("\nPlease consider contributing your new profile! See\nthe following wiki page for more information:\nhttps://gitlab.com/apparmor/apparmor/wikis/Profiles\n"));
-UI_Info(sprintf(gettext('Finished generating profile for %s.'), $fqdbin));
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ -f /path/to/logfile ] [ program to profile ]"), $0));
- exit 0;
-}
-
-sub last_audit_entry_time {
- local $_ = `tail -1 /var/log/audit/audit.log`;
- my $logmark;
- if (/^*msg\=audit\((\d+\.\d+\:\d+).*\).*$/) {
- $logmark = $1;
- } else {
- $logmark = "";
- }
- return $logmark;
-}
diff --git a/deprecated/utils/aa-logprof b/deprecated/utils/aa-logprof
deleted file mode 100755
index b4c34b9930d4b2a755b3f6484497607bd7eae0e4..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-logprof
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-
-use strict;
-use Data::Dumper;
-use Getopt::Long;
-use Locale::gettext;
-use POSIX;
-
-use Immunix::AppArmor;
-
-# force $PATH to be sane
-$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-setup_yast();
-
-# options variables
-my $help = '';
-my $logmark;
-
-GetOptions(
- 'file|f=s' => \$filename,
- 'dir|d=s' => \$profiledir,
- 'logmark|m=s' => \$logmark,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-# let's convert it to full path...
-$profiledir = get_full_path($profiledir);
-
-unless (-d $profiledir) {
- fatal_error "Can't find AppArmor profiles in $profiledir.";
-}
-
-# load all the include files
-loadincludes();
-
-do_logprof_pass($logmark);
-
-shutdown_yast();
-
-exit 0;
-
-sub usage {
- UI_Info(sprintf(gettext("usage: \%s [ -d /path/to/profiles ] [ -f /path/to/logfile ] [ -m \"mark in log to start processing after\""), $0));
- exit 0;
-}
-
diff --git a/deprecated/utils/aa-repo.pl b/deprecated/utils/aa-repo.pl
deleted file mode 100644
index 1f3637fea3269ecc13227e34b0b0324b23560824..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-repo.pl
+++ /dev/null
@@ -1,821 +0,0 @@
-#!/usr/bin/perl
-# ----------------------------------------------------------------------
-# Copyright (c) 2008 Dominic Reynolds. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-#
-# ----------------------------------------------------------------------
-
-# ----------------------------------------------------------------------
-#
-my $usage =
-"aa-repo.pl --command args\n";
-
-my $usage_search =
-" --search [author=XXX] [prog=XXX] [id=XXX]
- Search the repository for profiles matching the search criteria
- and return the results.
- NOTE: One --search switch per option
-
- --verbose|v
- Verbosity level. Supply either one or two switches. Two switches
- adds full profile text in returned search results.\n";
-
-my $usage_push =
-
-" --push [--profile=XXX|all] [--changelog=XXX]
- Push local profiles to repository, uses configured user and upon
- overwrite of an existing profile in the repository then prompt
- user with a diff for confirmation XXX the name of the application
- whose profile should be uploaded or \"all\" to upload all
- profiles. Multiple --profile switches may be passed to supply
- multiple profile names
-
- e.g. --push --profile /usr/sbin/mdnsd --profile /usr/sbin/ftp
- e.g. --push --profile all\n";
-
-my $usage_pull =
-" --pull [--author=XXX] [--profile=XXX] or [--id=XXX] [--mode=complain]
- pull remote profiles and install on local system
- If operation will change local profiles then prompt user with
- diff for confirmation
- NOTE: One --pull switch per option and there are three acceptable
- combinations
-
- --pull --author=XXX
- * pull all profiles in the repo for the author
-
- --pull --author=XXX --profile=XXXX
- * pull the profile for prog owned by author
-
- --pull --id=XXXX
- * pull the profile with id
-
- --pull --mode=complain
- * set the profile(s) to complain mode when installed
-
- Profiles are checked for conflicts with currently installed
- profiles and presented as a list to the user to confirm and view.\n";
-
-
-my $usage_sync =
-" --sync [--up] [--down] [--noconfirm]
- Synchronize local profile set with the repository - showing
- changes and allowing prompting the user with the diffs and
- suggest the newest version to be activated. If the --all option
- is passed then treat profiles not marked as remote as new
- profiles that will be uploaded to the repository.\n";
-
-my $usage_stat =
-" --status
- Show the current status of the local profile set. This operation
- is similar to sync but does not prompt the user to up|down load
- changes\n";
-
-my $usage_getconfig =
-" --getconfig|c
- Print the current configuration for the repsository\n";
-
-
-my $usage_setconfig =
-" --setconfig [url=xxx] [username=xxxx] [password=xxxx] [enabled=(yes|no)]
- [upload=(yes|no)]
- Set the configuration options for the repository.
- NOTE: One --setconfig switch per option\n";
-
-my $usage_bottom =
-" --quiet|q Don't prompt user - assume that all changes should be made.
-
- ISSUES:
- o Should changes made to the system be recorded somehow? An audit event?
- o Should the tool allow a repo/distro to be passed for each operation?
-
-";
-
-use strict;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-use Immunix::Repository;
-use Data::Dumper;
-
-use Locale::gettext;
-use POSIX;
-
-# force $PATH to be sane
-$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin";
-
-# initialize the local poo
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-# options variables
-my $help = '';
-my $verbose = '';
-
-my ( $id, $author, $mode, %search, $sync, $getconfig, $push,
- $pull, %setconfig, @profiles, $all, $changelog, $stat );
-
-GetOptions(
- 'search=s%' => \%search,
- 'sync=s' => \$sync,
- 'status' => \$stat,
- 'getconfig|c' => \$getconfig,
- 'setconfig=s%' => \%setconfig,
- 'push' => \$push,
- 'id=s' => \$id,
- 'author=s' => \$author,
- 'profile=s' => \@profiles,
- 'changelog=s' => \$changelog,
- 'pull' => \$pull,
- 'all|a' => \$all,
- 'help|h' => \$help,
- 'verbose|v+' => \$verbose
-);
-
-#
-# Root privs required to run the repo tool
-#
-if ( geteuid() != 0 ) {
- print STDERR gettext(
-"You must be logged in with root user privileges to use this program.\n"
- );
- exit;
-}
-
-# --help
-# tell 'em how to use it...
-&usage && exit if $help;
-
-my $config = get_repo_config();
-
-#
-# --getconfig operation
-#
-&config && exit if $getconfig;
-
-my $sd_mountpoint = check_for_subdomain();
-unless ($sd_mountpoint) {
- fatal_error(gettext(
-"AppArmor does not appear to be started. Please enable AppArmor and try again."
- )
- );
-}
-
-#
-# --setconfig operation
-#
-if ( keys %setconfig ) {
- $config->{url} = $setconfig{url} if ( $setconfig{url} );
- $config->{distro} = $setconfig{distro} if ( $setconfig{distro} );
- $config->{enabled} = $setconfig{enabled} if ( $setconfig{enabled} );
- $config->{email} = $setconfig{email} if ( $setconfig{email} );
- $config->{user} = $setconfig{username} if ( $setconfig{username} );
- $config->{password} = $setconfig{password} if ( $setconfig{password} );
- $config->{upload} = $setconfig{upload} if ( $setconfig{upload} );
- set_repo_config( $config );
-}
-
-#
-# --push operation
-#
-if ( $push ) {
- my ($conflicts, $repo_profiles, $local_profiles, @overrides);
- if ( ! @profiles ) {
- print STDERR gettext(
-"Must supply at least one profile using \"--profile XXX\" to --push\n"
- );
- exit 1;
- } else {
- print STDERR Data::Dumper->Dump([@profiles], [qw(*profiles)]);
- }
- my $changelog = $changelog?$changelog:"none";
- push_profiles( \@profiles, $changelog, 1 );
-}
-
-
-#
-# --pull operation
-#
-if ( $pull ) {
- my $type = "";
- if ( $id ) {
- if ( $author || @profiles ) {
- print STDERR gettext(
-"Option --id=XX is only allowed by itself and not in combination to
-other options for the --pull command.\n"
- );
- exit 1;
- }
- $type = "id";
- }
- if ( @profiles && ! $author ) {
- print STDERR gettext(
-"Option --profile=XX requires that the --author=XX option be supplied
-to distinguish a specific profile.\n"
- );
- exit 1;
- } else {
- $type = "profile";
- }
-
- my $mode = $mode eq "complain"?1:0;
- pull_profiles( \@profiles, $type, $mode, 1 );
-}
-
-#
-# --search operation
-#
-if ( keys %search ) {
- if ( $search{id} ) {
- my($status,$result) = fetch_profile_by_id( $config->{url},
- $search{id} );
- if ($status) {
- my $title = sprintf(gettext( "Profile ID %s\n"), $search{id});
- console_print_search_results( $title,
- "profile",
- { $result->{name} => $result }
- );
-
- } else {
- print STDERR "ERROR $result\n";
- }
- } elsif ( $search{author} && $search{prog} ) {
- my($status,$result) =
- fetch_profiles_by_name_and_user( $config->{url},
- $config->{distro},
- $search{prog},
- $search{author}
- );
- if ( $status ) {
- my $title =
- sprintf(gettext("Profiles matching user: %s and program: %s\n"),
- $search{author},
- $search{prog}
- );
- console_print_search_results( $title, "profile", $result );
- } else {
- print STDERR "ERROR $result\n";
- }
- } elsif ( $search{author} ) {
- my($status,$result) = fetch_profiles_by_user( $config->{url},
- $config->{distro},
- $search{author}
- );
- if ( $status ) {
- my $title = sprintf(gettext( "Profiles for %s\n"), $search{author});
- console_print_search_results( $title, "profile", $result );
- } else {
- print STDERR "ERROR $result\n";
- }
- } elsif ( $search{prog} ) {
- my($status,$result) = fetch_profiles_by_name( $config->{url},
- $config->{distro},
- $search{prog},
- );
- if ( $status ) {
- my $title = sprintf(gettext("Profiles matching program: %s\n"),
- $search{prog});
- console_print_search_results( $title, "user", $result );
- } else {
- print STDERR "ERROR $result\n";
- }
- } else {
- print STDERR
-"Unsupported search criteria. Please specify at least one of
-author=XXX prog=XXX id=XXX\n";
- }
-}
-
-if ( $stat ) {
- my ( $local_profiles, $remote_profiles );
- my $msg =
-" The following profiles are stored in the repository but
- are not synchronized with the copy in the repository\n";
-
- my ($status, $result) = fetch_profiles_by_user( $config->{url},
- $config->{distro},
- $config->{user}
- );
- if ( $status ) {
- $remote_profiles = $result;
- } else {
- print STDERR sprintf(gettext("ERROR connecting to repository: %s\n"),
- $result);
- exit;
- }
-
- readprofiles();
- $local_profiles = serialize_local_profiles( \%sd );
- my ($local_only,$unsynched,$synched,$conflicts) = ({}, {}, {});
- $unsynched = find_profile_conflicts($remote_profiles, $local_profiles);
- for my $p ( keys %$local_profiles ) {
- if ( ! $remote_profiles->{$p} ) {
- $local_only->{$p} = $local_profiles->{$p};
- }
- }
-
- for my $p ( keys %$remote_profiles ) {
- $synched->{$p} =
- $remote_profiles->{$p}->{profile} if ( ! %$unsynched->{$p} );
- }
- UI_status($synched, $unsynched, $local_only);
-}
-
-######################
-# Helper functions
-######################
-
-#
-# Compare the local profile set with the remote profile set.
-# Return a list of the conflicting profiles as a list
-# { PROFILE_NAME => [LOCAL_PROFILE, REMOTE_PROFILE] ]
-#
-#
-# remote_profiles = repository profiles as returned by one of the
-# Immunix::Repository::fetch... functions
-# local_profiles = hash ref containing
-# { name => serialized local profile }
-#
-#
-
-sub find_profile_conflicts ($$) {
- my ($remote_profiles,$local_profiles) = @_;
- my $conflicts = {};
- for my $p ( keys(%$local_profiles) ) {
- if ( $local_profiles->{$p} and $remote_profiles->{$p} ) {
- my $p_local = $local_profiles->{$p};
- my $p_remote = $remote_profiles->{$p}->{profile};
- chomp($p_local);
- chomp($p_remote);
- if ( $p_remote ne $p_local ) {
- $conflicts->{$p} = [ $p_local, $p_remote ];
- }
- }
- }
- return( $conflicts );
-}
-
-sub serialize_local_profiles ($) {
- my $profiles = shift;
- my $local_profiles = {};
- for my $p ( keys %$profiles ) {
- my $serialize_opts = {};
- $serialize_opts->{NO_FLAGS} = 1;
- my $p_local = serialize_profile( $profiles->{$p},
- $p,
- $serialize_opts );
- $local_profiles->{$p} = $p_local;
- }
- return $local_profiles;
-}
-
-
-sub console_print_search_results ($$$) {
- my ($title, $type,$result) = @_;
- open(PAGER, "| less") or die "Can't open pager";
- print PAGER $title;
- print PAGER "Found " . values(%$result) . " profiles \n";
- for my $p ( values(%$result) ) {
- if ( $verbose ) {
- if ( $type eq "user" ) {
- print PAGER " Author [ " . $p->{username} . " ]\n";
- } elsif ( $type eq "profile" ) {
- print PAGER " Name [ " . $p->{name} . " ]\n";
- }
- print PAGER " Created [ " . $p->{created_at} . " ]\n";
- print PAGER " Downloads [ " . $p->{downloaded_count} . " ]\n";
- print PAGER " ID [ " . $p->{id} . " ]\n";
- if ( $verbose > 1 ) {
- print PAGER " Profile [ \n" . $p->{profile} . " ]\n\n";
- } else {
- print PAGER "\n";
- }
- } else {
- my $data = $type eq "user"?$p->{username}:$p->{name};
- print PAGER " " . $data . "\n";
- }
- }
- close PAGER;
-}
-
-sub UI_resolve_profile_conflicts {
-
- my ($explanation, $conflict_hash) = @_;
- my $url = $config->{url};
- my @conflicts = map { [ $_,
- $conflict_hash->{$_}->[0],
- $conflict_hash->{$_}->[1]
- ] }
- keys %$conflict_hash;
- my @commits = [];
- my $title = "Profile conflicts";
- my %resolution = ();
- my $q = {};
- $q->{title} = $title;
- $q->{headers} = [ "Repository", $url, ];
-
- $q->{explanation} = $explanation;
-
- $q->{functions} = [ "CMD_OVERWRITE",
- "CMD_KEEP",
- "CMD_VIEW_CHANGES",
- "CMD_ABORT",
- "CMD_CONTINUE", ];
-
- $q->{default} = "CMD_OVERWRITE";
- $q->{options} = [ map { $_->[0] } @conflicts ];
- $q->{selected} = 0;
-
- my ($ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW_CHANGES") {
- display_changes($conflicts[$arg]->[2], $conflicts[$arg]->[1]);
- }
- if ( $ans eq "CMD_OVERWRITE") {
- $q->{options} =
- [ map { $_ =~ /$conflicts[$arg]->[0]( K| O)?$/?
- $conflicts[$arg]->[0] . " O":
- $_ }
- @{$q->{options}}
- ];
- $resolution{$conflicts[$arg]->[0]} = "O";
- }
- if ( $ans eq "CMD_KEEP") {
- $q->{options} =
- [ map { $_ =~ /$conflicts[$arg]->[0]( K| O)?$/?
- $conflicts[$arg]->[0] . " K":
- $_ }
- @{$q->{options}}
- ];
- $resolution{$conflicts[$arg]->[0]} = "K";
- }
- $q->{selected} = ($arg+1) % @conflicts;
- } until $ans =~ /^CMD_CONTINUE/;
- if ($ans eq "CMD_CONTINUE") {
- my @results = ();
- for my $p ( keys %resolution ) {
- if ( $resolution{$p} eq "O" ) {
- push @results, $p;
- }
- }
- return @results;
- }
-}
-
-sub UI_display_profiles {
- my ($explanation, $profile_hash) = @_;
- my $url = $config->{url};
- my @profiles = map { [ $_, $profile_hash->{$_} ] } keys %$profile_hash;
- my $title = gettext("Profiles");
- my $q = {};
- $q->{title} = $title;
- $q->{headers} = [ "Repository", $url, ];
-
- $q->{explanation} = $explanation;
-
- $q->{functions} = [ "CMD_VIEW",
- "CMD_CONTINUE", ];
-
- $q->{default} = "CMD_CONTINUE";
- $q->{options} = [ map { $_->[0] } @profiles ];
- $q->{selected} = 0;
-
- my ($ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW") {
- my $pager = get_pager();
- open ( PAGER, "| $pager" ) or die "Can't open $pager";
- print PAGER gettext("Profile: ") . $profiles[$arg]->[0] . "\n";
- print PAGER $profiles[$arg]->[1];
- close PAGER;
- }
- $q->{selected} = ($arg+1) % @profiles;
- } until $ans =~ /^CMD_CONTINUE/;
- return;
-}
-
-sub UI_display_profile_conflicts {
- my ($explanation, $conflict_hash) = @_;
- my $url = $config->{url};
- my @conflicts = map { [ $_,
- $conflict_hash->{$_}->[0],
- $conflict_hash->{$_}->[1]
- ] }
- keys %$conflict_hash;
- my @commits = [];
- my $title = gettext("Profile conflicts");
- my $q = {};
- $q->{title} = $title;
- $q->{headers} = [ "Repository", $url, ];
-
- $q->{explanation} = $explanation;
-
- $q->{functions} = [ "CMD_VIEW_CHANGES",
- "CMD_CONTINUE", ];
-
- $q->{default} = "CMD_CONTINUE";
- $q->{options} = [ map { $_->[0] } @conflicts ];
- $q->{selected} = 0;
-
- my ($ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW_CHANGES") {
- display_changes($conflicts[$arg]->[2], $conflicts[$arg]->[1]);
- }
- $q->{selected} = ($arg+1) % @conflicts;
- } until $ans =~ /^CMD_CONTINUE/;
- return;
-}
-
-sub usage {
- if ( $help eq "push" ) {
- print STDERR $usage . $usage_push ."\n";
- } elsif ( $help eq "pull" ) {
- print STDERR $usage . $usage_pull ."\n";
- } elsif ( $help eq "sync" ) {
- print STDERR $usage . $usage_sync ."\n";
- } elsif ( $help eq "getconfig" ) {
- print STDERR $usage . $usage_getconfig ."\n";
- } elsif ( $help eq "setconfig" ) {
- print STDERR $usage . $usage_setconfig ."\n";
- } elsif ( $help eq "status" ) {
- print STDERR $usage . $usage_stat ."\n";
- } elsif ( $help eq "search" ) {
- print STDERR $usage . $usage_search ."\n";
- } else {
- open(PAGER, "| less") or die "Can't open pager";
- print PAGER $usage .
- $usage_search .
- $usage_push .
- $usage_pull .
- $usage_sync .
- $usage_stat .
- $usage_setconfig .
- $usage_getconfig .
- $usage_bottom . "\n";
- close PAGER;
- }
-}
-
-#
-# --getconfig helper function
-#
-sub config {
- my $configstr = gettext("Current config\n");
- my $config = get_repo_config();
- $configstr .= "\turl:\t\t$config->{url}\n";
- $configstr .= "\tdistro:\t\t$config->{distro}\n";
- $configstr .= "\tenabled:\t$config->{enabled}\n";
- $configstr .= "\temail:\t\t$config->{email}\n";
- $configstr .= "\tusername:\t$config->{user}\n";
- $configstr .= "\tpassword:\t$config->{password}\n";
- $configstr .= "\tupload:\t\t$config->{upload}\n";
- print STDERR $configstr . "\n";
-}
-
-#
-# helper function to push profiles to the repository
-# used by --push and --sync options
-#
-sub push_profiles($$$) {
- my ( $p_ref, $changelog, $confirm ) = @_;
- my ( $conflicts, $remote_profiles, $local_profiles, @overrides );
- my @profiles = @$p_ref;
-
- my $conflict_msg =
-" The following profile(s) selected for upload conflicts with a profile already
- stored in the repository for your account. Please choose whether to keep the
- current version or overwrite it.\n";
- $all = 0;
-
- readprofiles();
- my ($status, $result) = fetch_profiles_by_user( $config->{url},
- $config->{distro},
- $config->{user}
- );
- if ( $status ) {
- $remote_profiles = $result;
- } else {
- print STDERR sprintf(gettext("ERROR connecting to repository: %s\n"),
- $result);
- exit;
- }
-
- $all = 1 if ( grep(/^all$/, @profiles) );
-
- if ( $all ) {
- $local_profiles = serialize_local_profiles( \%sd );
- } else {
- my $local_sd = {};
- for my $p ( @profiles ) {
- if ( !$sd{$p} ) {
- print STDERR
- sprintf(gettext("Profile for [%s] does not exist\n"), $p);
- exit;
- }
- $local_sd->{$p} = $sd{$p};
- }
- $local_profiles = serialize_local_profiles( $local_sd );
- }
-
- $conflicts = find_profile_conflicts($remote_profiles, $local_profiles);
-
- if ( keys %$conflicts ) {
- @overrides = UI_resolve_profile_conflicts( $conflict_msg, $conflicts );
- }
-
- if ( $local_profiles ) {
- my @uploads;
- for my $p ( keys %$local_profiles ) {
- unless ( $conflicts->{$p} and !grep(/^$p$/, @overrides) ) {
- print STDERR gettext("Uploading ") . $p . "... ";
- my ($status,$result) = upload_profile( $config->{url},
- $config->{user},
- $config->{password},
- $config->{distro},
- $p,
- $local_profiles->{$p},
- $changelog
- );
- print STDERR gettext("done") . "\n";
- }
- if ( $status ) {
- push @uploads, $p;
- } else {
- print STDERR gettext("Error uploading") . "$p: $result\n";
- }
- }
- if ( @uploads ) {
- #
- # Currently the upload API with the repository returns the
- # the current users profile set before the update so we have
- # to refetch to obtain the metadata to update the local profiles
- #
- my $repo_p = [];
- print STDERR gettext("Updating local profile metedata....\n");
- my ($status,$result) = fetch_profiles_by_user( $config->{url},
- $config->{distro},
- $config->{user} );
- if ( $status ) {
- for my $p ( @uploads ) {
- push( @$repo_p, [$p, $result->{$p}] ) if ( $result->{$p} );
- }
- activate_repo_profiles( $config->{url}, $repo_p, 0 );
- print STDERR gettext(" done\n");
- } else {
- print STDERR gettext(
-"Failed to retrieve updated profiles from the repository. Error: "
- ) . $result . "\n";
- }
- }
- }
-}
-
-#
-# Helper function for pulling profiles from the repository
-# used by --pull and --sync options
-#
-sub pull_profiles($$$$) {
- my ( $p_ref, $mode, $confirm, $opts ) = @_;
- my @profiles = @$p_ref;
- my ( $conflicts, $commit_list, $remote_profiles,
- $local_profiles, @overrides );
-
- my $conflict_msg =
-" The following profiles selected for download conflict with profiles
- already deployed on the system. Please choose whether to keep the local
- version or overwrite with the version from the repository\n";
-
- readprofiles();
-
- if ( $opts->{id} ) {
- my ($status,$newp) = fetch_profile_by_id( $config->{url}, $opts->{id} );
- if ( ! $status ) {
- print STDERR gettext(
- sprintf("Error occured during operation\n\t[%s]\n",
- $newp
- )
- );
- exit 1;
- } else {
- $remote_profiles = { $newp->{name} => $newp->{profile} };
- }
- } elsif ( @profiles && $opts->{author} ) {
- $remote_profiles = {};
- for my $p ( @profiles ) {
- my ($status,$profiles) =
- fetch_profiles_by_name_and_user( $config->{url},
- $config->{distro},
- $p,
- $opts->{author} );
- if ( ! $status ) {
- print STDERR gettext(sprintf(
- "Error occured during operation\n\t[%s]\n",
- $profiles
- )
- );
- exit 1;
- } else {
- $remote_profiles->{$p} = $profiles->{$p};
- }
- }
- } elsif ( $opts->{author} ) {
- my ($status,$profiles) = fetch_profiles_by_user( $config->{url},
- $config->{distro},
- $opts->{author} );
- if ( ! $status ) {
- print STDERR gettext(sprintf(
- "Error occured during operation\n\t[%s]\n",
- $profiles
- )
- );
- exit 1;
- } else {
- $remote_profiles = $profiles;
- }
- }
- $local_profiles = serialize_local_profiles( \%sd );
- $conflicts = find_profile_conflicts( $remote_profiles, $local_profiles );
- if ( keys %$conflicts ) {
- @overrides = UI_resolve_profile_conflicts( $conflict_msg, $conflicts );
- }
- for my $p ( keys %$remote_profiles ) {
- unless ( $conflicts->{$p} and !grep(/^$p$/, @overrides) ) {
- $remote_profiles->{$p}->{username} = $opts->{author};
- push @$commit_list, [$p, $remote_profiles->{$p}];
- }
- }
-
- if ( $commit_list and @$commit_list ) {
- activate_repo_profiles( $config->{url}, $commit_list, $mode );
- system("rcapparmor reload");
- } else {
- UI_Info(gettext("No changes to make"));
- }
-}
-
-sub UI_status {
-
- my ($synched, $unsynched, $local) = @_;
- my $url = $config->{url};
- my $synched_text = gettext("Synchronized repository profiles:\t\t") .
- keys %$synched;
- my $unsynched_text = gettext("Unsynchronized repository profiles:\t") .
- keys %$unsynched;
- my $local_text = gettext("Local only profiles :\t\t\t") . keys %$local;
- my $options = [ $synched_text, $unsynched_text, $local_text ];
- my $title = gettext("Profile Status");
- my $explanation = gettext(
-" This is the current status of active profiles on the system.
- To view the profiles or unsyncronized changes select VIEW\n"
- );
- my $q = {};
- $q->{title} = $title;
- $q->{headers} = [ "Repository", $url, ];
- $q->{explanation} = $explanation;
- $q->{functions} = [ "CMD_VIEW", "CMD_FINISHED", ];
- $q->{default} = "CMD_FINISHED";
- $q->{options} = $options;
- $q->{selected} = 0;
-
- my ($ans, $arg);
- do {
- ($ans, $arg) = UI_PromptUser($q);
-
- if ($ans eq "CMD_VIEW") {
- if ( $arg == 0 ) {
- UI_display_profiles(
- gettext("Profiles stored in the repository"),
- $synched
- );
- } elsif ( $arg == 1 ) {
- UI_display_profile_conflicts(
- gettext("Unsyncronised profile changes"),
- $unsynched
- );
- } elsif ( $arg == 2 ) {
- UI_display_profiles(
- gettext("Profiles stored in the repository"),
- $local
- );
- }
- }
- } until $ans =~ /^CMD_FINSHED/;
-}
-
-
diff --git a/deprecated/utils/aa-status b/deprecated/utils/aa-status
deleted file mode 100644
index 7192912b17855ed47287bc06e4d2698a9eb470cb..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-status
+++ /dev/null
@@ -1,218 +0,0 @@
-#!/usr/bin/perl -w
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2005-2006 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-
-use strict;
-use Getopt::Long;
-use Cwd 'abs_path';
-
-my $confdir = "/etc/apparmor";
-my $sd_mountpoint;
-my $check_enabled = 0;
-my $count_enforced = 0;
-my $count_profiled = 0;
-my $count_complain = 0;
-my $verbose = 0;
-my $help;
-
-GetOptions(
- 'complaining' => \$count_complain,
- 'enabled' => \$check_enabled,
- 'enforced' => \$count_enforced,
- 'profiled' => \$count_profiled,
- 'verbose|v' => \$verbose,
- 'help|h' => \$help,
-) or usage();
-
-sub usage {
- print "Usage: $0 [OPTIONS]\n";
- print "Displays various information about the currently loaded AppArmor policy.\n";
- print "OPTIONS (one only):\n";
- print " --enabled returns error code if subdomain not enabled\n";
- print " --profiled prints the number of loaded policies\n";
- print " --enforced prints the number of loaded enforcing policies\n";
- print " --complaining prints the number of loaded non-enforcing policies\n";
- print " --verbose (default) displays multiple data points about loaded policy set\n";
- print " --help this message\n";
- exit;
-}
-
-$verbose = 1 if ($count_complain + $check_enabled + $count_enforced + $count_profiled == 0);
-usage() if $help or ($count_complain + $check_enabled + $count_enforced + $count_profiled + $verbose > 1);
-
-sub is_subdomain_loaded() {
- return 1 if (-d "/sys/module/apparmor");
- if(open(MODULES, "/proc/modules")) {
- while(<MODULES>) {
- return 1 if m/^(subdomain|apparmor)\s+/;
- }
- }
-
- return 0;
-}
-
-sub find_subdomainfs() {
-
- my $sd_mountpoint;
- if(open(MOUNTS, "/proc/mounts")) {
- while(<MOUNTS>) {
- $sd_mountpoint = "$1/apparmor" if m/^\S+\s+(\S+)\s+securityfs\s/ && -e "$1/apparmor";
- $sd_mountpoint = "$1/subdomain" if m/^\S+\s+(\S+)\s+securityfs\s/ && -e "$1/subdomain";
- $sd_mountpoint = $1 if m/^\S+\s+(\S+)\s+subdomainfs\s/ && -e "$1";
- }
- close(MOUNTS);
- }
-
- return $sd_mountpoint;
-}
-
-sub get_profiles {
- my $mountpoint = shift;
- my %profiles = ();
-
- if (open(PROFILES, "$mountpoint/profiles")) {
- while(<PROFILES>) {
- $profiles{$1} = $2 if m/^([^\(]+)\s+\((\w+)\)$/;
- }
- close(PROFILES);
- }
- return (%profiles);
-}
-
-sub get_processes {
- my %profiles = @_;
- my %processes = ();
- if (opendir(PROC, "/proc")) {
- my $file;
- while (defined($file = readdir(PROC))) {
- if ($file =~ m/^\d+/) {
- if (open(CURRENT, "/proc/$file/attr/current")) {
- while (<CURRENT>) {
- if (m/^([^\(]+)\s+\((\w+)\)$/) {
- $processes{$file}{'profile'} = $1;
- $processes{$file}{'mode'} = $2;
- } elsif (grep(abs_path("/proc/$file/exe") eq $_ , keys(%profiles))) {
- # keep only unconfined processes that have a profile defined
- $processes{$file}{'profile'} = abs_path("/proc/$file/exe");
- $processes{$file}{'mode'} = 'unconfined';
- }
- }
- close(CURRENT);
- }
- }
- }
- closedir(PROC);
- }
- return (%processes);
-}
-
-my $is_loaded = is_subdomain_loaded();
-
-if (!$is_loaded) {
- print STDERR "apparmor module is not loaded.\n" if $verbose;
- exit 1;
-}
-
-print "apparmor module is loaded.\n" if $verbose;
-
-$sd_mountpoint = find_subdomainfs();
-if (!$sd_mountpoint) {
- print STDERR "apparmor filesystem is not mounted.\n" if $verbose;
- exit 3;
-}
-
-if (! -r "$sd_mountpoint/profiles") {
- print STDERR "You do not have enough privilege to read the profile set.\n" if $verbose;
- exit 4;
-}
-
-#print "subdomainfs is at $sd_mountpoint.\n" if $verbose;
-
-# processes is a hash table :
-# * keys : processes pid
-# * values : hash containing information about the running process:
-# * 'profile' : name of the profile applied to the running process
-# * 'mode' : mode of the profile applied to the running process
-my %processes = ();
-my %enforced_processes = ();
-my %complain_processes = ();
-my %unconfined_processes = ();
-
-# profiles is a hash table :
-# * keys : profile name
-# * value : profile mode
-my %profiles;
-my @enforced_profiles = ();
-my @complain_profiles = ();
-
-%profiles = get_profiles($sd_mountpoint);
-@enforced_profiles = grep { $profiles{$_} eq 'enforce' } keys %profiles;
-@complain_profiles = grep { $profiles{$_} eq 'complain' } keys %profiles;
-
-# we consider the case where no profiles are loaded to be "disabled" as well
-my $rc = (keys(%profiles) == 0) ? 2 : 0;
-
-if ($check_enabled) {
- exit $rc;
-}
-
-if ($count_profiled) {
- print scalar(keys(%profiles)). "\n";
- exit $rc;
-}
-
-if ($count_enforced) {
- print $#enforced_profiles + 1 . "\n";
- exit $rc;
-}
-
-if ($count_complain) {
- print $#complain_profiles + 1 . "\n";
- exit $rc;
-}
-
-
-if ($verbose) {
- print keys(%profiles) . " profiles are loaded.\n";
- print $#enforced_profiles + 1 . " profiles are in enforce mode.\n";
- for (sort(@enforced_profiles)) {
- print " " . $_ . "\n";
- }
- print $#complain_profiles + 1 . " profiles are in complain mode.\n";
- for (sort(@complain_profiles)) {
- print " " . $_ . "\n";
- }
-}
-
-%processes = get_processes(%profiles);
-if ($verbose) {
- for (keys(%processes)) {
- $enforced_processes{$_} = $processes{$_} if $processes{$_}{'mode'} eq 'enforce';
- $complain_processes{$_} = $processes{$_} if $processes{$_}{'mode'} eq 'complain';
- # some early code uses unconfined instead of unconfined.
- $unconfined_processes{$_} = $processes{$_} if $processes{$_}{'mode'} =~ /uncon(fi|strai)ned/;
- }
- print keys(%processes) . " processes have profiles defined.\n";
- print keys(%enforced_processes) . " processes are in enforce mode :\n";
- for (sort { $enforced_processes{$a}{'profile'} cmp $enforced_processes{$b}{'profile'} } keys(%enforced_processes)) {
- print " " . $enforced_processes{$_}{'profile'} . " ($_) \n";
- }
- print keys(%complain_processes) . " processes are in complain mode.\n";
- for (sort { $complain_processes{$a}{'profile'} cmp $complain_processes{$b}{'profile'} } keys(%complain_processes)) {
- print " " . $complain_processes{$_}{'profile'} . " ($_) \n";
- }
- print keys(%unconfined_processes) . " processes are unconfined but have a profile defined.\n";
- for (sort { $unconfined_processes{$a}{'profile'} cmp $unconfined_processes{$b}{'profile'} } keys(%unconfined_processes)) {
- print " " . $unconfined_processes{$_}{'profile'} . " ($_) \n";
- }
-}
-
-exit $rc;
diff --git a/deprecated/utils/aa-unconfined b/deprecated/utils/aa-unconfined
deleted file mode 100755
index a5dac3e257bc83554072907da80e2290067f3ad4..0000000000000000000000000000000000000000
--- a/deprecated/utils/aa-unconfined
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/usr/bin/perl -w
-# ----------------------------------------------------------------------
-# Copyright (c) 2005 Novell, Inc. All Rights Reserved.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-#
-# To contact Novell about this file by physical or electronic mail,
-# you may find current contact information at www.novell.com.
-# ----------------------------------------------------------------------
-#
-# unconfined -
-# audit local system for processes listening on network connections
-# that are not currently running with a profile.
-
-use strict;
-use Getopt::Long;
-
-use Immunix::AppArmor;
-use Locale::gettext;
-use POSIX;
-
-setlocale(LC_MESSAGES, "");
-textdomain("apparmor-utils");
-
-# options variables
-my $paranoid = '';
-my $help = '';
-
-GetOptions(
- 'paranoid' => \$paranoid,
- 'help|h' => \$help,
-);
-
-# tell 'em how to use it...
-&usage && exit if $help;
-
-sub usage {
- printf(gettext("Usage: %s [ --paranoid ]\n"), $0);
- exit 0;
-}
-
-my $subdomainfs = check_for_subdomain();
-
-die gettext("AppArmor does not appear to be started. Please enable AppArmor and try again.") . "\n"
- unless $subdomainfs;
-
-my @pids;
-if ($paranoid) {
- opendir(PROC, "/proc") or die gettext("Can't read /proc\n");
- @pids = grep { /^\d+$/ } readdir(PROC);
- closedir(PROC);
-} else {
- if (open(NETSTAT, "LANG=C /bin/netstat -nlp |")) {
- while (<NETSTAT>) {
- chomp;
- push @pids, $5
- if /^(tcp|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)/;
- }
- close(NETSTAT);
- }
-}
-
-for my $pid (sort { $a <=> $b } @pids) {
- my $prog = readlink "/proc/$pid/exe" or next;
- my $attr;
- if (open(CURRENT, "/proc/$pid/attr/current")) {
- while (<CURRENT>) {
- chomp;
- $attr = $_ if (/^\// || /^null/);
- }
- close(CURRENT);
- }
- my $cmdline = `cat /proc/$pid/cmdline`;
- my $pname = (split(/\0/, $cmdline))[0];
- if ($pname =~ /\// && !($pname eq $prog)) {
- $pname = "($pname) ";
- } else {
- $pname = "";
- }
- if (not $attr) {
- if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
-
- #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
- $cmdline =~ s/\0/ /g;
- $cmdline =~ s/\s+$//;
- chomp $cmdline;
- print "$pid $prog ($cmdline) " . gettext("not confined\n");
- } else {
- print "$pid $prog $pname" . gettext("not confined\n");
- }
- } else {
- if ($prog =~ m/^(\/usr\/bin\/python|\/usr\/bin\/perl|\/bin\/bash)$/) {
-
- #my $scriptname = (split(/\0/, `cat /proc/$pid/cmdline`))[1];
- $cmdline =~ s/\0/ /g;
- $cmdline =~ s/\s+$//;
- chomp $cmdline;
- print "$pid $prog ($cmdline) " . gettext("confined by") . " '$attr'\n";
- } else {
- print "$pid $prog $pname" . gettext("confined by") . " '$attr'\n";
- }
- }
-}
diff --git a/deprecated/utils/convert-profile.pl b/deprecated/utils/convert-profile.pl
deleted file mode 100755
index 6369b03bf3f4620048a1419fe408eccde17ca16a..0000000000000000000000000000000000000000
--- a/deprecated/utils/convert-profile.pl
+++ /dev/null
@@ -1,135 +0,0 @@
-#! /usr/bin/perl -w
-
-# Very simple script to try converting AppArmor profiles to the new
-# profile syntax as of April 2007.
-#
-# Copyright (C) 2007 Andreas Gruenbacher <agruen@suse.de>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-use FileHandle;
-use File::Temp;
-use Getopt::Std;
-use strict;
-
-sub match($) {
- my ($str) = @_;
- my @fields;
-
- @fields = ($str =~ /^(\s*)([@\/]\S*)(\s.*,)$/);
- if (!@fields) {
- @fields = ($str =~ /^(\s*")((?:[^"]|\\")*)("\s.*,)$/);
- }
-
- return @fields;
-}
-
-sub alterations($) {
- my ($str) = @_;
-
- if ($str =~ /^([^{]*){([^}]*,[^}]*)}(.*)$/) {
- my @strs = map { "$1$_$3" } split(/,/, $2);
- return map { alterations($_) } @strs;
- } else {
- return ($str);
- }
-}
-
-my %known_dirs;
-
-sub remember_pathname($) {
- my ($str) = @_;
- my $pathname;
-
- for (split /(\/)/, $str) {
- if ($_ eq '/' && $pathname ne '') {
- #print "<<>> $pathname\n";
- $known_dirs{$pathname} = 1;
- }
- $pathname .= $_;
- }
-}
-
-sub add_slash($$) {
- my ($str, $perms) = @_;
-
- return exists $known_dirs{$str} || -d $str;
-}
-
-sub never_add_slash($$) {
- my ($str, $perms) = @_;
-
- return $perms =~ /[lmx]/ || $str =~ /\.(so|cf|db|conf|config|log|pid|so\*)$/ ||
- $str =~ /(\*\*|\/)$/ || (-e $str && ! -d $str);
-
-}
-
-our($opt_i);
-getopts('i');
-
-foreach my $filename (@ARGV) {
- my $fh_in;
-
- $fh_in = new FileHandle("< $filename")
- or die "$filename: $!\n";
-
- while (<$fh_in>) {
- if (my @fields = match($_)) {
- for my $x (alterations($fields[1])) {
- remember_pathname($x);
- }
- }
- }
-}
-
-if (@ARGV == 0) {
- print "Usage: $0 profile ...\n";
- print "Tries to convert the profile to the new profile syntax, and\n" .
- "prints the result to standard output. The result may need" .
- "further review.\n";
- exit 0;
-}
-
-foreach my $filename (@ARGV) {
- my ($fh_in, $fh_out, $tmpname);
-
- $fh_in = new FileHandle("< $filename")
- or die "$filename: $!\n";
-
- if ($opt_i) {
- ($fh_out, $tmpname) = mkstemp("$filename.XXXXXX")
- or die "$!\n";
- *STDOUT = $fh_out;
- }
-
- while (<$fh_in>) {
- if (my @fields = match($_)) {
- for my $x (alterations($fields[1])) {
- if (never_add_slash($x, $fields[2])) {
- print $_;
- } elsif (add_slash($x, $fields[2])) {
- print "$fields[0]$x/$fields[2] # (dir)\n";
- } else {
- print "$fields[0]$x/$fields[2] # (maybe-dir)\n";
- print $_;
- }
- }
- } else {
- print $_;
- }
- }
-
- if ($opt_i) {
- rename $tmpname, $filename
- or die "$filename: $!\n";
- }
-}
-
-# vim: smartindent softtabstop=4 shiftwidth=4
diff --git a/deprecated/utils/repair_obsolete_profiles b/deprecated/utils/repair_obsolete_profiles
deleted file mode 100755
index ea2994544ac60f0419a4be880563b22de5a4b68d..0000000000000000000000000000000000000000
--- a/deprecated/utils/repair_obsolete_profiles
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/usr/bin/perl -wi
-# automatically repair apparmor profiles that have had their supporting
-# infrastructure refactored out from underneath them
-
-# note -i in shebang line -- this program will modify in-place
-# profiles or #include chunks specified on the command line without
-# backups. Please make some yourself and inspect the changes made by
-# this tool to ensure they look correct.
-
-# It'll try to fix up #include files (supplied by SUSE/Immunix) that have
-# moved; it will also inspect many #include files that exist solely
-# for netdomain rule separation, and either remove the #include line
-# from profiles/includes or suck in the contents of the specific file,
-# depending if there was any non-netdomain content.
-
-# If you haven't modified any of the files listed in the @useless array,
-# you probably don't have to concern yourself with the complicated part
-# of the previous paragraph. If you did modify any of those files, this
-# tool will inspect those for changes, try to update any lines in those
-# files for correctness, and insert those lines directly into the
-# referencing profiles.
-
-our %count_cache;
-
-# count the number of 'interesting' lines in the file
-sub numlines ($) {
- my $name = $_[0];
-
- return $count_cache{$name} if $count_cache{$name};
-
- open FH, $name or return 1; # can't tell -> not empty
-
- my $linecount=0;
- while(<FH>) {
- if (m/^[^#]*#include/) {
- $linecount++;
- } elsif (m/^\s*#/) {
- # just a comment, skip it
- } elsif (m/\s*tcp_/) {
- # netdomain rules are unenforced, skip it
- } elsif (m/\s*udp_/) {
- # netdomain rules are unenforced, skip it
- } elsif (m/\S+/) {
- $linecount++;
- }
- }
- close FH;
-
- $count_cache{$name} = $linecount;
-
- return $linecount;
-}
-
-# given a single line from a profile, perform some search/replace
-# operations to reflect new locations for old files.
-#
-# change #include lines that reference files in the @useless array:
-# don't print the #include any more, and either suck in the contents of
-# the referenced file (calling itself recursively to fix up _those_
-# files) or just leave well enough alone, if the file had no
-# 'interesting' lines as defined above.
-
-%transforms = (
- # renamed around SuSE 9.3
- "abstractions/kde3" => "abstractions/kde",
- "abstractions/user-GTK" => "abstractions/gnome",
- "abstractions/user-Xauthority" => "abstractions/X",
-
- # user-custom -> program-chunks around SHASS 1.1, but these changed dirs
- "user-custom/fonts" => "abstractions/fonts",
- "user-custom/kde3" => "abstractions/kde",
- "user-custom/user-GTK" => "abstractions/gnome",
- "user-custom/user-mail" => "abstractions/user-mail",
- "user-custom/user-manpages" => "abstractions/user-manpages",
- "user-custom/user-Xauthority" => "abstractions/X",
- "user-custom/user-tmp" => "abstractions/user-tmp",
-
- # try to forget the -files
- "program-chunks/base-files" => "abstractions/base",
- "program-chunks/nameservice-files" => "abstractions/nameservice",
- "immunix-standard/base-files" => "abstractions/base",
- "immunix-standard/nameservice-files" => "abstractions/nameservice",
-
- # immunix-standard -> program-chunks
- "immunix-standard/postfix-bounce" => "program-chunks/postfix-bounce",
- "immunix-standard/postfix-cleanup" => "program-chunks/postfix-cleanup",
- "immunix-standard/postfix-common" => "program-chunks/postfix-common",
- "immunix-standard/postfix-flush" => "program-chunks/postfix-flush",
- "immunix-standard/postfix-local" => "program-chunks/postfix-local",
- "immunix-standard/postfix-master" => "program-chunks/postfix-master",
- "immunix-standard/postfix-nqmgr" => "program-chunks/postfix-nqmgr",
- "immunix-standard/postfix-pickup" => "program-chunks/postfix-pickup",
- "immunix-standard/postfix-proxymap" => "program-chunks/postfix-proxymap",
- "immunix-standard/postfix-qmgr" => "program-chunks/postfix-qmgr",
- "immunix-standard/postfix-showq" => "program-chunks/postfix-showq",
- "immunix-standard/postfix-smtp" => "program-chunks/postfix-smtp",
- "immunix-standard/postfix-smtpd" => "program-chunks/postfix-smtpd",
- "immunix-standard/postfix-trivial-rewrite" => "program-chunks/postfix-trivial-rewrite",
- "immunix-standard/apache-default-uri" => "program-chunks/apache-default-uri",
- "immunix-standard/at" => "program-chunks/at",
-);
-
-# chunks that immunix tools never populated -- lets remove the ones that
-# don't have any useful information
-my @useless = qw{
- program-chunks/base-nd
- program-chunks/portmap-nd
- program-chunks/postfix-local-nd
- program-chunks/postfix-master-nd
- program-chunks/postfix-proxymap-nd
- program-chunks/postfix-smtpd-nd
- program-chunks/postfix-smtp-nd
- user-custom/base-nd
- user-custom/portmap-nd
- user-custom/postfix-local-nd
- user-custom/postfix-master-nd
- user-custom/postfix-proxymap-nd
- user-custom/postfix-smtpd-nd
- user-custom/postfix-smtp-nd
- immunix-standard/base-nd
- immunix-standard/portmap-nd
- immunix-standard/postfix-local-nd
- immunix-standard/postfix-master-nd
- immunix-standard/postfix-proxymap-nd
- immunix-standard/postfix-smtpd-nd
- immunix-standard/postfix-smtp-nd
- program-chunks/at
- program-chunks/fam
- program-chunks/httpd
- program-chunks/identd
- program-chunks/imapd
- program-chunks/ipop2d
- program-chunks/ipop3d
- program-chunks/lpd
- program-chunks/mutt
- program-chunks/named
- program-chunks/nmbd
- program-chunks/ntalkd
- program-chunks/ntpd
- program-chunks/postgres
- program-chunks/rpc.lockd
- program-chunks/rpc.nfsd
- program-chunks/rpc.statd
- program-chunks/samba
- program-chunks/sendmail.sendmail
- program-chunks/shells
- program-chunks/slocate
- program-chunks/snmpd
- program-chunks/spamc
- program-chunks/sshd
- program-chunks/swat
- program-chunks/syslogd
- program-chunks/talk
- program-chunks/xfs
-};
-
-# create an alternation to speed up the regexp below
-my $useless = join('|', @useless);
-
-sub fixup ($) {
- $line = $_[0];
-
- $line =~ s/#include\s+<([^>]+)>/$i = (exists $transforms{$1}) ? $transforms{$1} : "$1"; "#include <$i>"/e;
-
- if ($line =~ m/\s*#include\s+<($useless)>/) {
- my $file = $1;
- if (numlines("/etc/subdomain.d/$file") > 0) {
- my $succ = open INC, "/etc/subdomain.d/$file";
- if (not $succ) {
- print STDERR "Error opening /etc/subdomain.d/$file\n";
- } else {
- while(my $included_line = <INC>) {
- print fixup_loop($included_line);
- }
- close INC;
- }
- }
- $line = ""; # this line has been handled by the file
- }
-
- return $line;
-}
-
-# call fixup on a single entry repeatedly -- this way, we can encode
-# 'small' changes in the fixup routine when they are made, rather than
-# encoding all possible starting points and which specific end point
-# they should go to.
-sub fixup_loop ($) {
- my $line = $_[0];
- my $saved;
- do {
- $saved = $line;
- $line = fixup($saved);
- } until ($line eq $saved);
- return $line;
-}
-
-# main entry point; fix each line in every file in argv.
-while(<>) {
- print fixup_loop($_);
-}
diff --git a/documentation/logo/README b/documentation/logo/README
new file mode 100644
index 0000000000000000000000000000000000000000..bf97b842419e9a3ca700607fb64b5e16ecb15529
--- /dev/null
+++ b/documentation/logo/README
@@ -0,0 +1,25 @@
+The apparmor logo (logo-default-red.svg) was created by Noah Davis and
+released under the LGPL (licence included below).
+
+Logo variants and uses:
+
+logo-default-red.svg - default logo and coloration used for the apparmor
+ project. Created for larger (64x64) uses.
+ Not optimized for small 16x16 tiles.
+
+
+
+License
+ * Copyright (c) 2018 Noah Davis <noahadvs@gmail.com>
+ *
+ * The appaprmor logo is licensed under the terms of the GNU
+ * Lesser General Public License, version 2.1. Please see the file
+ * COPYING.LGPL.
+ *
+ * This logo file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
diff --git a/documentation/logo/logo-default-red.svg b/documentation/logo/logo-default-red.svg
new file mode 100644
index 0000000000000000000000000000000000000000..deff545ce64fadfe4cb3dd50a8048c1ebf07a874
--- /dev/null
+++ b/documentation/logo/logo-default-red.svg
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg height="64" width="64" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><linearGradient id="a" gradientUnits="userSpaceOnUse" x1="55" x2="55" xlink:href="#j" y1="54" y2="9"/><linearGradient id="b"><stop offset="0" stop-color="#bf4231"/><stop offset="1" stop-color="#e05e4c"/></linearGradient><linearGradient id="c" gradientUnits="userSpaceOnUse" x1="32" x2="32" y1="58" y2="6"><stop offset="0" stop-color="#173f4f"/><stop offset="1" stop-color="#2f5361"/></linearGradient><linearGradient id="d" gradientUnits="userSpaceOnUse" x1="55" x2="55" xlink:href="#b" y1="54" y2="9"/><linearGradient id="e" gradientUnits="userSpaceOnUse" x1="20" x2="45" xlink:href="#k" y1="22" y2="47"/><linearGradient id="f" gradientUnits="userSpaceOnUse" x1="37" x2="37" y1="46" y2="38"><stop offset="0" stop-color="#be4434"/><stop offset=".25" stop-color="#c44837"/><stop offset="1" stop-color="#cb4c3b"/></linearGradient><linearGradient id="g" gradientUnits="userSpaceOnUse" x1="26" x2="50" xlink:href="#k" y1="16" y2="40"/><linearGradient id="h" gradientUnits="userSpaceOnUse" x1="40" x2="47" xlink:href="#k" y1="38" y2="45"/><linearGradient id="i" gradientUnits="userSpaceOnUse" x1="43" x2="46" xlink:href="#k" y1="44" y2="47"/><linearGradient id="j"><stop offset="0" stop-color="#eff0f1"/><stop offset="1" stop-color="#fcfcfc"/></linearGradient><linearGradient id="k"><stop offset="0" stop-color="#292c2f"/><stop offset="1" stop-opacity="0"/></linearGradient><linearGradient id="l" gradientUnits="userSpaceOnUse" x1="32" x2="32" xlink:href="#j" y1="54" y2="9"/><linearGradient id="m" gradientUnits="userSpaceOnUse" x1="32" x2="32" xlink:href="#b" y1="54" y2="9"/><path d="m32 6c-6.33333 3.35447-12.66667 4.72491-19 6v25.001953c0 7 10.26331 16.561337 19 20.998047 8.73669-4.43671 19-13.998047 19-20.998047v-25.001953c-6.33333-1.27509-12.66667-2.64553-19-6z" fill="url(#c)" stroke-linecap="square" stroke-width="2"/><path d="m13 36.001953v1c0 7 10.26331 16.561337 19 20.998047 8.73669-4.43671 19-13.998047 19-20.998047v-1c0 7-10.26331 16.561337-19 20.998047-8.73669-4.43671-19-13.998047-19-20.998047z" fill="#292c2f" opacity=".2" stroke-linecap="square" stroke-width="2"/><path d="m48 14-26.304688 32.304688 11.208985 11.208984c8.525508-4.614773 18.095703-13.751033 18.095703-20.511719v-20.001953z" fill="url(#i)" opacity=".2"/><path d="m40.824219 12.349609-17.617188 35.238282c2.735569 2.548653 5.806349 4.895376 8.792969 6.412109 7.392765-3.754157 16-12.076982 16-18v-22c-2.403402-.483885-4.789398-1.006952-7.175781-1.650391z" fill="url(#d)"/><path d="m32 9c-5.358808 2.838395-10.64102 3.921074-16 5v22c0 3.530034 3.17163 7.828219 7.207031 11.587891l17.617188-35.238282c-2.934573-.791246-5.868718-1.784199-8.824219-3.349609z" fill="url(#a)"/><path d="m24 14-8 16 20.935547 20.935547c1.522034-1.10756 3.001377-2.336903 4.361328-3.638672l-1.296875-1.296875-7-14z" fill="url(#e)" opacity=".2"/><path d="m28 14 12 32 8-16h-4z" fill="url(#g)" opacity=".2"/><g stroke-width="1.857143"><path d="m24 14 16 32 8-16h-4l-1 2h-6l-9-18zm14 20h4l-2 4z" fill="url(#l)"/><path d="m24 14-8 16h4l1-2h6l8.5 17.000001h4zm0 8 2 4h-4z" fill="url(#m)"/><path d="m32 38 4 8h4l-4-8z" fill="url(#f)"/></g><path d="m48 30-8 16 3.617188 3.617188c4.013144-3.887728 7.018045-8.222958 7.351562-11.9375.019301-.229864.03125-.456776.03125-.677735v-4.001953z" fill="url(#h)" opacity=".2"/></svg>
\ No newline at end of file
diff --git a/documentation/logo/logo-large.png b/documentation/logo/logo-large.png
new file mode 100644
index 0000000000000000000000000000000000000000..80170da1e99b85bc3ddf2a25ef03bf23d4284036
Binary files /dev/null and b/documentation/logo/logo-large.png differ
diff --git a/documentation/logo/logo-red-diag_1w2h.png b/documentation/logo/logo-red-diag_1w2h.png
new file mode 100644
index 0000000000000000000000000000000000000000..0e56842461cc4f36f9105dba14c34cdd8bb2f13c
Binary files /dev/null and b/documentation/logo/logo-red-diag_1w2h.png differ
diff --git a/kernel-patches/v4.17/0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch b/kernel-patches/v4.17/0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f1123009d9fe0c454abe9cffc841802ce32b459e
--- /dev/null
+++ b/kernel-patches/v4.17/0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch
@@ -0,0 +1,249 @@
+From 02e2bc1b330f7e15dba671547a256a6f900f6e5d Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Sun, 17 Jun 2018 03:56:25 -0700
+Subject: [PATCH 1/3] apparmor: patch to provide compatibility with v2.x net
+ rules
+
+The networking rules upstreamed in 4.17 have a deliberate abi break
+with the older 2.x network rules.
+
+This patch provides compatibility with the older rules for those
+still using an apparmor 2.x userspace and still want network rules
+to work on a newer kernel.
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ security/apparmor/apparmorfs.c | 1 +
+ security/apparmor/include/apparmor.h | 2 +-
+ security/apparmor/include/net.h | 11 ++++++++
+ security/apparmor/include/policy.h | 2 ++
+ security/apparmor/net.c | 31 ++++++++++++++++-----
+ security/apparmor/policy.c | 1 +
+ security/apparmor/policy_unpack.c | 54 ++++++++++++++++++++++++++++++++++--
+ 7 files changed, 92 insertions(+), 10 deletions(-)
+
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index 1fdcc7d5a977..32f0e660ffd0 100644
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -2272,6 +2272,7 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
+ AA_SFS_DIR("domain", aa_sfs_entry_domain),
+ AA_SFS_DIR("file", aa_sfs_entry_file),
+ AA_SFS_DIR("network_v8", aa_sfs_entry_network),
++ AA_SFS_DIR("network", aa_sfs_entry_network_compat),
+ AA_SFS_DIR("mount", aa_sfs_entry_mount),
+ AA_SFS_DIR("namespaces", aa_sfs_entry_ns),
+ AA_SFS_FILE_U64("capability", VFS_CAP_FLAGS_MASK),
+diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
+index 73d63b58d875..17d89f3badc6 100644
+--- a/security/apparmor/include/apparmor.h
++++ b/security/apparmor/include/apparmor.h
+@@ -24,7 +24,7 @@
+ #define AA_CLASS_UNKNOWN 1
+ #define AA_CLASS_FILE 2
+ #define AA_CLASS_CAP 3
+-#define AA_CLASS_DEPRECATED 4
++#define AA_CLASS_NET_COMPAT 4
+ #define AA_CLASS_RLIMITS 5
+ #define AA_CLASS_DOMAIN 6
+ #define AA_CLASS_MOUNT 7
+diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
+index ec7228e857a9..579b59a40ea4 100644
+--- a/security/apparmor/include/net.h
++++ b/security/apparmor/include/net.h
+@@ -72,6 +72,16 @@ struct aa_sk_ctx {
+ DEFINE_AUDIT_NET(NAME, OP, SK, (SK)->sk_family, (SK)->sk_type, \
+ (SK)->sk_protocol)
+
++/* struct aa_net - network confinement data
++ * @allow: basic network families permissions
++ * @audit: which network permissions to force audit
++ * @quiet: which network permissions to quiet rejects
++ */
++struct aa_net_compat {
++ u16 allow[AF_MAX];
++ u16 audit[AF_MAX];
++ u16 quiet[AF_MAX];
++};
+
+ #define af_select(FAMILY, FN, DEF_FN) \
+ ({ \
+@@ -84,6 +94,7 @@ struct aa_sk_ctx {
+ })
+
+ extern struct aa_sfs_entry aa_sfs_entry_network[];
++extern struct aa_sfs_entry aa_sfs_entry_network_compat[];
+
+ void audit_net_cb(struct audit_buffer *ab, void *va);
+ int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
+diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
+index 6c93e62383e6..4006fa9fc9f1 100644
+--- a/security/apparmor/include/policy.h
++++ b/security/apparmor/include/policy.h
+@@ -112,6 +112,7 @@ struct aa_data {
+ * @policy: general match rules governing policy
+ * @file: The set of rules governing basic file access and domain transitions
+ * @caps: capabilities for the profile
++ * @net_compat: v2 compat network controls for the profile
+ * @rlimits: rlimits for the profile
+ *
+ * @dents: dentries for the profiles file entries in apparmorfs
+@@ -149,6 +150,7 @@ struct aa_profile {
+ struct aa_policydb policy;
+ struct aa_file_rules file;
+ struct aa_caps caps;
++ struct aa_net_compat *net_compat;
+
+ int xattr_count;
+ char **xattrs;
+diff --git a/security/apparmor/net.c b/security/apparmor/net.c
+index bb24cfa0a164..bf6aaefc3a5f 100644
+--- a/security/apparmor/net.c
++++ b/security/apparmor/net.c
+@@ -27,6 +27,11 @@ struct aa_sfs_entry aa_sfs_entry_network[] = {
+ { }
+ };
+
++struct aa_sfs_entry aa_sfs_entry_network_compat[] = {
++ AA_SFS_FILE_STRING("af_mask", AA_SFS_AF_MASK),
++ { }
++};
++
+ static const char * const net_mask_names[] = {
+ "unknown",
+ "send",
+@@ -119,14 +124,26 @@ int aa_profile_af_perm(struct aa_profile *profile, struct common_audit_data *sa,
+ if (profile_unconfined(profile))
+ return 0;
+ state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
+- if (!state)
++ if (state) {
++ if (!state)
++ return 0;
++ buffer[0] = cpu_to_be16(family);
++ buffer[1] = cpu_to_be16((u16) type);
++ state = aa_dfa_match_len(profile->policy.dfa, state,
++ (char *) &buffer, 4);
++ aa_compute_perms(profile->policy.dfa, state, &perms);
++ } else if (profile->net_compat) {
++ /* 2.x socket mediation compat */
++ perms.allow = (profile->net_compat->allow[family] & (1 << type)) ?
++ ALL_PERMS_MASK : 0;
++ perms.audit = (profile->net_compat->audit[family] & (1 << type)) ?
++ ALL_PERMS_MASK : 0;
++ perms.quiet = (profile->net_compat->quiet[family] & (1 << type)) ?
++ ALL_PERMS_MASK : 0;
++
++ } else {
+ return 0;
+-
+- buffer[0] = cpu_to_be16(family);
+- buffer[1] = cpu_to_be16((u16) type);
+- state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer,
+- 4);
+- aa_compute_perms(profile->policy.dfa, state, &perms);
++ }
+ aa_apply_modes_to_perms(profile, &perms);
+
+ return aa_check_perms(profile, &perms, request, sa, audit_net_cb);
+diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
+index c07493ce2376..d1a869699040 100644
+--- a/security/apparmor/policy.c
++++ b/security/apparmor/policy.c
+@@ -227,6 +227,7 @@ void aa_free_profile(struct aa_profile *profile)
+ aa_free_file_rules(&profile->file);
+ aa_free_cap_rules(&profile->caps);
+ aa_free_rlimit_rules(&profile->rlimits);
++ kzfree(profile->net_compat);
+
+ for (i = 0; i < profile->xattr_count; i++)
+ kzfree(profile->xattrs[i]);
+diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
+index b9e6b2cafa69..a1b07e6c163d 100644
+--- a/security/apparmor/policy_unpack.c
++++ b/security/apparmor/policy_unpack.c
+@@ -37,7 +37,7 @@
+
+ #define v5 5 /* base version */
+ #define v6 6 /* per entry policydb mediation check */
+-#define v7 7
++#define v7 7 /* v2 compat networking */
+ #define v8 8 /* full network masking */
+
+ /*
+@@ -292,6 +292,19 @@ static bool unpack_nameX(struct aa_ext *e, enum aa_code code, const char *name)
+ return 0;
+ }
+
++static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
++{
++ if (unpack_nameX(e, AA_U16, name)) {
++ if (!inbounds(e, sizeof(u16)))
++ return 0;
++ if (data)
++ *data = le16_to_cpu(get_unaligned((__le16 *) e->pos));
++ e->pos += sizeof(u16);
++ return 1;
++ }
++ return 0;
++}
++
+ static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
+ {
+ if (unpack_nameX(e, AA_U32, name)) {
+@@ -621,7 +634,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
+ struct aa_profile *profile = NULL;
+ const char *tmpname, *tmpns = NULL, *name = NULL;
+ const char *info = "failed to unpack profile";
+- size_t ns_len;
++ size_t size = 0, ns_len;
+ struct rhashtable_params params = { 0 };
+ char *key = NULL;
+ struct aa_data *data;
+@@ -759,6 +772,43 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
+ goto fail;
+ }
+
++ size = unpack_array(e, "net_allowed_af");
++ if (size || VERSION_LT(e->version, v8)) {
++ profile->net_compat = kzalloc(sizeof(struct aa_net_compat), GFP_KERNEL);
++ if (!profile->net_compat) {
++ info = "out of memory";
++ goto fail;
++ }
++ for (i = 0; i < size; i++) {
++ /* discard extraneous rules that this kernel will
++ * never request
++ */
++ if (i >= AF_MAX) {
++ u16 tmp;
++
++ if (!unpack_u16(e, &tmp, NULL) ||
++ !unpack_u16(e, &tmp, NULL) ||
++ !unpack_u16(e, &tmp, NULL))
++ goto fail;
++ continue;
++ }
++ if (!unpack_u16(e, &profile->net_compat->allow[i], NULL))
++ goto fail;
++ if (!unpack_u16(e, &profile->net_compat->audit[i], NULL))
++ goto fail;
++ if (!unpack_u16(e, &profile->net_compat->quiet[i], NULL))
++ goto fail;
++ }
++ if (size && !unpack_nameX(e, AA_ARRAYEND, NULL))
++ goto fail;
++ if (VERSION_LT(e->version, v7)) {
++ /* pre v7 policy always allowed these */
++ profile->net_compat->allow[AF_UNIX] = 0xffff;
++ profile->net_compat->allow[AF_NETLINK] = 0xffff;
++ }
++ }
++
++
+ if (unpack_nameX(e, AA_STRUCT, "policydb")) {
+ /* generic policy dfa - optional and may be NULL */
+ info = "failed to unpack policydb";
+--
+2.14.1
+
diff --git a/kernel-patches/v4.17/0002-apparmor-af_unix-mediation.patch b/kernel-patches/v4.17/0002-apparmor-af_unix-mediation.patch
new file mode 100644
index 0000000000000000000000000000000000000000..75e0fc86f23094978300b1257886ea0ee9f285a3
--- /dev/null
+++ b/kernel-patches/v4.17/0002-apparmor-af_unix-mediation.patch
@@ -0,0 +1,1191 @@
+From 1aae75e96831bb26d1ced782c633c39c877c252f Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Tue, 18 Jul 2017 23:27:23 -0700
+Subject: [PATCH 2/3] apparmor: af_unix mediation
+
+af_socket mediation did not make it into 4.17 so add remaining out
+of tree patch
+
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ security/apparmor/Makefile | 3 +-
+ security/apparmor/af_unix.c | 652 ++++++++++++++++++++++++++++++++++++
+ security/apparmor/apparmorfs.c | 6 +
+ security/apparmor/file.c | 4 +-
+ security/apparmor/include/af_unix.h | 114 +++++++
+ security/apparmor/include/net.h | 4 +
+ security/apparmor/include/path.h | 1 +
+ security/apparmor/include/policy.h | 10 +-
+ security/apparmor/lsm.c | 113 +++++++
+ security/apparmor/net.c | 53 ++-
+ security/apparmor/policy_unpack.c | 6 +-
+ 11 files changed, 957 insertions(+), 9 deletions(-)
+ create mode 100644 security/apparmor/af_unix.c
+ create mode 100644 security/apparmor/include/af_unix.h
+
+diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
+index ff23fcfefe19..fad407f6f62c 100644
+--- a/security/apparmor/Makefile
++++ b/security/apparmor/Makefile
+@@ -5,7 +5,8 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
+
+ apparmor-y := apparmorfs.o audit.o capability.o task.o ipc.o lib.o match.o \
+ path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
+- resource.o secid.o file.o policy_ns.o label.o mount.o net.o
++ resource.o secid.o file.o policy_ns.o label.o mount.o net.o \
++ af_unix.o
+ apparmor-$(CONFIG_SECURITY_APPARMOR_HASH) += crypto.o
+
+ clean-files := capability_names.h rlim_names.h net_names.h
+diff --git a/security/apparmor/af_unix.c b/security/apparmor/af_unix.c
+new file mode 100644
+index 000000000000..54b3796f63d0
+--- /dev/null
++++ b/security/apparmor/af_unix.c
+@@ -0,0 +1,652 @@
++/*
++ * AppArmor security module
++ *
++ * This file contains AppArmor af_unix fine grained mediation
++ *
++ * Copyright 2018 Canonical Ltd.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation, version 2 of the
++ * License.
++ */
++
++#include <net/tcp_states.h>
++
++#include "include/audit.h"
++#include "include/af_unix.h"
++#include "include/apparmor.h"
++#include "include/file.h"
++#include "include/label.h"
++#include "include/path.h"
++#include "include/policy.h"
++#include "include/cred.h"
++
++static inline struct sock *aa_sock(struct unix_sock *u)
++{
++ return &u->sk;
++}
++
++static inline int unix_fs_perm(const char *op, u32 mask, struct aa_label *label,
++ struct unix_sock *u, int flags)
++{
++ AA_BUG(!label);
++ AA_BUG(!u);
++ AA_BUG(!UNIX_FS(aa_sock(u)));
++
++ if (unconfined(label) || !LABEL_MEDIATES(label, AA_CLASS_FILE))
++ return 0;
++
++ mask &= NET_FS_PERMS;
++ if (!u->path.dentry) {
++ struct path_cond cond = { };
++ struct aa_perms perms = { };
++ struct aa_profile *profile;
++
++ /* socket path has been cleared because it is being shutdown
++ * can only fall back to original sun_path request
++ */
++ struct aa_sk_ctx *ctx = SK_CTX(&u->sk);
++ if (ctx->path.dentry)
++ return aa_path_perm(op, label, &ctx->path, flags, mask,
++ &cond);
++ return fn_for_each_confined(label, profile,
++ ((flags | profile->path_flags) & PATH_MEDIATE_DELETED) ?
++ __aa_path_perm(op, profile,
++ u->addr->name->sun_path, mask,
++ &cond, flags, &perms) :
++ aa_audit_file(profile, &nullperms, op, mask,
++ u->addr->name->sun_path, NULL,
++ NULL, cond.uid,
++ "Failed name lookup - "
++ "deleted entry", -EACCES));
++ } else {
++ /* the sunpath may not be valid for this ns so use the path */
++ struct path_cond cond = { u->path.dentry->d_inode->i_uid,
++ u->path.dentry->d_inode->i_mode
++ };
++
++ return aa_path_perm(op, label, &u->path, flags, mask, &cond);
++ }
++
++ return 0;
++}
++
++/* passing in state returned by PROFILE_MEDIATES_AF */
++static unsigned int match_to_prot(struct aa_profile *profile,
++ unsigned int state, int type, int protocol,
++ const char **info)
++{
++ __be16 buffer[2];
++ buffer[0] = cpu_to_be16(type);
++ buffer[1] = cpu_to_be16(protocol);
++ state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &buffer,
++ 4);
++ if (!state)
++ *info = "failed type and protocol match";
++ return state;
++}
++
++static unsigned int match_addr(struct aa_profile *profile, unsigned int state,
++ struct sockaddr_un *addr, int addrlen)
++{
++ if (addr)
++ /* include leading \0 */
++ state = aa_dfa_match_len(profile->policy.dfa, state,
++ addr->sun_path,
++ unix_addr_len(addrlen));
++ else
++ /* anonymous end point */
++ state = aa_dfa_match_len(profile->policy.dfa, state, "\x01",
++ 1);
++ /* todo change to out of band */
++ state = aa_dfa_null_transition(profile->policy.dfa, state);
++ return state;
++}
++
++static unsigned int match_to_local(struct aa_profile *profile,
++ unsigned int state, int type, int protocol,
++ struct sockaddr_un *addr, int addrlen,
++ const char **info)
++{
++ state = match_to_prot(profile, state, type, protocol, info);
++ if (state) {
++ state = match_addr(profile, state, addr, addrlen);
++ if (state) {
++ /* todo: local label matching */
++ state = aa_dfa_null_transition(profile->policy.dfa,
++ state);
++ if (!state)
++ *info = "failed local label match";
++ } else
++ *info = "failed local address match";
++ }
++
++ return state;
++}
++
++static unsigned int match_to_sk(struct aa_profile *profile,
++ unsigned int state, struct unix_sock *u,
++ const char **info)
++{
++ struct sockaddr_un *addr = NULL;
++ int addrlen = 0;
++
++ if (u->addr) {
++ addr = u->addr->name;
++ addrlen = u->addr->len;
++ }
++
++ return match_to_local(profile, state, u->sk.sk_type, u->sk.sk_protocol,
++ addr, addrlen, info);
++}
++
++#define CMD_ADDR 1
++#define CMD_LISTEN 2
++#define CMD_OPT 4
++
++static inline unsigned int match_to_cmd(struct aa_profile *profile,
++ unsigned int state, struct unix_sock *u,
++ char cmd, const char **info)
++{
++ state = match_to_sk(profile, state, u, info);
++ if (state) {
++ state = aa_dfa_match_len(profile->policy.dfa, state, &cmd, 1);
++ if (!state)
++ *info = "failed cmd selection match";
++ }
++
++ return state;
++}
++
++static inline unsigned int match_to_peer(struct aa_profile *profile,
++ unsigned int state,
++ struct unix_sock *u,
++ struct sockaddr_un *peer_addr,
++ int peer_addrlen,
++ const char **info)
++{
++ state = match_to_cmd(profile, state, u, CMD_ADDR, info);
++ if (state) {
++ state = match_addr(profile, state, peer_addr, peer_addrlen);
++ if (!state)
++ *info = "failed peer address match";
++ }
++ return state;
++}
++
++static int do_perms(struct aa_profile *profile, unsigned int state, u32 request,
++ struct common_audit_data *sa)
++{
++ struct aa_perms perms;
++
++ AA_BUG(!profile);
++
++ aa_compute_perms(profile->policy.dfa, state, &perms);
++ aa_apply_modes_to_perms(profile, &perms);
++ return aa_check_perms(profile, &perms, request, sa,
++ audit_net_cb);
++}
++
++static int match_label(struct aa_profile *profile, struct aa_profile *peer,
++ unsigned int state, u32 request,
++ struct common_audit_data *sa)
++{
++ AA_BUG(!profile);
++ AA_BUG(!peer);
++
++ aad(sa)->peer = &peer->label;
++
++ if (state) {
++ state = aa_dfa_match(profile->policy.dfa, state,
++ peer->base.hname);
++ if (!state)
++ aad(sa)->info = "failed peer label match";
++ }
++ return do_perms(profile, state, request, sa);
++}
++
++
++/* unix sock creation comes before we know if the socket will be an fs
++ * socket
++ * v6 - semantics are handled by mapping in profile load
++ * v7 - semantics require sock create for tasks creating an fs socket.
++ */
++static int profile_create_perm(struct aa_profile *profile, int family,
++ int type, int protocol)
++{
++ unsigned int state;
++ DEFINE_AUDIT_NET(sa, OP_CREATE, NULL, family, type, protocol);
++
++ AA_BUG(!profile);
++ AA_BUG(profile_unconfined(profile));
++
++ if ((state = PROFILE_MEDIATES_AF(profile, AF_UNIX))) {
++ state = match_to_prot(profile, state, type, protocol,
++ &aad(&sa)->info);
++ return do_perms(profile, state, AA_MAY_CREATE, &sa);
++ }
++
++ return aa_profile_af_perm(profile, &sa, AA_MAY_CREATE, family, type);
++}
++
++int aa_unix_create_perm(struct aa_label *label, int family, int type,
++ int protocol)
++{
++ struct aa_profile *profile;
++
++ if (unconfined(label))
++ return 0;
++
++ return fn_for_each_confined(label, profile,
++ profile_create_perm(profile, family, type, protocol));
++}
++
++
++static inline int profile_sk_perm(struct aa_profile *profile, const char *op,
++ u32 request, struct sock *sk)
++{
++ unsigned int state;
++ DEFINE_AUDIT_SK(sa, op, sk);
++
++ AA_BUG(!profile);
++ AA_BUG(!sk);
++ AA_BUG(UNIX_FS(sk));
++ AA_BUG(profile_unconfined(profile));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ state = match_to_sk(profile, state, unix_sk(sk),
++ &aad(&sa)->info);
++ return do_perms(profile, state, request, &sa);
++ }
++
++ return aa_profile_af_sk_perm(profile, &sa, request, sk);
++}
++
++int aa_unix_label_sk_perm(struct aa_label *label, const char *op, u32 request,
++ struct sock *sk)
++{
++ struct aa_profile *profile;
++
++ return fn_for_each_confined(label, profile,
++ profile_sk_perm(profile, op, request, sk));
++}
++
++static int unix_label_sock_perm(struct aa_label *label, const char *op, u32 request,
++ struct socket *sock)
++{
++ if (unconfined(label))
++ return 0;
++ if (UNIX_FS(sock->sk))
++ return unix_fs_perm(op, request, label, unix_sk(sock->sk), 0);
++
++ return aa_unix_label_sk_perm(label, op, request, sock->sk);
++}
++
++/* revaliation, get/set attr */
++int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock)
++{
++ struct aa_label *label;
++ int error;
++
++ label = begin_current_label_crit_section();
++ error = unix_label_sock_perm(label, op, request, sock);
++ end_current_label_crit_section(label);
++
++ return error;
++}
++
++static int profile_bind_perm(struct aa_profile *profile, struct sock *sk,
++ struct sockaddr *addr, int addrlen)
++{
++ unsigned int state;
++ DEFINE_AUDIT_SK(sa, OP_BIND, sk);
++
++ AA_BUG(!profile);
++ AA_BUG(!sk);
++ AA_BUG(addr->sa_family != AF_UNIX);
++ AA_BUG(profile_unconfined(profile));
++ AA_BUG(unix_addr_fs(addr, addrlen));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ /* bind for abstract socket */
++ aad(&sa)->net.addr = unix_addr(addr);
++ aad(&sa)->net.addrlen = addrlen;
++
++ state = match_to_local(profile, state,
++ sk->sk_type, sk->sk_protocol,
++ unix_addr(addr), addrlen,
++ &aad(&sa)->info);
++ return do_perms(profile, state, AA_MAY_BIND, &sa);
++ }
++
++ return aa_profile_af_sk_perm(profile, &sa, AA_MAY_BIND, sk);
++}
++
++int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address,
++ int addrlen)
++{
++ struct aa_profile *profile;
++ struct aa_label *label;
++ int error = 0;
++
++ label = begin_current_label_crit_section();
++ /* fs bind is handled by mknod */
++ if (!(unconfined(label) || unix_addr_fs(address, addrlen)))
++ error = fn_for_each_confined(label, profile,
++ profile_bind_perm(profile, sock->sk, address,
++ addrlen));
++ end_current_label_crit_section(label);
++
++ return error;
++}
++
++int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address,
++ int addrlen)
++{
++ /* unix connections are covered by the
++ * - unix_stream_connect (stream) and unix_may_send hooks (dgram)
++ * - fs connect is handled by open
++ */
++ return 0;
++}
++
++static int profile_listen_perm(struct aa_profile *profile, struct sock *sk,
++ int backlog)
++{
++ unsigned int state;
++ DEFINE_AUDIT_SK(sa, OP_LISTEN, sk);
++
++ AA_BUG(!profile);
++ AA_BUG(!sk);
++ AA_BUG(UNIX_FS(sk));
++ AA_BUG(profile_unconfined(profile));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ __be16 b = cpu_to_be16(backlog);
++
++ state = match_to_cmd(profile, state, unix_sk(sk), CMD_LISTEN,
++ &aad(&sa)->info);
++ if (state) {
++ state = aa_dfa_match_len(profile->policy.dfa, state,
++ (char *) &b, 2);
++ if (!state)
++ aad(&sa)->info = "failed listen backlog match";
++ }
++ return do_perms(profile, state, AA_MAY_LISTEN, &sa);
++ }
++
++ return aa_profile_af_sk_perm(profile, &sa, AA_MAY_LISTEN, sk);
++}
++
++int aa_unix_listen_perm(struct socket *sock, int backlog)
++{
++ struct aa_profile *profile;
++ struct aa_label *label;
++ int error = 0;
++
++ label = begin_current_label_crit_section();
++ if (!(unconfined(label) || UNIX_FS(sock->sk)))
++ error = fn_for_each_confined(label, profile,
++ profile_listen_perm(profile, sock->sk,
++ backlog));
++ end_current_label_crit_section(label);
++
++ return error;
++}
++
++
++static inline int profile_accept_perm(struct aa_profile *profile,
++ struct sock *sk,
++ struct sock *newsk)
++{
++ unsigned int state;
++ DEFINE_AUDIT_SK(sa, OP_ACCEPT, sk);
++
++ AA_BUG(!profile);
++ AA_BUG(!sk);
++ AA_BUG(UNIX_FS(sk));
++ AA_BUG(profile_unconfined(profile));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ state = match_to_sk(profile, state, unix_sk(sk),
++ &aad(&sa)->info);
++ return do_perms(profile, state, AA_MAY_ACCEPT, &sa);
++ }
++
++ return aa_profile_af_sk_perm(profile, &sa, AA_MAY_ACCEPT, sk);
++}
++
++/* ability of sock to connect, not peer address binding */
++int aa_unix_accept_perm(struct socket *sock, struct socket *newsock)
++{
++ struct aa_profile *profile;
++ struct aa_label *label;
++ int error = 0;
++
++ label = begin_current_label_crit_section();
++ if (!(unconfined(label) || UNIX_FS(sock->sk)))
++ error = fn_for_each_confined(label, profile,
++ profile_accept_perm(profile, sock->sk,
++ newsock->sk));
++ end_current_label_crit_section(label);
++
++ return error;
++}
++
++
++/* dgram handled by unix_may_sendmsg, right to send on stream done at connect
++ * could do per msg unix_stream here
++ */
++/* sendmsg, recvmsg */
++int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock,
++ struct msghdr *msg, int size)
++{
++ return 0;
++}
++
++
++static int profile_opt_perm(struct aa_profile *profile, const char *op, u32 request,
++ struct sock *sk, int level, int optname)
++{
++ unsigned int state;
++ DEFINE_AUDIT_SK(sa, op, sk);
++
++ AA_BUG(!profile);
++ AA_BUG(!sk);
++ AA_BUG(UNIX_FS(sk));
++ AA_BUG(profile_unconfined(profile));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ __be16 b = cpu_to_be16(optname);
++
++ state = match_to_cmd(profile, state, unix_sk(sk), CMD_OPT,
++ &aad(&sa)->info);
++ if (state) {
++ state = aa_dfa_match_len(profile->policy.dfa, state,
++ (char *) &b, 2);
++ if (!state)
++ aad(&sa)->info = "failed sockopt match";
++ }
++ return do_perms(profile, state, request, &sa);
++ }
++
++ return aa_profile_af_sk_perm(profile, &sa, request, sk);
++}
++
++int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
++ int optname)
++{
++ struct aa_profile *profile;
++ struct aa_label *label;
++ int error = 0;
++
++ label = begin_current_label_crit_section();
++ if (!(unconfined(label) || UNIX_FS(sock->sk)))
++ error = fn_for_each_confined(label, profile,
++ profile_opt_perm(profile, op, request,
++ sock->sk, level, optname));
++ end_current_label_crit_section(label);
++
++ return error;
++}
++
++/* null peer_label is allowed, in which case the peer_sk label is used */
++static int profile_peer_perm(struct aa_profile *profile, const char *op, u32 request,
++ struct sock *sk, struct sock *peer_sk,
++ struct aa_label *peer_label,
++ struct common_audit_data *sa)
++{
++ unsigned int state;
++
++ AA_BUG(!profile);
++ AA_BUG(profile_unconfined(profile));
++ AA_BUG(!sk);
++ AA_BUG(!peer_sk);
++ AA_BUG(UNIX_FS(peer_sk));
++
++ state = PROFILE_MEDIATES_AF(profile, AF_UNIX);
++ if (state) {
++ struct aa_sk_ctx *peer_ctx = SK_CTX(peer_sk);
++ struct aa_profile *peerp;
++ struct sockaddr_un *addr = NULL;
++ int len = 0;
++ if (unix_sk(peer_sk)->addr) {
++ addr = unix_sk(peer_sk)->addr->name;
++ len = unix_sk(peer_sk)->addr->len;
++ }
++ state = match_to_peer(profile, state, unix_sk(sk),
++ addr, len, &aad(sa)->info);
++ if (!peer_label)
++ peer_label = peer_ctx->label;
++ return fn_for_each_in_ns(peer_label, peerp,
++ match_label(profile, peerp, state, request,
++ sa));
++ }
++
++ return aa_profile_af_sk_perm(profile, sa, request, sk);
++}
++
++/**
++ *
++ * Requires: lock held on both @sk and @peer_sk
++ */
++int aa_unix_peer_perm(struct aa_label *label, const char *op, u32 request,
++ struct sock *sk, struct sock *peer_sk,
++ struct aa_label *peer_label)
++{
++ struct unix_sock *peeru = unix_sk(peer_sk);
++ struct unix_sock *u = unix_sk(sk);
++
++ AA_BUG(!label);
++ AA_BUG(!sk);
++ AA_BUG(!peer_sk);
++
++ if (UNIX_FS(aa_sock(peeru)))
++ return unix_fs_perm(op, request, label, peeru, 0);
++ else if (UNIX_FS(aa_sock(u)))
++ return unix_fs_perm(op, request, label, u, 0);
++ else {
++ struct aa_profile *profile;
++ DEFINE_AUDIT_SK(sa, op, sk);
++ aad(&sa)->net.peer_sk = peer_sk;
++
++ /* TODO: ns!!! */
++ if (!net_eq(sock_net(sk), sock_net(peer_sk))) {
++ ;
++ }
++
++ if (unconfined(label))
++ return 0;
++
++ return fn_for_each_confined(label, profile,
++ profile_peer_perm(profile, op, request, sk,
++ peer_sk, peer_label, &sa));
++ }
++}
++
++
++/* from net/unix/af_unix.c */
++static void unix_state_double_lock(struct sock *sk1, struct sock *sk2)
++{
++ if (unlikely(sk1 == sk2) || !sk2) {
++ unix_state_lock(sk1);
++ return;
++ }
++ if (sk1 < sk2) {
++ unix_state_lock(sk1);
++ unix_state_lock_nested(sk2);
++ } else {
++ unix_state_lock(sk2);
++ unix_state_lock_nested(sk1);
++ }
++}
++
++static void unix_state_double_unlock(struct sock *sk1, struct sock *sk2)
++{
++ if (unlikely(sk1 == sk2) || !sk2) {
++ unix_state_unlock(sk1);
++ return;
++ }
++ unix_state_unlock(sk1);
++ unix_state_unlock(sk2);
++}
++
++int aa_unix_file_perm(struct aa_label *label, const char *op, u32 request,
++ struct socket *sock)
++{
++ struct sock *peer_sk = NULL;
++ u32 sk_req = request & ~NET_PEER_MASK;
++ int error = 0;
++
++ AA_BUG(!label);
++ AA_BUG(!sock);
++ AA_BUG(!sock->sk);
++ AA_BUG(sock->sk->sk_family != AF_UNIX);
++
++ /* TODO: update sock label with new task label */
++ unix_state_lock(sock->sk);
++ peer_sk = unix_peer(sock->sk);
++ if (peer_sk)
++ sock_hold(peer_sk);
++ if (!unix_connected(sock) && sk_req) {
++ error = unix_label_sock_perm(label, op, sk_req, sock);
++ if (!error) {
++ // update label
++ }
++ }
++ unix_state_unlock(sock->sk);
++ if (!peer_sk)
++ return error;
++
++ unix_state_double_lock(sock->sk, peer_sk);
++ if (UNIX_FS(sock->sk)) {
++ error = unix_fs_perm(op, request, label, unix_sk(sock->sk),
++ PATH_SOCK_COND);
++ } else if (UNIX_FS(peer_sk)) {
++ error = unix_fs_perm(op, request, label, unix_sk(peer_sk),
++ PATH_SOCK_COND);
++ } else {
++ struct aa_sk_ctx *pctx = SK_CTX(peer_sk);
++ if (sk_req)
++ error = aa_unix_label_sk_perm(label, op, sk_req,
++ sock->sk);
++ last_error(error,
++ xcheck(aa_unix_peer_perm(label, op,
++ MAY_READ | MAY_WRITE,
++ sock->sk, peer_sk, NULL),
++ aa_unix_peer_perm(pctx->label, op,
++ MAY_READ | MAY_WRITE,
++ peer_sk, sock->sk, label)));
++ }
++
++ unix_state_double_unlock(sock->sk, peer_sk);
++ sock_put(peer_sk);
++
++ return error;
++}
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index 32f0e660ffd0..b931bae4f1a2 100644
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -2256,6 +2256,11 @@ static struct aa_sfs_entry aa_sfs_entry_ns[] = {
+ { }
+ };
+
++static struct aa_sfs_entry aa_sfs_entry_dbus[] = {
++ AA_SFS_FILE_STRING("mask", "acquire send receive"),
++ { }
++};
++
+ static struct aa_sfs_entry aa_sfs_entry_query_label[] = {
+ AA_SFS_FILE_STRING("perms", "allow deny audit quiet"),
+ AA_SFS_FILE_BOOLEAN("data", 1),
+@@ -2280,6 +2285,7 @@ static struct aa_sfs_entry aa_sfs_entry_features[] = {
+ AA_SFS_DIR("caps", aa_sfs_entry_caps),
+ AA_SFS_DIR("ptrace", aa_sfs_entry_ptrace),
+ AA_SFS_DIR("signal", aa_sfs_entry_signal),
++ AA_SFS_DIR("dbus", aa_sfs_entry_dbus),
+ AA_SFS_DIR("query", aa_sfs_entry_query),
+ { }
+ };
+diff --git a/security/apparmor/file.c b/security/apparmor/file.c
+index 224b2fef93ca..67e70e094858 100644
+--- a/security/apparmor/file.c
++++ b/security/apparmor/file.c
+@@ -16,6 +16,7 @@
+ #include <linux/fdtable.h>
+ #include <linux/file.h>
+
++#include "include/af_unix.h"
+ #include "include/apparmor.h"
+ #include "include/audit.h"
+ #include "include/cred.h"
+@@ -283,7 +284,8 @@ int __aa_path_perm(const char *op, struct aa_profile *profile, const char *name,
+ {
+ int e = 0;
+
+- if (profile_unconfined(profile))
++ if (profile_unconfined(profile) ||
++ ((flags & PATH_SOCK_COND) && !PROFILE_MEDIATES_AF(profile, AF_UNIX)))
+ return 0;
+ aa_str_perms(profile->file.dfa, profile->file.start, name, cond, perms);
+ if (request & ~perms->allow)
+diff --git a/security/apparmor/include/af_unix.h b/security/apparmor/include/af_unix.h
+new file mode 100644
+index 000000000000..d1b7f2316be4
+--- /dev/null
++++ b/security/apparmor/include/af_unix.h
+@@ -0,0 +1,114 @@
++/*
++ * AppArmor security module
++ *
++ * This file contains AppArmor af_unix fine grained mediation
++ *
++ * Copyright 2014 Canonical Ltd.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation, version 2 of the
++ * License.
++ */
++#ifndef __AA_AF_UNIX_H
++
++#include <net/af_unix.h>
++
++#include "label.h"
++//#include "include/net.h"
++
++#define unix_addr_len(L) ((L) - sizeof(sa_family_t))
++#define unix_abstract_name_len(L) (unix_addr_len(L) - 1)
++#define unix_abstract_len(U) (unix_abstract_name_len((U)->addr->len))
++#define addr_unix_abstract_name(B) ((B)[0] == 0)
++#define addr_unix_anonymous(U) (addr_unix_len(U) <= 0)
++#define addr_unix_abstract(U) (!addr_unix_anonymous(U) && addr_unix_abstract_name((U)->addr))
++//#define unix_addr_fs(U) (!unix_addr_anonymous(U) && !unix_addr_abstract_name((U)->addr))
++
++#define unix_addr(A) ((struct sockaddr_un *)(A))
++#define unix_addr_anon(A, L) ((A) && unix_addr_len(L) <= 0)
++#define unix_addr_fs(A, L) (!unix_addr_anon(A, L) && !addr_unix_abstract_name(unix_addr(A)->sun_path))
++
++#define UNIX_ANONYMOUS(U) (!unix_sk(U)->addr)
++/* from net/unix/af_unix.c */
++#define UNIX_ABSTRACT(U) (!UNIX_ANONYMOUS(U) && \
++ unix_sk(U)->addr->hash < UNIX_HASH_SIZE)
++#define UNIX_FS(U) (!UNIX_ANONYMOUS(U) && unix_sk(U)->addr->name->sun_path[0])
++#define unix_peer(sk) (unix_sk(sk)->peer)
++#define unix_connected(S) ((S)->state == SS_CONNECTED)
++
++static inline void print_unix_addr(struct sockaddr_un *A, int L)
++{
++ char *buf = (A) ? (char *) &(A)->sun_path : NULL;
++ int len = unix_addr_len(L);
++ if (!buf || len <= 0)
++ printk(" <anonymous>");
++ else if (buf[0])
++ printk(" %s", buf);
++ else
++ /* abstract name len includes leading \0 */
++ printk(" %d @%.*s", len - 1, len - 1, buf+1);
++};
++
++/*
++ printk("%s: %s: f %d, t %d, p %d", __FUNCTION__, \
++ #SK , \
++*/
++#define print_unix_sk(SK) \
++do { \
++ struct unix_sock *u = unix_sk(SK); \
++ printk("%s: f %d, t %d, p %d", #SK , \
++ (SK)->sk_family, (SK)->sk_type, (SK)->sk_protocol); \
++ if (u->addr) \
++ print_unix_addr(u->addr->name, u->addr->len); \
++ else \
++ print_unix_addr(NULL, sizeof(sa_family_t)); \
++ /* printk("\n");*/ \
++} while (0)
++
++#define print_sk(SK) \
++do { \
++ if (!(SK)) { \
++ printk("%s: %s is null\n", __FUNCTION__, #SK); \
++ } else if ((SK)->sk_family == PF_UNIX) { \
++ print_unix_sk(SK); \
++ printk("\n"); \
++ } else { \
++ printk("%s: %s: family %d\n", __FUNCTION__, #SK , \
++ (SK)->sk_family); \
++ } \
++} while (0)
++
++#define print_sock_addr(U) \
++do { \
++ printk("%s:\n", __FUNCTION__); \
++ printk(" sock %s:", sock_ctx && sock_ctx->label ? aa_label_printk(sock_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(sock); \
++ printk(" other %s:", other_ctx && other_ctx->label ? aa_label_printk(other_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(other); \
++ printk(" new %s", new_ctx && new_ctx->label ? aa_label_printk(new_ctx->label, GFP_ATOMIC); : "<null>"); print_sk(newsk); \
++} while (0)
++
++
++
++
++int aa_unix_peer_perm(struct aa_label *label, const char *op, u32 request,
++ struct sock *sk, struct sock *peer_sk,
++ struct aa_label *peer_label);
++int aa_unix_label_sk_perm(struct aa_label *label, const char *op, u32 request,
++ struct sock *sk);
++int aa_unix_sock_perm(const char *op, u32 request, struct socket *sock);
++int aa_unix_create_perm(struct aa_label *label, int family, int type,
++ int protocol);
++int aa_unix_bind_perm(struct socket *sock, struct sockaddr *address,
++ int addrlen);
++int aa_unix_connect_perm(struct socket *sock, struct sockaddr *address,
++ int addrlen);
++int aa_unix_listen_perm(struct socket *sock, int backlog);
++int aa_unix_accept_perm(struct socket *sock, struct socket *newsock);
++int aa_unix_msg_perm(const char *op, u32 request, struct socket *sock,
++ struct msghdr *msg, int size);
++int aa_unix_opt_perm(const char *op, u32 request, struct socket *sock, int level,
++ int optname);
++int aa_unix_file_perm(struct aa_label *label, const char *op, u32 request,
++ struct socket *sock);
++
++#endif /* __AA_AF_UNIX_H */
+diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
+index 579b59a40ea4..48e07dcbb44d 100644
+--- a/security/apparmor/include/net.h
++++ b/security/apparmor/include/net.h
+@@ -53,6 +53,7 @@
+ struct aa_sk_ctx {
+ struct aa_label *label;
+ struct aa_label *peer;
++ struct path path;
+ };
+
+ #define SK_CTX(X) ((X)->sk_security)
+@@ -87,6 +88,9 @@ struct aa_net_compat {
+ ({ \
+ int __e; \
+ switch ((FAMILY)) { \
++ case AF_UNIX: \
++ __e = aa_unix_ ## FN; \
++ break; \
+ default: \
+ __e = DEF_FN; \
+ } \
+diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
+index e042b994f2b8..29ab20eba812 100644
+--- a/security/apparmor/include/path.h
++++ b/security/apparmor/include/path.h
+@@ -18,6 +18,7 @@
+
+ enum path_flags {
+ PATH_IS_DIR = 0x1, /* path is a directory */
++ PATH_SOCK_COND = 0x2,
+ PATH_CONNECT_PATH = 0x4, /* connect disconnected paths to / */
+ PATH_CHROOT_REL = 0x8, /* do path lookup relative to chroot */
+ PATH_CHROOT_NSCONNECT = 0x10, /* connect paths that are at ns root */
+diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
+index 4006fa9fc9f1..35da41f14056 100644
+--- a/security/apparmor/include/policy.h
++++ b/security/apparmor/include/policy.h
+@@ -232,9 +232,13 @@ static inline unsigned int PROFILE_MEDIATES_AF(struct aa_profile *profile,
+ unsigned int state = PROFILE_MEDIATES(profile, AA_CLASS_NET);
+ __be16 be_af = cpu_to_be16(AF);
+
+- if (!state)
+- return 0;
+- return aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2);
++ if (!state) {
++ state = PROFILE_MEDIATES(profile, AA_CLASS_NET_COMPAT);
++ if (!state)
++ return 0;
++ }
++ state = aa_dfa_match_len(profile->policy.dfa, state, (char *) &be_af, 2);
++ return state;
+ }
+
+ /**
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index ce2b89e9ad94..7a6b1bd8e046 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -23,8 +23,10 @@
+ #include <linux/sysctl.h>
+ #include <linux/audit.h>
+ #include <linux/user_namespace.h>
++#include <net/af_unix.h>
+ #include <net/sock.h>
+
++#include "include/af_unix.h"
+ #include "include/apparmor.h"
+ #include "include/apparmorfs.h"
+ #include "include/audit.h"
+@@ -776,6 +778,7 @@ static void apparmor_sk_free_security(struct sock *sk)
+ SK_CTX(sk) = NULL;
+ aa_put_label(ctx->label);
+ aa_put_label(ctx->peer);
++ path_put(&ctx->path);
+ kfree(ctx);
+ }
+
+@@ -790,6 +793,99 @@ static void apparmor_sk_clone_security(const struct sock *sk,
+
+ new->label = aa_get_label(ctx->label);
+ new->peer = aa_get_label(ctx->peer);
++ new->path = ctx->path;
++ path_get(&new->path);
++}
++
++static struct path *UNIX_FS_CONN_PATH(struct sock *sk, struct sock *newsk)
++{
++ if (sk->sk_family == PF_UNIX && UNIX_FS(sk))
++ return &unix_sk(sk)->path;
++ else if (newsk->sk_family == PF_UNIX && UNIX_FS(newsk))
++ return &unix_sk(newsk)->path;
++ return NULL;
++}
++
++/**
++ * apparmor_unix_stream_connect - check perms before making unix domain conn
++ *
++ * peer is locked when this hook is called
++ */
++static int apparmor_unix_stream_connect(struct sock *sk, struct sock *peer_sk,
++ struct sock *newsk)
++{
++ struct aa_sk_ctx *sk_ctx = SK_CTX(sk);
++ struct aa_sk_ctx *peer_ctx = SK_CTX(peer_sk);
++ struct aa_sk_ctx *new_ctx = SK_CTX(newsk);
++ struct aa_label *label;
++ struct path *path;
++ int error;
++
++ label = __begin_current_label_crit_section();
++ error = aa_unix_peer_perm(label, OP_CONNECT,
++ (AA_MAY_CONNECT | AA_MAY_SEND | AA_MAY_RECEIVE),
++ sk, peer_sk, NULL);
++ if (!UNIX_FS(peer_sk)) {
++ last_error(error,
++ aa_unix_peer_perm(peer_ctx->label, OP_CONNECT,
++ (AA_MAY_ACCEPT | AA_MAY_SEND | AA_MAY_RECEIVE),
++ peer_sk, sk, label));
++ }
++ __end_current_label_crit_section(label);
++
++ if (error)
++ return error;
++
++ /* label newsk if it wasn't labeled in post_create. Normally this
++ * would be done in sock_graft, but because we are directly looking
++ * at the peer_sk to obtain peer_labeling for unix socks this
++ * does not work
++ */
++ if (!new_ctx->label)
++ new_ctx->label = aa_get_label(peer_ctx->label);
++
++ /* Cross reference the peer labels for SO_PEERSEC */
++ if (new_ctx->peer)
++ aa_put_label(new_ctx->peer);
++
++ if (sk_ctx->peer)
++ aa_put_label(sk_ctx->peer);
++
++ new_ctx->peer = aa_get_label(sk_ctx->label);
++ sk_ctx->peer = aa_get_label(peer_ctx->label);
++
++ path = UNIX_FS_CONN_PATH(sk, peer_sk);
++ if (path) {
++ new_ctx->path = *path;
++ sk_ctx->path = *path;
++ path_get(path);
++ path_get(path);
++ }
++ return 0;
++}
++
++/**
++ * apparmor_unix_may_send - check perms before conn or sending unix dgrams
++ *
++ * other is locked when this hook is called
++ *
++ * dgram connect calls may_send, peer setup but path not copied?????
++ */
++static int apparmor_unix_may_send(struct socket *sock, struct socket *peer)
++{
++ struct aa_sk_ctx *peer_ctx = SK_CTX(peer->sk);
++ struct aa_label *label;
++ int error;
++
++ label = __begin_current_label_crit_section();
++ error = xcheck(aa_unix_peer_perm(label, OP_SENDMSG, AA_MAY_SEND,
++ sock->sk, peer->sk, NULL),
++ aa_unix_peer_perm(peer_ctx->label, OP_SENDMSG,
++ AA_MAY_RECEIVE,
++ peer->sk, sock->sk, label));
++ __end_current_label_crit_section(label);
++
++ return error;
+ }
+
+ /**
+@@ -1027,11 +1123,25 @@ static int apparmor_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
+
+ static struct aa_label *sk_peer_label(struct sock *sk)
+ {
++ struct sock *peer_sk;
+ struct aa_sk_ctx *ctx = SK_CTX(sk);
+
+ if (ctx->peer)
+ return ctx->peer;
+
++ if (sk->sk_family != PF_UNIX)
++ return ERR_PTR(-ENOPROTOOPT);
++
++ /* check for sockpair peering which does not go through
++ * security_unix_stream_connect
++ */
++ peer_sk = unix_peer(sk);
++ if (peer_sk) {
++ ctx = SK_CTX(peer_sk);
++ if (ctx->label)
++ return ctx->label;
++ }
++
+ return ERR_PTR(-ENOPROTOOPT);
+ }
+
+@@ -1155,6 +1265,9 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
+ LSM_HOOK_INIT(sk_free_security, apparmor_sk_free_security),
+ LSM_HOOK_INIT(sk_clone_security, apparmor_sk_clone_security),
+
++ LSM_HOOK_INIT(unix_stream_connect, apparmor_unix_stream_connect),
++ LSM_HOOK_INIT(unix_may_send, apparmor_unix_may_send),
++
+ LSM_HOOK_INIT(socket_create, apparmor_socket_create),
+ LSM_HOOK_INIT(socket_post_create, apparmor_socket_post_create),
+ LSM_HOOK_INIT(socket_bind, apparmor_socket_bind),
+diff --git a/security/apparmor/net.c b/security/apparmor/net.c
+index bf6aaefc3a5f..042aee4408c1 100644
+--- a/security/apparmor/net.c
++++ b/security/apparmor/net.c
+@@ -12,6 +12,7 @@
+ * License.
+ */
+
++#include "include/af_unix.h"
+ #include "include/apparmor.h"
+ #include "include/audit.h"
+ #include "include/cred.h"
+@@ -29,6 +30,7 @@ struct aa_sfs_entry aa_sfs_entry_network[] = {
+
+ struct aa_sfs_entry aa_sfs_entry_network_compat[] = {
+ AA_SFS_FILE_STRING("af_mask", AA_SFS_AF_MASK),
++ AA_SFS_FILE_BOOLEAN("af_unix", 1),
+ { }
+ };
+
+@@ -74,6 +76,36 @@ static const char * const net_mask_names[] = {
+ "unknown",
+ };
+
++static void audit_unix_addr(struct audit_buffer *ab, const char *str,
++ struct sockaddr_un *addr, int addrlen)
++{
++ int len = unix_addr_len(addrlen);
++
++ if (!addr || len <= 0) {
++ audit_log_format(ab, " %s=none", str);
++ } else if (addr->sun_path[0]) {
++ audit_log_format(ab, " %s=", str);
++ audit_log_untrustedstring(ab, addr->sun_path);
++ } else {
++ audit_log_format(ab, " %s=\"@", str);
++ if (audit_string_contains_control(&addr->sun_path[1], len - 1))
++ audit_log_n_hex(ab, &addr->sun_path[1], len - 1);
++ else
++ audit_log_format(ab, "%.*s", len - 1,
++ &addr->sun_path[1]);
++ audit_log_format(ab, "\"");
++ }
++}
++
++static void audit_unix_sk_addr(struct audit_buffer *ab, const char *str,
++ struct sock *sk)
++{
++ struct unix_sock *u = unix_sk(sk);
++ if (u && u->addr)
++ audit_unix_addr(ab, str, u->addr->name, u->addr->len);
++ else
++ audit_unix_addr(ab, str, NULL, 0);
++}
+
+ /* audit callback for net specific fields */
+ void audit_net_cb(struct audit_buffer *ab, void *va)
+@@ -103,6 +135,23 @@ void audit_net_cb(struct audit_buffer *ab, void *va)
+ net_mask_names, NET_PERMS_MASK);
+ }
+ }
++ if (sa->u.net->family == AF_UNIX) {
++ if ((aad(sa)->request & ~NET_PEER_MASK) && aad(sa)->net.addr)
++ audit_unix_addr(ab, "addr",
++ unix_addr(aad(sa)->net.addr),
++ aad(sa)->net.addrlen);
++ else
++ audit_unix_sk_addr(ab, "addr", sa->u.net->sk);
++ if (aad(sa)->request & NET_PEER_MASK) {
++ if (aad(sa)->net.addr)
++ audit_unix_addr(ab, "peer_addr",
++ unix_addr(aad(sa)->net.addr),
++ aad(sa)->net.addrlen);
++ else
++ audit_unix_sk_addr(ab, "peer_addr",
++ aad(sa)->net.peer_sk);
++ }
++ }
+ if (aad(sa)->peer) {
+ audit_log_format(ab, " peer=");
+ aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
+@@ -200,5 +249,7 @@ int aa_sock_file_perm(struct aa_label *label, const char *op, u32 request,
+ AA_BUG(!sock);
+ AA_BUG(!sock->sk);
+
+- return aa_label_sk_perm(label, op, request, sock->sk);
++ return af_select(sock->sk->sk_family,
++ file_perm(label, op, request, sock),
++ aa_label_sk_perm(label, op, request, sock->sk));
+ }
+diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
+index a1b07e6c163d..9c9a329fd2d7 100644
+--- a/security/apparmor/policy_unpack.c
++++ b/security/apparmor/policy_unpack.c
+@@ -296,13 +296,13 @@ static bool unpack_u16(struct aa_ext *e, u16 *data, const char *name)
+ {
+ if (unpack_nameX(e, AA_U16, name)) {
+ if (!inbounds(e, sizeof(u16)))
+- return 0;
++ return false;
+ if (data)
+ *data = le16_to_cpu(get_unaligned((__le16 *) e->pos));
+ e->pos += sizeof(u16);
+- return 1;
++ return true;
+ }
+- return 0;
++ return false;
+ }
+
+ static bool unpack_u32(struct aa_ext *e, u32 *data, const char *name)
+--
+2.14.1
+
diff --git a/kernel-patches/v4.17/0003-apparmor-fix-use-after-free-in-sk_peer_label.patch b/kernel-patches/v4.17/0003-apparmor-fix-use-after-free-in-sk_peer_label.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ee37e56886e26ae63c8f47767c12a9bfd816ac81
--- /dev/null
+++ b/kernel-patches/v4.17/0003-apparmor-fix-use-after-free-in-sk_peer_label.patch
@@ -0,0 +1,57 @@
+From 45ff74bd5a009ab8f9648531fa11fce55b9a67fd Mon Sep 17 00:00:00 2001
+From: John Johansen <john.johansen@canonical.com>
+Date: Tue, 26 Jun 2018 20:19:19 -0700
+Subject: [PATCH 3/3] apparmor: fix use after free in sk_peer_label
+
+BugLink: http://bugs.launchpad.net/bugs/1778646
+Signed-off-by: John Johansen <john.johansen@canonical.com>
+---
+ security/apparmor/lsm.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index 7a6b1bd8e046..0d2925389947 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -1125,9 +1125,10 @@ static struct aa_label *sk_peer_label(struct sock *sk)
+ {
+ struct sock *peer_sk;
+ struct aa_sk_ctx *ctx = SK_CTX(sk);
++ struct aa_label *label = ERR_PTR(-ENOPROTOOPT);
+
+ if (ctx->peer)
+- return ctx->peer;
++ return aa_get_label(ctx->peer);
+
+ if (sk->sk_family != PF_UNIX)
+ return ERR_PTR(-ENOPROTOOPT);
+@@ -1135,14 +1136,15 @@ static struct aa_label *sk_peer_label(struct sock *sk)
+ /* check for sockpair peering which does not go through
+ * security_unix_stream_connect
+ */
+- peer_sk = unix_peer(sk);
++ peer_sk = unix_peer_get(sk);
+ if (peer_sk) {
+ ctx = SK_CTX(peer_sk);
+ if (ctx->label)
+- return ctx->label;
++ label = aa_get_label(ctx->label);
++ sock_put(peer_sk);
+ }
+
+- return ERR_PTR(-ENOPROTOOPT);
++ return label;
+ }
+
+ /**
+@@ -1186,6 +1188,7 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock,
+
+ }
+
++ aa_put_label(peer);
+ done:
+ end_current_label_crit_section(label);
+
+--
+2.14.1
+
diff --git a/libraries/libapparmor/Makefile.in b/libraries/libapparmor/Makefile.in
index 85969b258b65e0c28b59c45163280bb6cc10ecd0..99d6ea6275dccb8a6f1acdff03727f81020e5b7a 100644
--- a/libraries/libapparmor/Makefile.in
+++ b/libraries/libapparmor/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -136,7 +136,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- cscope distdir dist dist-all distcheck
+ cscope distdir distdir-am dist dist-all distcheck
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -154,9 +154,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in AUTHORS ChangeLog INSTALL NEWS \
README compile config.guess config.sub install-sh ltmain.sh \
@@ -199,6 +196,8 @@ am__relativize = \
DIST_ARCHIVES = $(distdir).tar.gz
GZIP_ENV = --best
DIST_TARGETS = dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
distuninstallcheck_listfiles = find . -type f -print
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -214,8 +213,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -226,6 +226,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -270,6 +271,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -375,8 +377,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
echo ' $(SHELL) ./config.status'; \
$(SHELL) ./config.status;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -502,8 +504,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
$(am__remove_distdir)
test -d "$(distdir)" || mkdir "$(distdir)"
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -583,6 +587,10 @@ dist-xz: distdir
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
$(am__post_remove_distdir)
+dist-zstd: distdir
+ tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst
+ $(am__post_remove_distdir)
+
dist-tarZ: distdir
@echo WARNING: "Support for distribution archives compressed with" \
"legacy program 'compress' is deprecated." >&2
@@ -625,6 +633,8 @@ distcheck: dist
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
+ *.tar.zst*) \
+ zstd -dc $(distdir).tar.zst | $(am__untar) ;;\
esac
chmod -R a-w $(distdir)
chmod u+w $(distdir)
@@ -640,7 +650,7 @@ distcheck: dist
$(DISTCHECK_CONFIGURE_FLAGS) \
--srcdir=../.. --prefix="$$dc_install_base" \
&& $(MAKE) $(AM_MAKEFLAGS) \
- && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
&& $(MAKE) $(AM_MAKEFLAGS) check \
&& $(MAKE) $(AM_MAKEFLAGS) install \
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
@@ -802,17 +812,18 @@ uninstall-am:
am--refresh check check-am clean clean-cscope clean-generic \
clean-libtool cscope cscopelist-am ctags ctags-am dist \
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
- dist-xz dist-zip distcheck distclean distclean-generic \
- distclean-libtool distclean-tags distcleancheck distdir \
- distuninstallcheck dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-pdf install-pdf-am install-ps install-ps-am \
- install-strip installcheck installcheck-am installdirs \
- installdirs-am maintainer-clean maintainer-clean-generic \
- mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
- ps ps-am tags tags-am uninstall uninstall-am
+ dist-xz dist-zip dist-zstd distcheck distclean \
+ distclean-generic distclean-libtool distclean-tags \
+ distcleancheck distdir distuninstallcheck dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am
.PRECIOUS: Makefile
diff --git a/libraries/libapparmor/README b/libraries/libapparmor/README
index e6134a0a484a66f8fb55a560fd5b1c5f32f49922..b630474ab39e18703f0a3a880dff39725f356895 100644
--- a/libraries/libapparmor/README
+++ b/libraries/libapparmor/README
@@ -1,3 +1,3 @@
-What little documentation exists is in src/aalogparse.h.
+What little documentation exists is in include/aalogparse.h.
-Please file bugs using https://bugs.launchpad.net/apparmor/+filebug
+Please file bugs using https://gitlab.com/apparmor/apparmor/-/issues
diff --git a/libraries/libapparmor/aclocal.m4 b/libraries/libapparmor/aclocal.m4
index 4b9d5dedbf4b4601764fb9305b23add88870a662..af83c61778994cacd9f6c29a493577e4abdd5b1a 100644
--- a/libraries/libapparmor/aclocal.m4
+++ b/libraries/libapparmor/aclocal.m4
@@ -1,6 +1,6 @@
-# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -14,8 +14,8 @@
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
-[m4_warning([this file was generated for autoconf 2.69.
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],,
+[m4_warning([this file was generated for autoconf 2.71.
You have another version of autoconf. It may work, but is not guaranteed to.
If you have problems, you may need to regenerate the build system entirely.
To do so, use the procedure documented by the package, typically 'autoreconf'.])])
@@ -1055,8 +1055,8 @@ int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
- echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
- $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+ echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+ $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
$RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
cat > conftest.c << _LT_EOF
@@ -1085,11 +1085,11 @@ _LT_EOF
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+ 10.0,*86*-darwin8*|10.0,*-darwin[[912]]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[[012]][[,.]]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*)
+ 10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@@ -1506,7 +1506,7 @@ need_locks=$enable_libtool_lock
m4_defun([_LT_PROG_AR],
[AC_CHECK_TOOLS(AR, [ar], false)
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
_LT_DECL([], [AR], [1], [The archiver])
_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
@@ -4077,7 +4077,8 @@ _LT_EOF
if AC_TRY_EVAL(ac_compile); then
# Now try to grab the symbols.
nlist=conftest.nm
- if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&AS_MESSAGE_LOG_FD
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&AS_MESSAGE_LOG_FD && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -4717,6 +4718,12 @@ m4_if([$1], [CXX], [
_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -6448,7 +6455,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
GXX=no
@@ -6823,7 +6830,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -6888,7 +6895,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# explicitly linking system object files so we need to strip them
# from the output so that they don't get included in the library
# dependencies.
- output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
;;
*)
if test yes = "$GXX"; then
@@ -7227,7 +7234,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# FIXME: insert proper C++ library support
@@ -7311,7 +7318,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
else
# g++ 2.7 appears to require '-G' NOT '-shared' on this
# platform.
@@ -7322,7 +7329,7 @@ if test yes != "$_lt_caught_CXX_error"; then
# Commands to make compiler produce verbose output that lists
# what "hidden" libraries, object files and flags are used when
# linking a shared library.
- output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"'
fi
_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
@@ -9067,9 +9074,9 @@ m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
-dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
-dnl serial 11 (pkg-config-0.29.1)
-dnl
+# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
dnl
@@ -9110,7 +9117,7 @@ dnl
dnl See the "Since" comment for each macro you use to see what version
dnl of the macros you require.
m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.1])
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
])dnl PKG_PREREQ
@@ -9211,7 +9218,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -9221,11 +9228,11 @@ and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
- AC_MSG_RESULT([no])
+ AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
- else
+ else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
@@ -9242,7 +9249,7 @@ installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
- AC_MSG_RESULT([no])
+ AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
@@ -9343,7 +9350,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
-# Copyright (C) 2002-2017 Free Software Foundation, Inc.
+# Copyright (C) 2002-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9355,10 +9362,10 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl
# generated from the m4 files accompanying Automake X.Y.
# (This private macro should not be called outside this file.)
AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.15'
+[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.15.1], [],
+m4_if([$1], [1.16.5], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -9374,14 +9381,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.15.1])dnl
+[AM_AUTOMAKE_VERSION([1.16.5])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9433,7 +9440,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9464,7 +9471,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9655,13 +9662,12 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
-
# _AM_OUTPUT_DEPENDENCY_COMMANDS
# ------------------------------
AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
@@ -9669,49 +9675,43 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
- case $CONFIG_FILES in
- *\'*) eval set x "$CONFIG_FILES" ;;
- *) set x $CONFIG_FILES ;;
- esac
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ AS_CASE([$CONFIG_FILES],
+ [*\'*], [eval set x "$CONFIG_FILES"],
+ [*], [set x $CONFIG_FILES])
shift
- for mf
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
do
# Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named 'Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
+ am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`AS_DIRNAME("$mf")`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running 'make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "$am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`AS_DIRNAME(["$file"])`
- AS_MKDIR_P([$dirpart/$fdir])
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`AS_DIRNAME(["$am_mf"])`
+ am_filepart=`AS_BASENAME(["$am_mf"])`
+ AM_RUN_LOG([cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles]) || am_rc=$?
done
+ if test $am_rc -ne 0; then
+ AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE="gmake" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).])
+ fi
+ AS_UNSET([am_dirpart])
+ AS_UNSET([am_filepart])
+ AS_UNSET([am_mf])
+ AS_UNSET([am_rc])
+ rm -f conftest-deps.mk
}
])# _AM_OUTPUT_DEPENDENCY_COMMANDS
@@ -9720,18 +9720,17 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
# -----------------------------
# This macro should only be invoked once -- use via AC_REQUIRE.
#
-# This code is only required when automatic dependency tracking
-# is enabled. FIXME. This creates each '.P' file that we will
-# need in order to bootstrap the dependency handling code.
+# This code is only required when automatic dependency tracking is enabled.
+# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
+# order to bootstrap the dependency handling code.
AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
[AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
+ [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
# Do all the work for Automake. -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9759,6 +9758,10 @@ m4_defn([AC_PROG_CC])
# release and drop the old call support.
AC_DEFUN([AM_INIT_AUTOMAKE],
[AC_PREREQ([2.65])dnl
+m4_ifdef([_$0_ALREADY_INIT],
+ [m4_fatal([$0 expanded multiple times
+]m4_defn([_$0_ALREADY_INIT]))],
+ [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
@@ -9795,7 +9798,7 @@ m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
[_AM_SET_OPTIONS([$1])dnl
dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
m4_if(
- m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]),
+ m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
[ok:ok],,
[m4_fatal([AC_INIT should be called with package and version arguments])])dnl
AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
@@ -9818,8 +9821,8 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
@@ -9847,6 +9850,20 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
[m4_define([AC_PROG_OBJCXX],
m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
])
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+AC_SUBST([CTAGS])
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+AC_SUBST([ETAGS])
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+AC_SUBST([CSCOPE])
+
AC_REQUIRE([AM_SILENT_RULES])dnl
dnl The testsuite driver may need to know about EXEEXT, so add the
dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
@@ -9886,7 +9903,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -9928,7 +9945,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9949,7 +9966,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
-# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+# Copyright (C) 2003-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9968,7 +9985,7 @@ fi
rmdir .tst 2>/dev/null
AC_SUBST([am__leading_dot])])
-# Copyright (C) 1998-2017 Free Software Foundation, Inc.
+# Copyright (C) 1998-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9988,7 +10005,7 @@ fi])
# Check to see how 'make' treats includes. -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -9996,49 +10013,42 @@ fi])
# AM_MAKE_INCLUDE()
# -----------------
-# Check to see how make treats includes.
+# Check whether make has an 'include' directive that can support all
+# the idioms we need for our automatic dependency tracking code.
AC_DEFUN([AM_MAKE_INCLUDE],
-[am_make=${MAKE-make}
-cat > confinc << 'END'
+[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
+cat > confinc.mk << 'END'
am__doit:
- @echo this is the am__doit target
+ @echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
- am__include=include
- am__quote=
- _am_result=GNU
- ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- case `$am_make -s -f confmf 2> /dev/null` in #(
- *the\ am__doit\ target*)
- am__include=.include
- am__quote="\""
- _am_result=BSD
- ;;
- esac
-fi
-AC_SUBST([am__include])
-AC_SUBST([am__quote])
-AC_MSG_RESULT([$_am_result])
-rm -f confinc confmf
-])
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
+ AS_CASE([$?:`cat confinc.out 2>/dev/null`],
+ ['0:this is the am__doit target'],
+ [AS_CASE([$s],
+ [BSD], [am__include='.include' am__quote='"'],
+ [am__include='include' am__quote=''])])
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+AC_MSG_RESULT([${_am_result}])
+AC_SUBST([am__include])])
+AC_SUBST([am__quote])])
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10059,12 +10069,7 @@ AC_DEFUN([AM_MISSING_HAS_RUN],
[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
if test x"${MISSING+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
- *)
- MISSING="\${SHELL} $am_aux_dir/missing" ;;
- esac
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
@@ -10077,7 +10082,7 @@ fi
# Helper functions for option handling. -*- Autoconf -*-
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10106,7 +10111,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10153,7 +10158,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10186,10 +10191,13 @@ AC_DEFUN([AM_PATH_PYTHON],
[
dnl Find a Python interpreter. Python versions prior to 2.0 are not
dnl supported. (2.0 was released on October 16, 2000).
- dnl FIXME: Remove the need to hard-code Python versions here.
m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
-[python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
- python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
+[python python2 python3 dnl
+ python3.11 python3.10 dnl
+ python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl
+ python3.2 python3.1 python3.0 dnl
+ python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl
+ python2.0])
AC_ARG_VAR([PYTHON], [the Python interpreter])
@@ -10230,34 +10238,141 @@ AC_DEFUN([AM_PATH_PYTHON],
])
if test "$PYTHON" = :; then
- dnl Run any user-specified action, or abort.
+ dnl Run any user-specified action, or abort.
m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
else
- dnl Query Python for its version number. Getting [:3] seems to be
- dnl the best way to do this; it's what "site.py" does in the standard
- dnl library.
-
+ dnl Query Python for its version number. Although site.py simply uses
+ dnl sys.version[:3], printing that failed with Python 3.10, since the
+ dnl trailing zero was eliminated. So now we output just the major
+ dnl and minor version numbers, as numbers. Apparently the tertiary
+ dnl version is not of interest.
+ dnl
AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
- [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`])
+ [am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`])
AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
- dnl Use the values of $prefix and $exec_prefix for the corresponding
- dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made
- dnl distinct variables so they can be overridden if need be. However,
- dnl general consensus is that you shouldn't need this ability.
-
- AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
- AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
-
- dnl At times (like when building shared libraries) you may want
+ dnl At times, e.g., when building shared libraries, you may want
dnl to know which OS platform Python thinks this is.
-
+ dnl
AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
[am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
- # Just factor out some code duplication.
+ dnl emacs-page
+ dnl If --with-python-sys-prefix is given, use the values of sys.prefix
+ dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX
+ dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and
+ dnl ${exec_prefix} variables.
+ dnl
+ dnl The two are made distinct variables so they can be overridden if
+ dnl need be, although general consensus is that you shouldn't need
+ dnl this separation.
+ dnl
+ dnl Also allow directly setting the prefixes via configure options,
+ dnl overriding any default.
+ dnl
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
+
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+ AC_ARG_WITH([python-sys-prefix],
+ [AS_HELP_STRING([--with-python-sys-prefix],
+ [use Python's sys.prefix and sys.exec_prefix values])],
+ [am_use_python_sys=:],
+ [am_use_python_sys=false])
+
+ # Allow user to override whatever the default Python prefix is.
+ AC_ARG_WITH([python_prefix],
+ [AS_HELP_STRING([--with-python_prefix],
+ [override the default PYTHON_PREFIX])],
+ [am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix])
+ AC_MSG_RESULT([$am_cv_python_prefix])],
+ [
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ AC_CACHE_CHECK([for python default $am_display_PYTHON prefix],
+ [am_cv_python_prefix],
+ [am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`])
+
+ dnl If sys.prefix is a subdir of $prefix, replace the literal value of
+ dnl $prefix with a variable reference so it can be overridden.
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix])
+ AC_MSG_RESULT([$am_python_prefix])
+ fi])
+ # Substituting python_prefix_subst value.
+ AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+ AC_ARG_WITH([python_exec_prefix],
+ [AS_HELP_STRING([--with-python_exec_prefix],
+ [override the default PYTHON_EXEC_PREFIX])],
+ [am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_cv_python_exec_prefix])],
+ [
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ AS_IF([test -n "$with_python_prefix"],
+ [am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_cv_python_exec_prefix])],
+ [
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix],
+ [am_cv_python_exec_prefix],
+ [am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`])
+ dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the
+ dnl literal value of $exec_prefix with a variable reference so it can
+ dnl be overridden.
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_python_exec_prefix])
+ fi])])
+ # Substituting python_exec_prefix_subst.
+ AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
+
+ # Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
@@ -10277,96 +10392,109 @@ try:
except ImportError:
pass"
- dnl Set up 4 directories:
+ dnl emacs-page Set up 4 directories:
- dnl pythondir -- where to install python scripts. This is the
- dnl site-packages directory, not the python standard library
- dnl directory like in previous automake betas. This behavior
- dnl is more consistent with lispdir.m4 for example.
+ dnl 1. pythondir: where to install python scripts. This is the
+ dnl site-packages directory, not the python standard library
+ dnl directory like in previous automake betas. This behavior
+ dnl is more consistent with lispdir.m4 for example.
dnl Query distutils for this directory.
- AC_CACHE_CHECK([for $am_display_PYTHON script directory],
- [am_cv_python_pythondir],
- [if test "x$prefix" = xNONE
- then
- am_py_prefix=$ac_default_prefix
- else
- am_py_prefix=$prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
+ dnl
+ AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)],
+ [am_cv_python_pythondir],
+ [if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
- ])
+ ;;
+ esac
+ ])
AC_SUBST([pythondir], [$am_cv_python_pythondir])
- dnl pkgpythondir -- $PACKAGE directory under pythondir. Was
- dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
- dnl more consistent with the rest of automake.
-
+ dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was
+ dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
+ dnl more consistent with the rest of automake.
+ dnl
AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
- dnl pyexecdir -- directory for installing python extension modules
- dnl (shared libraries)
+ dnl 3. pyexecdir: directory for installing python extension modules
+ dnl (shared libraries).
dnl Query distutils for this directory.
- AC_CACHE_CHECK([for $am_display_PYTHON extension module directory],
- [am_cv_python_pyexecdir],
- [if test "x$exec_prefix" = xNONE
- then
- am_py_exec_prefix=$am_py_prefix
- else
- am_py_exec_prefix=$exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
+ dnl
+ AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)],
+ [am_cv_python_pyexecdir],
+ [if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
- ])
+ ;;
+ esac
+ ])
AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
- dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE)
-
+ dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE)
+ dnl
AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
dnl Run any user-specified action.
$2
fi
-
])
@@ -10389,7 +10517,7 @@ for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
sys.exit(sys.hexversion < minverhex)"
AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10408,7 +10536,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10489,7 +10617,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
-# Copyright (C) 2009-2017 Free Software Foundation, Inc.
+# Copyright (C) 2009-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10549,7 +10677,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10577,7 +10705,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
-# Copyright (C) 2006-2017 Free Software Foundation, Inc.
+# Copyright (C) 2006-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -10596,7 +10724,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
-# Copyright (C) 2004-2017 Free Software Foundation, Inc.
+# Copyright (C) 2004-2021 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
diff --git a/libraries/libapparmor/autom4te.cache/output.0 b/libraries/libapparmor/autom4te.cache/output.0
index 6679f7d638cf76b6c127b6fbe783fc970bcbc98b..74a71f7786adb60340a22fe28c689e635a540b8b 100644
--- a/libraries/libapparmor/autom4te.cache/output.0
+++ b/libraries/libapparmor/autom4te.cache/output.0
@@ -1,9 +1,10 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69.
+@%:@ Generated by GNU Autoconf 2.71.
@%:@
@%:@
-@%:@ Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+@%:@ Inc.
@%:@
@%:@
@%:@ This configure script is free software; the Free Software Foundation
@@ -14,14 +15,16 @@
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -31,46 +34,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in @%:@(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in @%:@((
@@ -94,8 +90,12 @@ case $0 in @%:@((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -107,30 +107,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# Use a proper internal environment variable to ensure we don't fall
# into an infinite loop, continuously re-executing ourselves.
@@ -152,20 +132,22 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-as_fn_exit 255
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
# We don't want this to propagate to other subprocesses.
{ _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
# is contrary to our usage. Disable this feature.
alias -g '\${1+\"\$@\"}'='\"\$@\"'
setopt NO_GLOB_SUBST
-else
+else \$as_nop
case \`(set -o) 2>/dev/null\` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -185,12 +167,15 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; }
as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
+then :
-else
+else \$as_nop
exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1
+blah=\$(echo \$(echo blah))
+test x\"\$blah\" = xblah || exit 1
test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
@@ -205,30 +190,38 @@ test \$(( 1 + 1 )) = 2 || exit 1
PATH=/empty FPATH=/empty; export PATH FPATH
test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
|| test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
+ if (eval "$as_required") 2>/dev/null
+then :
as_have_required=yes
-else
+else $as_nop
as_have_required=no
fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
+then :
-else
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_found=false
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
as_found=:
case $as_dir in @%:@(
/*)
for as_base in sh bash ksh sh5; do
# Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
+ as_shell=$as_dir$as_base
if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
+then :
break 2
fi
fi
@@ -236,14 +229,21 @@ fi
esac
as_found=false
done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi
+fi
- if test "x$CONFIG_SHELL" != x; then :
+ if test "x$CONFIG_SHELL" != x
+then :
export CONFIG_SHELL
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
@@ -261,18 +261,19 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ if test x$as_have_required = xno
+then :
+ printf "%s\n" "$0: This script requires a shell more modern than all"
+ printf "%s\n" "$0: the shells that I found on your system."
+ if test ${ZSH_VERSION+y} ; then
+ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
else
- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
$0: including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
@@ -299,6 +300,7 @@ as_fn_unset ()
}
as_unset=as_fn_unset
+
@%:@ as_fn_set_status STATUS
@%:@ -----------------------
@%:@ Set @S|@? to STATUS, without forking.
@@ -316,6 +318,14 @@ as_fn_exit ()
as_fn_set_status $1
exit $1
} @%:@ as_fn_exit
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
@%:@ as_fn_mkdir_p
@%:@ -------------
@@ -330,7 +340,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -339,7 +349,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -378,12 +388,13 @@ as_fn_executable_p ()
@%:@ advantage of any shell optimizations that allow amortized linear growth over
@%:@ repeated appends, instead of the typical quadratic growth present in naive
@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -395,18 +406,27 @@ fi # as_fn_append
@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
}
fi # as_fn_arith
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
@%:@ ----------------------------------------
@@ -418,9 +438,9 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} @%:@ as_fn_error
@@ -447,7 +467,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -491,7 +511,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
s/-\n.*//
' >$as_me.lineno &&
chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
# If we had to re-execute with $CONFIG_SHELL, we're ensured to have
# already done that, so ensure we don't try to do so again and fall
@@ -505,6 +525,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
exit
}
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in @%:@(((((
-n*)
@@ -518,6 +542,13 @@ case `echo -n x` in @%:@(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -585,50 +616,46 @@ MFLAGS=
MAKEFLAGS=
# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-PACKAGE_URL=
+PACKAGE_NAME=''
+PACKAGE_TARNAME=''
+PACKAGE_VERSION=''
+PACKAGE_STRING=''
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
ac_unique_file="configure.ac"
# Factoring default headers for most tests.
ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
+#include <stddef.h>
+#ifdef HAVE_STDIO_H
+# include <stdio.h>
#endif
-#ifdef STDC_HEADERS
+#ifdef HAVE_STDLIB_H
# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
#endif
#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
# include <string.h>
#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
#endif
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"
+ac_header_c_list=
ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
@@ -662,7 +689,6 @@ build
LIBTOOL
EGREP
GREP
-CPP
HAVE_RUBY_FALSE
HAVE_RUBY_TRUE
HAVE_PERL_FALSE
@@ -677,14 +703,15 @@ pkgpyexecdir
pyexecdir
pkgpythondir
pythondir
-PYTHON_PLATFORM
PYTHON_EXEC_PREFIX
PYTHON_PREFIX
+PYTHON_PLATFORM
PYTHON_EXTRA_LDFLAGS
PYTHON_EXTRA_LIBS
PYTHON_SITE_PKG
PYTHON_LDFLAGS
PYTHON_CPPFLAGS
+PYTHON_CONFIG
PYTHON_VERSION
PYTHON
POD2MAN
@@ -704,7 +731,6 @@ am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
AMDEP_TRUE
-am__quote
am__include
DEPDIR
OBJEXT
@@ -720,6 +746,9 @@ AM_BACKSLASH
AM_DEFAULT_VERBOSITY
AM_DEFAULT_V
AM_V
+CSCOPE
+ETAGS
+CTAGS
am__untar
am__tar
AMTAR
@@ -781,7 +810,8 @@ PACKAGE_VERSION
PACKAGE_TARNAME
PACKAGE_NAME
PATH_SEPARATOR
-SHELL'
+SHELL
+am__quote'
ac_subst_files=''
ac_user_opts='
enable_option_checking
@@ -790,6 +820,9 @@ enable_dependency_tracking
enable_debug_output
enable_man_pages
with_python
+with_python_sys_prefix
+with_python_prefix
+with_python_exec_prefix
with_perl
with_ruby
enable_shared
@@ -816,7 +849,6 @@ PKG_CONFIG_PATH
PKG_CONFIG_LIBDIR
PYTHON_VERSION
PYTHON
-CPP
LT_SYS_LIBRARY_PATH'
@@ -886,8 +918,6 @@ do
*) ac_optarg=yes ;;
esac
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
case $ac_dashdash$ac_option in
--)
ac_dashdash=yes ;;
@@ -928,9 +958,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -954,9 +984,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -1167,9 +1197,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1183,9 +1213,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1229,9 +1259,9 @@ Try \`$0 --help' for more information"
*)
# FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
: "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
@@ -1247,7 +1277,7 @@ if test -n "$ac_unrecognized_opts"; then
case $enable_option_checking in
no) ;;
fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
esac
fi
@@ -1311,7 +1341,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_myself" : 'X\(//\)[^/]' \| \
X"$as_myself" : 'X\(//\)$' \| \
X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
+printf "%s\n" X"$as_myself" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -1463,6 +1493,11 @@ Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-python enable the python wrapper [default=no]
+ --with-python-sys-prefix
+ use Python's sys.prefix and sys.exec_prefix values
+ --with-python_prefix override the default PYTHON_PREFIX
+ --with-python_exec_prefix
+ override the default PYTHON_EXEC_PREFIX
--with-perl enable the perl wrapper [default=no]
--with-ruby enable the ruby wrapper [default=no]
--with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
@@ -1498,7 +1533,6 @@ Some influential environment variables:
string will be appended to the Python interpreter canonical
name.
PYTHON the Python interpreter
- CPP C preprocessor
LT_SYS_LIBRARY_PATH
User-defined run-time library search path.
@@ -1521,9 +1555,9 @@ if test "$ac_init_help" = "recursive"; then
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -1551,7 +1585,8 @@ esac
ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
+ # Check for configure.gnu first; this name is used for a wrapper for
+ # Metaconfig's "Configure" on case-insensitive file systems.
if test -f "$ac_srcdir/configure.gnu"; then
echo &&
$SHELL "$ac_srcdir/configure.gnu" --help=recursive
@@ -1559,7 +1594,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
@@ -1569,9 +1604,9 @@ test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
configure
-generated by GNU Autoconf 2.69
+generated by GNU Autoconf 2.71
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@@ -1588,14 +1623,14 @@ fi
ac_fn_c_try_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
+ rm -f conftest.$ac_objext conftest.beam
if { { ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1603,14 +1638,15 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
+ } && test -s conftest.$ac_objext
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1626,14 +1662,14 @@ fi
ac_fn_c_try_link ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
+ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1641,17 +1677,18 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
test -x conftest$ac_exeext
- }; then :
+ }
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1666,172 +1703,6 @@ fi
} @%:@ ac_fn_c_try_link
-@%:@ ac_fn_c_try_cpp LINENO
-@%:@ ----------------------
-@%:@ Try to preprocess conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_cpp
-
-@%:@ ac_fn_c_try_run LINENO
-@%:@ ----------------------
-@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded. Assumes
-@%:@ that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_run
-
-@%:@ ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
-@%:@ -------------------------------------------------------
-@%:@ Tests whether HEADER exists, giving a warning if it cannot be compiled using
-@%:@ the include files in INCLUDES and setting the cache variable VAR
-@%:@ accordingly.
-ac_fn_c_check_header_mongrel ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval \${$3+:} false; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
-$as_echo_n "checking $2 usability... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_header_compiler=yes
-else
- ac_header_compiler=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
-$as_echo_n "checking $2 presence... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- ac_header_preproc=yes
-else
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
- yes:no: )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
- no:yes:* )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
-esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=\$ac_header_compiler"
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_header_mongrel
-
@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
@%:@ -------------------------------------------------------
@%:@ Tests whether HEADER exists and can be compiled using the include files in
@@ -1839,26 +1710,28 @@ fi
ac_fn_c_check_header_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$4
@%:@include <$2>
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} @%:@ ac_fn_c_check_header_compile
@@ -1869,11 +1742,12 @@ $as_echo "$ac_res" >&6; }
ac_fn_c_check_func ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
@@ -1881,16 +1755,9 @@ else
#define $2 innocuous_$2
/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
+ which can conflict with char $2 (); below. */
+#include <limits.h>
#undef $2
/* Override any GCC internal prototype to avoid an error.
@@ -1908,35 +1775,56 @@ choke me
#endif
int
-main ()
+main (void)
{
return $2 ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} @%:@ ac_fn_c_check_func
+ac_configure_args_raw=
+for ac_arg
+do
+ case $ac_arg in
+ *\'*)
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append ac_configure_args_raw " '$ac_arg'"
+done
+
+case $ac_configure_args_raw in
+ *$as_nl*)
+ ac_safe_unquote= ;;
+ *)
+ ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
+ ac_unsafe_a="$ac_unsafe_z#~"
+ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
+ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
+esac
+
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
- $ $0 $@
+ $ $0$ac_configure_args_raw
_ACEOF
exec 5>>config.log
@@ -1969,8 +1857,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ printf "%s\n" "PATH: $as_dir"
done
IFS=$as_save_IFS
@@ -2005,7 +1897,7 @@ do
| -silent | --silent | --silen | --sile | --sil)
continue ;;
*\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
@@ -2040,11 +1932,13 @@ done
# WARNING: Use '\'' to represent an apostrophe within the trap.
# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
trap 'exit_status=$?
+ # Sanitize IFS.
+ IFS=" "" $as_nl"
# Save into config.log some information that might help in debugging.
{
echo
- $as_echo "## ---------------- ##
+ printf "%s\n" "## ---------------- ##
## Cache variables. ##
## ---------------- ##"
echo
@@ -2055,8 +1949,8 @@ trap 'exit_status=$?
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -2080,7 +1974,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
)
echo
- $as_echo "## ----------------- ##
+ printf "%s\n" "## ----------------- ##
## Output variables. ##
## ----------------- ##"
echo
@@ -2088,14 +1982,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
+ printf "%s\n" "## ------------------- ##
## File substitutions. ##
## ------------------- ##"
echo
@@ -2103,15 +1997,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
fi
if test -s confdefs.h; then
- $as_echo "## ----------- ##
+ printf "%s\n" "## ----------- ##
## confdefs.h. ##
## ----------- ##"
echo
@@ -2119,8 +2013,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
echo
fi
test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
+ printf "%s\n" "$as_me: caught signal $ac_signal"
+ printf "%s\n" "$as_me: exit $exit_status"
} >&5
rm -f core *.core core.conftest.* &&
rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
@@ -2134,63 +2028,48 @@ ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -f -r conftest* confdefs.h
-$as_echo "/* confdefs.h */" > confdefs.h
+printf "%s\n" "/* confdefs.h */" > confdefs.h
# Predefined preprocessor variables.
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
# Let the site file select an alternate cache file if it wants to.
# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in @%:@((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
+ ac_site_files="$CONFIG_SITE"
elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
+ ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
+ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+
+for ac_site_file in $ac_site_files
do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ case $ac_site_file in @%:@(
+ */*) :
+ ;; @%:@(
+ *) :
+ ac_site_file=./$ac_site_file ;;
+esac
+ if test -f "$ac_site_file" && test -r "$ac_site_file"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
. "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to load site script $ac_site_file
See \`config.log' for more details" "$LINENO" 5; }
fi
@@ -2200,120 +2079,509 @@ if test -r "$cache_file"; then
# Some versions of bash will fail to source /dev/null (special files
# actually), so we avoid doing that. DJGPP emulates it as a regular file.
if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
[\\/]* | ?:[\\/]* ) . "$cache_file";;
*) . "./$cache_file";;
esac
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+# Test code for whether the C compiler supports C89 (global declarations)
+ac_c_conftest_c89_globals='
+/* Does the compiler advertise C89 conformance?
+ Do not test the value of __STDC__, because some compilers set it to 0
+ while being otherwise adequately conformant. */
+#if !defined __STDC__
+# error "Compiler does not advertise C89 conformance"
+#endif
+#include <stddef.h>
+#include <stdarg.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
+struct buf { int x; };
+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not \xHH hex character constants.
+ These do not provoke an error unfortunately, instead are silently treated
+ as an "x". The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously \x00 != x always comes out true, for an
+ array size at least. It is necessary to write \x00 == 0 to get something
+ that is true only with -std. */
+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-am__api_version='1.15'
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) '\''x'\''
+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
+ int, int);'
+
+# Test code for whether the C compiler supports C89 (body of main).
+ac_c_conftest_c89_main='
+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
+'
+
+# Test code for whether the C compiler supports C99 (global declarations)
+ac_c_conftest_c99_globals='
+// Does the compiler advertise C99 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
+# error "Compiler does not advertise C99 conformance"
+#endif
+
+#include <stdbool.h>
+extern int puts (const char *);
+extern int printf (const char *, ...);
+extern int dprintf (int, const char *, ...);
+extern void *malloc (size_t);
+
+// Check varargs macros. These examples are taken from C99 6.10.3.5.
+// dprintf is used instead of fprintf to avoid needing to declare
+// FILE and stderr.
+#define debug(...) dprintf (2, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+ int x = 1234;
+ int y = 5678;
+ debug ("Flag");
+ debug ("X = %d\n", x);
+ showlist (The first, second, and third items.);
+ report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+ #error "your preprocessor is broken"
+#endif
+#if BIG_OK
+#else
+ #error "your preprocessor is broken"
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+ int datasize;
+ double data[];
+};
+
+struct named_init {
+ int number;
+ const wchar_t *name;
+ double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+ // See if C++-style comments work.
+ // Iterate through items via the restricted pointer.
+ // Also check for declarations in for loops.
+ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
+ continue;
+ return 0;
+}
+
+// Check varargs and va_copy.
+static bool
+test_varargs (const char *format, ...)
+{
+ va_list args;
+ va_start (args, format);
+ va_list args_copy;
+ va_copy (args_copy, args);
+
+ const char *str = "";
+ int number = 0;
+ float fnumber = 0;
+
+ while (*format)
+ {
+ switch (*format++)
+ {
+ case '\''s'\'': // string
+ str = va_arg (args_copy, const char *);
+ break;
+ case '\''d'\'': // int
+ number = va_arg (args_copy, int);
+ break;
+ case '\''f'\'': // float
+ fnumber = va_arg (args_copy, double);
+ break;
+ default:
+ break;
+ }
+ }
+ va_end (args_copy);
+ va_end (args);
+
+ return *str && number && fnumber;
+}
+'
+
+# Test code for whether the C compiler supports C99 (body of main).
+ac_c_conftest_c99_main='
+ // Check bool.
+ _Bool success = false;
+ success |= (argc != 0);
+
+ // Check restrict.
+ if (test_restrict ("String literal") == 0)
+ success = true;
+ char *restrict newvar = "Another string";
+
+ // Check varargs.
+ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
+ test_varargs_macros ();
+
+ // Check flexible array members.
+ struct incomplete_array *ia =
+ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+ ia->datasize = 10;
+ for (int i = 0; i < ia->datasize; ++i)
+ ia->data[i] = i * 1.234;
+
+ // Check named initializers.
+ struct named_init ni = {
+ .number = 34,
+ .name = L"Test wide string",
+ .average = 543.34343,
+ };
+
+ ni.number = 58;
+
+ int dynamic_array[ni.number];
+ dynamic_array[0] = argv[0][0];
+ dynamic_array[ni.number - 1] = 543;
+
+ // work around unused variable warnings
+ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
+ || dynamic_array[ni.number - 1] != 543);
+'
+
+# Test code for whether the C compiler supports C11 (global declarations)
+ac_c_conftest_c11_globals='
+// Does the compiler advertise C11 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
+# error "Compiler does not advertise C11 conformance"
+#endif
+
+// Check _Alignas.
+char _Alignas (double) aligned_as_double;
+char _Alignas (0) no_special_alignment;
+extern char aligned_as_int;
+char _Alignas (0) _Alignas (int) aligned_as_int;
+
+// Check _Alignof.
+enum
+{
+ int_alignment = _Alignof (int),
+ int_array_alignment = _Alignof (int[100]),
+ char_alignment = _Alignof (char)
+};
+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
+
+// Check _Noreturn.
+int _Noreturn does_not_return (void) { for (;;) continue; }
+
+// Check _Static_assert.
+struct test_static_assert
+{
+ int x;
+ _Static_assert (sizeof (int) <= sizeof (long int),
+ "_Static_assert does not work in struct");
+ long int y;
+};
+
+// Check UTF-8 literals.
+#define u8 syntax error!
+char const utf8_literal[] = u8"happens to be ASCII" "another string";
+
+// Check duplicate typedefs.
+typedef long *long_ptr;
+typedef long int *long_ptr;
+typedef long_ptr long_ptr;
+
+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
+struct anonymous
+{
+ union {
+ struct { int i; int j; };
+ struct { int k; long int l; } w;
+ };
+ int m;
+} v1;
+'
+
+# Test code for whether the C compiler supports C11 (body of main).
+ac_c_conftest_c11_main='
+ _Static_assert ((offsetof (struct anonymous, i)
+ == offsetof (struct anonymous, w.k)),
+ "Anonymous union alignment botch");
+ v1.i = 2;
+ v1.w.k = 5;
+ ok |= v1.i != 5;
+'
+
+# Test code for whether the C compiler supports C11 (complete).
+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+${ac_c_conftest_c11_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ ${ac_c_conftest_c11_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C99 (complete).
+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C89 (complete).
+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ return ok;
+}
+"
+
+as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
+as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
+as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
+as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
+as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
+as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
+as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
+as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
+as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
+
+# Auxiliary files required by this configure script.
+ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
+
+# Locations in which to look for auxiliary files.
+ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
+
+# Search for a directory containing all of the required auxiliary files,
+# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
+# If we don't find one directory that contains all the files we need,
+# we report the set of missing files from the *first* directory in
+# $ac_aux_dir_candidates and give up.
+ac_missing_aux_files=""
+ac_first_candidate=:
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in $ac_aux_dir_candidates
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ as_found=:
+
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
+ ac_aux_dir_found=yes
+ ac_install_sh=
+ for ac_aux in $ac_aux_files
+ do
+ # As a special case, if "install-sh" is required, that requirement
+ # can be satisfied by any of "install-sh", "install.sh", or "shtool",
+ # and $ac_install_sh is set appropriately for whichever one is found.
+ if test x"$ac_aux" = x"install-sh"
+ then
+ if test -f "${as_dir}install-sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
+ ac_install_sh="${as_dir}install-sh -c"
+ elif test -f "${as_dir}install.sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
+ ac_install_sh="${as_dir}install.sh -c"
+ elif test -f "${as_dir}shtool"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
+ ac_install_sh="${as_dir}shtool install -c"
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} install-sh"
+ else
+ break
+ fi
+ fi
+ else
+ if test -f "${as_dir}${ac_aux}"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
+ else
+ break
+ fi
+ fi
+ fi
+ done
+ if test "$ac_aux_dir_found" = yes; then
+ ac_aux_dir="$as_dir"
break
fi
+ ac_first_candidate=false
+
+ as_found=false
done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
fi
+
# These three variables are undocumented and unsupported,
# and are intended to be withdrawn in a future Autoconf release.
# They can cause serious problems if a builder's source tree is in a directory
# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+if test -f "${ac_aux_dir}config.guess"; then
+ ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
+fi
+if test -f "${ac_aux_dir}config.sub"; then
+ ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
+fi
+if test -f "$ac_aux_dir/configure"; then
+ ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+ and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+am__api_version='1.16'
+
-# Find a good install program. We prefer a C program (faster),
+ # Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
# SysV /etc/install, /usr/sbin/install
@@ -2327,20 +2595,25 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+printf %s "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if ${ac_cv_path_install+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${ac_cv_path_install+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in @%:@((
- ./ | .// | /[cC]/* | \
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ # Account for fact that we put trailing slashes in our PATH walk.
+case $as_dir in @%:@((
+ ./ | /[cC]/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
/usr/ucb/* ) ;;
@@ -2350,13 +2623,13 @@ case $as_dir/ in @%:@((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
:
elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# program-specific install script used by HP pwplus--don't use.
:
else
@@ -2364,12 +2637,12 @@ case $as_dir/ in @%:@((
echo one > conftest.one
echo two > conftest.two
mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
test -s conftest.one && test -s conftest.two &&
test -s conftest.dir/conftest.one &&
test -s conftest.dir/conftest.two
then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
break 3
fi
fi
@@ -2385,7 +2658,7 @@ IFS=$as_save_IFS
rm -rf conftest.one conftest.two conftest.dir
fi
- if test "${ac_cv_path_install+set}" = set; then
+ if test ${ac_cv_path_install+y}; then
INSTALL=$ac_cv_path_install
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2395,8 +2668,8 @@ fi
INSTALL=$ac_install_sh
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+printf "%s\n" "$INSTALL" >&6; }
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
@@ -2406,8 +2679,8 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-$as_echo_n "checking whether build environment is sane... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+printf %s "checking whether build environment is sane... " >&6; }
# Reject unsafe characters in $srcdir or the absolute working directory
# name. Accept space and tab only in the latter.
am_lf='
@@ -2461,8 +2734,8 @@ else
as_fn_error $? "newly created file is older than distributed files!
Check your system clock" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
# If we didn't sleep, we still need to ensure time stamps of config.status and
# generated files are strictly newer.
am_sleep_pid=
@@ -2481,26 +2754,23 @@ test "$program_suffix" != NONE &&
# Double any \ or $.
# By default was `s,x,x', remove it if useless.
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
+
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
-if test x"${MISSING+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
- *)
- MISSING="\${SHELL} $am_aux_dir/missing" ;;
- esac
+
+ if test x"${MISSING+set}" != xset; then
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
am_missing_run="$MISSING "
else
am_missing_run=
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
fi
if test x"${install_sh+set}" != xset; then
@@ -2520,11 +2790,12 @@ if test "$cross_compiling" != no; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -2532,11 +2803,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2547,11 +2822,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -2560,11 +2835,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -2572,11 +2848,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2587,11 +2867,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -2599,8 +2879,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -2612,25 +2892,31 @@ fi
fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
-$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
+printf %s "checking for a race-free mkdir -p... " >&6; }
if test -z "$MKDIR_P"; then
- if ${ac_cv_path_mkdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${ac_cv_path_mkdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir (GNU coreutils) '* | \
- 'mkdir (coreutils) '* | \
+ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
+ case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir ('*'coreutils) '* | \
+ 'BusyBox '* | \
'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
break 3;;
esac
done
@@ -2641,7 +2927,7 @@ IFS=$as_save_IFS
fi
test -d ./--version && rmdir ./--version
- if test "${ac_cv_path_mkdir+set}" = set; then
+ if test ${ac_cv_path_mkdir+y}; then
MKDIR_P="$ac_cv_path_mkdir -p"
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2651,18 +2937,19 @@ fi
MKDIR_P="$ac_install_sh -d"
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-$as_echo "$MKDIR_P" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+printf "%s\n" "$MKDIR_P" >&6; }
for ac_prog in gawk mawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AWK+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AWK+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AWK"; then
ac_cv_prog_AWK="$AWK" # Let the user override the test.
else
@@ -2670,11 +2957,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2685,24 +2976,25 @@ fi
fi
AWK=$ac_cv_prog_AWK
if test -n "$AWK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-$as_echo "$AWK" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+printf "%s\n" "$AWK" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -n "$AWK" && break
done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
set x ${MAKE-make}
-ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval test \${ac_cv_prog_make_${ac_make}_set+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat >conftest.make <<\_ACEOF
SHELL = /bin/sh
all:
@@ -2718,12 +3010,12 @@ esac
rm -f conftest.make
fi
if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
SET_MAKE=
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
SET_MAKE="MAKE=${MAKE-make}"
fi
@@ -2737,7 +3029,8 @@ fi
rmdir .tst 2>/dev/null
@%:@ Check whether --enable-silent-rules was given.
-if test "${enable_silent_rules+set}" = set; then :
+if test ${enable_silent_rules+y}
+then :
enableval=$enable_silent_rules;
fi
@@ -2747,12 +3040,13 @@ case $enable_silent_rules in @%:@ (((
*) AM_DEFAULT_VERBOSITY=1;;
esac
am_make=${MAKE-make}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
-if ${am_cv_make_support_nested_variables+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if $as_echo 'TRUE=$(BAR$(V))
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+printf %s "checking whether $am_make supports nested variables... " >&6; }
+if test ${am_cv_make_support_nested_variables+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if printf "%s\n" 'TRUE=$(BAR$(V))
BAR0=false
BAR1=true
V=1
@@ -2764,8 +3058,8 @@ else
am_cv_make_support_nested_variables=no
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-$as_echo "$am_cv_make_support_nested_variables" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
if test $am_cv_make_support_nested_variables = yes; then
AM_V='$(V)'
AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
@@ -2798,17 +3092,13 @@ fi
# Define the identity of the package.
PACKAGE=libapparmor1
- VERSION=2.13.6
+ VERSION=3.0.8
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE "$PACKAGE"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define VERSION "$VERSION"
-_ACEOF
+printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
# Some tools Automake needs.
@@ -2828,8 +3118,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
# We need awk for the "check" target (and possibly the TAP driver). The
@@ -2848,6 +3138,20 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+
+
# POSIX will say in a future version that running "rm -f" with no argument
# is OK; and we want to be able to make that assumption in our Makefile
@@ -2880,7 +3184,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -2892,52 +3196,62 @@ END
fi
+
+
+
+
+
+
+
+
+
DEPDIR="${am__leading_dot}deps"
ac_config_commands="$ac_config_commands depfiles"
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
+printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
+cat > confinc.mk << 'END'
am__doit:
- @echo this is the am__doit target
+ @echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
-# If we don't find an include directive, just comment out the code.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
-$as_echo_n "checking for style of include used by $am_make... " >&6; }
am__include="#"
am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
- am__include=include
- am__quote=
- _am_result=GNU
- ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- case `$am_make -s -f confmf 2> /dev/null` in #(
- *the\ am__doit\ target*)
- am__include=.include
- am__quote="\""
- _am_result=BSD
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ case $?:`cat confinc.out 2>/dev/null` in @%:@(
+ '0:this is the am__doit target') :
+ case $s in @%:@(
+ BSD) :
+ am__include='.include' am__quote='"' ;; @%:@(
+ *) :
+ am__include='include' am__quote='' ;;
+esac ;; @%:@(
+ *) :
;;
- esac
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
-$as_echo "$_am_result" >&6; }
-rm -f confinc confmf
+esac
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
+printf "%s\n" "${_am_result}" >&6; }
@%:@ Check whether --enable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then :
+if test ${enable_dependency_tracking+y}
+then :
enableval=$enable_dependency_tracking;
fi
@@ -2963,11 +3277,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -2975,11 +3290,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2990,11 +3309,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3003,11 +3322,12 @@ if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3015,11 +3335,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3030,11 +3354,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_CC" = x; then
@@ -3042,8 +3366,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3056,11 +3380,12 @@ if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3068,11 +3393,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3083,11 +3412,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3096,11 +3425,12 @@ fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3109,15 +3439,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3133,18 +3467,18 @@ if test $ac_prog_rejected = yes; then
# However, it has the same basename, so the bogon will be chosen
# first if we set CC to just the basename; use the full file name.
shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
fi
fi
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3155,11 +3489,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3167,11 +3502,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3182,11 +3521,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3199,11 +3538,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3211,11 +3551,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3226,11 +3570,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3242,8 +3586,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3251,25 +3595,129 @@ esac
fi
fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
+set dummy ${ac_tool_prefix}clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "clang", so it can be a program name with args.
+set dummy clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+
+
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "no acceptable C compiler found in \$PATH
See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
set X $ac_compile
ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
+for ac_option in --version -v -V -qversion -version; do
{ { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -3279,7 +3727,7 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
fi
rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
done
@@ -3287,7 +3735,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3299,9 +3747,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+printf %s "checking whether the C compiler works... " >&6; }
+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
# The possible output files:
ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
@@ -3322,11 +3770,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link_default") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
# in a Makefile. We should not override ac_cv_exeext if it was cached,
@@ -3343,7 +3792,7 @@ do
# certainly right.
break;;
*.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
then :; else
ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
fi
@@ -3359,44 +3808,46 @@ do
done
test "$ac_cv_exeext" = no && ac_cv_exeext=
-else
+else $as_nop
ac_file=''
fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
+if test -z "$ac_file"
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "C compiler cannot create executables
See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+printf %s "checking for C compiler default output file name... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+printf "%s\n" "$ac_file" >&6; }
ac_exeext=$ac_cv_exeext
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+printf %s "checking for suffix of executables... " >&6; }
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
@@ -3410,15 +3861,15 @@ for ac_file in conftest.exe conftest conftest.*; do
* ) break;;
esac
done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+else $as_nop
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of executables: cannot compile and link
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+printf "%s\n" "$ac_cv_exeext" >&6; }
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
@@ -3427,7 +3878,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@%:@include <stdio.h>
int
-main ()
+main (void)
{
FILE *f = fopen ("conftest.out", "w");
return ferror (f) || fclose (f) != 0;
@@ -3439,8 +3890,8 @@ _ACEOF
ac_clean_files="$ac_clean_files conftest.out"
# Check that the compiler produces executables we can run. If not, either
# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+printf %s "checking whether we are cross compiling... " >&6; }
if test "$cross_compiling" != yes; then
{ { ac_try="$ac_link"
case "(($ac_try" in
@@ -3448,10 +3899,10 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if { ac_try='./conftest$ac_cv_exeext'
{ { case "(($ac_try" in
@@ -3459,39 +3910,40 @@ $as_echo "$ac_try_echo"; } >&5
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; }; then
cross_compiling=no
else
if test "$cross_compiling" = maybe; then
cross_compiling=yes
else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
See \`config.log' for more details" "$LINENO" 5; }
fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+printf "%s\n" "$cross_compiling" >&6; }
rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if ${ac_cv_objext+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+printf %s "checking for suffix of object files... " >&6; }
+if test ${ac_cv_objext+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3505,11 +3957,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
for ac_file in conftest.o conftest.obj conftest.*; do
test -f "$ac_file" || continue;
case $ac_file in
@@ -3518,31 +3971,32 @@ $as_echo "$ac_try_echo"; } >&5
break;;
esac
done
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of object files: cannot compile
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+printf "%s\n" "$ac_cv_objext" >&6; }
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if ${ac_cv_c_compiler_gnu+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
+printf %s "checking whether the compiler supports GNU C... " >&6; }
+if test ${ac_cv_c_compiler_gnu+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __GNUC__
choke me
@@ -3552,29 +4006,33 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_compiler_gnu=yes
-else
+else $as_nop
ac_compiler_gnu=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
if test $ac_compiler_gnu = yes; then
GCC=yes
else
GCC=
fi
-ac_test_CFLAGS=${CFLAGS+set}
+ac_test_CFLAGS=${CFLAGS+y}
ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if ${ac_cv_prog_cc_g+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+printf %s "checking whether $CC accepts -g... " >&6; }
+if test ${ac_cv_prog_cc_g+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_save_c_werror_flag=$ac_c_werror_flag
ac_c_werror_flag=yes
ac_cv_prog_cc_g=no
@@ -3583,57 +4041,60 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
-else
+else $as_nop
CFLAGS=""
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
-else
+else $as_nop
ac_c_werror_flag=$ac_save_c_werror_flag
CFLAGS="-g"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_c_werror_flag=$ac_save_c_werror_flag
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
+if test $ac_test_CFLAGS; then
CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then
if test "$GCC" = yes; then
@@ -3648,94 +4109,144 @@ else
CFLAGS=
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if ${ac_cv_prog_cc_c89+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
+ac_prog_cc_stdc=no
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
+printf %s "checking for $CC option to enable C11 features... " >&6; }
+if test ${ac_cv_prog_cc_c11+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c11=no
ac_save_CC=$CC
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+$ac_c_conftest_c11_program
+_ACEOF
+for ac_arg in '' -std=gnu11
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
+if test "x$ac_cv_prog_cc_c11" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c11" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
+ CC="$CC $ac_cv_prog_cc_c11"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
+ ac_prog_cc_stdc=c11
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
+printf %s "checking for $CC option to enable C99 features... " >&6; }
+if test ${ac_cv_prog_cc_c99+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c99_program
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c99" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c99" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
+ CC="$CC $ac_cv_prog_cc_c99"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
+ ac_prog_cc_stdc=c99
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
+printf %s "checking for $CC option to enable C89 features... " >&6; }
+if test ${ac_cv_prog_cc_c89+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c89_program
_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
+ if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_c89=$ac_arg
fi
-rm -f core conftest.err conftest.$ac_objext
+rm -f core conftest.err conftest.$ac_objext conftest.beam
test "x$ac_cv_prog_cc_c89" != "xno" && break
done
rm -f conftest.$ac_ext
CC=$ac_save_CC
+fi
+if test "x$ac_cv_prog_cc_c89" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c89" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
+ CC="$CC $ac_cv_prog_cc_c89"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
+ ac_prog_cc_stdc=c89
fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
fi
ac_ext=c
@@ -3744,21 +4255,23 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-ac_ext=c
+
+ ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
-if ${am_cv_prog_cc_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+printf %s "checking whether $CC understands -c and -o together... " >&6; }
+if test ${am_cv_prog_cc_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3786,8 +4299,8 @@ _ACEOF
rm -f core conftest*
unset am_i
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-$as_echo "$am_cv_prog_cc_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
if test "$am_cv_prog_cc_c_o" != yes; then
# Losing compiler, so override with the script.
# FIXME: It is wrong to rewrite CC.
@@ -3805,11 +4318,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
depcc="$CC" am_compiler_list=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if ${am_cv_CC_dependencies_compiler_type+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+printf %s "checking dependency style of $depcc... " >&6; }
+if test ${am_cv_CC_dependencies_compiler_type+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
# We make a subdir and do the tests there. Otherwise we can end up
# making bogus files that we don't know about and never remove. For
@@ -3916,8 +4430,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
if
@@ -3936,11 +4450,12 @@ for ac_prog in flex lex
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LEX+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LEX+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LEX"; then
ac_cv_prog_LEX="$LEX" # Let the user override the test.
else
@@ -3948,11 +4463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LEX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3963,11 +4482,11 @@ fi
fi
LEX=$ac_cv_prog_LEX
if test -n "$LEX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-$as_echo "$LEX" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
+printf "%s\n" "$LEX" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3975,15 +4494,26 @@ fi
done
test -n "$LEX" || LEX=":"
-if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
+ if test "x$LEX" != "x:"; then
+ cat >conftest.l <<_ACEOF
+%{
+#ifdef __cplusplus
+extern "C"
+#endif
+int yywrap(void);
+%}
%%
a { ECHO; }
b { REJECT; }
c { yymore (); }
d { yyless (1); }
e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
- yyless ((input () != 0)); }
+#ifdef __cplusplus
+ yyless ((yyinput () != 0));
+#else
+ yyless ((input () != 0));
+#endif
+ }
f { unput (yytext[0]); }
. { BEGIN INITIAL; }
%%
@@ -3991,101 +4521,205 @@ f { unput (yytext[0]); }
extern char *yytext;
#endif
int
+yywrap (void)
+{
+ return 1;
+}
+int
main (void)
{
- return ! yylex () + ! yywrap ();
+ return ! yylex ();
}
_ACEOF
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
+printf %s "checking for lex output file root... " >&6; }
+if test ${ac_cv_prog_lex_root+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ac_cv_prog_lex_root=unknown
{ { ac_try="$LEX conftest.l"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$LEX conftest.l") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5
-$as_echo_n "checking lex output file root... " >&6; }
-if ${ac_cv_prog_lex_root+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
if test -f lex.yy.c; then
ac_cv_prog_lex_root=lex.yy
elif test -f lexyy.c; then
ac_cv_prog_lex_root=lexyy
-else
- as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-$as_echo "$ac_cv_prog_lex_root" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
+printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
+if test "$ac_cv_prog_lex_root" = unknown
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+fi
LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-if test -z "${LEXLIB+set}"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5
-$as_echo_n "checking lex library... " >&6; }
-if ${ac_cv_lib_lex+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${LEXLIB+y}
+then :
+
+else $as_nop
- ac_save_LIBS=$LIBS
- ac_cv_lib_lex='none needed'
- for ac_lib in '' -lfl -ll; do
- LIBS="$ac_lib $ac_save_LIBS"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
+printf %s "checking for lex library... " >&6; }
+if test ${ac_cv_lib_lex+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ ac_save_LIBS="$LIBS"
+ ac_found=false
+ for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
+ case $ac_cv_lib_lex in @%:@(
+ 'none needed') :
+ ;; @%:@(
+ 'not found') :
+ break ;; @%:@(
+ *) :
+ LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
+ *) :
+ ;;
+esac
+
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_lex=$ac_lib
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_found=:
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- test "$ac_cv_lib_lex" != 'none needed' && break
+ if $ac_found; then
+ break
+ fi
done
- LIBS=$ac_save_LIBS
+ LIBS="$ac_save_LIBS"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
+printf "%s\n" "$ac_cv_lib_lex" >&6; }
+ if test "$ac_cv_lib_lex" = 'not found'
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+elif test "$ac_cv_lib_lex" = 'none needed'
+then :
+ LEXLIB=''
+else $as_nop
+ LEXLIB=$ac_cv_lib_lex
+fi
+ ac_save_LIBS="$LIBS"
+ LIBS=
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
+printf %s "checking for library containing yywrap... " >&6; }
+if test ${ac_cv_search_yywrap+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char yywrap ();
+int
+main (void)
+{
+return yywrap ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' fl l
+do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_search_yywrap=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext
+ if test ${ac_cv_search_yywrap+y}
+then :
+ break
+fi
+done
+if test ${ac_cv_search_yywrap+y}
+then :
+else $as_nop
+ ac_cv_search_yywrap=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-$as_echo "$ac_cv_lib_lex" >&6; }
- test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
+printf "%s\n" "$ac_cv_search_yywrap" >&6; }
+ac_res=$ac_cv_search_yywrap
+if test "$ac_res" != no
+then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ LEXLIB="$LIBS"
fi
+ LIBS="$ac_save_LIBS"
+fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-$as_echo_n "checking whether yytext is a pointer... " >&6; }
-if ${ac_cv_prog_lex_yytext_pointer+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+if test "$LEX" != :
+then :
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
+printf %s "checking whether yytext is a pointer... " >&6; }
+if test ${ac_cv_prog_lex_yytext_pointer+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# POSIX says lex can declare yytext either as a pointer or an array; the
# default is implementation-dependent. Figure out which it is, since
# not all implementations provide the %pointer and %array declarations.
ac_cv_prog_lex_yytext_pointer=no
-ac_save_LIBS=$LIBS
-LIBS="$LEXLIB $ac_save_LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#define YYTEXT_POINTER 1
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_lex_yytext_pointer=yes
fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
+printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
if test $ac_cv_prog_lex_yytext_pointer = yes; then
-$as_echo "@%:@define YYTEXT_POINTER 1" >>confdefs.h
+printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
+
+fi
fi
rm -f conftest.l $LEX_OUTPUT_ROOT.c
@@ -4098,11 +4732,12 @@ for ac_prog in 'bison -y' byacc
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_YACC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YACC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$YACC"; then
ac_cv_prog_YACC="$YACC" # Let the user override the test.
else
@@ -4110,11 +4745,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_YACC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4125,11 +4764,11 @@ fi
fi
YACC=$ac_cv_prog_YACC
if test -n "$YACC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-$as_echo "$YACC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+printf "%s\n" "$YACC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4137,11 +4776,12 @@ fi
done
test -n "$YACC" || YACC="yacc"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -4155,10 +4795,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -4167,13 +4812,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -4201,8 +4846,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -4217,11 +4862,12 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
@@ -4231,11 +4877,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4247,11 +4897,11 @@ esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4260,11 +4910,12 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
@@ -4274,11 +4925,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4290,11 +4945,11 @@ esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_pt_PKG_CONFIG" = x; then
@@ -4302,8 +4957,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
PKG_CONFIG=$ac_pt_PKG_CONFIG
@@ -4315,25 +4970,26 @@ fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
PKG_CONFIG=""
fi
fi
# Extract the first word of "swig", so it can be a program name with args.
set dummy swig; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_SWIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SWIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $SWIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
@@ -4343,11 +4999,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4359,43 +5019,46 @@ esac
fi
SWIG=$ac_cv_path_SWIG
if test -n "$SWIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-$as_echo "$SWIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
+printf "%s\n" "$SWIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-$as_echo_n "checking whether the libapparmor debug output should be enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
+printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
@%:@ Check whether --enable-debug_output was given.
-if test "${enable_debug_output+set}" = set; then :
- enableval=$enable_debug_output; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_debug_output+y}
+then :
+ enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_debug_output=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-$as_echo "$enable_debug_output" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
+printf "%s\n" "$enable_debug_output" >&6; }
fi
-if test "$enable_debug_output" = "yes"; then :
+if test "$enable_debug_output" = "yes"
+then :
-$as_echo "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
+printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-$as_echo_n "checking whether the libapparmor man pages should be generated... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
+printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
@%:@ Check whether --enable-man_pages was given.
-if test "${enable_man_pages+set}" = set; then :
- enableval=$enable_man_pages; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_man_pages+y}
+then :
+ enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_man_pages=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-$as_echo "$enable_man_pages" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
+printf "%s\n" "$enable_man_pages" >&6; }
fi
if test "$enable_man_pages" = "yes"; then
@@ -4404,11 +5067,12 @@ if test "$enable_man_pages" = "yes"; then
# Extract the first word of "podchecker", so it can be a program name with args.
set dummy podchecker; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_PODCHECKER+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PODCHECKER+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$PODCHECKER"; then
ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
else
@@ -4416,11 +5080,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_PODCHECKER="podchecker"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4432,11 +5100,11 @@ fi
fi
PODCHECKER=$ac_cv_prog_PODCHECKER
if test -n "$PODCHECKER"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-$as_echo "$PODCHECKER" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
+printf "%s\n" "$PODCHECKER" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4455,11 +5123,12 @@ Perl, which can be retrieved from:
# Extract the first word of "pod2man", so it can be a program name with args.
set dummy pod2man; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_POD2MAN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_POD2MAN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$POD2MAN"; then
ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
else
@@ -4467,11 +5136,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_POD2MAN="pod2man"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4483,11 +5156,11 @@ fi
fi
POD2MAN=$ac_cv_prog_POD2MAN
if test -n "$POD2MAN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-$as_echo "$POD2MAN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
+printf "%s\n" "$POD2MAN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4502,27 +5175,29 @@ Perl, which can be retrieved from:
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-$as_echo_n "checking whether python bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
+printf %s "checking whether python bindings are enabled... " >&6; }
@%:@ Check whether --with-python was given.
-if test "${with_python+set}" = set; then :
- withval=$with_python; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_python+y}
+then :
+ withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_python" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python", so it can be a program name with args.
-set dummy python; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ # Extract the first word of "python3", so it can be a program name with args.
+set dummy python3; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4532,11 +5207,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4548,11 +5227,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4567,11 +5246,12 @@ fi
# Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
set dummy python$PYTHON_VERSION; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4581,11 +5261,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4597,11 +5281,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4610,20 +5294,132 @@ fi
PYTHON_VERSION=""
fi
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
+if test -n "$PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
+printf "%s\n" "$PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PYTHON_CONFIG"; then
+ ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
+ # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy `basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $ac_pt_PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
+if test -n "$ac_pt_PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
+printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_pt_PYTHON_CONFIG" = x; then
+ PYTHON_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
+ fi
+else
+ PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
+fi
+
+ if test -z "$PYTHON_CONFIG"; then
+ as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
+ fi
+
#
# Check for a version of Python >= 2.1.0
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-$as_echo_n "checking for a version of Python >= '2.1.0'... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
+printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write(str(ver >= '2.1.0'))"`
if test "$ac_supports_python_ver" != "True"; then
if test -z "$PYTHON_NOVERSIONCHECK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "
This version of the AC@&t@_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
@@ -4635,29 +5431,29 @@ to something else than an empty string.
See \`config.log' for more details" "$LINENO" 5; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-$as_echo "skip at user request" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
+printf "%s\n" "skip at user request" >&6; }
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
fi
#
# if the macro parameter ``version'' is set, honour it
#
if test -n ""; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-$as_echo_n "checking for a version of Python ... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
+printf %s "checking for a version of Python ... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write("%s\n" % (ver == ))"`
if test "$ac_supports_python_ver" = "True"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
as_fn_error $? "this package requires Python .
If you have it installed, but it isn't the default Python
interpreter in your system path, please pass the PYTHON_VERSION
@@ -4668,56 +5464,56 @@ variable to configure. See \`\`configure --help'' for reference.
fi
#
- # Check if you have distutils, else fail
+ # Check if you have setuptools, else fail
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
-$as_echo_n "checking for the distutils Python package... " >&6; }
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
+printf %s "checking for the setuptools Python package... " >&6; }
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- as_fn_error $? "cannot import Python module \"distutils\".
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "cannot import Python module \"setuptools\".
Please check your Python installation. The error was:
-$ac_distutils_result" "$LINENO" 5
+$ac_setuptools_result" "$LINENO" 5
PYTHON_VERSION=""
fi
#
# Check for Python include path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-$as_echo_n "checking for Python include path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
+printf %s "checking for Python include path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
fi
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
PYTHON_CPPFLAGS=$python_path
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-$as_echo "$PYTHON_CPPFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
+printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
#
# Check for Python library path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-$as_echo_n "checking for Python library path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
+printf %s "checking for Python library path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
fi
if test -z "$PYTHON_LDFLAGS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
- py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
if test "$py_version" == "None"; then
if test -n "$PYTHON_VERSION"; then
py_version=$PYTHON_VERSION
@@ -4727,60 +5523,68 @@ sys.stdout.write("%s\n" % sys.version[:3])"`
fi
fi
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-$as_echo "$PYTHON_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
#
# Check for site packages
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-$as_echo_n "checking for Python site-packages path... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
+printf %s "checking for Python site-packages path... " >&6; }
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-$as_echo "$PYTHON_SITE_PKG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
+printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
#
# libraries which must be linked in when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-$as_echo_n "checking python extra libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
+printf %s "checking python extra libraries... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-$as_echo "$PYTHON_EXTRA_LIBS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
#
# linking flags needed when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-$as_echo_n "checking python extra linking flags... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
+printf %s "checking python extra linking flags... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-$as_echo "$PYTHON_EXTRA_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
#
# final check to see if everything compiles alright
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-$as_echo_n "checking consistency of all components of python development environment... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
+printf %s "checking consistency of all components of python development environment... " >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -4790,7 +5594,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -4798,7 +5602,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
#include <Python.h>
int
-main ()
+main (void)
{
Py_Initialize();
@@ -4807,16 +5611,17 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
pythonexists=yes
-else
+else $as_nop
pythonexists=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-$as_echo "$pythonexists" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
+printf "%s\n" "$pythonexists" >&6; }
if test ! "$pythonexists" = "yes"; then
as_fn_error $? "
@@ -4847,22 +5652,83 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
#
-
+
- # Find any Python interpreter.
- if test -z "$PYTHON"; then
- for ac_prog in python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test -n "$PYTHON"; then
+ # If the user set $PYTHON, use it and don't search something else.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
+printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
+ ($PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "Python interpreter is too old" "$LINENO" 5
+fi
+ am_display_PYTHON=$PYTHON
+ else
+ # Otherwise, try each interpreter until we find one that satisfies
+ # VERSION.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
+printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
+if test ${am_cv_pathless_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
+ test "$am_cv_pathless_PYTHON" = none && break
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
+ ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ break
+fi
+ done
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
+printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
+ # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
+ if test "$am_cv_pathless_PYTHON" = none; then
+ PYTHON=:
+ else
+ # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
+set dummy $am_cv_pathless_PYTHON; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4872,11 +5738,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4888,59 +5758,186 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
- test -n "$PYTHON" && break
-done
-test -n "$PYTHON" || PYTHON=":"
-
+ fi
+ am_display_PYTHON=$am_cv_pathless_PYTHON
fi
- am_display_PYTHON=python
if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
+ as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
else
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-$as_echo_n "checking for $am_display_PYTHON version... " >&6; }
-if ${am_cv_python_version+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
+printf %s "checking for $am_display_PYTHON version... " >&6; }
+if test ${am_cv_python_version+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-$as_echo "$am_cv_python_version" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
+printf "%s\n" "$am_cv_python_version" >&6; }
PYTHON_VERSION=$am_cv_python_version
-
- PYTHON_PREFIX='${prefix}'
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
+printf %s "checking for $am_display_PYTHON platform... " >&6; }
+if test ${am_cv_python_platform+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
+printf "%s\n" "$am_cv_python_platform" >&6; }
+ PYTHON_PLATFORM=$am_cv_python_platform
- PYTHON_EXEC_PREFIX='${exec_prefix}'
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-$as_echo_n "checking for $am_display_PYTHON platform... " >&6; }
-if ${am_cv_python_platform+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+
+@%:@ Check whether --with-python-sys-prefix was given.
+if test ${with_python_sys_prefix+y}
+then :
+ withval=$with_python_sys_prefix; am_use_python_sys=:
+else $as_nop
+ am_use_python_sys=false
+fi
+
+
+ # Allow user to override whatever the default Python prefix is.
+
+@%:@ Check whether --with-python_prefix was given.
+if test ${with_python_prefix+y}
+then :
+ withval=$with_python_prefix; am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+else $as_nop
+
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
+printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
+if test ${am_cv_python_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
+printf "%s\n" "$am_python_prefix" >&6; }
+ fi
+fi
+
+ # Substituting python_prefix_subst value.
+ PYTHON_PREFIX=$am_python_prefix_subst
+
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+
+@%:@ Check whether --with-python_exec_prefix was given.
+if test ${with_python_exec_prefix+y}
+then :
+ withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ if test -n "$with_python_prefix"
+then :
+ am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
+if test ${am_cv_python_exec_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
+printf "%s\n" "$am_python_exec_prefix" >&6; }
+ fi
+fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-$as_echo "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
+ # Substituting python_exec_prefix_subst.
+ PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
- # Just factor out some code duplication.
+
+ # Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
@@ -4961,121 +5958,134 @@ except ImportError:
pass"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5
-$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; }
-if ${am_cv_python_pythondir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$prefix" = xNONE
- then
- am_py_prefix=$ac_default_prefix
- else
- am_py_prefix=$prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
+printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
+if test ${am_cv_python_pythondir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
-
+ ;;
+ esac
+
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-$as_echo "$am_cv_python_pythondir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
+printf "%s\n" "$am_cv_python_pythondir" >&6; }
pythondir=$am_cv_python_pythondir
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5
-$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; }
-if ${am_cv_python_pyexecdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$exec_prefix" = xNONE
- then
- am_py_exec_prefix=$am_py_prefix
- else
- am_py_exec_prefix=$exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
+ pkgpythondir=\${pythondir}/$PACKAGE
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
+printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
+if test ${am_cv_python_pyexecdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
-
+ ;;
+ esac
+
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-$as_echo "$am_cv_python_pyexecdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
+printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
pyexecdir=$am_cv_python_pyexecdir
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
+ pkgpyexecdir=\${pyexecdir}/$PACKAGE
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-$as_echo_n "checking whether perl bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
+printf %s "checking whether perl bindings are enabled... " >&6; }
@%:@ Check whether --with-perl was given.
-if test "${with_perl+set}" = set; then :
- withval=$with_perl; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_perl+y}
+then :
+ withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_perl" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
# Extract the first word of "perl", so it can be a program name with args.
set dummy perl; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PERL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PERL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PERL in
[\\/]* | ?:[\\/]*)
ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
@@ -5085,11 +6095,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5101,63 +6115,48 @@ esac
fi
PERL=$ac_cv_path_PERL
if test -n "$PERL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-$as_echo "$PERL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- as_ac_File=`$as_echo "ac_cv_file_$perl_includedir/perl.h" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $perl_includedir/perl.h" >&5
-$as_echo_n "checking for $perl_includedir/perl.h... " >&6; }
-if eval \${$as_ac_File+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- test "$cross_compiling" = yes &&
- as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
-if test -r "$perl_includedir/perl.h"; then
- eval "$as_ac_File=yes"
-else
- eval "$as_ac_File=no"
-fi
-fi
-eval ac_res=\$$as_ac_File
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+ if test -e "$perl_includedir/perl.h"
+then :
enable_perl=yes
-else
+else $as_nop
enable_perl=no
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-$as_echo_n "checking whether ruby bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
+printf %s "checking whether ruby bindings are enabled... " >&6; }
@%:@ Check whether --with-ruby was given.
-if test "${with_ruby+set}" = set; then :
- withval=$with_ruby; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_ruby+y}
+then :
+ withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_ruby" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
# Extract the first word of "ruby", so it can be a program name with args.
set dummy ruby; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_RUBY+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_RUBY+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $RUBY in
[\\/]* | ?:[\\/]*)
ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
@@ -5167,11 +6166,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5183,11 +6186,11 @@ esac
fi
RUBY=$ac_cv_path_RUBY
if test -n "$RUBY"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-$as_echo "$RUBY" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
+printf "%s\n" "$RUBY" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -5228,149 +6231,41 @@ else
fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if ${ac_cv_prog_CPP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@ifdef __STDC__
-@%:@ include <limits.h>
-@%:@else
-@%:@ include <assert.h>
-@%:@endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
+ if test $ac_cache; then
+ ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+ if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+ printf "%s\n" "#define $ac_item 1" >> confdefs.h
+ fi
+ ac_header= ac_cache=
+ elif test $ac_header; then
+ ac_cache=$ac_item
+ else
+ ac_header=$ac_item
+ fi
+done
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@ifdef __STDC__
-@%:@ include <limits.h>
-@%:@else
-@%:@ include <assert.h>
-@%:@endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if ${ac_cv_path_GREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
+
+printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+printf %s "checking for grep that handles long lines and -e... " >&6; }
+if test ${ac_cv_path_GREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$GREP"; then
ac_path_GREP_found=false
# Loop through the user's path and test for each of PROGNAME-LIST
@@ -5378,10 +6273,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in grep ggrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
@@ -5390,13 +6290,13 @@ case `"$ac_path_GREP" --version 2>&1` in
ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
+ printf "%s\n" 'GREP' >> "conftest.nl"
"$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5424,16 +6324,20 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+printf "%s\n" "$ac_cv_path_GREP" >&6; }
GREP="$ac_cv_path_GREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if ${ac_cv_path_EGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+# Autoupdate added the next two lines to ensure that your configure
+# script's behavior did not change. They are probably safe to remove.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+printf %s "checking for egrep... " >&6; }
+if test ${ac_cv_path_EGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
then ac_cv_path_EGREP="$GREP -E"
else
@@ -5444,10 +6348,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in egrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
@@ -5456,13 +6365,13 @@ case `"$ac_path_EGREP" --version 2>&1` in
ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
+ printf "%s\n" 'EGREP' >> "conftest.nl"
"$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5491,178 +6400,70 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+printf "%s\n" "$ac_cv_path_EGREP" >&6; }
EGREP="$ac_cv_path_EGREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
fi
+ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
fi
-rm -f conftest*
+ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
+if test "x$ac_cv_header_syslog_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
fi
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "@%:@define STDC_HEADERS 1" >>confdefs.h
+ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
+if test "x$ac_cv_func_asprintf" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
fi
+ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
+if test "x$ac_cv_func___secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
fi
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
-done
-
-
-for ac_header in unistd.h stdint.h syslog.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
fi
+ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
+if test "x$ac_cv_func_reallocarray" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
-done
-
-
-for ac_func in asprintf __secure_getenv secure_getenv reallocarray
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
fi
-done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __cplusplus
@@ -5675,7 +6476,7 @@ main ()
/* NEC SVR4.0.2 mips cc rejects this. */
struct point {int x, y;};
static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
+ /* IBM XL C 1.02.0.0 rejects this.
It does not let you subtract one const X* pointer from another in
an arm of an if-expression whose if-part is not a constant
expression */
@@ -5703,7 +6504,7 @@ main ()
iptr p = 0;
++p;
}
- { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+ { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
struct s { int j; const int *ap[3]; } bx;
struct s *b = &bx; b->j = 5;
@@ -5719,25 +6520,26 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_c_const=yes
-else
+else $as_nop
ac_cv_c_const=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
if test $ac_cv_c_const = no; then
-$as_echo "@%:@define const /**/" >>confdefs.h
+printf "%s\n" "@%:@define const /**/" >>confdefs.h
fi
case `pwd` in
*\ * | *\ *)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
esac
@@ -5757,28 +6559,32 @@ macro_revision='2.4.6'
+
ltmain=$ac_aux_dir/ltmain.sh
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if ${ac_cv_build+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+ # Make sure we can run config.sub.
+$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+printf %s "checking build system type... " >&6; }
+if test ${ac_cv_build+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+ ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
test "x$ac_build_alias" = x &&
as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+printf "%s\n" "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
@@ -5797,21 +6603,22 @@ IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if ${ac_cv_host+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+printf %s "checking host system type... " >&6; }
+if test ${ac_cv_host+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+ ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+printf "%s\n" "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
@@ -5851,8 +6658,8 @@ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-$as_echo_n "checking how to print strings... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+printf %s "checking how to print strings... " >&6; }
# Test print first, because it will be a builtin if present.
if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
@@ -5878,12 +6685,12 @@ func_echo_all ()
}
case $ECHO in
- printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-$as_echo "printf" >&6; } ;;
- print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-$as_echo "print -r" >&6; } ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-$as_echo "cat" >&6; } ;;
+ printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+printf "%s\n" "printf" >&6; } ;;
+ print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+printf "%s\n" "print -r" >&6; } ;;
+ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+printf "%s\n" "cat" >&6; } ;;
esac
@@ -5899,11 +6706,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -5917,10 +6725,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -5929,13 +6742,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5963,8 +6776,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -5981,11 +6794,12 @@ Xsed="$SED -e 1s/^X//"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-$as_echo_n "checking for fgrep... " >&6; }
-if ${ac_cv_path_FGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+printf %s "checking for fgrep... " >&6; }
+if test ${ac_cv_path_FGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
then ac_cv_path_FGREP="$GREP -F"
else
@@ -5996,10 +6810,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in fgrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in fgrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_FGREP" || continue
# Check for GNU ac_path_FGREP and select it if it is found.
# Check for GNU $ac_path_FGREP
@@ -6008,13 +6827,13 @@ case `"$ac_path_FGREP" --version 2>&1` in
ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'FGREP' >> "conftest.nl"
+ printf "%s\n" 'FGREP' >> "conftest.nl"
"$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -6043,8 +6862,8 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-$as_echo "$ac_cv_path_FGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+printf "%s\n" "$ac_cv_path_FGREP" >&6; }
FGREP="$ac_cv_path_FGREP"
@@ -6069,17 +6888,18 @@ test -z "$GREP" && GREP=grep
@%:@ Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then :
+if test ${with_gnu_ld+y}
+then :
withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else
+else $as_nop
with_gnu_ld=no
fi
ac_prog=ld
if test yes = "$GCC"; then
# Check if gcc -print-prog-name=ld gives a path.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-$as_echo_n "checking for ld used by $CC... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+printf %s "checking for ld used by $CC... " >&6; }
case $host in
*-*-mingw*)
# gcc leaves a trailing carriage return, which upsets mingw
@@ -6108,15 +6928,16 @@ $as_echo_n "checking for ld used by $CC... " >&6; }
;;
esac
elif test yes = "$with_gnu_ld"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-$as_echo_n "checking for GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+printf %s "checking for GNU ld... " >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-$as_echo_n "checking for non-GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+printf %s "checking for non-GNU ld... " >&6; }
fi
-if ${lt_cv_path_LD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${lt_cv_path_LD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$LD"; then
lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
@@ -6145,18 +6966,19 @@ fi
LD=$lt_cv_path_LD
if test -n "$LD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-$as_echo "$LD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+printf "%s\n" "$LD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
-if ${lt_cv_prog_gnu_ld+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
+if test ${lt_cv_prog_gnu_ld+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
@@ -6167,8 +6989,8 @@ case `$LD -v 2>&1 </dev/null` in
;;
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -6179,11 +7001,12 @@ with_gnu_ld=$lt_cv_prog_gnu_ld
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if ${lt_cv_path_NM+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test ${lt_cv_path_NM+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NM"; then
# Let the user override the test.
lt_cv_path_NM=$NM
@@ -6233,8 +7056,8 @@ else
: ${lt_cv_path_NM=no}
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-$as_echo "$lt_cv_path_NM" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+printf "%s\n" "$lt_cv_path_NM" >&6; }
if test no != "$lt_cv_path_NM"; then
NM=$lt_cv_path_NM
else
@@ -6247,11 +7070,12 @@ else
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DUMPBIN"; then
ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
else
@@ -6259,11 +7083,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6274,11 +7102,11 @@ fi
fi
DUMPBIN=$ac_cv_prog_DUMPBIN
if test -n "$DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-$as_echo "$DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+printf "%s\n" "$DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6291,11 +7119,12 @@ if test -z "$DUMPBIN"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DUMPBIN"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
else
@@ -6303,11 +7132,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6318,11 +7151,11 @@ fi
fi
ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
if test -n "$ac_ct_DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-$as_echo "$ac_ct_DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6334,8 +7167,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DUMPBIN=$ac_ct_DUMPBIN
@@ -6363,11 +7196,12 @@ test -z "$NM" && NM=nm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-$as_echo_n "checking the name lister ($NM) interface... " >&6; }
-if ${lt_cv_nm_interface+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+printf %s "checking the name lister ($NM) interface... " >&6; }
+if test ${lt_cv_nm_interface+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
@@ -6383,26 +7217,27 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-$as_echo "$lt_cv_nm_interface" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+printf "%s\n" "$lt_cv_nm_interface" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-$as_echo_n "checking whether ln -s works... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+printf %s "checking whether ln -s works... " >&6; }
LN_S=$as_ln_s
if test "$LN_S" = "ln -s"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-$as_echo "no, using $LN_S" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+printf "%s\n" "no, using $LN_S" >&6; }
fi
# find the maximum length of command line arguments
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-$as_echo_n "checking the maximum length of command line arguments... " >&6; }
-if ${lt_cv_sys_max_cmd_len+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+printf %s "checking the maximum length of command line arguments... " >&6; }
+if test ${lt_cv_sys_max_cmd_len+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
i=0
teststring=ABCD
@@ -6529,11 +7364,11 @@ else
fi
if test -n "$lt_cv_sys_max_cmd_len"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
-$as_echo "none" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
+printf "%s\n" "none" >&6; }
fi
max_cmd_len=$lt_cv_sys_max_cmd_len
@@ -6577,11 +7412,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-$as_echo_n "checking how to convert $build file names to $host format... " >&6; }
-if ${lt_cv_to_host_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+printf %s "checking how to convert $build file names to $host format... " >&6; }
+if test ${lt_cv_to_host_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $host in
*-*-mingw* )
case $build in
@@ -6617,18 +7453,19 @@ esac
fi
to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-$as_echo "$lt_cv_to_host_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; }
-if ${lt_cv_to_tool_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+printf %s "checking how to convert $build file names to toolchain format... " >&6; }
+if test ${lt_cv_to_tool_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
#assume ordinary cross tools, or native build.
lt_cv_to_tool_file_cmd=func_convert_file_noop
case $host in
@@ -6644,22 +7481,23 @@ esac
fi
to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-$as_echo "$lt_cv_to_tool_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-$as_echo_n "checking for $LD option to reload object files... " >&6; }
-if ${lt_cv_ld_reload_flag+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+printf %s "checking for $LD option to reload object files... " >&6; }
+if test ${lt_cv_ld_reload_flag+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_reload_flag='-r'
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-$as_echo "$lt_cv_ld_reload_flag" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
reload_flag=$lt_cv_ld_reload_flag
case $reload_flag in
"" | " "*) ;;
@@ -6692,11 +7530,12 @@ esac
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OBJDUMP"; then
ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
else
@@ -6704,11 +7543,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6719,11 +7562,11 @@ fi
fi
OBJDUMP=$ac_cv_prog_OBJDUMP
if test -n "$OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-$as_echo "$OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+printf "%s\n" "$OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6732,11 +7575,12 @@ if test -z "$ac_cv_prog_OBJDUMP"; then
ac_ct_OBJDUMP=$OBJDUMP
# Extract the first word of "objdump", so it can be a program name with args.
set dummy objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OBJDUMP"; then
ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
else
@@ -6744,11 +7588,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OBJDUMP="objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6759,11 +7607,11 @@ fi
fi
ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
if test -n "$ac_ct_OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-$as_echo "$ac_ct_OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OBJDUMP" = x; then
@@ -6771,8 +7619,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OBJDUMP=$ac_ct_OBJDUMP
@@ -6791,11 +7639,12 @@ test -z "$OBJDUMP" && OBJDUMP=objdump
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-$as_echo_n "checking how to recognize dependent libraries... " >&6; }
-if ${lt_cv_deplibs_check_method+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+printf %s "checking how to recognize dependent libraries... " >&6; }
+if test ${lt_cv_deplibs_check_method+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_file_magic_cmd='$MAGIC_CMD'
lt_cv_file_magic_test_file=
lt_cv_deplibs_check_method='unknown'
@@ -6991,8 +7840,8 @@ os2*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-$as_echo "$lt_cv_deplibs_check_method" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
file_magic_glob=
want_nocaseglob=no
@@ -7036,11 +7885,12 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DLLTOOL"; then
ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
else
@@ -7048,11 +7898,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7063,11 +7917,11 @@ fi
fi
DLLTOOL=$ac_cv_prog_DLLTOOL
if test -n "$DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-$as_echo "$DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+printf "%s\n" "$DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7076,11 +7930,12 @@ if test -z "$ac_cv_prog_DLLTOOL"; then
ac_ct_DLLTOOL=$DLLTOOL
# Extract the first word of "dlltool", so it can be a program name with args.
set dummy dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DLLTOOL"; then
ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
else
@@ -7088,11 +7943,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7103,11 +7962,11 @@ fi
fi
ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
if test -n "$ac_ct_DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-$as_echo "$ac_ct_DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DLLTOOL" = x; then
@@ -7115,8 +7974,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DLLTOOL=$ac_ct_DLLTOOL
@@ -7136,11 +7995,12 @@ test -z "$DLLTOOL" && DLLTOOL=dlltool
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-$as_echo_n "checking how to associate runtime and link libraries... " >&6; }
-if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+printf %s "checking how to associate runtime and link libraries... " >&6; }
+if test ${lt_cv_sharedlib_from_linklib_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_sharedlib_from_linklib_cmd='unknown'
case $host_os in
@@ -7163,8 +8023,8 @@ cygwin* | mingw* | pw32* | cegcc*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
@@ -7179,11 +8039,12 @@ if test -n "$ac_tool_prefix"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AR"; then
ac_cv_prog_AR="$AR" # Let the user override the test.
else
@@ -7191,11 +8052,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7206,11 +8071,11 @@ fi
fi
AR=$ac_cv_prog_AR
if test -n "$AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-$as_echo "$AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+printf "%s\n" "$AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7223,11 +8088,12 @@ if test -z "$AR"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_AR"; then
ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
else
@@ -7235,11 +8101,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_AR="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7250,11 +8120,11 @@ fi
fi
ac_ct_AR=$ac_cv_prog_ac_ct_AR
if test -n "$ac_ct_AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-$as_echo "$ac_ct_AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+printf "%s\n" "$ac_ct_AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7266,8 +8136,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
AR=$ac_ct_AR
@@ -7275,7 +8145,7 @@ esac
fi
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
@@ -7287,30 +8157,32 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-$as_echo_n "checking for archiver @FILE support... " >&6; }
-if ${lt_cv_ar_at_file+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+printf %s "checking for archiver @FILE support... " >&6; }
+if test ${lt_cv_ar_at_file+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ar_at_file=no
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
echo conftest.$ac_objext > conftest.lst
lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -eq "$ac_status"; then
# Ensure the archiver fails upon bogus file names.
@@ -7318,7 +8190,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -ne "$ac_status"; then
lt_cv_ar_at_file=@
@@ -7327,11 +8199,11 @@ if ac_fn_c_try_compile "$LINENO"; then :
rm -f conftest.* libconftest.a
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-$as_echo "$lt_cv_ar_at_file" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+printf "%s\n" "$lt_cv_ar_at_file" >&6; }
if test no = "$lt_cv_ar_at_file"; then
archiver_list_spec=
@@ -7348,11 +8220,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -7360,11 +8233,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7375,11 +8252,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7388,11 +8265,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -7400,11 +8278,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7415,11 +8297,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -7427,8 +8309,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -7447,11 +8329,12 @@ test -z "$STRIP" && STRIP=:
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$RANLIB"; then
ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
else
@@ -7459,11 +8342,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7474,11 +8361,11 @@ fi
fi
RANLIB=$ac_cv_prog_RANLIB
if test -n "$RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-$as_echo "$RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7487,11 +8374,12 @@ if test -z "$ac_cv_prog_RANLIB"; then
ac_ct_RANLIB=$RANLIB
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_RANLIB"; then
ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
else
@@ -7499,11 +8387,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7514,11 +8406,11 @@ fi
fi
ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
if test -n "$ac_ct_RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-$as_echo "$ac_ct_RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_RANLIB" = x; then
@@ -7526,8 +8418,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
RANLIB=$ac_ct_RANLIB
@@ -7616,11 +8508,12 @@ compiler=$CC
# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
-if ${lt_cv_sys_global_symbol_pipe+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+printf %s "checking command to parse $NM output from $compiler object... " >&6; }
+if test ${lt_cv_sys_global_symbol_pipe+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# These are sane defaults that work on at least a few old systems.
# [They come from Ultrix. What could be older than Ultrix?!! ;)]
@@ -7772,15 +8665,12 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
# Now try to grab the symbols.
nlist=conftest.nm
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
- (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -7848,7 +8738,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s conftest$ac_exeext; then
pipe_works=yes
fi
@@ -7883,11 +8773,11 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then
lt_cv_sys_global_symbol_to_cdecl=
fi
if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-$as_echo "failed" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+printf "%s\n" "failed" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-$as_echo "ok" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+printf "%s\n" "ok" >&6; }
fi
# Response file support.
@@ -7933,13 +8823,14 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-$as_echo_n "checking for sysroot... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+printf %s "checking for sysroot... " >&6; }
@%:@ Check whether --with-sysroot was given.
-if test "${with_sysroot+set}" = set; then :
+if test ${with_sysroot+y}
+then :
withval=$with_sysroot;
-else
+else $as_nop
with_sysroot=no
fi
@@ -7957,24 +8848,25 @@ case $with_sysroot in #(
no|'')
;; #(
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-$as_echo "$with_sysroot" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+printf "%s\n" "$with_sysroot" >&6; }
as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-$as_echo "${lt_sysroot:-no}" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+printf "%s\n" "${lt_sysroot:-no}" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-$as_echo_n "checking for a working dd... " >&6; }
-if ${ac_cv_path_lt_DD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+printf %s "checking for a working dd... " >&6; }
+if test ${ac_cv_path_lt_DD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
: ${lt_DD:=$DD}
@@ -7985,10 +8877,15 @@ if test -z "$lt_DD"; then
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in dd; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in dd
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_lt_DD" || continue
if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
cmp -s conftest.i conftest.out \
@@ -8008,15 +8905,16 @@ fi
rm -f conftest.i conftest2.i conftest.out
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-$as_echo "$ac_cv_path_lt_DD" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-$as_echo_n "checking how to truncate binary pipes... " >&6; }
-if ${lt_cv_truncate_bin+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+printf %s "checking how to truncate binary pipes... " >&6; }
+if test ${lt_cv_truncate_bin+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
lt_cv_truncate_bin=
@@ -8027,8 +8925,8 @@ fi
rm -f conftest.i conftest2.i conftest.out
test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-$as_echo "$lt_cv_truncate_bin" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+printf "%s\n" "$lt_cv_truncate_bin" >&6; }
@@ -8051,7 +8949,8 @@ func_cc_basename ()
}
@%:@ Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then :
+if test ${enable_libtool_lock+y}
+then :
enableval=$enable_libtool_lock;
fi
@@ -8067,7 +8966,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
@@ -8087,7 +8986,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
if test yes = "$lt_cv_prog_gnu_ld"; then
case `/usr/bin/file conftest.$ac_objext` in
@@ -8125,7 +9024,7 @@ mips64*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
emul=elf
case `/usr/bin/file conftest.$ac_objext` in
@@ -8166,7 +9065,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*32-bit*)
@@ -8229,11 +9128,12 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -belf"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
-if ${lt_cv_cc_needs_belf+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+printf %s "checking whether the C compiler needs -belf... " >&6; }
+if test ${lt_cv_cc_needs_belf+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -8244,19 +9144,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_cc_needs_belf=yes
-else
+else $as_nop
lt_cv_cc_needs_belf=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -8265,8 +9166,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-$as_echo "$lt_cv_cc_needs_belf" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
if test yes != "$lt_cv_cc_needs_belf"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
CFLAGS=$SAVE_CFLAGS
@@ -8279,7 +9180,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*64-bit*)
@@ -8316,11 +9217,12 @@ need_locks=$enable_libtool_lock
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$MANIFEST_TOOL"; then
ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
else
@@ -8328,11 +9230,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8343,11 +9249,11 @@ fi
fi
MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
if test -n "$MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-$as_echo "$MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+printf "%s\n" "$MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8356,11 +9262,12 @@ if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
# Extract the first word of "mt", so it can be a program name with args.
set dummy mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_MANIFEST_TOOL"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
else
@@ -8368,11 +9275,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8383,11 +9294,11 @@ fi
fi
ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
if test -n "$ac_ct_MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-$as_echo "$ac_ct_MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_MANIFEST_TOOL" = x; then
@@ -8395,8 +9306,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
@@ -8406,11 +9317,12 @@ else
fi
test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if ${lt_cv_path_mainfest_tool+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if test ${lt_cv_path_mainfest_tool+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_path_mainfest_tool=no
echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
$MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
@@ -8420,8 +9332,8 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-$as_echo "$lt_cv_path_mainfest_tool" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
if test yes != "$lt_cv_path_mainfest_tool"; then
MANIFEST_TOOL=:
fi
@@ -8436,11 +9348,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DSYMUTIL"; then
ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
else
@@ -8448,11 +9361,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8463,11 +9380,11 @@ fi
fi
DSYMUTIL=$ac_cv_prog_DSYMUTIL
if test -n "$DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-$as_echo "$DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+printf "%s\n" "$DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8476,11 +9393,12 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then
ac_ct_DSYMUTIL=$DSYMUTIL
# Extract the first word of "dsymutil", so it can be a program name with args.
set dummy dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DSYMUTIL"; then
ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
else
@@ -8488,11 +9406,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8503,11 +9425,11 @@ fi
fi
ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
if test -n "$ac_ct_DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-$as_echo "$ac_ct_DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DSYMUTIL" = x; then
@@ -8515,8 +9437,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DSYMUTIL=$ac_ct_DSYMUTIL
@@ -8528,11 +9450,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NMEDIT"; then
ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
else
@@ -8540,11 +9463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8555,11 +9482,11 @@ fi
fi
NMEDIT=$ac_cv_prog_NMEDIT
if test -n "$NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-$as_echo "$NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+printf "%s\n" "$NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8568,11 +9495,12 @@ if test -z "$ac_cv_prog_NMEDIT"; then
ac_ct_NMEDIT=$NMEDIT
# Extract the first word of "nmedit", so it can be a program name with args.
set dummy nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_NMEDIT"; then
ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
else
@@ -8580,11 +9508,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_NMEDIT="nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8595,11 +9527,11 @@ fi
fi
ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
if test -n "$ac_ct_NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-$as_echo "$ac_ct_NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+printf "%s\n" "$ac_ct_NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_NMEDIT" = x; then
@@ -8607,8 +9539,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
NMEDIT=$ac_ct_NMEDIT
@@ -8620,11 +9552,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LIPO"; then
ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
else
@@ -8632,11 +9565,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8647,11 +9584,11 @@ fi
fi
LIPO=$ac_cv_prog_LIPO
if test -n "$LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-$as_echo "$LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+printf "%s\n" "$LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8660,11 +9597,12 @@ if test -z "$ac_cv_prog_LIPO"; then
ac_ct_LIPO=$LIPO
# Extract the first word of "lipo", so it can be a program name with args.
set dummy lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_LIPO"; then
ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
else
@@ -8672,11 +9610,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_LIPO="lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8687,11 +9629,11 @@ fi
fi
ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
if test -n "$ac_ct_LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-$as_echo "$ac_ct_LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+printf "%s\n" "$ac_ct_LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_LIPO" = x; then
@@ -8699,8 +9641,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
LIPO=$ac_ct_LIPO
@@ -8712,11 +9654,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL"; then
ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
else
@@ -8724,11 +9667,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8739,11 +9686,11 @@ fi
fi
OTOOL=$ac_cv_prog_OTOOL
if test -n "$OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-$as_echo "$OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+printf "%s\n" "$OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8752,11 +9699,12 @@ if test -z "$ac_cv_prog_OTOOL"; then
ac_ct_OTOOL=$OTOOL
# Extract the first word of "otool", so it can be a program name with args.
set dummy otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL"; then
ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
else
@@ -8764,11 +9712,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL="otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8779,11 +9731,11 @@ fi
fi
ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
if test -n "$ac_ct_OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-$as_echo "$ac_ct_OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+printf "%s\n" "$ac_ct_OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL" = x; then
@@ -8791,8 +9743,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL=$ac_ct_OTOOL
@@ -8804,11 +9756,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL64"; then
ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
else
@@ -8816,11 +9769,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8831,11 +9788,11 @@ fi
fi
OTOOL64=$ac_cv_prog_OTOOL64
if test -n "$OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-$as_echo "$OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+printf "%s\n" "$OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8844,11 +9801,12 @@ if test -z "$ac_cv_prog_OTOOL64"; then
ac_ct_OTOOL64=$OTOOL64
# Extract the first word of "otool64", so it can be a program name with args.
set dummy otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL64"; then
ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
else
@@ -8856,11 +9814,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL64="otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8871,11 +9833,11 @@ fi
fi
ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
if test -n "$ac_ct_OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-$as_echo "$ac_ct_OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+printf "%s\n" "$ac_ct_OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL64" = x; then
@@ -8883,8 +9845,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL64=$ac_ct_OTOOL64
@@ -8919,11 +9881,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-$as_echo_n "checking for -single_module linker flag... " >&6; }
-if ${lt_cv_apple_cc_single_mod+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+printf %s "checking for -single_module linker flag... " >&6; }
+if test ${lt_cv_apple_cc_single_mod+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_apple_cc_single_mod=no
if test -z "$LT_MULTI_MODULE"; then
# By default we will add the -single_module flag. You can override
@@ -8952,14 +9915,15 @@ else
rm -f conftest.*
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
-if ${lt_cv_ld_exported_symbols_list+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+printf %s "checking for -exported_symbols_list linker flag... " >&6; }
+if test ${lt_cv_ld_exported_symbols_list+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_exported_symbols_list=no
save_LDFLAGS=$LDFLAGS
echo "_main" > conftest.sym
@@ -8968,39 +9932,41 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_ld_exported_symbols_list=yes
-else
+else $as_nop
lt_cv_ld_exported_symbols_list=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-$as_echo_n "checking for -force_load linker flag... " >&6; }
-if ${lt_cv_ld_force_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+printf %s "checking for -force_load linker flag... " >&6; }
+if test ${lt_cv_ld_force_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cru libconftest.a conftest.o" >&5
- $AR cru libconftest.a conftest.o 2>&5
+ echo "$AR cr libconftest.a conftest.o" >&5
+ $AR cr libconftest.a conftest.o 2>&5
echo "$RANLIB libconftest.a" >&5
$RANLIB libconftest.a 2>&5
cat > conftest.c << _LT_EOF
@@ -9020,8 +9986,8 @@ _LT_EOF
rm -rf conftest.dSYM
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-$as_echo "$lt_cv_ld_force_load" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+printf "%s\n" "$lt_cv_ld_force_load" >&6; }
case $host_os in
rhapsody* | darwin1.[012])
_lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
@@ -9032,11 +9998,11 @@ $as_echo "$lt_cv_ld_force_load" >&6; }
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[012][,.]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*)
+ 10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@@ -9092,18 +10058,13 @@ func_munge_path_list ()
esac
}
-for ac_header in dlfcn.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
"
-if test "x$ac_cv_header_dlfcn_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_DLFCN_H 1
-_ACEOF
-
-fi
+if test "x$ac_cv_header_dlfcn_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
-done
+fi
@@ -9120,7 +10081,8 @@ done
@%:@ Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then :
+if test ${enable_shared+y}
+then :
enableval=$enable_shared; p=${PACKAGE-default}
case $enableval in
yes) enable_shared=yes ;;
@@ -9138,7 +10100,7 @@ if test "${enable_shared+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_shared=yes
fi
@@ -9151,7 +10113,8 @@ fi
@%:@ Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then :
+if test ${enable_static+y}
+then :
enableval=$enable_static; p=${PACKAGE-default}
case $enableval in
yes) enable_static=yes ;;
@@ -9169,7 +10132,7 @@ if test "${enable_static+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_static=yes
fi
@@ -9183,7 +10146,8 @@ fi
@%:@ Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then :
+if test ${with_pic+y}
+then :
withval=$with_pic; lt_p=${PACKAGE-default}
case $withval in
yes|no) pic_mode=$withval ;;
@@ -9200,7 +10164,7 @@ if test "${with_pic+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
pic_mode=default
fi
@@ -9212,7 +10176,8 @@ fi
@%:@ Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then :
+if test ${enable_fast_install+y}
+then :
enableval=$enable_fast_install; p=${PACKAGE-default}
case $enableval in
yes) enable_fast_install=yes ;;
@@ -9230,7 +10195,7 @@ if test "${enable_fast_install+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_fast_install=yes
fi
@@ -9244,11 +10209,12 @@ fi
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[5-9]*,yes)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-$as_echo_n "checking which variant of shared library versioning to provide... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+printf %s "checking which variant of shared library versioning to provide... " >&6; }
@%:@ Check whether --with-aix-soname was given.
-if test "${with_aix_soname+set}" = set; then :
+if test ${with_aix_soname+y}
+then :
withval=$with_aix_soname; case $withval in
aix|svr4|both)
;;
@@ -9257,18 +10223,19 @@ if test "${with_aix_soname+set}" = set; then :
;;
esac
lt_cv_with_aix_soname=$with_aix_soname
-else
- if ${lt_cv_with_aix_soname+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ if test ${lt_cv_with_aix_soname+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_with_aix_soname=aix
fi
with_aix_soname=$lt_cv_with_aix_soname
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-$as_echo "$with_aix_soname" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+printf "%s\n" "$with_aix_soname" >&6; }
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
@@ -9350,11 +10317,12 @@ if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-$as_echo_n "checking for objdir... " >&6; }
-if ${lt_cv_objdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+printf %s "checking for objdir... " >&6; }
+if test ${lt_cv_objdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
rm -f .libs 2>/dev/null
mkdir .libs 2>/dev/null
if test -d .libs; then
@@ -9365,17 +10333,15 @@ else
fi
rmdir .libs 2>/dev/null
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-$as_echo "$lt_cv_objdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+printf "%s\n" "$lt_cv_objdir" >&6; }
objdir=$lt_cv_objdir
-cat >>confdefs.h <<_ACEOF
-@%:@define LT_OBJDIR "$lt_cv_objdir/"
-_ACEOF
+printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
@@ -9421,11 +10387,12 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file
case $deplibs_check_method in
file_magic*)
if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+printf %s "checking for ${ac_tool_prefix}file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9474,11 +10441,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9487,11 +10454,12 @@ fi
if test -z "$lt_cv_path_MAGIC_CMD"; then
if test -n "$ac_tool_prefix"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-$as_echo_n "checking for file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+printf %s "checking for file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9540,11 +10508,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9629,11 +10597,12 @@ if test yes = "$GCC"; then
lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test ${lt_cv_prog_compiler_rtti_exceptions+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_rtti_exceptions=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -9664,8 +10633,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
@@ -9862,6 +10831,12 @@ lt_prog_compiler_static=
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -10022,26 +10997,28 @@ case $host_os in
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
-if ${lt_cv_prog_compiler_pic+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+printf %s "checking for $compiler option to produce PIC... " >&6; }
+if test ${lt_cv_prog_compiler_pic+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-$as_echo "$lt_cv_prog_compiler_pic" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
#
# Check to make sure the PIC flag actually works.
#
if test -n "$lt_prog_compiler_pic"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if ${lt_cv_prog_compiler_pic_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test ${lt_cv_prog_compiler_pic_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic_works=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -10072,8 +11049,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
if test yes = "$lt_cv_prog_compiler_pic_works"; then
case $lt_prog_compiler_pic in
@@ -10101,11 +11078,12 @@ fi
# Check to make sure the static flag actually works.
#
wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if ${lt_cv_prog_compiler_static_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test ${lt_cv_prog_compiler_static_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_static_works=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
@@ -10129,8 +11107,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
if test yes = "$lt_cv_prog_compiler_static_works"; then
:
@@ -10144,11 +11122,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10191,19 +11170,20 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10246,8 +11226,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -10255,19 +11235,19 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; }
hard_links=nottested
if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
# do not overwrite the value of need_locks provided by the user
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-$as_echo_n "checking if we can lock with hard links... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+printf %s "checking if we can lock with hard links... " >&6; }
hard_links=yes
$RM conftest*
ln conftest.a conftest.b 2>/dev/null && hard_links=no
touch conftest.a
ln conftest.a conftest.b 2>&5 || hard_links=no
ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-$as_echo "$hard_links" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+printf "%s\n" "$hard_links" >&6; }
if test no = "$hard_links"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
need_locks=warn
fi
else
@@ -10279,8 +11259,8 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
runpath_var=
allow_undefined_flag=
@@ -10838,21 +11818,23 @@ _LT_EOF
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10867,7 +11849,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -10891,21 +11873,23 @@ fi
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10920,7 +11904,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -11171,11 +12155,12 @@ fi
# Older versions of the 11.00 compiler do not understand -b yet
# (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-$as_echo_n "checking if $CC understands -b... " >&6; }
-if ${lt_cv_prog_compiler__b+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+printf %s "checking if $CC understands -b... " >&6; }
+if test ${lt_cv_prog_compiler__b+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler__b=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -b"
@@ -11199,8 +12184,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-$as_echo "$lt_cv_prog_compiler__b" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
if test yes = "$lt_cv_prog_compiler__b"; then
archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
@@ -11240,28 +12225,30 @@ fi
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
# This should be the same for all languages, so no per-tag cache variable.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if ${lt_cv_irix_exported_symbol+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if test ${lt_cv_irix_exported_symbol+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int foo (void) { return 0; }
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_irix_exported_symbol=yes
-else
+else $as_nop
lt_cv_irix_exported_symbol=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-$as_echo "$lt_cv_irix_exported_symbol" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
if test yes = "$lt_cv_irix_exported_symbol"; then
archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
@@ -11542,8 +12529,8 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-$as_echo "$ld_shlibs" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+printf "%s\n" "$ld_shlibs" >&6; }
test no = "$ld_shlibs" && can_build_shared=no
with_gnu_ld=$with_gnu_ld
@@ -11579,18 +12566,19 @@ x|xyes)
# Test whether the compiler implicitly links with -lc since on some
# systems, -lgcc has to come before -lc. If gcc already passes -lc
# to ld, don't add -lc before -lgcc.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
-if ${lt_cv_archive_cmds_need_lc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+printf %s "checking whether -lc should be explicitly linked in... " >&6; }
+if test ${lt_cv_archive_cmds_need_lc+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
$RM conftest*
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } 2>conftest.err; then
soname=conftest
lib=conftest
@@ -11608,7 +12596,7 @@ else
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
(eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
then
lt_cv_archive_cmds_need_lc=no
@@ -11622,8 +12610,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-$as_echo "$lt_cv_archive_cmds_need_lc" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
;;
esac
@@ -11782,8 +12770,8 @@ esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-$as_echo_n "checking dynamic linker characteristics... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+printf %s "checking dynamic linker characteristics... " >&6; }
if test yes = "$GCC"; then
case $host_os in
@@ -12344,9 +13332,10 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
shlibpath_overrides_runpath=no
# Some binutils ld are patched to set DT_RUNPATH
- if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_shlibpath_overrides_runpath+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_shlibpath_overrides_runpath=no
save_LDFLAGS=$LDFLAGS
save_libdir=$libdir
@@ -12356,19 +13345,21 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+if ac_fn_c_try_link "$LINENO"
+then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
+then :
lt_cv_shlibpath_overrides_runpath=yes
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
libdir=$save_libdir
@@ -12612,8 +13603,8 @@ uts4*)
dynamic_linker=no
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-$as_echo "$dynamic_linker" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+printf "%s\n" "$dynamic_linker" >&6; }
test no = "$dynamic_linker" && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
@@ -12734,8 +13725,8 @@ configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+printf %s "checking how to hardcode library paths into programs... " >&6; }
hardcode_action=
if test -n "$hardcode_libdir_flag_spec" ||
test -n "$runpath_var" ||
@@ -12759,8 +13750,8 @@ else
# directories.
hardcode_action=unsupported
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-$as_echo "$hardcode_action" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+printf "%s\n" "$hardcode_action" >&6; }
if test relink = "$hardcode_action" ||
test yes = "$inherit_rpath"; then
@@ -12804,11 +13795,12 @@ else
darwin*)
# if libdl is installed we need to link against it
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12817,32 +13809,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
+else $as_nop
lt_cv_dlopen=dyld
lt_cv_dlopen_libs=
@@ -12862,14 +13853,16 @@ fi
*)
ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes; then :
+if test "x$ac_cv_func_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-$as_echo_n "checking for shl_load in -ldld... " >&6; }
-if ${ac_cv_lib_dld_shl_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+printf %s "checking for shl_load in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_shl_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12878,41 +13871,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char shl_load ();
int
-main ()
+main (void)
{
return shl_load ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_shl_load=yes
-else
+else $as_nop
ac_cv_lib_dld_shl_load=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else
+else $as_nop
ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes; then :
+if test "x$ac_cv_func_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12921,37 +13915,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-$as_echo_n "checking for dlopen in -lsvld... " >&6; }
-if ${ac_cv_lib_svld_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+printf %s "checking for dlopen in -lsvld... " >&6; }
+if test ${ac_cv_lib_svld_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsvld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12960,37 +13954,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_svld_dlopen=yes
-else
+else $as_nop
ac_cv_lib_svld_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-$as_echo_n "checking for dld_link in -ldld... " >&6; }
-if ${ac_cv_lib_dld_dld_link+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+printf %s "checking for dld_link in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_dld_link+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12999,30 +13993,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dld_link ();
int
-main ()
+main (void)
{
return dld_link ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_dld_link=yes
-else
+else $as_nop
ac_cv_lib_dld_dld_link=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes
+then :
lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
fi
@@ -13061,11 +14054,12 @@ fi
save_LIBS=$LIBS
LIBS="$lt_cv_dlopen_libs $LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-$as_echo_n "checking whether a program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+printf %s "checking whether a program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self=cross
else
@@ -13144,7 +14138,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13162,16 +14156,17 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-$as_echo "$lt_cv_dlopen_self" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+printf "%s\n" "$lt_cv_dlopen_self" >&6; }
if test yes = "$lt_cv_dlopen_self"; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self_static+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self_static+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self_static=cross
else
@@ -13250,7 +14245,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13268,8 +14263,8 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-$as_echo "$lt_cv_dlopen_self_static" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
fi
CPPFLAGS=$save_CPPFLAGS
@@ -13307,13 +14302,13 @@ fi
striplib=
old_striplib=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+printf %s "checking whether stripping libraries is possible... " >&6; }
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
@@ -13321,16 +14316,16 @@ else
if test -n "$STRIP"; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
;;
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
;;
esac
fi
@@ -13347,13 +14342,13 @@ fi
# Report what library types will actually be built
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-$as_echo_n "checking if libtool supports shared libraries... " >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-$as_echo "$can_build_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+printf %s "checking if libtool supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+printf "%s\n" "$can_build_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-$as_echo_n "checking whether to build shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+printf %s "checking whether to build shared libraries... " >&6; }
test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
@@ -13377,15 +14372,15 @@ $as_echo_n "checking whether to build shared libraries... " >&6; }
fi
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-$as_echo "$enable_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+printf "%s\n" "$enable_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-$as_echo_n "checking whether to build static libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+printf %s "checking whether to build static libraries... " >&6; }
# Make sure either enable_shared or enable_static is yes.
test yes = "$enable_shared" || enable_static=yes
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-$as_echo "$enable_static" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+printf "%s\n" "$enable_static" >&6; }
@@ -13422,182 +14417,6 @@ CC=$lt_save_CC
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5
-$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
-if ${ac_cv_prog_cc_c99+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <wchar.h>
-#include <stdio.h>
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-#define debug(...) fprintf (stderr, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- your preprocessor is broken;
-#endif
-#if BIG_OK
-#else
- your preprocessor is broken;
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\0'; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static void
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str;
- int number;
- float fnumber;
-
- while (*format)
- {
- switch (*format++)
- {
- case 's': // string
- str = va_arg (args_copy, const char *);
- break;
- case 'd': // int
- number = va_arg (args_copy, int);
- break;
- case 'f': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-}
-
-int
-main ()
-{
-
- // Check bool.
- _Bool success = false;
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- test_varargs ("s, d' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
- || dynamic_array[ni.number - 1] != 543);
-
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c99" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c99"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c99" != xno; then :
-
-fi
-
if test "$ac_cv_prog_cc_c99" = "no"; then
as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
@@ -13632,8 +14451,8 @@ _ACEOF
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -13663,15 +14482,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
/^ac_cv_env_/b end
t clear
:clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
t end
s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
if test "x$cache_file" != "x/dev/null"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
if test ! -f "$cache_file" || test -h "$cache_file"; then
cat confcache >"$cache_file"
else
@@ -13685,8 +14504,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;}
fi
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
@@ -13739,7 +14558,7 @@ U=
for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
# 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
# will be set to the directory where LIBOBJS objects are built.
as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
@@ -13750,14 +14569,14 @@ LIB@&t@OBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-$as_echo_n "checking that generated files are newer than configure... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+printf %s "checking that generated files are newer than configure... " >&6; }
if test -n "$am_sleep_pid"; then
# Hide warnings about reused PIDs.
wait $am_sleep_pid 2>/dev/null
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5
-$as_echo "done" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
+printf "%s\n" "done" >&6; }
if test -n "$EXEEXT"; then
am__EXEEXT_TRUE=
am__EXEEXT_FALSE='#'
@@ -13795,8 +14614,8 @@ fi
ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
as_write_fail=0
cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
@@ -13819,14 +14638,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -13836,46 +14657,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in @%:@(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -13884,13 +14705,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in @%:@((
@@ -13899,8 +14713,12 @@ case $0 in @%:@((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -13912,30 +14730,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
@@ -13948,13 +14746,14 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} @%:@ as_fn_error
+
@%:@ as_fn_set_status STATUS
@%:@ -----------------------
@%:@ Set @S|@? to STATUS, without forking.
@@ -13981,18 +14780,20 @@ as_fn_unset ()
{ eval $1=; unset $1;}
}
as_unset=as_fn_unset
+
@%:@ as_fn_append VAR VALUE
@%:@ ----------------------
@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
@%:@ advantage of any shell optimizations that allow amortized linear growth over
@%:@ repeated appends, instead of the typical quadratic growth present in naive
@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -14004,12 +14805,13 @@ fi # as_fn_append
@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
@@ -14040,7 +14842,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -14062,6 +14864,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in @%:@(((((
-n*)
@@ -14075,6 +14881,12 @@ case `echo -n x` in @%:@(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -14116,7 +14928,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -14125,7 +14937,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14188,7 +15000,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# values after options handling.
ac_log="
This file was extended by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -14241,14 +15053,16 @@ $config_commands
Report bugs to the package provider."
_ACEOF
+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
config.status
-configured by $0, generated by GNU Autoconf 2.69,
+configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -14288,21 +15102,21 @@ do
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
+ printf "%s\n" "$ac_cs_version"; exit ;;
--config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
+ printf "%s\n" "$ac_cs_config"; exit ;;
--debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
'') as_fn_error $? "missing file argument" ;;
esac
as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--he | --h | --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
+ printf "%s\n" "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
@@ -14330,7 +15144,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'
export CONFIG_SHELL
exec "\$@"
@@ -14344,7 +15158,7 @@ exec 5>>config.log
sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
@%:@@%:@ Running $as_me. @%:@@%:@
_ASBOX
- $as_echo "$ac_log"
+ printf "%s\n" "$ac_log"
} >&5
_ACEOF
@@ -14352,7 +15166,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
#
# INIT-COMMANDS
#
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
# The HP-UX ksh and POSIX shell print the target directory to stdout
@@ -14674,8 +15488,8 @@ done
# We use the long form for the default assignment because of an extremely
# bizarre bug on SunOS 4.1.3.
if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
+ test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
fi
# Have a temporary directory for convenience. Make it in the build tree
@@ -14903,7 +15717,7 @@ do
esac ||
as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
as_fn_append ac_file_inputs " '$ac_f'"
done
@@ -14911,17 +15725,17 @@ do
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
`' by configure.'
if test x"$ac_file" != x-; then
configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+printf "%s\n" "$as_me: creating $ac_file" >&6;}
fi
# Neutralize special characters interpreted by sed in replacement strings.
case $configure_input in #(
*\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
+ ac_sed_conf_input=`printf "%s\n" "$configure_input" |
sed 's/[\\\\&|]/\\\\&/g'`;; #(
*) ac_sed_conf_input=$configure_input;;
esac
@@ -14938,7 +15752,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
+printf "%s\n" X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14962,9 +15776,9 @@ $as_echo X"$ac_file" |
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -15026,8 +15840,8 @@ ac_sed_dataroot='
case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
*datarootdir*) ac_datarootdir_seen=yes;;
*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_datarootdir_hack='
@@ -15071,9 +15885,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
{ ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
{ ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
"$ac_tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&2;}
rm -f "$ac_tmp/stdin"
@@ -15085,8 +15899,8 @@ which seems to be undefined. Please make sure it is defined" >&2;}
;;
- :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-$as_echo "$as_me: executing $ac_file commands" >&6;}
+ :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
;;
esac
@@ -15096,29 +15910,35 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
- case $CONFIG_FILES in
- *\'*) eval set x "$CONFIG_FILES" ;;
- *) set x $CONFIG_FILES ;;
- esac
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ case $CONFIG_FILES in @%:@(
+ *\'*) :
+ eval set x "$CONFIG_FILES" ;; @%:@(
+ *) :
+ set x $CONFIG_FILES ;; @%:@(
+ *) :
+ ;;
+esac
shift
- for mf
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
do
# Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named 'Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
+ am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`$as_dirname -- "$mf" ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$mf" : 'X\(//\)[^/]' \| \
- X"$mf" : 'X\(//\)$' \| \
- X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$mf" |
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`$as_dirname -- "$am_mf" ||
+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$am_mf" : 'X\(//\)[^/]' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$am_mf" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -15136,53 +15956,50 @@ $as_echo X"$mf" |
q
}
s/.*/./; q'`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running 'make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "$am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`$as_dirname -- "$file" ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$file" : 'X\(//\)[^/]' \| \
- X"$file" : 'X\(//\)$' \| \
- X"$file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
+ am_filepart=`$as_basename -- "$am_mf" ||
+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$am_mf" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
}
- /^X\(\/\/\)$/{
+ /^X\/\(\/\/\)$/{
s//\1/
q
}
- /^X\(\/\).*/{
+ /^X\/\(\/\).*/{
s//\1/
q
}
s/.*/./; q'`
- as_dir=$dirpart/$fdir; as_fn_mkdir_p
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
+ { echo "$as_me:$LINENO: cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles" >&5
+ (cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } || am_rc=$?
done
+ if test $am_rc -ne 0; then
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE=\"gmake\" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ { am_dirpart=; unset am_dirpart;}
+ { am_filepart=; unset am_filepart;}
+ { am_mf=; unset am_mf;}
+ { am_rc=; unset am_rc;}
+ rm -f conftest-deps.mk
}
;;
"libtool":C)
@@ -15712,6 +16529,7 @@ _LT_EOF
esac
+
ltmain=$ac_aux_dir/ltmain.sh
@@ -15761,7 +16579,7 @@ if test "$no_create" != yes; then
$ac_cs_success || as_fn_exit 1
fi
if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
fi
diff --git a/libraries/libapparmor/autom4te.cache/output.1 b/libraries/libapparmor/autom4te.cache/output.1
index 27859b28098df3fdbaef17fdd85041410fb98a90..80d4f8723cba11eaeb2141115bd40e3d2574774c 100644
--- a/libraries/libapparmor/autom4te.cache/output.1
+++ b/libraries/libapparmor/autom4te.cache/output.1
@@ -1,9 +1,10 @@
@%:@! /bin/sh
@%:@ Guess values for system-dependent variables and create Makefiles.
-@%:@ Generated by GNU Autoconf 2.69.
+@%:@ Generated by GNU Autoconf 2.71.
@%:@
@%:@
-@%:@ Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+@%:@ Inc.
@%:@
@%:@
@%:@ This configure script is free software; the Free Software Foundation
@@ -14,14 +15,16 @@
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -31,46 +34,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in @%:@(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in @%:@((
@@ -94,8 +90,12 @@ case $0 in @%:@((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -107,30 +107,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# Use a proper internal environment variable to ensure we don't fall
# into an infinite loop, continuously re-executing ourselves.
@@ -152,20 +132,22 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-as_fn_exit 255
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
# We don't want this to propagate to other subprocesses.
{ _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
# is contrary to our usage. Disable this feature.
alias -g '\${1+\"\$@\"}'='\"\$@\"'
setopt NO_GLOB_SUBST
-else
+else \$as_nop
case \`(set -o) 2>/dev/null\` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -185,12 +167,15 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; }
as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
+then :
-else
+else \$as_nop
exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1
+blah=\$(echo \$(echo blah))
+test x\"\$blah\" = xblah || exit 1
test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
@@ -205,30 +190,38 @@ test \$(( 1 + 1 )) = 2 || exit 1
PATH=/empty FPATH=/empty; export PATH FPATH
test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
|| test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
+ if (eval "$as_required") 2>/dev/null
+then :
as_have_required=yes
-else
+else $as_nop
as_have_required=no
fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
+then :
-else
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_found=false
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
as_found=:
case $as_dir in @%:@(
/*)
for as_base in sh bash ksh sh5; do
# Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
+ as_shell=$as_dir$as_base
if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
+then :
break 2
fi
fi
@@ -236,14 +229,21 @@ fi
esac
as_found=false
done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi
+fi
- if test "x$CONFIG_SHELL" != x; then :
+ if test "x$CONFIG_SHELL" != x
+then :
export CONFIG_SHELL
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
@@ -261,18 +261,19 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ if test x$as_have_required = xno
+then :
+ printf "%s\n" "$0: This script requires a shell more modern than all"
+ printf "%s\n" "$0: the shells that I found on your system."
+ if test ${ZSH_VERSION+y} ; then
+ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
else
- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
$0: including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
@@ -299,6 +300,7 @@ as_fn_unset ()
}
as_unset=as_fn_unset
+
@%:@ as_fn_set_status STATUS
@%:@ -----------------------
@%:@ Set @S|@? to STATUS, without forking.
@@ -316,6 +318,14 @@ as_fn_exit ()
as_fn_set_status $1
exit $1
} @%:@ as_fn_exit
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
@%:@ as_fn_mkdir_p
@%:@ -------------
@@ -330,7 +340,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -339,7 +349,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -378,12 +388,13 @@ as_fn_executable_p ()
@%:@ advantage of any shell optimizations that allow amortized linear growth over
@%:@ repeated appends, instead of the typical quadratic growth present in naive
@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -395,18 +406,27 @@ fi # as_fn_append
@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
}
fi # as_fn_arith
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
@%:@ ----------------------------------------
@@ -418,9 +438,9 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} @%:@ as_fn_error
@@ -447,7 +467,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -491,7 +511,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
s/-\n.*//
' >$as_me.lineno &&
chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
# If we had to re-execute with $CONFIG_SHELL, we're ensured to have
# already done that, so ensure we don't try to do so again and fall
@@ -505,6 +525,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
exit
}
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in @%:@(((((
-n*)
@@ -518,6 +542,13 @@ case `echo -n x` in @%:@(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -585,50 +616,46 @@ MFLAGS=
MAKEFLAGS=
# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-PACKAGE_URL=
+PACKAGE_NAME=''
+PACKAGE_TARNAME=''
+PACKAGE_VERSION=''
+PACKAGE_STRING=''
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
ac_unique_file="configure.ac"
# Factoring default headers for most tests.
ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
+#include <stddef.h>
+#ifdef HAVE_STDIO_H
+# include <stdio.h>
#endif
-#ifdef STDC_HEADERS
+#ifdef HAVE_STDLIB_H
# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
#endif
#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
# include <string.h>
#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
#endif
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"
+ac_header_c_list=
ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
@@ -662,7 +689,6 @@ build
LIBTOOL
EGREP
GREP
-CPP
HAVE_RUBY_FALSE
HAVE_RUBY_TRUE
HAVE_PERL_FALSE
@@ -677,14 +703,15 @@ pkgpyexecdir
pyexecdir
pkgpythondir
pythondir
-PYTHON_PLATFORM
PYTHON_EXEC_PREFIX
PYTHON_PREFIX
+PYTHON_PLATFORM
PYTHON_EXTRA_LDFLAGS
PYTHON_EXTRA_LIBS
PYTHON_SITE_PKG
PYTHON_LDFLAGS
PYTHON_CPPFLAGS
+PYTHON_CONFIG
PYTHON_VERSION
PYTHON
POD2MAN
@@ -704,7 +731,6 @@ am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
AMDEP_TRUE
-am__quote
am__include
DEPDIR
OBJEXT
@@ -720,6 +746,9 @@ AM_BACKSLASH
AM_DEFAULT_VERBOSITY
AM_DEFAULT_V
AM_V
+CSCOPE
+ETAGS
+CTAGS
am__untar
am__tar
AMTAR
@@ -781,7 +810,8 @@ PACKAGE_VERSION
PACKAGE_TARNAME
PACKAGE_NAME
PATH_SEPARATOR
-SHELL'
+SHELL
+am__quote'
ac_subst_files=''
ac_user_opts='
enable_option_checking
@@ -790,6 +820,9 @@ enable_dependency_tracking
enable_debug_output
enable_man_pages
with_python
+with_python_sys_prefix
+with_python_prefix
+with_python_exec_prefix
with_perl
with_ruby
enable_shared
@@ -816,7 +849,6 @@ PKG_CONFIG_PATH
PKG_CONFIG_LIBDIR
PYTHON_VERSION
PYTHON
-CPP
LT_SYS_LIBRARY_PATH'
@@ -886,8 +918,6 @@ do
*) ac_optarg=yes ;;
esac
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
case $ac_dashdash$ac_option in
--)
ac_dashdash=yes ;;
@@ -928,9 +958,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -954,9 +984,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -1167,9 +1197,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1183,9 +1213,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1229,9 +1259,9 @@ Try \`$0 --help' for more information"
*)
# FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
: "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
@@ -1247,7 +1277,7 @@ if test -n "$ac_unrecognized_opts"; then
case $enable_option_checking in
no) ;;
fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
esac
fi
@@ -1311,7 +1341,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_myself" : 'X\(//\)[^/]' \| \
X"$as_myself" : 'X\(//\)$' \| \
X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
+printf "%s\n" X"$as_myself" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -1463,6 +1493,11 @@ Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-python enable the python wrapper [default=no]
+ --with-python-sys-prefix
+ use Python's sys.prefix and sys.exec_prefix values
+ --with-python_prefix override the default PYTHON_PREFIX
+ --with-python_exec_prefix
+ override the default PYTHON_EXEC_PREFIX
--with-perl enable the perl wrapper [default=no]
--with-ruby enable the ruby wrapper [default=no]
--with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
@@ -1498,7 +1533,6 @@ Some influential environment variables:
string will be appended to the Python interpreter canonical
name.
PYTHON the Python interpreter
- CPP C preprocessor
LT_SYS_LIBRARY_PATH
User-defined run-time library search path.
@@ -1521,9 +1555,9 @@ if test "$ac_init_help" = "recursive"; then
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -1551,7 +1585,8 @@ esac
ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
+ # Check for configure.gnu first; this name is used for a wrapper for
+ # Metaconfig's "Configure" on case-insensitive file systems.
if test -f "$ac_srcdir/configure.gnu"; then
echo &&
$SHELL "$ac_srcdir/configure.gnu" --help=recursive
@@ -1559,7 +1594,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
@@ -1569,9 +1604,9 @@ test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
configure
-generated by GNU Autoconf 2.69
+generated by GNU Autoconf 2.71
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@@ -1588,14 +1623,14 @@ fi
ac_fn_c_try_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
+ rm -f conftest.$ac_objext conftest.beam
if { { ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1603,14 +1638,15 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
+ } && test -s conftest.$ac_objext
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1626,14 +1662,14 @@ fi
ac_fn_c_try_link ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
+ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1641,17 +1677,18 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
test -x conftest$ac_exeext
- }; then :
+ }
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1666,172 +1703,6 @@ fi
} @%:@ ac_fn_c_try_link
-@%:@ ac_fn_c_try_cpp LINENO
-@%:@ ----------------------
-@%:@ Try to preprocess conftest.@S|@ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_cpp
-
-@%:@ ac_fn_c_try_run LINENO
-@%:@ ----------------------
-@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded. Assumes
-@%:@ that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} @%:@ ac_fn_c_try_run
-
-@%:@ ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
-@%:@ -------------------------------------------------------
-@%:@ Tests whether HEADER exists, giving a warning if it cannot be compiled using
-@%:@ the include files in INCLUDES and setting the cache variable VAR
-@%:@ accordingly.
-ac_fn_c_check_header_mongrel ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval \${$3+:} false; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
-$as_echo_n "checking $2 usability... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_header_compiler=yes
-else
- ac_header_compiler=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
-$as_echo_n "checking $2 presence... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <$2>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- ac_header_preproc=yes
-else
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
- yes:no: )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
- no:yes:* )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
-esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=\$ac_header_compiler"
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} @%:@ ac_fn_c_check_header_mongrel
-
@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
@%:@ -------------------------------------------------------
@%:@ Tests whether HEADER exists and can be compiled using the include files in
@@ -1839,26 +1710,28 @@ fi
ac_fn_c_check_header_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$4
@%:@include <$2>
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} @%:@ ac_fn_c_check_header_compile
@@ -1869,11 +1742,12 @@ $as_echo "$ac_res" >&6; }
ac_fn_c_check_func ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
@@ -1881,16 +1755,9 @@ else
#define $2 innocuous_$2
/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
+ which can conflict with char $2 (); below. */
+#include <limits.h>
#undef $2
/* Override any GCC internal prototype to avoid an error.
@@ -1908,35 +1775,56 @@ choke me
#endif
int
-main ()
+main (void)
{
return $2 ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} @%:@ ac_fn_c_check_func
+ac_configure_args_raw=
+for ac_arg
+do
+ case $ac_arg in
+ *\'*)
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append ac_configure_args_raw " '$ac_arg'"
+done
+
+case $ac_configure_args_raw in
+ *$as_nl*)
+ ac_safe_unquote= ;;
+ *)
+ ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
+ ac_unsafe_a="$ac_unsafe_z#~"
+ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
+ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
+esac
+
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
- $ $0 $@
+ $ $0$ac_configure_args_raw
_ACEOF
exec 5>>config.log
@@ -1969,8 +1857,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ printf "%s\n" "PATH: $as_dir"
done
IFS=$as_save_IFS
@@ -2005,7 +1897,7 @@ do
| -silent | --silent | --silen | --sile | --sil)
continue ;;
*\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
@@ -2040,11 +1932,13 @@ done
# WARNING: Use '\'' to represent an apostrophe within the trap.
# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
trap 'exit_status=$?
+ # Sanitize IFS.
+ IFS=" "" $as_nl"
# Save into config.log some information that might help in debugging.
{
echo
- $as_echo "## ---------------- ##
+ printf "%s\n" "## ---------------- ##
## Cache variables. ##
## ---------------- ##"
echo
@@ -2055,8 +1949,8 @@ trap 'exit_status=$?
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -2080,7 +1974,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
)
echo
- $as_echo "## ----------------- ##
+ printf "%s\n" "## ----------------- ##
## Output variables. ##
## ----------------- ##"
echo
@@ -2088,14 +1982,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
+ printf "%s\n" "## ------------------- ##
## File substitutions. ##
## ------------------- ##"
echo
@@ -2103,15 +1997,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
fi
if test -s confdefs.h; then
- $as_echo "## ----------- ##
+ printf "%s\n" "## ----------- ##
## confdefs.h. ##
## ----------- ##"
echo
@@ -2119,8 +2013,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
echo
fi
test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
+ printf "%s\n" "$as_me: caught signal $ac_signal"
+ printf "%s\n" "$as_me: exit $exit_status"
} >&5
rm -f core *.core core.conftest.* &&
rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
@@ -2134,63 +2028,48 @@ ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -f -r conftest* confdefs.h
-$as_echo "/* confdefs.h */" > confdefs.h
+printf "%s\n" "/* confdefs.h */" > confdefs.h
# Predefined preprocessor variables.
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
# Let the site file select an alternate cache file if it wants to.
# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in @%:@((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
+ ac_site_files="$CONFIG_SITE"
elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
+ ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
+ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+
+for ac_site_file in $ac_site_files
do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ case $ac_site_file in @%:@(
+ */*) :
+ ;; @%:@(
+ *) :
+ ac_site_file=./$ac_site_file ;;
+esac
+ if test -f "$ac_site_file" && test -r "$ac_site_file"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
. "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to load site script $ac_site_file
See \`config.log' for more details" "$LINENO" 5; }
fi
@@ -2200,120 +2079,509 @@ if test -r "$cache_file"; then
# Some versions of bash will fail to source /dev/null (special files
# actually), so we avoid doing that. DJGPP emulates it as a regular file.
if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
[\\/]* | ?:[\\/]* ) . "$cache_file";;
*) . "./$cache_file";;
esac
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+# Test code for whether the C compiler supports C89 (global declarations)
+ac_c_conftest_c89_globals='
+/* Does the compiler advertise C89 conformance?
+ Do not test the value of __STDC__, because some compilers set it to 0
+ while being otherwise adequately conformant. */
+#if !defined __STDC__
+# error "Compiler does not advertise C89 conformance"
+#endif
+#include <stddef.h>
+#include <stdarg.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
+struct buf { int x; };
+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not \xHH hex character constants.
+ These do not provoke an error unfortunately, instead are silently treated
+ as an "x". The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously \x00 != x always comes out true, for an
+ array size at least. It is necessary to write \x00 == 0 to get something
+ that is true only with -std. */
+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-am__api_version='1.15'
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) '\''x'\''
+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
+ int, int);'
+
+# Test code for whether the C compiler supports C89 (body of main).
+ac_c_conftest_c89_main='
+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
+'
+
+# Test code for whether the C compiler supports C99 (global declarations)
+ac_c_conftest_c99_globals='
+// Does the compiler advertise C99 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
+# error "Compiler does not advertise C99 conformance"
+#endif
+
+#include <stdbool.h>
+extern int puts (const char *);
+extern int printf (const char *, ...);
+extern int dprintf (int, const char *, ...);
+extern void *malloc (size_t);
+
+// Check varargs macros. These examples are taken from C99 6.10.3.5.
+// dprintf is used instead of fprintf to avoid needing to declare
+// FILE and stderr.
+#define debug(...) dprintf (2, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+ int x = 1234;
+ int y = 5678;
+ debug ("Flag");
+ debug ("X = %d\n", x);
+ showlist (The first, second, and third items.);
+ report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+ #error "your preprocessor is broken"
+#endif
+#if BIG_OK
+#else
+ #error "your preprocessor is broken"
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+ int datasize;
+ double data[];
+};
+
+struct named_init {
+ int number;
+ const wchar_t *name;
+ double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+ // See if C++-style comments work.
+ // Iterate through items via the restricted pointer.
+ // Also check for declarations in for loops.
+ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
+ continue;
+ return 0;
+}
+
+// Check varargs and va_copy.
+static bool
+test_varargs (const char *format, ...)
+{
+ va_list args;
+ va_start (args, format);
+ va_list args_copy;
+ va_copy (args_copy, args);
+
+ const char *str = "";
+ int number = 0;
+ float fnumber = 0;
+
+ while (*format)
+ {
+ switch (*format++)
+ {
+ case '\''s'\'': // string
+ str = va_arg (args_copy, const char *);
+ break;
+ case '\''d'\'': // int
+ number = va_arg (args_copy, int);
+ break;
+ case '\''f'\'': // float
+ fnumber = va_arg (args_copy, double);
+ break;
+ default:
+ break;
+ }
+ }
+ va_end (args_copy);
+ va_end (args);
+
+ return *str && number && fnumber;
+}
+'
+
+# Test code for whether the C compiler supports C99 (body of main).
+ac_c_conftest_c99_main='
+ // Check bool.
+ _Bool success = false;
+ success |= (argc != 0);
+
+ // Check restrict.
+ if (test_restrict ("String literal") == 0)
+ success = true;
+ char *restrict newvar = "Another string";
+
+ // Check varargs.
+ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
+ test_varargs_macros ();
+
+ // Check flexible array members.
+ struct incomplete_array *ia =
+ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+ ia->datasize = 10;
+ for (int i = 0; i < ia->datasize; ++i)
+ ia->data[i] = i * 1.234;
+
+ // Check named initializers.
+ struct named_init ni = {
+ .number = 34,
+ .name = L"Test wide string",
+ .average = 543.34343,
+ };
+
+ ni.number = 58;
+
+ int dynamic_array[ni.number];
+ dynamic_array[0] = argv[0][0];
+ dynamic_array[ni.number - 1] = 543;
+
+ // work around unused variable warnings
+ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
+ || dynamic_array[ni.number - 1] != 543);
+'
+
+# Test code for whether the C compiler supports C11 (global declarations)
+ac_c_conftest_c11_globals='
+// Does the compiler advertise C11 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
+# error "Compiler does not advertise C11 conformance"
+#endif
+
+// Check _Alignas.
+char _Alignas (double) aligned_as_double;
+char _Alignas (0) no_special_alignment;
+extern char aligned_as_int;
+char _Alignas (0) _Alignas (int) aligned_as_int;
+
+// Check _Alignof.
+enum
+{
+ int_alignment = _Alignof (int),
+ int_array_alignment = _Alignof (int[100]),
+ char_alignment = _Alignof (char)
+};
+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
+
+// Check _Noreturn.
+int _Noreturn does_not_return (void) { for (;;) continue; }
+
+// Check _Static_assert.
+struct test_static_assert
+{
+ int x;
+ _Static_assert (sizeof (int) <= sizeof (long int),
+ "_Static_assert does not work in struct");
+ long int y;
+};
+
+// Check UTF-8 literals.
+#define u8 syntax error!
+char const utf8_literal[] = u8"happens to be ASCII" "another string";
+
+// Check duplicate typedefs.
+typedef long *long_ptr;
+typedef long int *long_ptr;
+typedef long_ptr long_ptr;
+
+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
+struct anonymous
+{
+ union {
+ struct { int i; int j; };
+ struct { int k; long int l; } w;
+ };
+ int m;
+} v1;
+'
+
+# Test code for whether the C compiler supports C11 (body of main).
+ac_c_conftest_c11_main='
+ _Static_assert ((offsetof (struct anonymous, i)
+ == offsetof (struct anonymous, w.k)),
+ "Anonymous union alignment botch");
+ v1.i = 2;
+ v1.w.k = 5;
+ ok |= v1.i != 5;
+'
+
+# Test code for whether the C compiler supports C11 (complete).
+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+${ac_c_conftest_c11_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ ${ac_c_conftest_c11_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C99 (complete).
+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C89 (complete).
+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ return ok;
+}
+"
+
+as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
+as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
+as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
+as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
+as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
+as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
+as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
+as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
+as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
+
+# Auxiliary files required by this configure script.
+ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
+
+# Locations in which to look for auxiliary files.
+ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
+
+# Search for a directory containing all of the required auxiliary files,
+# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
+# If we don't find one directory that contains all the files we need,
+# we report the set of missing files from the *first* directory in
+# $ac_aux_dir_candidates and give up.
+ac_missing_aux_files=""
+ac_first_candidate=:
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in $ac_aux_dir_candidates
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ as_found=:
+
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
+ ac_aux_dir_found=yes
+ ac_install_sh=
+ for ac_aux in $ac_aux_files
+ do
+ # As a special case, if "install-sh" is required, that requirement
+ # can be satisfied by any of "install-sh", "install.sh", or "shtool",
+ # and $ac_install_sh is set appropriately for whichever one is found.
+ if test x"$ac_aux" = x"install-sh"
+ then
+ if test -f "${as_dir}install-sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
+ ac_install_sh="${as_dir}install-sh -c"
+ elif test -f "${as_dir}install.sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
+ ac_install_sh="${as_dir}install.sh -c"
+ elif test -f "${as_dir}shtool"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
+ ac_install_sh="${as_dir}shtool install -c"
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} install-sh"
+ else
+ break
+ fi
+ fi
+ else
+ if test -f "${as_dir}${ac_aux}"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
+ else
+ break
+ fi
+ fi
+ fi
+ done
+ if test "$ac_aux_dir_found" = yes; then
+ ac_aux_dir="$as_dir"
break
fi
+ ac_first_candidate=false
+
+ as_found=false
done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
fi
+
# These three variables are undocumented and unsupported,
# and are intended to be withdrawn in a future Autoconf release.
# They can cause serious problems if a builder's source tree is in a directory
# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+if test -f "${ac_aux_dir}config.guess"; then
+ ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
+fi
+if test -f "${ac_aux_dir}config.sub"; then
+ ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
+fi
+if test -f "$ac_aux_dir/configure"; then
+ ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+ and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+am__api_version='1.16'
+
-# Find a good install program. We prefer a C program (faster),
+ # Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
# SysV /etc/install, /usr/sbin/install
@@ -2327,20 +2595,25 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+printf %s "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if ${ac_cv_path_install+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${ac_cv_path_install+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in @%:@((
- ./ | .// | /[cC]/* | \
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ # Account for fact that we put trailing slashes in our PATH walk.
+case $as_dir in @%:@((
+ ./ | /[cC]/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
/usr/ucb/* ) ;;
@@ -2350,13 +2623,13 @@ case $as_dir/ in @%:@((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
:
elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# program-specific install script used by HP pwplus--don't use.
:
else
@@ -2364,12 +2637,12 @@ case $as_dir/ in @%:@((
echo one > conftest.one
echo two > conftest.two
mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
test -s conftest.one && test -s conftest.two &&
test -s conftest.dir/conftest.one &&
test -s conftest.dir/conftest.two
then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
break 3
fi
fi
@@ -2385,7 +2658,7 @@ IFS=$as_save_IFS
rm -rf conftest.one conftest.two conftest.dir
fi
- if test "${ac_cv_path_install+set}" = set; then
+ if test ${ac_cv_path_install+y}; then
INSTALL=$ac_cv_path_install
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2395,8 +2668,8 @@ fi
INSTALL=$ac_install_sh
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+printf "%s\n" "$INSTALL" >&6; }
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
@@ -2406,8 +2679,8 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-$as_echo_n "checking whether build environment is sane... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+printf %s "checking whether build environment is sane... " >&6; }
# Reject unsafe characters in $srcdir or the absolute working directory
# name. Accept space and tab only in the latter.
am_lf='
@@ -2461,8 +2734,8 @@ else
as_fn_error $? "newly created file is older than distributed files!
Check your system clock" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
# If we didn't sleep, we still need to ensure time stamps of config.status and
# generated files are strictly newer.
am_sleep_pid=
@@ -2481,26 +2754,23 @@ test "$program_suffix" != NONE &&
# Double any \ or $.
# By default was `s,x,x', remove it if useless.
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
+
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
-if test x"${MISSING+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
- *)
- MISSING="\${SHELL} $am_aux_dir/missing" ;;
- esac
+
+ if test x"${MISSING+set}" != xset; then
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
am_missing_run="$MISSING "
else
am_missing_run=
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
fi
if test x"${install_sh+set}" != xset; then
@@ -2520,11 +2790,12 @@ if test "$cross_compiling" != no; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -2532,11 +2803,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2547,11 +2822,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -2560,11 +2835,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -2572,11 +2848,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2587,11 +2867,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -2599,8 +2879,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -2612,25 +2892,31 @@ fi
fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
-$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
+printf %s "checking for a race-free mkdir -p... " >&6; }
if test -z "$MKDIR_P"; then
- if ${ac_cv_path_mkdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${ac_cv_path_mkdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir (GNU coreutils) '* | \
- 'mkdir (coreutils) '* | \
+ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
+ case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir ('*'coreutils) '* | \
+ 'BusyBox '* | \
'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
break 3;;
esac
done
@@ -2641,7 +2927,7 @@ IFS=$as_save_IFS
fi
test -d ./--version && rmdir ./--version
- if test "${ac_cv_path_mkdir+set}" = set; then
+ if test ${ac_cv_path_mkdir+y}; then
MKDIR_P="$ac_cv_path_mkdir -p"
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2651,18 +2937,19 @@ fi
MKDIR_P="$ac_install_sh -d"
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-$as_echo "$MKDIR_P" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+printf "%s\n" "$MKDIR_P" >&6; }
for ac_prog in gawk mawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AWK+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AWK+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AWK"; then
ac_cv_prog_AWK="$AWK" # Let the user override the test.
else
@@ -2670,11 +2957,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2685,24 +2976,25 @@ fi
fi
AWK=$ac_cv_prog_AWK
if test -n "$AWK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-$as_echo "$AWK" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+printf "%s\n" "$AWK" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -n "$AWK" && break
done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
set x ${MAKE-make}
-ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval test \${ac_cv_prog_make_${ac_make}_set+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat >conftest.make <<\_ACEOF
SHELL = /bin/sh
all:
@@ -2718,12 +3010,12 @@ esac
rm -f conftest.make
fi
if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
SET_MAKE=
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
SET_MAKE="MAKE=${MAKE-make}"
fi
@@ -2737,7 +3029,8 @@ fi
rmdir .tst 2>/dev/null
@%:@ Check whether --enable-silent-rules was given.
-if test "${enable_silent_rules+set}" = set; then :
+if test ${enable_silent_rules+y}
+then :
enableval=$enable_silent_rules;
fi
@@ -2747,12 +3040,13 @@ case $enable_silent_rules in @%:@ (((
*) AM_DEFAULT_VERBOSITY=1;;
esac
am_make=${MAKE-make}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
-if ${am_cv_make_support_nested_variables+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if $as_echo 'TRUE=$(BAR$(V))
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+printf %s "checking whether $am_make supports nested variables... " >&6; }
+if test ${am_cv_make_support_nested_variables+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if printf "%s\n" 'TRUE=$(BAR$(V))
BAR0=false
BAR1=true
V=1
@@ -2764,8 +3058,8 @@ else
am_cv_make_support_nested_variables=no
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-$as_echo "$am_cv_make_support_nested_variables" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
if test $am_cv_make_support_nested_variables = yes; then
AM_V='$(V)'
AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
@@ -2798,17 +3092,13 @@ fi
# Define the identity of the package.
PACKAGE=libapparmor1
- VERSION=2.13.6
+ VERSION=3.0.8
-cat >>confdefs.h <<_ACEOF
-@%:@define PACKAGE "$PACKAGE"
-_ACEOF
+printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-@%:@define VERSION "$VERSION"
-_ACEOF
+printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
# Some tools Automake needs.
@@ -2828,8 +3118,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
# We need awk for the "check" target (and possibly the TAP driver). The
@@ -2848,6 +3138,20 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+
+
# POSIX will say in a future version that running "rm -f" with no argument
# is OK; and we want to be able to make that assumption in our Makefile
@@ -2880,7 +3184,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -2892,52 +3196,62 @@ END
fi
+
+
+
+
+
+
+
+
+
DEPDIR="${am__leading_dot}deps"
ac_config_commands="$ac_config_commands depfiles"
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
+printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
+cat > confinc.mk << 'END'
am__doit:
- @echo this is the am__doit target
+ @echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
-# If we don't find an include directive, just comment out the code.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
-$as_echo_n "checking for style of include used by $am_make... " >&6; }
am__include="#"
am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
- am__include=include
- am__quote=
- _am_result=GNU
- ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- case `$am_make -s -f confmf 2> /dev/null` in #(
- *the\ am__doit\ target*)
- am__include=.include
- am__quote="\""
- _am_result=BSD
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ case $?:`cat confinc.out 2>/dev/null` in @%:@(
+ '0:this is the am__doit target') :
+ case $s in @%:@(
+ BSD) :
+ am__include='.include' am__quote='"' ;; @%:@(
+ *) :
+ am__include='include' am__quote='' ;;
+esac ;; @%:@(
+ *) :
;;
- esac
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
-$as_echo "$_am_result" >&6; }
-rm -f confinc confmf
+esac
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
+printf "%s\n" "${_am_result}" >&6; }
@%:@ Check whether --enable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then :
+if test ${enable_dependency_tracking+y}
+then :
enableval=$enable_dependency_tracking;
fi
@@ -2963,11 +3277,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -2975,11 +3290,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2990,11 +3309,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3003,11 +3322,12 @@ if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3015,11 +3335,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3030,11 +3354,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_CC" = x; then
@@ -3042,8 +3366,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3056,11 +3380,12 @@ if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3068,11 +3393,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3083,11 +3412,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3096,11 +3425,12 @@ fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3109,15 +3439,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3133,18 +3467,18 @@ if test $ac_prog_rejected = yes; then
# However, it has the same basename, so the bogon will be chosen
# first if we set CC to just the basename; use the full file name.
shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
fi
fi
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3155,11 +3489,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3167,11 +3502,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3182,11 +3521,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3199,11 +3538,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3211,11 +3551,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3226,11 +3570,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3242,8 +3586,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3251,25 +3595,129 @@ esac
fi
fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
+set dummy ${ac_tool_prefix}clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "clang", so it can be a program name with args.
+set dummy clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+
+
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "no acceptable C compiler found in \$PATH
See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
set X $ac_compile
ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
+for ac_option in --version -v -V -qversion -version; do
{ { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -3279,7 +3727,7 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
fi
rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
done
@@ -3287,7 +3735,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3299,9 +3747,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+printf %s "checking whether the C compiler works... " >&6; }
+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
# The possible output files:
ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
@@ -3322,11 +3770,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link_default") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
# in a Makefile. We should not override ac_cv_exeext if it was cached,
@@ -3343,7 +3792,7 @@ do
# certainly right.
break;;
*.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
then :; else
ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
fi
@@ -3359,44 +3808,46 @@ do
done
test "$ac_cv_exeext" = no && ac_cv_exeext=
-else
+else $as_nop
ac_file=''
fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
+if test -z "$ac_file"
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "C compiler cannot create executables
See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+printf %s "checking for C compiler default output file name... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+printf "%s\n" "$ac_file" >&6; }
ac_exeext=$ac_cv_exeext
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+printf %s "checking for suffix of executables... " >&6; }
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
@@ -3410,15 +3861,15 @@ for ac_file in conftest.exe conftest conftest.*; do
* ) break;;
esac
done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+else $as_nop
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of executables: cannot compile and link
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+printf "%s\n" "$ac_cv_exeext" >&6; }
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
@@ -3427,7 +3878,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@%:@include <stdio.h>
int
-main ()
+main (void)
{
FILE *f = fopen ("conftest.out", "w");
return ferror (f) || fclose (f) != 0;
@@ -3439,8 +3890,8 @@ _ACEOF
ac_clean_files="$ac_clean_files conftest.out"
# Check that the compiler produces executables we can run. If not, either
# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+printf %s "checking whether we are cross compiling... " >&6; }
if test "$cross_compiling" != yes; then
{ { ac_try="$ac_link"
case "(($ac_try" in
@@ -3448,10 +3899,10 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if { ac_try='./conftest$ac_cv_exeext'
{ { case "(($ac_try" in
@@ -3459,39 +3910,40 @@ $as_echo "$ac_try_echo"; } >&5
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; }; then
cross_compiling=no
else
if test "$cross_compiling" = maybe; then
cross_compiling=yes
else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
See \`config.log' for more details" "$LINENO" 5; }
fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+printf "%s\n" "$cross_compiling" >&6; }
rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if ${ac_cv_objext+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+printf %s "checking for suffix of object files... " >&6; }
+if test ${ac_cv_objext+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3505,11 +3957,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
for ac_file in conftest.o conftest.obj conftest.*; do
test -f "$ac_file" || continue;
case $ac_file in
@@ -3518,31 +3971,32 @@ $as_echo "$ac_try_echo"; } >&5
break;;
esac
done
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of object files: cannot compile
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+printf "%s\n" "$ac_cv_objext" >&6; }
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if ${ac_cv_c_compiler_gnu+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
+printf %s "checking whether the compiler supports GNU C... " >&6; }
+if test ${ac_cv_c_compiler_gnu+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __GNUC__
choke me
@@ -3552,29 +4006,33 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_compiler_gnu=yes
-else
+else $as_nop
ac_compiler_gnu=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
if test $ac_compiler_gnu = yes; then
GCC=yes
else
GCC=
fi
-ac_test_CFLAGS=${CFLAGS+set}
+ac_test_CFLAGS=${CFLAGS+y}
ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if ${ac_cv_prog_cc_g+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+printf %s "checking whether $CC accepts -g... " >&6; }
+if test ${ac_cv_prog_cc_g+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_save_c_werror_flag=$ac_c_werror_flag
ac_c_werror_flag=yes
ac_cv_prog_cc_g=no
@@ -3583,57 +4041,60 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
-else
+else $as_nop
CFLAGS=""
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
-else
+else $as_nop
ac_c_werror_flag=$ac_save_c_werror_flag
CFLAGS="-g"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_c_werror_flag=$ac_save_c_werror_flag
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
+if test $ac_test_CFLAGS; then
CFLAGS=$ac_save_CFLAGS
elif test $ac_cv_prog_cc_g = yes; then
if test "$GCC" = yes; then
@@ -3648,94 +4109,144 @@ else
CFLAGS=
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if ${ac_cv_prog_cc_c89+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c89=no
+ac_prog_cc_stdc=no
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
+printf %s "checking for $CC option to enable C11 features... " >&6; }
+if test ${ac_cv_prog_cc_c11+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c11=no
ac_save_CC=$CC
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+$ac_c_conftest_c11_program
+_ACEOF
+for ac_arg in '' -std=gnu11
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
+if test "x$ac_cv_prog_cc_c11" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c11" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
+ CC="$CC $ac_cv_prog_cc_c11"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
+ ac_prog_cc_stdc=c11
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
+printf %s "checking for $CC option to enable C99 features... " >&6; }
+if test ${ac_cv_prog_cc_c99+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c99_program
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c99" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c99" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
+ CC="$CC $ac_cv_prog_cc_c99"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
+ ac_prog_cc_stdc=c99
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
+printf %s "checking for $CC option to enable C89 features... " >&6; }
+if test ${ac_cv_prog_cc_c89+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c89_program
_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
+ if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_c89=$ac_arg
fi
-rm -f core conftest.err conftest.$ac_objext
+rm -f core conftest.err conftest.$ac_objext conftest.beam
test "x$ac_cv_prog_cc_c89" != "xno" && break
done
rm -f conftest.$ac_ext
CC=$ac_save_CC
+fi
+if test "x$ac_cv_prog_cc_c89" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c89" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
+ CC="$CC $ac_cv_prog_cc_c89"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
+ ac_prog_cc_stdc=c89
fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
-
fi
ac_ext=c
@@ -3744,21 +4255,23 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-ac_ext=c
+
+ ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
-if ${am_cv_prog_cc_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+printf %s "checking whether $CC understands -c and -o together... " >&6; }
+if test ${am_cv_prog_cc_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3786,8 +4299,8 @@ _ACEOF
rm -f core conftest*
unset am_i
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-$as_echo "$am_cv_prog_cc_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
if test "$am_cv_prog_cc_c_o" != yes; then
# Losing compiler, so override with the script.
# FIXME: It is wrong to rewrite CC.
@@ -3805,11 +4318,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
depcc="$CC" am_compiler_list=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if ${am_cv_CC_dependencies_compiler_type+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+printf %s "checking dependency style of $depcc... " >&6; }
+if test ${am_cv_CC_dependencies_compiler_type+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
# We make a subdir and do the tests there. Otherwise we can end up
# making bogus files that we don't know about and never remove. For
@@ -3916,8 +4430,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
if
@@ -3936,11 +4450,12 @@ for ac_prog in flex lex
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LEX+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LEX+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LEX"; then
ac_cv_prog_LEX="$LEX" # Let the user override the test.
else
@@ -3948,11 +4463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LEX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3963,11 +4482,11 @@ fi
fi
LEX=$ac_cv_prog_LEX
if test -n "$LEX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-$as_echo "$LEX" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
+printf "%s\n" "$LEX" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3975,15 +4494,26 @@ fi
done
test -n "$LEX" || LEX=":"
-if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
+ if test "x$LEX" != "x:"; then
+ cat >conftest.l <<_ACEOF
+%{
+#ifdef __cplusplus
+extern "C"
+#endif
+int yywrap(void);
+%}
%%
a { ECHO; }
b { REJECT; }
c { yymore (); }
d { yyless (1); }
e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
- yyless ((input () != 0)); }
+#ifdef __cplusplus
+ yyless ((yyinput () != 0));
+#else
+ yyless ((input () != 0));
+#endif
+ }
f { unput (yytext[0]); }
. { BEGIN INITIAL; }
%%
@@ -3991,101 +4521,205 @@ f { unput (yytext[0]); }
extern char *yytext;
#endif
int
+yywrap (void)
+{
+ return 1;
+}
+int
main (void)
{
- return ! yylex () + ! yywrap ();
+ return ! yylex ();
}
_ACEOF
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
+printf %s "checking for lex output file root... " >&6; }
+if test ${ac_cv_prog_lex_root+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ac_cv_prog_lex_root=unknown
{ { ac_try="$LEX conftest.l"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$LEX conftest.l") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5
-$as_echo_n "checking lex output file root... " >&6; }
-if ${ac_cv_prog_lex_root+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
if test -f lex.yy.c; then
ac_cv_prog_lex_root=lex.yy
elif test -f lexyy.c; then
ac_cv_prog_lex_root=lexyy
-else
- as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-$as_echo "$ac_cv_prog_lex_root" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
+printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
+if test "$ac_cv_prog_lex_root" = unknown
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+fi
LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-if test -z "${LEXLIB+set}"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5
-$as_echo_n "checking lex library... " >&6; }
-if ${ac_cv_lib_lex+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${LEXLIB+y}
+then :
+
+else $as_nop
- ac_save_LIBS=$LIBS
- ac_cv_lib_lex='none needed'
- for ac_lib in '' -lfl -ll; do
- LIBS="$ac_lib $ac_save_LIBS"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
+printf %s "checking for lex library... " >&6; }
+if test ${ac_cv_lib_lex+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ ac_save_LIBS="$LIBS"
+ ac_found=false
+ for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
+ case $ac_cv_lib_lex in @%:@(
+ 'none needed') :
+ ;; @%:@(
+ 'not found') :
+ break ;; @%:@(
+ *) :
+ LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
+ *) :
+ ;;
+esac
+
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_lex=$ac_lib
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_found=:
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- test "$ac_cv_lib_lex" != 'none needed' && break
+ if $ac_found; then
+ break
+ fi
done
- LIBS=$ac_save_LIBS
+ LIBS="$ac_save_LIBS"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
+printf "%s\n" "$ac_cv_lib_lex" >&6; }
+ if test "$ac_cv_lib_lex" = 'not found'
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+elif test "$ac_cv_lib_lex" = 'none needed'
+then :
+ LEXLIB=''
+else $as_nop
+ LEXLIB=$ac_cv_lib_lex
+fi
+ ac_save_LIBS="$LIBS"
+ LIBS=
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
+printf %s "checking for library containing yywrap... " >&6; }
+if test ${ac_cv_search_yywrap+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char yywrap ();
+int
+main (void)
+{
+return yywrap ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' fl l
+do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_search_yywrap=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext
+ if test ${ac_cv_search_yywrap+y}
+then :
+ break
+fi
+done
+if test ${ac_cv_search_yywrap+y}
+then :
+else $as_nop
+ ac_cv_search_yywrap=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-$as_echo "$ac_cv_lib_lex" >&6; }
- test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
+printf "%s\n" "$ac_cv_search_yywrap" >&6; }
+ac_res=$ac_cv_search_yywrap
+if test "$ac_res" != no
+then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ LEXLIB="$LIBS"
fi
+ LIBS="$ac_save_LIBS"
+fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-$as_echo_n "checking whether yytext is a pointer... " >&6; }
-if ${ac_cv_prog_lex_yytext_pointer+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+if test "$LEX" != :
+then :
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
+printf %s "checking whether yytext is a pointer... " >&6; }
+if test ${ac_cv_prog_lex_yytext_pointer+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# POSIX says lex can declare yytext either as a pointer or an array; the
# default is implementation-dependent. Figure out which it is, since
# not all implementations provide the %pointer and %array declarations.
ac_cv_prog_lex_yytext_pointer=no
-ac_save_LIBS=$LIBS
-LIBS="$LEXLIB $ac_save_LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#define YYTEXT_POINTER 1
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_lex_yytext_pointer=yes
fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
+printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
if test $ac_cv_prog_lex_yytext_pointer = yes; then
-$as_echo "@%:@define YYTEXT_POINTER 1" >>confdefs.h
+printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
+
+fi
fi
rm -f conftest.l $LEX_OUTPUT_ROOT.c
@@ -4098,11 +4732,12 @@ for ac_prog in 'bison -y' byacc
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_YACC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YACC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$YACC"; then
ac_cv_prog_YACC="$YACC" # Let the user override the test.
else
@@ -4110,11 +4745,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_YACC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4125,11 +4764,11 @@ fi
fi
YACC=$ac_cv_prog_YACC
if test -n "$YACC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-$as_echo "$YACC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+printf "%s\n" "$YACC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4137,11 +4776,12 @@ fi
done
test -n "$YACC" || YACC="yacc"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -4155,10 +4795,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -4167,13 +4812,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -4201,8 +4846,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -4217,11 +4862,12 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
@@ -4231,11 +4877,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4247,11 +4897,11 @@ esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4260,11 +4910,12 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
@@ -4274,11 +4925,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4290,11 +4945,11 @@ esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_pt_PKG_CONFIG" = x; then
@@ -4302,8 +4957,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
PKG_CONFIG=$ac_pt_PKG_CONFIG
@@ -4315,25 +4970,26 @@ fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
PKG_CONFIG=""
fi
fi
# Extract the first word of "swig", so it can be a program name with args.
set dummy swig; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_SWIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SWIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $SWIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
@@ -4343,11 +4999,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4359,43 +5019,46 @@ esac
fi
SWIG=$ac_cv_path_SWIG
if test -n "$SWIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-$as_echo "$SWIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
+printf "%s\n" "$SWIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-$as_echo_n "checking whether the libapparmor debug output should be enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
+printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
@%:@ Check whether --enable-debug_output was given.
-if test "${enable_debug_output+set}" = set; then :
- enableval=$enable_debug_output; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_debug_output+y}
+then :
+ enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_debug_output=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-$as_echo "$enable_debug_output" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
+printf "%s\n" "$enable_debug_output" >&6; }
fi
-if test "$enable_debug_output" = "yes"; then :
+if test "$enable_debug_output" = "yes"
+then :
-$as_echo "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
+printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-$as_echo_n "checking whether the libapparmor man pages should be generated... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
+printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
@%:@ Check whether --enable-man_pages was given.
-if test "${enable_man_pages+set}" = set; then :
- enableval=$enable_man_pages; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_man_pages+y}
+then :
+ enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_man_pages=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-$as_echo "$enable_man_pages" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
+printf "%s\n" "$enable_man_pages" >&6; }
fi
if test "$enable_man_pages" = "yes"; then
@@ -4404,11 +5067,12 @@ if test "$enable_man_pages" = "yes"; then
# Extract the first word of "podchecker", so it can be a program name with args.
set dummy podchecker; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_PODCHECKER+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PODCHECKER+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$PODCHECKER"; then
ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
else
@@ -4416,11 +5080,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_PODCHECKER="podchecker"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4432,11 +5100,11 @@ fi
fi
PODCHECKER=$ac_cv_prog_PODCHECKER
if test -n "$PODCHECKER"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-$as_echo "$PODCHECKER" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
+printf "%s\n" "$PODCHECKER" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4455,11 +5123,12 @@ Perl, which can be retrieved from:
# Extract the first word of "pod2man", so it can be a program name with args.
set dummy pod2man; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_POD2MAN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_POD2MAN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$POD2MAN"; then
ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
else
@@ -4467,11 +5136,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_POD2MAN="pod2man"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4483,11 +5156,11 @@ fi
fi
POD2MAN=$ac_cv_prog_POD2MAN
if test -n "$POD2MAN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-$as_echo "$POD2MAN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
+printf "%s\n" "$POD2MAN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4502,27 +5175,29 @@ Perl, which can be retrieved from:
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-$as_echo_n "checking whether python bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
+printf %s "checking whether python bindings are enabled... " >&6; }
@%:@ Check whether --with-python was given.
-if test "${with_python+set}" = set; then :
- withval=$with_python; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_python+y}
+then :
+ withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_python" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python", so it can be a program name with args.
-set dummy python; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ # Extract the first word of "python3", so it can be a program name with args.
+set dummy python3; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4532,11 +5207,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4548,11 +5227,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4567,11 +5246,12 @@ fi
# Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
set dummy python$PYTHON_VERSION; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4581,11 +5261,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4597,11 +5281,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4610,20 +5294,132 @@ fi
PYTHON_VERSION=""
fi
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
+if test -n "$PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
+printf "%s\n" "$PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PYTHON_CONFIG"; then
+ ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
+ # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy `basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $ac_pt_PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
+if test -n "$ac_pt_PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
+printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_pt_PYTHON_CONFIG" = x; then
+ PYTHON_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
+ fi
+else
+ PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
+fi
+
+ if test -z "$PYTHON_CONFIG"; then
+ as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
+ fi
+
#
# Check for a version of Python >= 2.1.0
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-$as_echo_n "checking for a version of Python >= '2.1.0'... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
+printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write(str(ver >= '2.1.0'))"`
if test "$ac_supports_python_ver" != "True"; then
if test -z "$PYTHON_NOVERSIONCHECK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "
This version of the AC@&t@_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
@@ -4635,29 +5431,29 @@ to something else than an empty string.
See \`config.log' for more details" "$LINENO" 5; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-$as_echo "skip at user request" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
+printf "%s\n" "skip at user request" >&6; }
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
fi
#
# if the macro parameter ``version'' is set, honour it
#
if test -n ""; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-$as_echo_n "checking for a version of Python ... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
+printf %s "checking for a version of Python ... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write("%s\n" % (ver == ))"`
if test "$ac_supports_python_ver" = "True"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
as_fn_error $? "this package requires Python .
If you have it installed, but it isn't the default Python
interpreter in your system path, please pass the PYTHON_VERSION
@@ -4668,56 +5464,56 @@ variable to configure. See \`\`configure --help'' for reference.
fi
#
- # Check if you have distutils, else fail
+ # Check if you have setuptools, else fail
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
-$as_echo_n "checking for the distutils Python package... " >&6; }
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
+printf %s "checking for the setuptools Python package... " >&6; }
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- as_fn_error $? "cannot import Python module \"distutils\".
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "cannot import Python module \"setuptools\".
Please check your Python installation. The error was:
-$ac_distutils_result" "$LINENO" 5
+$ac_setuptools_result" "$LINENO" 5
PYTHON_VERSION=""
fi
#
# Check for Python include path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-$as_echo_n "checking for Python include path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
+printf %s "checking for Python include path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
fi
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
PYTHON_CPPFLAGS=$python_path
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-$as_echo "$PYTHON_CPPFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
+printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
#
# Check for Python library path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-$as_echo_n "checking for Python library path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
+printf %s "checking for Python library path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
fi
if test -z "$PYTHON_LDFLAGS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
- py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
if test "$py_version" == "None"; then
if test -n "$PYTHON_VERSION"; then
py_version=$PYTHON_VERSION
@@ -4727,60 +5523,68 @@ sys.stdout.write("%s\n" % sys.version[:3])"`
fi
fi
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-$as_echo "$PYTHON_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
#
# Check for site packages
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-$as_echo_n "checking for Python site-packages path... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
+printf %s "checking for Python site-packages path... " >&6; }
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-$as_echo "$PYTHON_SITE_PKG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
+printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
#
# libraries which must be linked in when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-$as_echo_n "checking python extra libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
+printf %s "checking python extra libraries... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-$as_echo "$PYTHON_EXTRA_LIBS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
#
# linking flags needed when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-$as_echo_n "checking python extra linking flags... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
+printf %s "checking python extra linking flags... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-$as_echo "$PYTHON_EXTRA_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
#
# final check to see if everything compiles alright
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-$as_echo_n "checking consistency of all components of python development environment... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
+printf %s "checking consistency of all components of python development environment... " >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -4790,7 +5594,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -4798,7 +5602,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
#include <Python.h>
int
-main ()
+main (void)
{
Py_Initialize();
@@ -4807,16 +5611,17 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
pythonexists=yes
-else
+else $as_nop
pythonexists=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-$as_echo "$pythonexists" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
+printf "%s\n" "$pythonexists" >&6; }
if test ! "$pythonexists" = "yes"; then
as_fn_error $? "
@@ -4847,22 +5652,83 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
#
-
+
- # Find any Python interpreter.
- if test -z "$PYTHON"; then
- for ac_prog in python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test -n "$PYTHON"; then
+ # If the user set $PYTHON, use it and don't search something else.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
+printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
+ ($PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "Python interpreter is too old" "$LINENO" 5
+fi
+ am_display_PYTHON=$PYTHON
+ else
+ # Otherwise, try each interpreter until we find one that satisfies
+ # VERSION.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
+printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
+if test ${am_cv_pathless_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
+ test "$am_cv_pathless_PYTHON" = none && break
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
+ ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ break
+fi
+ done
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
+printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
+ # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
+ if test "$am_cv_pathless_PYTHON" = none; then
+ PYTHON=:
+ else
+ # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
+set dummy $am_cv_pathless_PYTHON; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4872,11 +5738,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4888,59 +5758,186 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
- test -n "$PYTHON" && break
-done
-test -n "$PYTHON" || PYTHON=":"
-
+ fi
+ am_display_PYTHON=$am_cv_pathless_PYTHON
fi
- am_display_PYTHON=python
if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
+ as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
else
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-$as_echo_n "checking for $am_display_PYTHON version... " >&6; }
-if ${am_cv_python_version+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
+printf %s "checking for $am_display_PYTHON version... " >&6; }
+if test ${am_cv_python_version+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-$as_echo "$am_cv_python_version" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
+printf "%s\n" "$am_cv_python_version" >&6; }
PYTHON_VERSION=$am_cv_python_version
-
- PYTHON_PREFIX='${prefix}'
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
+printf %s "checking for $am_display_PYTHON platform... " >&6; }
+if test ${am_cv_python_platform+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
+printf "%s\n" "$am_cv_python_platform" >&6; }
+ PYTHON_PLATFORM=$am_cv_python_platform
- PYTHON_EXEC_PREFIX='${exec_prefix}'
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-$as_echo_n "checking for $am_display_PYTHON platform... " >&6; }
-if ${am_cv_python_platform+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+
+@%:@ Check whether --with-python-sys-prefix was given.
+if test ${with_python_sys_prefix+y}
+then :
+ withval=$with_python_sys_prefix; am_use_python_sys=:
+else $as_nop
+ am_use_python_sys=false
+fi
+
+
+ # Allow user to override whatever the default Python prefix is.
+
+@%:@ Check whether --with-python_prefix was given.
+if test ${with_python_prefix+y}
+then :
+ withval=$with_python_prefix; am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+else $as_nop
+
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
+printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
+if test ${am_cv_python_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
+printf "%s\n" "$am_python_prefix" >&6; }
+ fi
+fi
+
+ # Substituting python_prefix_subst value.
+ PYTHON_PREFIX=$am_python_prefix_subst
+
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+
+@%:@ Check whether --with-python_exec_prefix was given.
+if test ${with_python_exec_prefix+y}
+then :
+ withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ if test -n "$with_python_prefix"
+then :
+ am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
+if test ${am_cv_python_exec_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
+printf "%s\n" "$am_python_exec_prefix" >&6; }
+ fi
+fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-$as_echo "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
+ # Substituting python_exec_prefix_subst.
+ PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
- # Just factor out some code duplication.
+
+ # Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
@@ -4961,121 +5958,134 @@ except ImportError:
pass"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5
-$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; }
-if ${am_cv_python_pythondir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$prefix" = xNONE
- then
- am_py_prefix=$ac_default_prefix
- else
- am_py_prefix=$prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
+printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
+if test ${am_cv_python_pythondir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
-
+ ;;
+ esac
+
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-$as_echo "$am_cv_python_pythondir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
+printf "%s\n" "$am_cv_python_pythondir" >&6; }
pythondir=$am_cv_python_pythondir
-
- pkgpythondir=\${pythondir}/$PACKAGE
-
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5
-$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; }
-if ${am_cv_python_pyexecdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$exec_prefix" = xNONE
- then
- am_py_exec_prefix=$am_py_prefix
- else
- am_py_exec_prefix=$exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
+ pkgpythondir=\${pythondir}/$PACKAGE
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
+printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
+if test ${am_cv_python_pyexecdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
-
+ ;;
+ esac
+
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-$as_echo "$am_cv_python_pyexecdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
+printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
pyexecdir=$am_cv_python_pyexecdir
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
+ pkgpyexecdir=\${pyexecdir}/$PACKAGE
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-$as_echo_n "checking whether perl bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
+printf %s "checking whether perl bindings are enabled... " >&6; }
@%:@ Check whether --with-perl was given.
-if test "${with_perl+set}" = set; then :
- withval=$with_perl; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_perl+y}
+then :
+ withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_perl" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
# Extract the first word of "perl", so it can be a program name with args.
set dummy perl; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PERL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PERL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PERL in
[\\/]* | ?:[\\/]*)
ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
@@ -5085,11 +6095,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5101,63 +6115,48 @@ esac
fi
PERL=$ac_cv_path_PERL
if test -n "$PERL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-$as_echo "$PERL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- as_ac_File=`$as_echo "ac_cv_file_$perl_includedir/perl.h" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $perl_includedir/perl.h" >&5
-$as_echo_n "checking for $perl_includedir/perl.h... " >&6; }
-if eval \${$as_ac_File+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- test "$cross_compiling" = yes &&
- as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
-if test -r "$perl_includedir/perl.h"; then
- eval "$as_ac_File=yes"
-else
- eval "$as_ac_File=no"
-fi
-fi
-eval ac_res=\$$as_ac_File
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+ if test -e "$perl_includedir/perl.h"
+then :
enable_perl=yes
-else
+else $as_nop
enable_perl=no
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-$as_echo_n "checking whether ruby bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
+printf %s "checking whether ruby bindings are enabled... " >&6; }
@%:@ Check whether --with-ruby was given.
-if test "${with_ruby+set}" = set; then :
- withval=$with_ruby; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_ruby+y}
+then :
+ withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_ruby" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
# Extract the first word of "ruby", so it can be a program name with args.
set dummy ruby; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_RUBY+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_RUBY+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $RUBY in
[\\/]* | ?:[\\/]*)
ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
@@ -5167,11 +6166,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5183,11 +6186,11 @@ esac
fi
RUBY=$ac_cv_path_RUBY
if test -n "$RUBY"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-$as_echo "$RUBY" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
+printf "%s\n" "$RUBY" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -5228,149 +6231,41 @@ else
fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if ${ac_cv_prog_CPP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@ifdef __STDC__
-@%:@ include <limits.h>
-@%:@else
-@%:@ include <assert.h>
-@%:@endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
+ if test $ac_cache; then
+ ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+ if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+ printf "%s\n" "#define $ac_item 1" >> confdefs.h
+ fi
+ ac_header= ac_cache=
+ elif test $ac_header; then
+ ac_cache=$ac_item
+ else
+ ac_header=$ac_item
+ fi
+done
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@ifdef __STDC__
-@%:@ include <limits.h>
-@%:@else
-@%:@ include <assert.h>
-@%:@endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-@%:@include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if ${ac_cv_path_GREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
+
+printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+printf %s "checking for grep that handles long lines and -e... " >&6; }
+if test ${ac_cv_path_GREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$GREP"; then
ac_path_GREP_found=false
# Loop through the user's path and test for each of PROGNAME-LIST
@@ -5378,10 +6273,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in grep ggrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
@@ -5390,13 +6290,13 @@ case `"$ac_path_GREP" --version 2>&1` in
ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
+ printf "%s\n" 'GREP' >> "conftest.nl"
"$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5424,16 +6324,20 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+printf "%s\n" "$ac_cv_path_GREP" >&6; }
GREP="$ac_cv_path_GREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if ${ac_cv_path_EGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+# Autoupdate added the next two lines to ensure that your configure
+# script's behavior did not change. They are probably safe to remove.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+printf %s "checking for egrep... " >&6; }
+if test ${ac_cv_path_EGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
then ac_cv_path_EGREP="$GREP -E"
else
@@ -5444,10 +6348,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in egrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
@@ -5456,13 +6365,13 @@ case `"$ac_path_EGREP" --version 2>&1` in
ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
+ printf "%s\n" 'EGREP' >> "conftest.nl"
"$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5491,178 +6400,70 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+printf "%s\n" "$ac_cv_path_EGREP" >&6; }
EGREP="$ac_cv_path_EGREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
fi
+ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
fi
-rm -f conftest*
+ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
+if test "x$ac_cv_header_syslog_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
fi
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-
-$as_echo "@%:@define STDC_HEADERS 1" >>confdefs.h
+ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
+if test "x$ac_cv_func_asprintf" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
fi
+ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
+if test "x$ac_cv_func___secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
fi
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
-done
-
-
-for ac_header in unistd.h stdint.h syslog.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
fi
+ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
+if test "x$ac_cv_func_reallocarray" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
-done
-
-
-for ac_func in asprintf __secure_getenv secure_getenv reallocarray
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-
fi
-done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __cplusplus
@@ -5675,7 +6476,7 @@ main ()
/* NEC SVR4.0.2 mips cc rejects this. */
struct point {int x, y;};
static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
+ /* IBM XL C 1.02.0.0 rejects this.
It does not let you subtract one const X* pointer from another in
an arm of an if-expression whose if-part is not a constant
expression */
@@ -5703,7 +6504,7 @@ main ()
iptr p = 0;
++p;
}
- { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+ { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
struct s { int j; const int *ap[3]; } bx;
struct s *b = &bx; b->j = 5;
@@ -5719,25 +6520,26 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_c_const=yes
-else
+else $as_nop
ac_cv_c_const=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
if test $ac_cv_c_const = no; then
-$as_echo "@%:@define const /**/" >>confdefs.h
+printf "%s\n" "@%:@define const /**/" >>confdefs.h
fi
case `pwd` in
*\ * | *\ *)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
esac
@@ -5757,28 +6559,32 @@ macro_revision='2.4.6'
+
ltmain=$ac_aux_dir/ltmain.sh
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if ${ac_cv_build+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+ # Make sure we can run config.sub.
+$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+printf %s "checking build system type... " >&6; }
+if test ${ac_cv_build+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+ ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
test "x$ac_build_alias" = x &&
as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+printf "%s\n" "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
@@ -5797,21 +6603,22 @@ IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if ${ac_cv_host+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+printf %s "checking host system type... " >&6; }
+if test ${ac_cv_host+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+ ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+printf "%s\n" "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
@@ -5851,8 +6658,8 @@ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-$as_echo_n "checking how to print strings... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+printf %s "checking how to print strings... " >&6; }
# Test print first, because it will be a builtin if present.
if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
@@ -5878,12 +6685,12 @@ func_echo_all ()
}
case $ECHO in
- printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-$as_echo "printf" >&6; } ;;
- print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-$as_echo "print -r" >&6; } ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-$as_echo "cat" >&6; } ;;
+ printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+printf "%s\n" "printf" >&6; } ;;
+ print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+printf "%s\n" "print -r" >&6; } ;;
+ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+printf "%s\n" "cat" >&6; } ;;
esac
@@ -5899,11 +6706,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -5917,10 +6725,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -5929,13 +6742,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5963,8 +6776,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -5981,11 +6794,12 @@ Xsed="$SED -e 1s/^X//"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-$as_echo_n "checking for fgrep... " >&6; }
-if ${ac_cv_path_FGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+printf %s "checking for fgrep... " >&6; }
+if test ${ac_cv_path_FGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
then ac_cv_path_FGREP="$GREP -F"
else
@@ -5996,10 +6810,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in fgrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in fgrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_FGREP" || continue
# Check for GNU ac_path_FGREP and select it if it is found.
# Check for GNU $ac_path_FGREP
@@ -6008,13 +6827,13 @@ case `"$ac_path_FGREP" --version 2>&1` in
ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'FGREP' >> "conftest.nl"
+ printf "%s\n" 'FGREP' >> "conftest.nl"
"$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -6043,8 +6862,8 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-$as_echo "$ac_cv_path_FGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+printf "%s\n" "$ac_cv_path_FGREP" >&6; }
FGREP="$ac_cv_path_FGREP"
@@ -6069,17 +6888,18 @@ test -z "$GREP" && GREP=grep
@%:@ Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then :
+if test ${with_gnu_ld+y}
+then :
withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else
+else $as_nop
with_gnu_ld=no
fi
ac_prog=ld
if test yes = "$GCC"; then
# Check if gcc -print-prog-name=ld gives a path.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-$as_echo_n "checking for ld used by $CC... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+printf %s "checking for ld used by $CC... " >&6; }
case $host in
*-*-mingw*)
# gcc leaves a trailing carriage return, which upsets mingw
@@ -6108,15 +6928,16 @@ $as_echo_n "checking for ld used by $CC... " >&6; }
;;
esac
elif test yes = "$with_gnu_ld"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-$as_echo_n "checking for GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+printf %s "checking for GNU ld... " >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-$as_echo_n "checking for non-GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+printf %s "checking for non-GNU ld... " >&6; }
fi
-if ${lt_cv_path_LD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${lt_cv_path_LD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$LD"; then
lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
@@ -6145,18 +6966,19 @@ fi
LD=$lt_cv_path_LD
if test -n "$LD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-$as_echo "$LD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+printf "%s\n" "$LD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
-if ${lt_cv_prog_gnu_ld+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
+if test ${lt_cv_prog_gnu_ld+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
@@ -6167,8 +6989,8 @@ case `$LD -v 2>&1 </dev/null` in
;;
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -6179,11 +7001,12 @@ with_gnu_ld=$lt_cv_prog_gnu_ld
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if ${lt_cv_path_NM+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test ${lt_cv_path_NM+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NM"; then
# Let the user override the test.
lt_cv_path_NM=$NM
@@ -6233,8 +7056,8 @@ else
: ${lt_cv_path_NM=no}
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-$as_echo "$lt_cv_path_NM" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+printf "%s\n" "$lt_cv_path_NM" >&6; }
if test no != "$lt_cv_path_NM"; then
NM=$lt_cv_path_NM
else
@@ -6247,11 +7070,12 @@ else
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DUMPBIN"; then
ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
else
@@ -6259,11 +7083,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6274,11 +7102,11 @@ fi
fi
DUMPBIN=$ac_cv_prog_DUMPBIN
if test -n "$DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-$as_echo "$DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+printf "%s\n" "$DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6291,11 +7119,12 @@ if test -z "$DUMPBIN"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DUMPBIN"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
else
@@ -6303,11 +7132,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6318,11 +7151,11 @@ fi
fi
ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
if test -n "$ac_ct_DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-$as_echo "$ac_ct_DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6334,8 +7167,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DUMPBIN=$ac_ct_DUMPBIN
@@ -6363,11 +7196,12 @@ test -z "$NM" && NM=nm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-$as_echo_n "checking the name lister ($NM) interface... " >&6; }
-if ${lt_cv_nm_interface+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+printf %s "checking the name lister ($NM) interface... " >&6; }
+if test ${lt_cv_nm_interface+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
@@ -6383,26 +7217,27 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-$as_echo "$lt_cv_nm_interface" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+printf "%s\n" "$lt_cv_nm_interface" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-$as_echo_n "checking whether ln -s works... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+printf %s "checking whether ln -s works... " >&6; }
LN_S=$as_ln_s
if test "$LN_S" = "ln -s"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-$as_echo "no, using $LN_S" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+printf "%s\n" "no, using $LN_S" >&6; }
fi
# find the maximum length of command line arguments
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-$as_echo_n "checking the maximum length of command line arguments... " >&6; }
-if ${lt_cv_sys_max_cmd_len+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+printf %s "checking the maximum length of command line arguments... " >&6; }
+if test ${lt_cv_sys_max_cmd_len+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
i=0
teststring=ABCD
@@ -6529,11 +7364,11 @@ else
fi
if test -n "$lt_cv_sys_max_cmd_len"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
-$as_echo "none" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
+printf "%s\n" "none" >&6; }
fi
max_cmd_len=$lt_cv_sys_max_cmd_len
@@ -6577,11 +7412,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-$as_echo_n "checking how to convert $build file names to $host format... " >&6; }
-if ${lt_cv_to_host_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+printf %s "checking how to convert $build file names to $host format... " >&6; }
+if test ${lt_cv_to_host_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $host in
*-*-mingw* )
case $build in
@@ -6617,18 +7453,19 @@ esac
fi
to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-$as_echo "$lt_cv_to_host_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; }
-if ${lt_cv_to_tool_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+printf %s "checking how to convert $build file names to toolchain format... " >&6; }
+if test ${lt_cv_to_tool_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
#assume ordinary cross tools, or native build.
lt_cv_to_tool_file_cmd=func_convert_file_noop
case $host in
@@ -6644,22 +7481,23 @@ esac
fi
to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-$as_echo "$lt_cv_to_tool_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-$as_echo_n "checking for $LD option to reload object files... " >&6; }
-if ${lt_cv_ld_reload_flag+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+printf %s "checking for $LD option to reload object files... " >&6; }
+if test ${lt_cv_ld_reload_flag+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_reload_flag='-r'
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-$as_echo "$lt_cv_ld_reload_flag" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
reload_flag=$lt_cv_ld_reload_flag
case $reload_flag in
"" | " "*) ;;
@@ -6692,11 +7530,12 @@ esac
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OBJDUMP"; then
ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
else
@@ -6704,11 +7543,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6719,11 +7562,11 @@ fi
fi
OBJDUMP=$ac_cv_prog_OBJDUMP
if test -n "$OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-$as_echo "$OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+printf "%s\n" "$OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6732,11 +7575,12 @@ if test -z "$ac_cv_prog_OBJDUMP"; then
ac_ct_OBJDUMP=$OBJDUMP
# Extract the first word of "objdump", so it can be a program name with args.
set dummy objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OBJDUMP"; then
ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
else
@@ -6744,11 +7588,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OBJDUMP="objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6759,11 +7607,11 @@ fi
fi
ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
if test -n "$ac_ct_OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-$as_echo "$ac_ct_OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OBJDUMP" = x; then
@@ -6771,8 +7619,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OBJDUMP=$ac_ct_OBJDUMP
@@ -6791,11 +7639,12 @@ test -z "$OBJDUMP" && OBJDUMP=objdump
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-$as_echo_n "checking how to recognize dependent libraries... " >&6; }
-if ${lt_cv_deplibs_check_method+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+printf %s "checking how to recognize dependent libraries... " >&6; }
+if test ${lt_cv_deplibs_check_method+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_file_magic_cmd='$MAGIC_CMD'
lt_cv_file_magic_test_file=
lt_cv_deplibs_check_method='unknown'
@@ -6991,8 +7840,8 @@ os2*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-$as_echo "$lt_cv_deplibs_check_method" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
file_magic_glob=
want_nocaseglob=no
@@ -7036,11 +7885,12 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DLLTOOL"; then
ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
else
@@ -7048,11 +7898,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7063,11 +7917,11 @@ fi
fi
DLLTOOL=$ac_cv_prog_DLLTOOL
if test -n "$DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-$as_echo "$DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+printf "%s\n" "$DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7076,11 +7930,12 @@ if test -z "$ac_cv_prog_DLLTOOL"; then
ac_ct_DLLTOOL=$DLLTOOL
# Extract the first word of "dlltool", so it can be a program name with args.
set dummy dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DLLTOOL"; then
ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
else
@@ -7088,11 +7943,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7103,11 +7962,11 @@ fi
fi
ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
if test -n "$ac_ct_DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-$as_echo "$ac_ct_DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DLLTOOL" = x; then
@@ -7115,8 +7974,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DLLTOOL=$ac_ct_DLLTOOL
@@ -7136,11 +7995,12 @@ test -z "$DLLTOOL" && DLLTOOL=dlltool
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-$as_echo_n "checking how to associate runtime and link libraries... " >&6; }
-if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+printf %s "checking how to associate runtime and link libraries... " >&6; }
+if test ${lt_cv_sharedlib_from_linklib_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_sharedlib_from_linklib_cmd='unknown'
case $host_os in
@@ -7163,8 +8023,8 @@ cygwin* | mingw* | pw32* | cegcc*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
@@ -7179,11 +8039,12 @@ if test -n "$ac_tool_prefix"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AR"; then
ac_cv_prog_AR="$AR" # Let the user override the test.
else
@@ -7191,11 +8052,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7206,11 +8071,11 @@ fi
fi
AR=$ac_cv_prog_AR
if test -n "$AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-$as_echo "$AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+printf "%s\n" "$AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7223,11 +8088,12 @@ if test -z "$AR"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_AR"; then
ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
else
@@ -7235,11 +8101,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_AR="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7250,11 +8120,11 @@ fi
fi
ac_ct_AR=$ac_cv_prog_ac_ct_AR
if test -n "$ac_ct_AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-$as_echo "$ac_ct_AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+printf "%s\n" "$ac_ct_AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7266,8 +8136,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
AR=$ac_ct_AR
@@ -7275,7 +8145,7 @@ esac
fi
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
@@ -7287,30 +8157,32 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-$as_echo_n "checking for archiver @FILE support... " >&6; }
-if ${lt_cv_ar_at_file+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+printf %s "checking for archiver @FILE support... " >&6; }
+if test ${lt_cv_ar_at_file+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ar_at_file=no
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
echo conftest.$ac_objext > conftest.lst
lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -eq "$ac_status"; then
# Ensure the archiver fails upon bogus file names.
@@ -7318,7 +8190,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -ne "$ac_status"; then
lt_cv_ar_at_file=@
@@ -7327,11 +8199,11 @@ if ac_fn_c_try_compile "$LINENO"; then :
rm -f conftest.* libconftest.a
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-$as_echo "$lt_cv_ar_at_file" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+printf "%s\n" "$lt_cv_ar_at_file" >&6; }
if test no = "$lt_cv_ar_at_file"; then
archiver_list_spec=
@@ -7348,11 +8220,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -7360,11 +8233,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7375,11 +8252,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7388,11 +8265,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -7400,11 +8278,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7415,11 +8297,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -7427,8 +8309,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -7447,11 +8329,12 @@ test -z "$STRIP" && STRIP=:
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$RANLIB"; then
ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
else
@@ -7459,11 +8342,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7474,11 +8361,11 @@ fi
fi
RANLIB=$ac_cv_prog_RANLIB
if test -n "$RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-$as_echo "$RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7487,11 +8374,12 @@ if test -z "$ac_cv_prog_RANLIB"; then
ac_ct_RANLIB=$RANLIB
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_RANLIB"; then
ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
else
@@ -7499,11 +8387,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7514,11 +8406,11 @@ fi
fi
ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
if test -n "$ac_ct_RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-$as_echo "$ac_ct_RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_RANLIB" = x; then
@@ -7526,8 +8418,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
RANLIB=$ac_ct_RANLIB
@@ -7616,11 +8508,12 @@ compiler=$CC
# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
-if ${lt_cv_sys_global_symbol_pipe+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+printf %s "checking command to parse $NM output from $compiler object... " >&6; }
+if test ${lt_cv_sys_global_symbol_pipe+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# These are sane defaults that work on at least a few old systems.
# [They come from Ultrix. What could be older than Ultrix?!! ;)]
@@ -7772,15 +8665,12 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
# Now try to grab the symbols.
nlist=conftest.nm
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
- (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -7848,7 +8738,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s conftest$ac_exeext; then
pipe_works=yes
fi
@@ -7883,11 +8773,11 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then
lt_cv_sys_global_symbol_to_cdecl=
fi
if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-$as_echo "failed" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+printf "%s\n" "failed" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-$as_echo "ok" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+printf "%s\n" "ok" >&6; }
fi
# Response file support.
@@ -7933,13 +8823,14 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-$as_echo_n "checking for sysroot... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+printf %s "checking for sysroot... " >&6; }
@%:@ Check whether --with-sysroot was given.
-if test "${with_sysroot+set}" = set; then :
+if test ${with_sysroot+y}
+then :
withval=$with_sysroot;
-else
+else $as_nop
with_sysroot=no
fi
@@ -7957,24 +8848,25 @@ case $with_sysroot in #(
no|'')
;; #(
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-$as_echo "$with_sysroot" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+printf "%s\n" "$with_sysroot" >&6; }
as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-$as_echo "${lt_sysroot:-no}" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+printf "%s\n" "${lt_sysroot:-no}" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-$as_echo_n "checking for a working dd... " >&6; }
-if ${ac_cv_path_lt_DD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+printf %s "checking for a working dd... " >&6; }
+if test ${ac_cv_path_lt_DD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
: ${lt_DD:=$DD}
@@ -7985,10 +8877,15 @@ if test -z "$lt_DD"; then
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in dd; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in dd
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_lt_DD" || continue
if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
cmp -s conftest.i conftest.out \
@@ -8008,15 +8905,16 @@ fi
rm -f conftest.i conftest2.i conftest.out
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-$as_echo "$ac_cv_path_lt_DD" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-$as_echo_n "checking how to truncate binary pipes... " >&6; }
-if ${lt_cv_truncate_bin+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+printf %s "checking how to truncate binary pipes... " >&6; }
+if test ${lt_cv_truncate_bin+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
lt_cv_truncate_bin=
@@ -8027,8 +8925,8 @@ fi
rm -f conftest.i conftest2.i conftest.out
test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-$as_echo "$lt_cv_truncate_bin" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+printf "%s\n" "$lt_cv_truncate_bin" >&6; }
@@ -8051,7 +8949,8 @@ func_cc_basename ()
}
@%:@ Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then :
+if test ${enable_libtool_lock+y}
+then :
enableval=$enable_libtool_lock;
fi
@@ -8067,7 +8966,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
@@ -8087,7 +8986,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
if test yes = "$lt_cv_prog_gnu_ld"; then
case `/usr/bin/file conftest.$ac_objext` in
@@ -8125,7 +9024,7 @@ mips64*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
emul=elf
case `/usr/bin/file conftest.$ac_objext` in
@@ -8166,7 +9065,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*32-bit*)
@@ -8229,11 +9128,12 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -belf"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
-if ${lt_cv_cc_needs_belf+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+printf %s "checking whether the C compiler needs -belf... " >&6; }
+if test ${lt_cv_cc_needs_belf+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -8244,19 +9144,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_cc_needs_belf=yes
-else
+else $as_nop
lt_cv_cc_needs_belf=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -8265,8 +9166,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-$as_echo "$lt_cv_cc_needs_belf" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
if test yes != "$lt_cv_cc_needs_belf"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
CFLAGS=$SAVE_CFLAGS
@@ -8279,7 +9180,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*64-bit*)
@@ -8316,11 +9217,12 @@ need_locks=$enable_libtool_lock
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$MANIFEST_TOOL"; then
ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
else
@@ -8328,11 +9230,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8343,11 +9249,11 @@ fi
fi
MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
if test -n "$MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-$as_echo "$MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+printf "%s\n" "$MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8356,11 +9262,12 @@ if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
# Extract the first word of "mt", so it can be a program name with args.
set dummy mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_MANIFEST_TOOL"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
else
@@ -8368,11 +9275,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8383,11 +9294,11 @@ fi
fi
ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
if test -n "$ac_ct_MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-$as_echo "$ac_ct_MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_MANIFEST_TOOL" = x; then
@@ -8395,8 +9306,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
@@ -8406,11 +9317,12 @@ else
fi
test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if ${lt_cv_path_mainfest_tool+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if test ${lt_cv_path_mainfest_tool+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_path_mainfest_tool=no
echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
$MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
@@ -8420,8 +9332,8 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-$as_echo "$lt_cv_path_mainfest_tool" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
if test yes != "$lt_cv_path_mainfest_tool"; then
MANIFEST_TOOL=:
fi
@@ -8436,11 +9348,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DSYMUTIL"; then
ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
else
@@ -8448,11 +9361,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8463,11 +9380,11 @@ fi
fi
DSYMUTIL=$ac_cv_prog_DSYMUTIL
if test -n "$DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-$as_echo "$DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+printf "%s\n" "$DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8476,11 +9393,12 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then
ac_ct_DSYMUTIL=$DSYMUTIL
# Extract the first word of "dsymutil", so it can be a program name with args.
set dummy dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DSYMUTIL"; then
ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
else
@@ -8488,11 +9406,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8503,11 +9425,11 @@ fi
fi
ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
if test -n "$ac_ct_DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-$as_echo "$ac_ct_DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DSYMUTIL" = x; then
@@ -8515,8 +9437,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DSYMUTIL=$ac_ct_DSYMUTIL
@@ -8528,11 +9450,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NMEDIT"; then
ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
else
@@ -8540,11 +9463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8555,11 +9482,11 @@ fi
fi
NMEDIT=$ac_cv_prog_NMEDIT
if test -n "$NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-$as_echo "$NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+printf "%s\n" "$NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8568,11 +9495,12 @@ if test -z "$ac_cv_prog_NMEDIT"; then
ac_ct_NMEDIT=$NMEDIT
# Extract the first word of "nmedit", so it can be a program name with args.
set dummy nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_NMEDIT"; then
ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
else
@@ -8580,11 +9508,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_NMEDIT="nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8595,11 +9527,11 @@ fi
fi
ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
if test -n "$ac_ct_NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-$as_echo "$ac_ct_NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+printf "%s\n" "$ac_ct_NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_NMEDIT" = x; then
@@ -8607,8 +9539,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
NMEDIT=$ac_ct_NMEDIT
@@ -8620,11 +9552,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LIPO"; then
ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
else
@@ -8632,11 +9565,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8647,11 +9584,11 @@ fi
fi
LIPO=$ac_cv_prog_LIPO
if test -n "$LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-$as_echo "$LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+printf "%s\n" "$LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8660,11 +9597,12 @@ if test -z "$ac_cv_prog_LIPO"; then
ac_ct_LIPO=$LIPO
# Extract the first word of "lipo", so it can be a program name with args.
set dummy lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_LIPO"; then
ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
else
@@ -8672,11 +9610,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_LIPO="lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8687,11 +9629,11 @@ fi
fi
ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
if test -n "$ac_ct_LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-$as_echo "$ac_ct_LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+printf "%s\n" "$ac_ct_LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_LIPO" = x; then
@@ -8699,8 +9641,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
LIPO=$ac_ct_LIPO
@@ -8712,11 +9654,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL"; then
ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
else
@@ -8724,11 +9667,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8739,11 +9686,11 @@ fi
fi
OTOOL=$ac_cv_prog_OTOOL
if test -n "$OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-$as_echo "$OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+printf "%s\n" "$OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8752,11 +9699,12 @@ if test -z "$ac_cv_prog_OTOOL"; then
ac_ct_OTOOL=$OTOOL
# Extract the first word of "otool", so it can be a program name with args.
set dummy otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL"; then
ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
else
@@ -8764,11 +9712,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL="otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8779,11 +9731,11 @@ fi
fi
ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
if test -n "$ac_ct_OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-$as_echo "$ac_ct_OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+printf "%s\n" "$ac_ct_OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL" = x; then
@@ -8791,8 +9743,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL=$ac_ct_OTOOL
@@ -8804,11 +9756,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL64"; then
ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
else
@@ -8816,11 +9769,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8831,11 +9788,11 @@ fi
fi
OTOOL64=$ac_cv_prog_OTOOL64
if test -n "$OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-$as_echo "$OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+printf "%s\n" "$OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8844,11 +9801,12 @@ if test -z "$ac_cv_prog_OTOOL64"; then
ac_ct_OTOOL64=$OTOOL64
# Extract the first word of "otool64", so it can be a program name with args.
set dummy otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL64"; then
ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
else
@@ -8856,11 +9814,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL64="otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8871,11 +9833,11 @@ fi
fi
ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
if test -n "$ac_ct_OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-$as_echo "$ac_ct_OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+printf "%s\n" "$ac_ct_OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL64" = x; then
@@ -8883,8 +9845,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL64=$ac_ct_OTOOL64
@@ -8919,11 +9881,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-$as_echo_n "checking for -single_module linker flag... " >&6; }
-if ${lt_cv_apple_cc_single_mod+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+printf %s "checking for -single_module linker flag... " >&6; }
+if test ${lt_cv_apple_cc_single_mod+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_apple_cc_single_mod=no
if test -z "$LT_MULTI_MODULE"; then
# By default we will add the -single_module flag. You can override
@@ -8952,14 +9915,15 @@ else
rm -f conftest.*
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
-if ${lt_cv_ld_exported_symbols_list+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+printf %s "checking for -exported_symbols_list linker flag... " >&6; }
+if test ${lt_cv_ld_exported_symbols_list+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_exported_symbols_list=no
save_LDFLAGS=$LDFLAGS
echo "_main" > conftest.sym
@@ -8968,39 +9932,41 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_ld_exported_symbols_list=yes
-else
+else $as_nop
lt_cv_ld_exported_symbols_list=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-$as_echo_n "checking for -force_load linker flag... " >&6; }
-if ${lt_cv_ld_force_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+printf %s "checking for -force_load linker flag... " >&6; }
+if test ${lt_cv_ld_force_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cru libconftest.a conftest.o" >&5
- $AR cru libconftest.a conftest.o 2>&5
+ echo "$AR cr libconftest.a conftest.o" >&5
+ $AR cr libconftest.a conftest.o 2>&5
echo "$RANLIB libconftest.a" >&5
$RANLIB libconftest.a 2>&5
cat > conftest.c << _LT_EOF
@@ -9020,8 +9986,8 @@ _LT_EOF
rm -rf conftest.dSYM
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-$as_echo "$lt_cv_ld_force_load" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+printf "%s\n" "$lt_cv_ld_force_load" >&6; }
case $host_os in
rhapsody* | darwin1.[012])
_lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
@@ -9032,11 +9998,11 @@ $as_echo "$lt_cv_ld_force_load" >&6; }
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[012][,.]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*)
+ 10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@@ -9092,18 +10058,13 @@ func_munge_path_list ()
esac
}
-for ac_header in dlfcn.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
"
-if test "x$ac_cv_header_dlfcn_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-@%:@define HAVE_DLFCN_H 1
-_ACEOF
-
-fi
+if test "x$ac_cv_header_dlfcn_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
-done
+fi
@@ -9120,7 +10081,8 @@ done
@%:@ Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then :
+if test ${enable_shared+y}
+then :
enableval=$enable_shared; p=${PACKAGE-default}
case $enableval in
yes) enable_shared=yes ;;
@@ -9138,7 +10100,7 @@ if test "${enable_shared+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_shared=yes
fi
@@ -9151,7 +10113,8 @@ fi
@%:@ Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then :
+if test ${enable_static+y}
+then :
enableval=$enable_static; p=${PACKAGE-default}
case $enableval in
yes) enable_static=yes ;;
@@ -9169,7 +10132,7 @@ if test "${enable_static+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_static=yes
fi
@@ -9183,7 +10146,8 @@ fi
@%:@ Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then :
+if test ${with_pic+y}
+then :
withval=$with_pic; lt_p=${PACKAGE-default}
case $withval in
yes|no) pic_mode=$withval ;;
@@ -9200,7 +10164,7 @@ if test "${with_pic+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
pic_mode=default
fi
@@ -9212,7 +10176,8 @@ fi
@%:@ Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then :
+if test ${enable_fast_install+y}
+then :
enableval=$enable_fast_install; p=${PACKAGE-default}
case $enableval in
yes) enable_fast_install=yes ;;
@@ -9230,7 +10195,7 @@ if test "${enable_fast_install+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_fast_install=yes
fi
@@ -9244,11 +10209,12 @@ fi
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[5-9]*,yes)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-$as_echo_n "checking which variant of shared library versioning to provide... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+printf %s "checking which variant of shared library versioning to provide... " >&6; }
@%:@ Check whether --with-aix-soname was given.
-if test "${with_aix_soname+set}" = set; then :
+if test ${with_aix_soname+y}
+then :
withval=$with_aix_soname; case $withval in
aix|svr4|both)
;;
@@ -9257,18 +10223,19 @@ if test "${with_aix_soname+set}" = set; then :
;;
esac
lt_cv_with_aix_soname=$with_aix_soname
-else
- if ${lt_cv_with_aix_soname+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ if test ${lt_cv_with_aix_soname+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_with_aix_soname=aix
fi
with_aix_soname=$lt_cv_with_aix_soname
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-$as_echo "$with_aix_soname" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+printf "%s\n" "$with_aix_soname" >&6; }
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
@@ -9350,11 +10317,12 @@ if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-$as_echo_n "checking for objdir... " >&6; }
-if ${lt_cv_objdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+printf %s "checking for objdir... " >&6; }
+if test ${lt_cv_objdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
rm -f .libs 2>/dev/null
mkdir .libs 2>/dev/null
if test -d .libs; then
@@ -9365,17 +10333,15 @@ else
fi
rmdir .libs 2>/dev/null
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-$as_echo "$lt_cv_objdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+printf "%s\n" "$lt_cv_objdir" >&6; }
objdir=$lt_cv_objdir
-cat >>confdefs.h <<_ACEOF
-@%:@define LT_OBJDIR "$lt_cv_objdir/"
-_ACEOF
+printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
@@ -9421,11 +10387,12 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file
case $deplibs_check_method in
file_magic*)
if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+printf %s "checking for ${ac_tool_prefix}file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9474,11 +10441,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9487,11 +10454,12 @@ fi
if test -z "$lt_cv_path_MAGIC_CMD"; then
if test -n "$ac_tool_prefix"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-$as_echo_n "checking for file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+printf %s "checking for file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9540,11 +10508,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9625,11 +10593,12 @@ if test yes = "$GCC"; then
lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test ${lt_cv_prog_compiler_rtti_exceptions+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_rtti_exceptions=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -9660,8 +10629,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
@@ -9858,6 +10827,12 @@ lt_prog_compiler_static=
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -10018,26 +10993,28 @@ case $host_os in
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
-if ${lt_cv_prog_compiler_pic+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+printf %s "checking for $compiler option to produce PIC... " >&6; }
+if test ${lt_cv_prog_compiler_pic+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-$as_echo "$lt_cv_prog_compiler_pic" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
#
# Check to make sure the PIC flag actually works.
#
if test -n "$lt_prog_compiler_pic"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if ${lt_cv_prog_compiler_pic_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test ${lt_cv_prog_compiler_pic_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic_works=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -10068,8 +11045,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
if test yes = "$lt_cv_prog_compiler_pic_works"; then
case $lt_prog_compiler_pic in
@@ -10097,11 +11074,12 @@ fi
# Check to make sure the static flag actually works.
#
wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if ${lt_cv_prog_compiler_static_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test ${lt_cv_prog_compiler_static_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_static_works=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
@@ -10125,8 +11103,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
if test yes = "$lt_cv_prog_compiler_static_works"; then
:
@@ -10140,11 +11118,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10187,19 +11166,20 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10242,8 +11222,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -10251,19 +11231,19 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; }
hard_links=nottested
if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
# do not overwrite the value of need_locks provided by the user
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-$as_echo_n "checking if we can lock with hard links... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+printf %s "checking if we can lock with hard links... " >&6; }
hard_links=yes
$RM conftest*
ln conftest.a conftest.b 2>/dev/null && hard_links=no
touch conftest.a
ln conftest.a conftest.b 2>&5 || hard_links=no
ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-$as_echo "$hard_links" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+printf "%s\n" "$hard_links" >&6; }
if test no = "$hard_links"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
need_locks=warn
fi
else
@@ -10275,8 +11255,8 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
runpath_var=
allow_undefined_flag=
@@ -10834,21 +11814,23 @@ _LT_EOF
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10863,7 +11845,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -10887,21 +11869,23 @@ fi
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10916,7 +11900,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -11167,11 +12151,12 @@ fi
# Older versions of the 11.00 compiler do not understand -b yet
# (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-$as_echo_n "checking if $CC understands -b... " >&6; }
-if ${lt_cv_prog_compiler__b+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+printf %s "checking if $CC understands -b... " >&6; }
+if test ${lt_cv_prog_compiler__b+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler__b=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -b"
@@ -11195,8 +12180,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-$as_echo "$lt_cv_prog_compiler__b" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
if test yes = "$lt_cv_prog_compiler__b"; then
archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
@@ -11236,28 +12221,30 @@ fi
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
# This should be the same for all languages, so no per-tag cache variable.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if ${lt_cv_irix_exported_symbol+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if test ${lt_cv_irix_exported_symbol+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int foo (void) { return 0; }
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_irix_exported_symbol=yes
-else
+else $as_nop
lt_cv_irix_exported_symbol=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-$as_echo "$lt_cv_irix_exported_symbol" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
if test yes = "$lt_cv_irix_exported_symbol"; then
archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
@@ -11538,8 +12525,8 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-$as_echo "$ld_shlibs" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+printf "%s\n" "$ld_shlibs" >&6; }
test no = "$ld_shlibs" && can_build_shared=no
with_gnu_ld=$with_gnu_ld
@@ -11575,18 +12562,19 @@ x|xyes)
# Test whether the compiler implicitly links with -lc since on some
# systems, -lgcc has to come before -lc. If gcc already passes -lc
# to ld, don't add -lc before -lgcc.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
-if ${lt_cv_archive_cmds_need_lc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+printf %s "checking whether -lc should be explicitly linked in... " >&6; }
+if test ${lt_cv_archive_cmds_need_lc+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
$RM conftest*
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } 2>conftest.err; then
soname=conftest
lib=conftest
@@ -11604,7 +12592,7 @@ else
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
(eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
then
lt_cv_archive_cmds_need_lc=no
@@ -11618,8 +12606,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-$as_echo "$lt_cv_archive_cmds_need_lc" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
;;
esac
@@ -11778,8 +12766,8 @@ esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-$as_echo_n "checking dynamic linker characteristics... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+printf %s "checking dynamic linker characteristics... " >&6; }
if test yes = "$GCC"; then
case $host_os in
@@ -12340,9 +13328,10 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
shlibpath_overrides_runpath=no
# Some binutils ld are patched to set DT_RUNPATH
- if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_shlibpath_overrides_runpath+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_shlibpath_overrides_runpath=no
save_LDFLAGS=$LDFLAGS
save_libdir=$libdir
@@ -12352,19 +13341,21 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+if ac_fn_c_try_link "$LINENO"
+then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
+then :
lt_cv_shlibpath_overrides_runpath=yes
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
libdir=$save_libdir
@@ -12608,8 +13599,8 @@ uts4*)
dynamic_linker=no
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-$as_echo "$dynamic_linker" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+printf "%s\n" "$dynamic_linker" >&6; }
test no = "$dynamic_linker" && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
@@ -12730,8 +13721,8 @@ configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+printf %s "checking how to hardcode library paths into programs... " >&6; }
hardcode_action=
if test -n "$hardcode_libdir_flag_spec" ||
test -n "$runpath_var" ||
@@ -12755,8 +13746,8 @@ else
# directories.
hardcode_action=unsupported
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-$as_echo "$hardcode_action" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+printf "%s\n" "$hardcode_action" >&6; }
if test relink = "$hardcode_action" ||
test yes = "$inherit_rpath"; then
@@ -12800,11 +13791,12 @@ else
darwin*)
# if libdl is installed we need to link against it
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12813,32 +13805,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
+else $as_nop
lt_cv_dlopen=dyld
lt_cv_dlopen_libs=
@@ -12858,14 +13849,16 @@ fi
*)
ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes; then :
+if test "x$ac_cv_func_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-$as_echo_n "checking for shl_load in -ldld... " >&6; }
-if ${ac_cv_lib_dld_shl_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+printf %s "checking for shl_load in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_shl_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12874,41 +13867,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char shl_load ();
int
-main ()
+main (void)
{
return shl_load ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_shl_load=yes
-else
+else $as_nop
ac_cv_lib_dld_shl_load=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else
+else $as_nop
ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes; then :
+if test "x$ac_cv_func_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12917,37 +13911,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-$as_echo_n "checking for dlopen in -lsvld... " >&6; }
-if ${ac_cv_lib_svld_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+printf %s "checking for dlopen in -lsvld... " >&6; }
+if test ${ac_cv_lib_svld_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsvld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12956,37 +13950,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_svld_dlopen=yes
-else
+else $as_nop
ac_cv_lib_svld_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-$as_echo_n "checking for dld_link in -ldld... " >&6; }
-if ${ac_cv_lib_dld_dld_link+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+printf %s "checking for dld_link in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_dld_link+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12995,30 +13989,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dld_link ();
int
-main ()
+main (void)
{
return dld_link ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_dld_link=yes
-else
+else $as_nop
ac_cv_lib_dld_dld_link=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes
+then :
lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
fi
@@ -13057,11 +14050,12 @@ fi
save_LIBS=$LIBS
LIBS="$lt_cv_dlopen_libs $LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-$as_echo_n "checking whether a program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+printf %s "checking whether a program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self=cross
else
@@ -13140,7 +14134,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13158,16 +14152,17 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-$as_echo "$lt_cv_dlopen_self" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+printf "%s\n" "$lt_cv_dlopen_self" >&6; }
if test yes = "$lt_cv_dlopen_self"; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self_static+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self_static+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self_static=cross
else
@@ -13246,7 +14241,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13264,8 +14259,8 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-$as_echo "$lt_cv_dlopen_self_static" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
fi
CPPFLAGS=$save_CPPFLAGS
@@ -13303,13 +14298,13 @@ fi
striplib=
old_striplib=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+printf %s "checking whether stripping libraries is possible... " >&6; }
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
@@ -13317,16 +14312,16 @@ else
if test -n "$STRIP"; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
;;
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
;;
esac
fi
@@ -13343,13 +14338,13 @@ fi
# Report what library types will actually be built
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-$as_echo_n "checking if libtool supports shared libraries... " >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-$as_echo "$can_build_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+printf %s "checking if libtool supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+printf "%s\n" "$can_build_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-$as_echo_n "checking whether to build shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+printf %s "checking whether to build shared libraries... " >&6; }
test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
@@ -13373,15 +14368,15 @@ $as_echo_n "checking whether to build shared libraries... " >&6; }
fi
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-$as_echo "$enable_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+printf "%s\n" "$enable_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-$as_echo_n "checking whether to build static libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+printf %s "checking whether to build static libraries... " >&6; }
# Make sure either enable_shared or enable_static is yes.
test yes = "$enable_shared" || enable_static=yes
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-$as_echo "$enable_static" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+printf "%s\n" "$enable_static" >&6; }
@@ -13418,182 +14413,6 @@ CC=$lt_save_CC
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5
-$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
-if ${ac_cv_prog_cc_c99+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <wchar.h>
-#include <stdio.h>
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-#define debug(...) fprintf (stderr, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- your preprocessor is broken;
-#endif
-#if BIG_OK
-#else
- your preprocessor is broken;
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\0'; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static void
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str;
- int number;
- float fnumber;
-
- while (*format)
- {
- switch (*format++)
- {
- case 's': // string
- str = va_arg (args_copy, const char *);
- break;
- case 'd': // int
- number = va_arg (args_copy, int);
- break;
- case 'f': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-}
-
-int
-main ()
-{
-
- // Check bool.
- _Bool success = false;
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- test_varargs ("s, d' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
- || dynamic_array[ni.number - 1] != 543);
-
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c99" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c99"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c99" != xno; then :
-
-fi
-
if test "$ac_cv_prog_cc_c99" = "no"; then
as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
@@ -13628,8 +14447,8 @@ _ACEOF
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -13659,15 +14478,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
/^ac_cv_env_/b end
t clear
:clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
t end
s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
if test "x$cache_file" != "x/dev/null"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
if test ! -f "$cache_file" || test -h "$cache_file"; then
cat confcache >"$cache_file"
else
@@ -13681,8 +14500,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;}
fi
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
@@ -13735,7 +14554,7 @@ U=
for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
# 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
# will be set to the directory where LIBOBJS objects are built.
as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
@@ -13746,14 +14565,14 @@ LIB@&t@OBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-$as_echo_n "checking that generated files are newer than configure... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+printf %s "checking that generated files are newer than configure... " >&6; }
if test -n "$am_sleep_pid"; then
# Hide warnings about reused PIDs.
wait $am_sleep_pid 2>/dev/null
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5
-$as_echo "done" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
+printf "%s\n" "done" >&6; }
if test -n "$EXEEXT"; then
am__EXEEXT_TRUE=
am__EXEEXT_FALSE='#'
@@ -13791,8 +14610,8 @@ fi
ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
as_write_fail=0
cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
@@ -13815,14 +14634,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in @%:@(
*posix*) :
set -o posix ;; @%:@(
@@ -13832,46 +14653,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in @%:@(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -13880,13 +14701,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in @%:@((
@@ -13895,8 +14709,12 @@ case $0 in @%:@((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -13908,30 +14726,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
@@ -13944,13 +14742,14 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} @%:@ as_fn_error
+
@%:@ as_fn_set_status STATUS
@%:@ -----------------------
@%:@ Set @S|@? to STATUS, without forking.
@@ -13977,18 +14776,20 @@ as_fn_unset ()
{ eval $1=; unset $1;}
}
as_unset=as_fn_unset
+
@%:@ as_fn_append VAR VALUE
@%:@ ----------------------
@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
@%:@ advantage of any shell optimizations that allow amortized linear growth over
@%:@ repeated appends, instead of the typical quadratic growth present in naive
@%:@ implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -14000,12 +14801,13 @@ fi # as_fn_append
@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
@%:@ must be portable across @S|@(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
@@ -14036,7 +14838,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -14058,6 +14860,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in @%:@(((((
-n*)
@@ -14071,6 +14877,12 @@ case `echo -n x` in @%:@(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -14112,7 +14924,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -14121,7 +14933,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14184,7 +14996,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# values after options handling.
ac_log="
This file was extended by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -14237,14 +15049,16 @@ $config_commands
Report bugs to the package provider."
_ACEOF
+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
config.status
-configured by $0, generated by GNU Autoconf 2.69,
+configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -14284,21 +15098,21 @@ do
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
+ printf "%s\n" "$ac_cs_version"; exit ;;
--config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
+ printf "%s\n" "$ac_cs_config"; exit ;;
--debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
'') as_fn_error $? "missing file argument" ;;
esac
as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--he | --h | --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
+ printf "%s\n" "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
@@ -14326,7 +15140,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'
export CONFIG_SHELL
exec "\$@"
@@ -14340,7 +15154,7 @@ exec 5>>config.log
sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
@%:@@%:@ Running $as_me. @%:@@%:@
_ASBOX
- $as_echo "$ac_log"
+ printf "%s\n" "$ac_log"
} >&5
_ACEOF
@@ -14348,7 +15162,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
#
# INIT-COMMANDS
#
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
# The HP-UX ksh and POSIX shell print the target directory to stdout
@@ -14670,8 +15484,8 @@ done
# We use the long form for the default assignment because of an extremely
# bizarre bug on SunOS 4.1.3.
if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
+ test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
fi
# Have a temporary directory for convenience. Make it in the build tree
@@ -14899,7 +15713,7 @@ do
esac ||
as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
as_fn_append ac_file_inputs " '$ac_f'"
done
@@ -14907,17 +15721,17 @@ do
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
`' by configure.'
if test x"$ac_file" != x-; then
configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+printf "%s\n" "$as_me: creating $ac_file" >&6;}
fi
# Neutralize special characters interpreted by sed in replacement strings.
case $configure_input in #(
*\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
+ ac_sed_conf_input=`printf "%s\n" "$configure_input" |
sed 's/[\\\\&|]/\\\\&/g'`;; #(
*) ac_sed_conf_input=$configure_input;;
esac
@@ -14934,7 +15748,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
+printf "%s\n" X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14958,9 +15772,9 @@ $as_echo X"$ac_file" |
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -15022,8 +15836,8 @@ ac_sed_dataroot='
case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
*datarootdir*) ac_datarootdir_seen=yes;;
*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_datarootdir_hack='
@@ -15067,9 +15881,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
{ ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
{ ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
"$ac_tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&2;}
rm -f "$ac_tmp/stdin"
@@ -15081,8 +15895,8 @@ which seems to be undefined. Please make sure it is defined" >&2;}
;;
- :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-$as_echo "$as_me: executing $ac_file commands" >&6;}
+ :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
;;
esac
@@ -15092,29 +15906,35 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
- case $CONFIG_FILES in
- *\'*) eval set x "$CONFIG_FILES" ;;
- *) set x $CONFIG_FILES ;;
- esac
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ case $CONFIG_FILES in @%:@(
+ *\'*) :
+ eval set x "$CONFIG_FILES" ;; @%:@(
+ *) :
+ set x $CONFIG_FILES ;; @%:@(
+ *) :
+ ;;
+esac
shift
- for mf
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
do
# Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named 'Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
+ am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`$as_dirname -- "$mf" ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$mf" : 'X\(//\)[^/]' \| \
- X"$mf" : 'X\(//\)$' \| \
- X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$mf" |
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`$as_dirname -- "$am_mf" ||
+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$am_mf" : 'X\(//\)[^/]' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$am_mf" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -15132,53 +15952,50 @@ $as_echo X"$mf" |
q
}
s/.*/./; q'`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running 'make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "$am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`$as_dirname -- "$file" ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$file" : 'X\(//\)[^/]' \| \
- X"$file" : 'X\(//\)$' \| \
- X"$file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
+ am_filepart=`$as_basename -- "$am_mf" ||
+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$am_mf" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
}
- /^X\(\/\/\)$/{
+ /^X\/\(\/\/\)$/{
s//\1/
q
}
- /^X\(\/\).*/{
+ /^X\/\(\/\).*/{
s//\1/
q
}
s/.*/./; q'`
- as_dir=$dirpart/$fdir; as_fn_mkdir_p
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
+ { echo "$as_me:$LINENO: cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles" >&5
+ (cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } || am_rc=$?
done
+ if test $am_rc -ne 0; then
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE=\"gmake\" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ { am_dirpart=; unset am_dirpart;}
+ { am_filepart=; unset am_filepart;}
+ { am_mf=; unset am_mf;}
+ { am_rc=; unset am_rc;}
+ rm -f conftest-deps.mk
}
;;
"libtool":C)
@@ -15708,6 +16525,7 @@ _LT_EOF
esac
+
ltmain=$ac_aux_dir/ltmain.sh
@@ -15757,7 +16575,8 @@ if test "$no_create" != yes; then
$ac_cs_success || as_fn_exit 1
fi
if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
fi
+
\ No newline at end of file
diff --git a/libraries/libapparmor/autom4te.cache/output.2 b/libraries/libapparmor/autom4te.cache/output.2
new file mode 100644
index 0000000000000000000000000000000000000000..ef52da37c844e5c0750646326a3adb067c213190
--- /dev/null
+++ b/libraries/libapparmor/autom4te.cache/output.2
@@ -0,0 +1,16581 @@
+@%:@! /bin/sh
+@%:@ Guess values for system-dependent variables and create Makefiles.
+@%:@ Generated by GNU Autoconf 2.71.
+@%:@
+@%:@
+@%:@ Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+@%:@ Inc.
+@%:@
+@%:@
+@%:@ This configure script is free software; the Free Software Foundation
+@%:@ gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else $as_nop
+ case `(set -o) 2>/dev/null` in @%:@(
+ *posix*) :
+ set -o posix ;; @%:@(
+ *) :
+ ;;
+esac
+fi
+
+
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
+as_nl='
+'
+export as_nl
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
+
+# The user is always right.
+if ${PATH_SEPARATOR+false} :; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in @%:@((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+
+# Use a proper internal environment variable to ensure we don't fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in @%:@ ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+ fi
+ # We don't want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else \$as_nop
+ case \`(set -o) 2>/dev/null\` in @%:@(
+ *posix*) :
+ set -o posix ;; @%:@(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
+then :
+
+else \$as_nop
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+blah=\$(echo \$(echo blah))
+test x\"\$blah\" = xblah || exit 1
+test -x / || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1
+
+ test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
+ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+ ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+ PATH=/empty FPATH=/empty; export PATH FPATH
+ test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
+ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
+ if (eval "$as_required") 2>/dev/null
+then :
+ as_have_required=yes
+else $as_nop
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
+then :
+
+else $as_nop
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ as_found=:
+ case $as_dir in @%:@(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
+then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi
+fi
+
+
+ if test "x$CONFIG_SHELL" != x
+then :
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in @%:@ ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+ if test x$as_have_required = xno
+then :
+ printf "%s\n" "$0: This script requires a shell more modern than all"
+ printf "%s\n" "$0: the shells that I found on your system."
+ if test ${ZSH_VERSION+y} ; then
+ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+@%:@ as_fn_unset VAR
+@%:@ ---------------
+@%:@ Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+
+@%:@ as_fn_set_status STATUS
+@%:@ -----------------------
+@%:@ Set @S|@? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} @%:@ as_fn_set_status
+
+@%:@ as_fn_exit STATUS
+@%:@ -----------------
+@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} @%:@ as_fn_exit
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
+
+@%:@ as_fn_mkdir_p
+@%:@ -------------
+@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} @%:@ as_fn_mkdir_p
+
+@%:@ as_fn_executable_p FILE
+@%:@ -----------------------
+@%:@ Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} @%:@ as_fn_executable_p
+@%:@ as_fn_append VAR VALUE
+@%:@ ----------------------
+@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
+@%:@ advantage of any shell optimizations that allow amortized linear growth over
+@%:@ repeated appends, instead of the typical quadratic growth present in naive
+@%:@ implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else $as_nop
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+@%:@ as_fn_arith ARG...
+@%:@ ------------------
+@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
+@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
+@%:@ must be portable across @S|@(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else $as_nop
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+@%:@ as_fn_nop
+@%:@ ---------
+@%:@ Do nothing but, unlike ":", preserve the value of @S|@?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
+
+@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
+@%:@ ----------------------------------------
+@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+@%:@ script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ printf "%s\n" "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} @%:@ as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in @%:@(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIB@&t@OBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME=''
+PACKAGE_TARNAME=''
+PACKAGE_VERSION=''
+PACKAGE_STRING=''
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
+
+ac_unique_file="configure.ac"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stddef.h>
+#ifdef HAVE_STDIO_H
+# include <stdio.h>
+#endif
+#ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+#endif
+#ifdef HAVE_STRING_H
+# include <string.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_header_c_list=
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIB@&t@OBJS
+LT_SYS_LIBRARY_PATH
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+MANIFEST_TOOL
+RANLIB
+ac_ct_AR
+AR
+DLLTOOL
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+LIBTOOL
+EGREP
+GREP
+HAVE_RUBY_FALSE
+HAVE_RUBY_TRUE
+HAVE_PERL_FALSE
+HAVE_PERL_TRUE
+HAVE_PYTHON_FALSE
+HAVE_PYTHON_TRUE
+ENABLE_MAN_PAGES_FALSE
+ENABLE_MAN_PAGES_TRUE
+RUBY
+PERL
+pkgpyexecdir
+pyexecdir
+pkgpythondir
+pythondir
+PYTHON_EXEC_PREFIX
+PYTHON_PREFIX
+PYTHON_PLATFORM
+PYTHON_EXTRA_LDFLAGS
+PYTHON_EXTRA_LIBS
+PYTHON_SITE_PKG
+PYTHON_LDFLAGS
+PYTHON_CPPFLAGS
+PYTHON_CONFIG
+PYTHON_VERSION
+PYTHON
+POD2MAN
+PODCHECKER
+SWIG
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
+SED
+YFLAGS
+YACC
+LEXLIB
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+am__nodep
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+LEX_OUTPUT_ROOT
+LEX
+AM_BACKSLASH
+AM_DEFAULT_VERBOSITY
+AM_DEFAULT_V
+AM_V
+CSCOPE
+ETAGS
+CTAGS
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+runstatedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL
+am__quote'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_silent_rules
+enable_dependency_tracking
+enable_debug_output
+enable_man_pages
+with_python
+with_python_sys_prefix
+with_python_prefix
+with_python_exec_prefix
+with_perl
+with_ruby
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_aix_soname
+with_gnu_ld
+with_sysroot
+enable_libtool_lock
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+YACC
+YFLAGS
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+PYTHON_VERSION
+PYTHON
+LT_SYS_LIBRARY_PATH'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -runstatedir | --runstatedir | --runstatedi | --runstated \
+ | --runstate | --runstat | --runsta | --runst | --runs \
+ | --run | --ru | --r)
+ ac_prev=runstatedir ;;
+ -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+ | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+ | --run=* | --ru=* | --r=*)
+ runstatedir=$ac_optarg ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir runstatedir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures this package to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ @<:@@S|@ac_default_prefix@:>@
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ @<:@PREFIX@:>@
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root @<:@DATAROOTDIR/doc/PACKAGE@:>@
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-silent-rules less verbose build output (undo: "make V=1")
+ --disable-silent-rules verbose build output (undo: "make V=0")
+ --enable-dependency-tracking
+ do not reject slow dependency extractors
+ --disable-dependency-tracking
+ speeds up one-time build
+ --enable-debug-output generate the libapparmor debug output @<:@@<:@default=no@:>@@:>@
+ --enable-man-pages generate the libapparmor man pages @<:@@<:@default=yes@:>@@:>@
+ --enable-shared@<:@=PKGS@:>@ build shared libraries @<:@default=yes@:>@
+ --enable-static@<:@=PKGS@:>@ build static libraries @<:@default=yes@:>@
+ --enable-fast-install@<:@=PKGS@:>@
+ optimize for fast installation @<:@default=yes@:>@
+ --disable-libtool-lock avoid locking (might break parallel builds)
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-python enable the python wrapper [default=no]
+ --with-python-sys-prefix
+ use Python's sys.prefix and sys.exec_prefix values
+ --with-python_prefix override the default PYTHON_PREFIX
+ --with-python_exec_prefix
+ override the default PYTHON_EXEC_PREFIX
+ --with-perl enable the perl wrapper [default=no]
+ --with-ruby enable the ruby wrapper [default=no]
+ --with-pic@<:@=PKGS@:>@ try to use only PIC/non-PIC objects @<:@default=use
+ both@:>@
+ --with-aix-soname=aix|svr4|both
+ shared library versioning (aka "SONAME") variant to
+ provide on AIX, @<:@default=aix@:>@.
+ --with-gnu-ld assume the C compiler uses GNU ld @<:@default=no@:>@
+ --with-sysroot@<:@=DIR@:>@ Search for dependent libraries within DIR (or the
+ compiler's sysroot if not specified).
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ YACC The `Yet Another Compiler Compiler' implementation to use.
+ Defaults to the first program found out of: `bison -y', `byacc',
+ `yacc'.
+ YFLAGS The list of arguments that will be passed by default to @S|@YACC.
+ This script will default YFLAGS to the empty string to avoid a
+ default value of `-d' given by some make applications.
+ PKG_CONFIG path to pkg-config utility
+ PKG_CONFIG_PATH
+ directories to add to pkg-config's search path
+ PKG_CONFIG_LIBDIR
+ path overriding pkg-config's built-in search path
+ PYTHON_VERSION
+ The installed Python version to use, for example '2.3'. This
+ string will be appended to the Python interpreter canonical
+ name.
+ PYTHON the Python interpreter
+ LT_SYS_LIBRARY_PATH
+ User-defined run-time library search path.
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to the package provider.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for configure.gnu first; this name is used for a wrapper for
+ # Metaconfig's "Configure" on case-insensitive file systems.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+configure
+generated by GNU Autoconf 2.71
+
+Copyright (C) 2021 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+@%:@ ac_fn_c_try_compile LINENO
+@%:@ --------------------------
+@%:@ Try to compile conftest.@S|@ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest.beam
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext
+then :
+ ac_retval=0
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} @%:@ ac_fn_c_try_compile
+
+@%:@ ac_fn_c_try_link LINENO
+@%:@ -----------------------
+@%:@ Try to link conftest.@S|@ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }
+then :
+ ac_retval=0
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} @%:@ ac_fn_c_try_link
+
+@%:@ ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+@%:@ -------------------------------------------------------
+@%:@ Tests whether HEADER exists and can be compiled using the include files in
+@%:@ INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+@%:@include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ eval "$3=yes"
+else $as_nop
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} @%:@ ac_fn_c_check_header_compile
+
+@%:@ ac_fn_c_check_func LINENO FUNC VAR
+@%:@ ----------------------------------
+@%:@ Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below. */
+
+#include <limits.h>
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main (void)
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ eval "$3=yes"
+else $as_nop
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} @%:@ ac_fn_c_check_func
+ac_configure_args_raw=
+for ac_arg
+do
+ case $ac_arg in
+ *\'*)
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append ac_configure_args_raw " '$ac_arg'"
+done
+
+case $ac_configure_args_raw in
+ *$as_nl*)
+ ac_safe_unquote= ;;
+ *)
+ ac_unsafe_z='|&;<>()$`\\"*?@<:@ '' ' # This string ends in space, tab.
+ ac_unsafe_a="$ac_unsafe_z#~"
+ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
+ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
+esac
+
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by $as_me, which was
+generated by GNU Autoconf 2.71. Invocation command line was
+
+ $ $0$ac_configure_args_raw
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ printf "%s\n" "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Sanitize IFS.
+ IFS=" "" $as_nl"
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ printf "%s\n" "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ printf "%s\n" "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ printf "%s\n" "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ printf "%s\n" "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ printf "%s\n" "$as_me: caught signal $ac_signal"
+ printf "%s\n" "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+printf "%s\n" "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+printf "%s\n" "@%:@define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
+
+printf "%s\n" "@%:@define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
+
+printf "%s\n" "@%:@define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
+
+printf "%s\n" "@%:@define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
+
+printf "%s\n" "@%:@define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
+
+printf "%s\n" "@%:@define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+if test -n "$CONFIG_SITE"; then
+ ac_site_files="$CONFIG_SITE"
+elif test "x$prefix" != xNONE; then
+ ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
+else
+ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+fi
+
+for ac_site_file in $ac_site_files
+do
+ case $ac_site_file in @%:@(
+ */*) :
+ ;; @%:@(
+ *) :
+ ac_site_file=./$ac_site_file ;;
+esac
+ if test -f "$ac_site_file" && test -r "$ac_site_file"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Test code for whether the C compiler supports C89 (global declarations)
+ac_c_conftest_c89_globals='
+/* Does the compiler advertise C89 conformance?
+ Do not test the value of __STDC__, because some compilers set it to 0
+ while being otherwise adequately conformant. */
+#if !defined __STDC__
+# error "Compiler does not advertise C89 conformance"
+#endif
+
+#include <stddef.h>
+#include <stdarg.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
+struct buf { int x; };
+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not \xHH hex character constants.
+ These do not provoke an error unfortunately, instead are silently treated
+ as an "x". The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously \x00 != x always comes out true, for an
+ array size at least. It is necessary to write \x00 == 0 to get something
+ that is true only with -std. */
+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) '\''x'\''
+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
+ int, int);'
+
+# Test code for whether the C compiler supports C89 (body of main).
+ac_c_conftest_c89_main='
+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
+'
+
+# Test code for whether the C compiler supports C99 (global declarations)
+ac_c_conftest_c99_globals='
+// Does the compiler advertise C99 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
+# error "Compiler does not advertise C99 conformance"
+#endif
+
+#include <stdbool.h>
+extern int puts (const char *);
+extern int printf (const char *, ...);
+extern int dprintf (int, const char *, ...);
+extern void *malloc (size_t);
+
+// Check varargs macros. These examples are taken from C99 6.10.3.5.
+// dprintf is used instead of fprintf to avoid needing to declare
+// FILE and stderr.
+#define debug(...) dprintf (2, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+ int x = 1234;
+ int y = 5678;
+ debug ("Flag");
+ debug ("X = %d\n", x);
+ showlist (The first, second, and third items.);
+ report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+ #error "your preprocessor is broken"
+#endif
+#if BIG_OK
+#else
+ #error "your preprocessor is broken"
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+ int datasize;
+ double data[];
+};
+
+struct named_init {
+ int number;
+ const wchar_t *name;
+ double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+ // See if C++-style comments work.
+ // Iterate through items via the restricted pointer.
+ // Also check for declarations in for loops.
+ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
+ continue;
+ return 0;
+}
+
+// Check varargs and va_copy.
+static bool
+test_varargs (const char *format, ...)
+{
+ va_list args;
+ va_start (args, format);
+ va_list args_copy;
+ va_copy (args_copy, args);
+
+ const char *str = "";
+ int number = 0;
+ float fnumber = 0;
+
+ while (*format)
+ {
+ switch (*format++)
+ {
+ case '\''s'\'': // string
+ str = va_arg (args_copy, const char *);
+ break;
+ case '\''d'\'': // int
+ number = va_arg (args_copy, int);
+ break;
+ case '\''f'\'': // float
+ fnumber = va_arg (args_copy, double);
+ break;
+ default:
+ break;
+ }
+ }
+ va_end (args_copy);
+ va_end (args);
+
+ return *str && number && fnumber;
+}
+'
+
+# Test code for whether the C compiler supports C99 (body of main).
+ac_c_conftest_c99_main='
+ // Check bool.
+ _Bool success = false;
+ success |= (argc != 0);
+
+ // Check restrict.
+ if (test_restrict ("String literal") == 0)
+ success = true;
+ char *restrict newvar = "Another string";
+
+ // Check varargs.
+ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
+ test_varargs_macros ();
+
+ // Check flexible array members.
+ struct incomplete_array *ia =
+ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+ ia->datasize = 10;
+ for (int i = 0; i < ia->datasize; ++i)
+ ia->data[i] = i * 1.234;
+
+ // Check named initializers.
+ struct named_init ni = {
+ .number = 34,
+ .name = L"Test wide string",
+ .average = 543.34343,
+ };
+
+ ni.number = 58;
+
+ int dynamic_array[ni.number];
+ dynamic_array[0] = argv[0][0];
+ dynamic_array[ni.number - 1] = 543;
+
+ // work around unused variable warnings
+ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
+ || dynamic_array[ni.number - 1] != 543);
+'
+
+# Test code for whether the C compiler supports C11 (global declarations)
+ac_c_conftest_c11_globals='
+// Does the compiler advertise C11 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
+# error "Compiler does not advertise C11 conformance"
+#endif
+
+// Check _Alignas.
+char _Alignas (double) aligned_as_double;
+char _Alignas (0) no_special_alignment;
+extern char aligned_as_int;
+char _Alignas (0) _Alignas (int) aligned_as_int;
+
+// Check _Alignof.
+enum
+{
+ int_alignment = _Alignof (int),
+ int_array_alignment = _Alignof (int[100]),
+ char_alignment = _Alignof (char)
+};
+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
+
+// Check _Noreturn.
+int _Noreturn does_not_return (void) { for (;;) continue; }
+
+// Check _Static_assert.
+struct test_static_assert
+{
+ int x;
+ _Static_assert (sizeof (int) <= sizeof (long int),
+ "_Static_assert does not work in struct");
+ long int y;
+};
+
+// Check UTF-8 literals.
+#define u8 syntax error!
+char const utf8_literal[] = u8"happens to be ASCII" "another string";
+
+// Check duplicate typedefs.
+typedef long *long_ptr;
+typedef long int *long_ptr;
+typedef long_ptr long_ptr;
+
+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
+struct anonymous
+{
+ union {
+ struct { int i; int j; };
+ struct { int k; long int l; } w;
+ };
+ int m;
+} v1;
+'
+
+# Test code for whether the C compiler supports C11 (body of main).
+ac_c_conftest_c11_main='
+ _Static_assert ((offsetof (struct anonymous, i)
+ == offsetof (struct anonymous, w.k)),
+ "Anonymous union alignment botch");
+ v1.i = 2;
+ v1.w.k = 5;
+ ok |= v1.i != 5;
+'
+
+# Test code for whether the C compiler supports C11 (complete).
+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+${ac_c_conftest_c11_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ ${ac_c_conftest_c11_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C99 (complete).
+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C89 (complete).
+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ return ok;
+}
+"
+
+as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
+as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
+as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
+as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
+as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
+as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
+as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
+as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
+as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
+
+# Auxiliary files required by this configure script.
+ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
+
+# Locations in which to look for auxiliary files.
+ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
+
+# Search for a directory containing all of the required auxiliary files,
+# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
+# If we don't find one directory that contains all the files we need,
+# we report the set of missing files from the *first* directory in
+# $ac_aux_dir_candidates and give up.
+ac_missing_aux_files=""
+ac_first_candidate=:
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in $ac_aux_dir_candidates
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ as_found=:
+
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
+ ac_aux_dir_found=yes
+ ac_install_sh=
+ for ac_aux in $ac_aux_files
+ do
+ # As a special case, if "install-sh" is required, that requirement
+ # can be satisfied by any of "install-sh", "install.sh", or "shtool",
+ # and $ac_install_sh is set appropriately for whichever one is found.
+ if test x"$ac_aux" = x"install-sh"
+ then
+ if test -f "${as_dir}install-sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
+ ac_install_sh="${as_dir}install-sh -c"
+ elif test -f "${as_dir}install.sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
+ ac_install_sh="${as_dir}install.sh -c"
+ elif test -f "${as_dir}shtool"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
+ ac_install_sh="${as_dir}shtool install -c"
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} install-sh"
+ else
+ break
+ fi
+ fi
+ else
+ if test -f "${as_dir}${ac_aux}"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
+ else
+ break
+ fi
+ fi
+ fi
+ done
+ if test "$ac_aux_dir_found" = yes; then
+ ac_aux_dir="$as_dir"
+ break
+ fi
+ ac_first_candidate=false
+
+ as_found=false
+done
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
+fi
+
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+if test -f "${ac_aux_dir}config.guess"; then
+ ac_@&t@config_guess="$SHELL ${ac_aux_dir}config.guess"
+fi
+if test -f "${ac_aux_dir}config.sub"; then
+ ac_@&t@config_sub="$SHELL ${ac_aux_dir}config.sub"
+fi
+if test -f "$ac_aux_dir/configure"; then
+ ac_@&t@configure="$SHELL ${ac_aux_dir}configure"
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+ and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+am__api_version='1.16'
+
+
+
+ # Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+printf %s "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test ${ac_cv_path_install+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ # Account for fact that we put trailing slashes in our PATH walk.
+case $as_dir in @%:@((
+ ./ | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test ${ac_cv_path_install+y}; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+printf "%s\n" "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+printf %s "checking whether build environment is sane... " >&6; }
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
+esac
+
+# Do 'set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ am_has_slept=no
+ for am_try in 1 2; do
+ echo "timestamp, slept: $am_has_slept" > conftest.file
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+ alias in your environment" "$LINENO" 5
+ fi
+ if test "$2" = conftest.file || test $am_try -eq 2; then
+ break
+ fi
+ # Just in case.
+ sleep 1
+ am_has_slept=yes
+ done
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+# If we didn't sleep, we still need to ensure time stamps of config.status and
+# generated files are strictly newer.
+am_sleep_pid=
+if grep 'slept: no' conftest.file >/dev/null 2>&1; then
+ ( sleep 1 ) &
+ am_sleep_pid=$!
+fi
+
+rm -f conftest.file
+
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
+
+
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
+
+
+ if test x"${MISSING+set}" != xset; then
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --is-lightweight"; then
+ am_missing_run="$MISSING "
+else
+ am_missing_run=
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using 'strip' when the user
+# run "make install-strip". However 'strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the 'STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
+printf %s "checking for a race-free mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if test ${ac_cv_path_mkdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
+ case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir ('*'coreutils) '* | \
+ 'BusyBox '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
+
+fi
+
+ test -d ./--version && rmdir ./--version
+ if test ${ac_cv_path_mkdir+y}; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+printf "%s\n" "$MKDIR_P" >&6; }
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AWK+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AWK="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+printf "%s\n" "$AWK" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval test \${ac_cv_prog_make_${ac_make}_set+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ SET_MAKE=
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+@%:@ Check whether --enable-silent-rules was given.
+if test ${enable_silent_rules+y}
+then :
+ enableval=$enable_silent_rules;
+fi
+
+case $enable_silent_rules in @%:@ (((
+ yes) AM_DEFAULT_VERBOSITY=0;;
+ no) AM_DEFAULT_VERBOSITY=1;;
+ *) AM_DEFAULT_VERBOSITY=1;;
+esac
+am_make=${MAKE-make}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+printf %s "checking whether $am_make supports nested variables... " >&6; }
+if test ${am_cv_make_support_nested_variables+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if printf "%s\n" 'TRUE=$(BAR$(V))
+BAR0=false
+BAR1=true
+V=1
+am__doit:
+ @$(TRUE)
+.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
+ am_cv_make_support_nested_variables=yes
+else
+ am_cv_make_support_nested_variables=no
+fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
+if test $am_cv_make_support_nested_variables = yes; then
+ AM_V='$(V)'
+ AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
+else
+ AM_V=$AM_DEFAULT_VERBOSITY
+ AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
+fi
+AM_BACKSLASH='\'
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+
+ PACKAGE=libapparmor1
+ VERSION=3.0.8
+
+
+printf "%s\n" "@%:@define PACKAGE \"$PACKAGE\"" >>confdefs.h
+
+
+printf "%s\n" "@%:@define VERSION \"$VERSION\"" >>confdefs.h
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# For better backward compatibility. To be removed once Automake 1.9.x
+# dies out for good. For more background, see:
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+mkdir_p='$(MKDIR_P)'
+
+# We need awk for the "check" target (and possibly the TAP driver). The
+# system "awk" is bad on some platforms.
+# Always define AMTAR for backward compatibility. Yes, it's still used
+# in the wild :-( We should find a proper way to deprecate it ...
+AMTAR='$${TAR-tar}'
+
+
+# We'll loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar pax cpio none'
+
+am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+
+
+
+
+
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+
+
+
+# POSIX will say in a future version that running "rm -f" with no argument
+# is OK; and we want to be able to make that assumption in our Makefile
+# recipes. So use an aggressive probe to check that the usage we want is
+# actually supported "in the wild" to an acceptable degree.
+# See automake bug#10828.
+# To make any issue more visible, cause the running configure to be aborted
+# by default if the 'rm' program in use doesn't match our expectations; the
+# user can still override this though.
+if rm -f && rm -fr && rm -rf; then : OK; else
+ cat >&2 <<'END'
+Oops!
+
+Your 'rm' program seems unable to run without file operands specified
+on the command line, even when the '-f' option is present. This is contrary
+to the behaviour of most rm programs out there, and not conforming with
+the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
+
+Please tell bug-automake@gnu.org about your system, including the value
+of your $PATH and any error possibly output before this message. This
+can help us improve future automake versions.
+
+END
+ if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
+ echo 'Configuration will proceed anyway, since you have set the' >&2
+ echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
+ echo >&2
+ else
+ cat >&2 <<'END'
+Aborting the configuration process, to ensure you take notice of the issue.
+
+You can download and install GNU coreutils to get an 'rm' implementation
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
+
+If you want to complete the configuration process using your problematic
+'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+to "yes", and re-run configure.
+
+END
+ as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
+ fi
+fi
+
+
+
+
+
+
+
+
+
+
+
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
+printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
+cat > confinc.mk << 'END'
+am__doit:
+ @echo this is the am__doit target >confinc.out
+.PHONY: am__doit
+END
+am__include="#"
+am__quote=
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ case $?:`cat confinc.out 2>/dev/null` in @%:@(
+ '0:this is the am__doit target') :
+ case $s in @%:@(
+ BSD) :
+ am__include='.include' am__quote='"' ;; @%:@(
+ *) :
+ am__include='include' am__quote='' ;;
+esac ;; @%:@(
+ *) :
+ ;;
+esac
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
+printf "%s\n" "${_am_result}" >&6; }
+
+@%:@ Check whether --enable-dependency-tracking was given.
+if test ${enable_dependency_tracking+y}
+then :
+ enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+ am__nodep='_no'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $@%:@ != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
+set dummy ${ac_tool_prefix}clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "clang", so it can be a program name with args.
+set dummy clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+
+
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion -version; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+printf %s "checking whether the C compiler works... " >&6; }
+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else $as_nop
+ ac_file=''
+fi
+if test -z "$ac_file"
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+printf %s "checking for C compiler default output file name... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+printf "%s\n" "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+printf %s "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else $as_nop
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+printf "%s\n" "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+@%:@include <stdio.h>
+int
+main (void)
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+printf %s "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+printf "%s\n" "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+printf %s "checking for suffix of object files... " >&6; }
+if test ${ac_cv_objext+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+printf "%s\n" "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
+printf %s "checking whether the compiler supports GNU C... " >&6; }
+if test ${ac_cv_c_compiler_gnu+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_compiler_gnu=yes
+else $as_nop
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+y}
+ac_save_CFLAGS=$CFLAGS
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+printf %s "checking whether $CC accepts -g... " >&6; }
+if test ${ac_cv_prog_cc_g+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_g=yes
+else $as_nop
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+
+else $as_nop
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
+if test $ac_test_CFLAGS; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+ac_prog_cc_stdc=no
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
+printf %s "checking for $CC option to enable C11 features... " >&6; }
+if test ${ac_cv_prog_cc_c11+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c11=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c11_program
+_ACEOF
+for ac_arg in '' -std=gnu11
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c11" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c11" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
+ CC="$CC $ac_cv_prog_cc_c11"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
+ ac_prog_cc_stdc=c11
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
+printf %s "checking for $CC option to enable C99 features... " >&6; }
+if test ${ac_cv_prog_cc_c99+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c99_program
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c99" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c99" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
+ CC="$CC $ac_cv_prog_cc_c99"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
+ ac_prog_cc_stdc=c99
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
+printf %s "checking for $CC option to enable C89 features... " >&6; }
+if test ${ac_cv_prog_cc_c89+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c89_program
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c89" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c89" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
+ CC="$CC $ac_cv_prog_cc_c89"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
+ ac_prog_cc_stdc=c89
+fi
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+printf %s "checking whether $CC understands -c and -o together... " >&6; }
+if test ${am_cv_prog_cc_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ # Make sure it works both with $CC and with simple cc.
+ # Following AC_PROG_CC_C_O, we do the test twice because some
+ # compilers refuse to overwrite an existing .o file with -o,
+ # though they will create one.
+ am_cv_prog_cc_c_o=yes
+ for am_i in 1 2; do
+ if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
+ ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } \
+ && test -f conftest2.$ac_objext; then
+ : OK
+ else
+ am_cv_prog_cc_c_o=no
+ break
+ fi
+ done
+ rm -f core conftest*
+ unset am_i
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
+if test "$am_cv_prog_cc_c_o" != yes; then
+ # Losing compiler, so override with the script.
+ # FIXME: It is wrong to rewrite CC.
+ # But if we don't then we get into trouble of one sort or another.
+ # A longer-term fix would be to have automake use am__CC in this case,
+ # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+ CC="$am_aux_dir/compile $CC"
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+depcc="$CC" am_compiler_list=
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+printf %s "checking dependency style of $depcc... " >&6; }
+if test ${am_cv_CC_dependencies_compiler_type+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named 'D' -- because '-MD' means "put the output
+ # in D".
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+ # Solaris 10 /bin/sh.
+ echo '/* dummy */' > sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with '-c' and '-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle '-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs.
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # After this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested.
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+ # This compiler won't grok '-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+
+for ac_prog in flex lex
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LEX+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$LEX"; then
+ ac_cv_prog_LEX="$LEX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_LEX="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LEX=$ac_cv_prog_LEX
+if test -n "$LEX"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
+printf "%s\n" "$LEX" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$LEX" && break
+done
+test -n "$LEX" || LEX=":"
+
+ if test "x$LEX" != "x:"; then
+ cat >conftest.l <<_ACEOF
+%{
+#ifdef __cplusplus
+extern "C"
+#endif
+int yywrap(void);
+%}
+%%
+a { ECHO; }
+b { REJECT; }
+c { yymore (); }
+d { yyless (1); }
+e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
+#ifdef __cplusplus
+ yyless ((yyinput () != 0));
+#else
+ yyless ((input () != 0));
+#endif
+ }
+f { unput (yytext[0]); }
+. { BEGIN INITIAL; }
+%%
+#ifdef YYTEXT_POINTER
+extern char *yytext;
+#endif
+int
+yywrap (void)
+{
+ return 1;
+}
+int
+main (void)
+{
+ return ! yylex ();
+}
+_ACEOF
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
+printf %s "checking for lex output file root... " >&6; }
+if test ${ac_cv_prog_lex_root+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ac_cv_prog_lex_root=unknown
+{ { ac_try="$LEX conftest.l"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+ (eval "$LEX conftest.l") 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
+if test -f lex.yy.c; then
+ ac_cv_prog_lex_root=lex.yy
+elif test -f lexyy.c; then
+ ac_cv_prog_lex_root=lexyy
+fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
+printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
+if test "$ac_cv_prog_lex_root" = unknown
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+fi
+LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
+
+if test ${LEXLIB+y}
+then :
+
+else $as_nop
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
+printf %s "checking for lex library... " >&6; }
+if test ${ac_cv_lib_lex+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ ac_save_LIBS="$LIBS"
+ ac_found=false
+ for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
+ case $ac_cv_lib_lex in @%:@(
+ 'none needed') :
+ ;; @%:@(
+ 'not found') :
+ break ;; @%:@(
+ *) :
+ LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; @%:@(
+ *) :
+ ;;
+esac
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+`cat $LEX_OUTPUT_ROOT.c`
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_found=:
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ if $ac_found; then
+ break
+ fi
+ done
+ LIBS="$ac_save_LIBS"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
+printf "%s\n" "$ac_cv_lib_lex" >&6; }
+ if test "$ac_cv_lib_lex" = 'not found'
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+elif test "$ac_cv_lib_lex" = 'none needed'
+then :
+ LEXLIB=''
+else $as_nop
+ LEXLIB=$ac_cv_lib_lex
+fi
+ ac_save_LIBS="$LIBS"
+ LIBS=
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
+printf %s "checking for library containing yywrap... " >&6; }
+if test ${ac_cv_search_yywrap+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char yywrap ();
+int
+main (void)
+{
+return yywrap ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' fl l
+do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_search_yywrap=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext
+ if test ${ac_cv_search_yywrap+y}
+then :
+ break
+fi
+done
+if test ${ac_cv_search_yywrap+y}
+then :
+
+else $as_nop
+ ac_cv_search_yywrap=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
+printf "%s\n" "$ac_cv_search_yywrap" >&6; }
+ac_res=$ac_cv_search_yywrap
+if test "$ac_res" != no
+then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ LEXLIB="$LIBS"
+fi
+
+ LIBS="$ac_save_LIBS"
+fi
+
+
+if test "$LEX" != :
+then :
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
+printf %s "checking whether yytext is a pointer... " >&6; }
+if test ${ac_cv_prog_lex_yytext_pointer+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ # POSIX says lex can declare yytext either as a pointer or an array; the
+# default is implementation-dependent. Figure out which it is, since
+# not all implementations provide the %pointer and %array declarations.
+ac_cv_prog_lex_yytext_pointer=no
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #define YYTEXT_POINTER 1
+`cat $LEX_OUTPUT_ROOT.c`
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_lex_yytext_pointer=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
+printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
+if test $ac_cv_prog_lex_yytext_pointer = yes; then
+
+printf "%s\n" "@%:@define YYTEXT_POINTER 1" >>confdefs.h
+
+fi
+
+fi
+rm -f conftest.l $LEX_OUTPUT_ROOT.c
+
+fi
+if test "$LEX" = :; then
+ LEX=${am_missing_run}flex
+fi
+for ac_prog in 'bison -y' byacc
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YACC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$YACC"; then
+ ac_cv_prog_YACC="$YACC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_YACC="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+YACC=$ac_cv_prog_YACC
+if test -n "$YACC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+printf "%s\n" "$YACC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$YACC" && break
+done
+test -n "$YACC" || YACC="yacc"
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ printf %s 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+ ac_pt_PKG_CONFIG=$PKG_CONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $ac_pt_PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKG_CONFIG" = x; then
+ PKG_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKG_CONFIG=$ac_pt_PKG_CONFIG
+ fi
+else
+ PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=0.9.0
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ PKG_CONFIG=""
+ fi
+fi
+
+# Extract the first word of "swig", so it can be a program name with args.
+set dummy swig; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SWIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $SWIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+SWIG=$ac_cv_path_SWIG
+if test -n "$SWIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
+printf "%s\n" "$SWIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
+printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
+@%:@ Check whether --enable-debug_output was given.
+if test ${enable_debug_output+y}
+then :
+ enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
+ enable_debug_output=no
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
+printf "%s\n" "$enable_debug_output" >&6; }
+fi
+
+if test "$enable_debug_output" = "yes"
+then :
+
+printf "%s\n" "@%:@define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
+printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
+@%:@ Check whether --enable-man_pages was given.
+if test ${enable_man_pages+y}
+then :
+ enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
+ enable_man_pages=yes
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
+printf "%s\n" "$enable_man_pages" >&6; }
+fi
+
+if test "$enable_man_pages" = "yes"; then
+
+
+
+ # Extract the first word of "podchecker", so it can be a program name with args.
+set dummy podchecker; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PODCHECKER+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$PODCHECKER"; then
+ ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_PODCHECKER="podchecker"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_PODCHECKER" && ac_cv_prog_PODCHECKER="no"
+fi
+fi
+PODCHECKER=$ac_cv_prog_PODCHECKER
+if test -n "$PODCHECKER"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
+printf "%s\n" "$PODCHECKER" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ if test "$PODCHECKER" = "no"; then
+ as_fn_error $? "
+The podchecker program was not found in the default path. podchecker is part of
+Perl, which can be retrieved from:
+
+ https://www.perl.org
+" "$LINENO" 5
+ fi
+
+
+
+
+
+ # Extract the first word of "pod2man", so it can be a program name with args.
+set dummy pod2man; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_POD2MAN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$POD2MAN"; then
+ ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_POD2MAN="pod2man"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_POD2MAN" && ac_cv_prog_POD2MAN="no"
+fi
+fi
+POD2MAN=$ac_cv_prog_POD2MAN
+if test -n "$POD2MAN"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
+printf "%s\n" "$POD2MAN" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ if test "$POD2MAN" = "no"; then
+ as_fn_error $? "
+The pod2man program was not found in the default path. pod2man is part of
+Perl, which can be retrieved from:
+
+ https://www.perl.org
+" "$LINENO" 5
+ fi
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
+printf %s "checking whether python bindings are enabled... " >&6; }
+
+@%:@ Check whether --with-python was given.
+if test ${with_python+y}
+then :
+ withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+if test "$with_python" = "yes"; then
+ test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
+ # Extract the first word of "python3", so it can be a program name with args.
+set dummy python3; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON=$ac_cv_path_PYTHON
+if test -n "$PYTHON"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -z "$PYTHON" && as_fn_error $? "python is required when enabling python bindings" "$LINENO" 5
+
+
+
+ #
+ # Allow the use of a (user set) custom python version
+ #
+
+
+ # Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
+set dummy python$PYTHON_VERSION; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON=$ac_cv_path_PYTHON
+if test -n "$PYTHON"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ if test -z "$PYTHON"; then
+ as_fn_error $? "Cannot find python$PYTHON_VERSION in your system path" "$LINENO" 5
+ PYTHON_VERSION=""
+ fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
+if test -n "$PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
+printf "%s\n" "$PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PYTHON_CONFIG"; then
+ ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
+ # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy `basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $ac_pt_PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
+if test -n "$ac_pt_PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
+printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_pt_PYTHON_CONFIG" = x; then
+ PYTHON_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
+ fi
+else
+ PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
+fi
+
+ if test -z "$PYTHON_CONFIG"; then
+ as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
+ fi
+
+ #
+ # Check for a version of Python >= 2.1.0
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
+printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
+ ac_supports_python_ver=`$PYTHON -c "import sys; \
+ ver = sys.version.split()[0]; \
+ sys.stdout.write(str(ver >= '2.1.0'))"`
+ if test "$ac_supports_python_ver" != "True"; then
+ if test -z "$PYTHON_NOVERSIONCHECK"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "
+This version of the AC@&t@_PYTHON_DEVEL macro
+doesn't work properly with versions of Python before
+2.1.0. You may need to re-run configure, setting the
+variables PYTHON_CPPFLAGS, PYTHON_LDFLAGS, PYTHON_SITE_PKG,
+PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand.
+Moreover, to disable this check, set PYTHON_NOVERSIONCHECK
+to something else than an empty string.
+
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
+printf "%s\n" "skip at user request" >&6; }
+ fi
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ fi
+
+ #
+ # if the macro parameter ``version'' is set, honour it
+ #
+ if test -n ""; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
+printf %s "checking for a version of Python ... " >&6; }
+ ac_supports_python_ver=`$PYTHON -c "import sys; \
+ ver = sys.version.split()[0]; \
+ sys.stdout.write("%s\n" % (ver == ))"`
+ if test "$ac_supports_python_ver" = "True"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "this package requires Python .
+If you have it installed, but it isn't the default Python
+interpreter in your system path, please pass the PYTHON_VERSION
+variable to configure. See \`\`configure --help'' for reference.
+" "$LINENO" 5
+ PYTHON_VERSION=""
+ fi
+ fi
+
+ #
+ # Check if you have setuptools, else fail
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
+printf %s "checking for the setuptools Python package... " >&6; }
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "cannot import Python module \"setuptools\".
+Please check your Python installation. The error was:
+$ac_setuptools_result" "$LINENO" 5
+ PYTHON_VERSION=""
+ fi
+
+ #
+ # Check for Python include path
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
+printf %s "checking for Python include path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
+ fi
+ if test -z "$PYTHON_CPPFLAGS"; then
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
+ if test -n "${python_path}"; then
+ python_path="-I$python_path"
+ fi
+ PYTHON_CPPFLAGS=$python_path
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
+printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
+
+
+ #
+ # Check for Python library path
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
+printf %s "checking for Python library path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
+ fi
+ if test -z "$PYTHON_LDFLAGS"; then
+ # (makes two attempts to ensure we've got a version number
+ # from the interpreter)
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
+ if test "$py_version" == "None"; then
+ if test -n "$PYTHON_VERSION"; then
+ py_version=$PYTHON_VERSION
+ else
+ py_version=`$PYTHON -c "import sys; \
+sys.stdout.write("%s\n" % sys.version[:3])"`
+ fi
+ fi
+
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
+"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
+
+
+ #
+ # Check for site packages
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
+printf %s "checking for Python site-packages path... " >&6; }
+ if test -z "$PYTHON_SITE_PKG"; then
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
+printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
+
+
+ #
+ # libraries which must be linked in when embedding
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
+printf %s "checking python extra libraries... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
+ if test -z "$PYTHON_EXTRA_LIBS"; then
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
+sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
+
+
+ #
+ # linking flags needed when embedding
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
+printf %s "checking python extra linking flags... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
+ if test -z "$PYTHON_EXTRA_LDFLAGS"; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
+sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
+
+
+ #
+ # final check to see if everything compiles alright
+ #
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
+printf %s "checking consistency of all components of python development environment... " >&6; }
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ # save current global flags
+ ac_save_LIBS="$LIBS"
+ ac_save_CPPFLAGS="$CPPFLAGS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
+ CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <Python.h>
+
+int
+main (void)
+{
+
+ Py_Initialize();
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ pythonexists=yes
+else $as_nop
+ pythonexists=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
+printf "%s\n" "$pythonexists" >&6; }
+
+ if test ! "$pythonexists" = "yes"; then
+ as_fn_error $? "
+ Could not link test program to Python. Maybe the main Python library has been
+ installed in some non-standard library path. If so, pass it to configure,
+ via the LDFLAGS environment variable.
+ Example: ./configure LDFLAGS=\"-L/usr/non-standard-path/python/lib\"
+ ============================================================================
+ ERROR!
+ You probably have to install the development version of the Python package
+ for your distribution. The exact name of this package varies among them.
+ ============================================================================
+ " "$LINENO" 5
+ PYTHON_VERSION=""
+ fi
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ # turn back to default flags
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBS="$ac_save_LIBS"
+
+ #
+ # all done!
+ #
+
+
+
+
+
+
+
+ if test -n "$PYTHON"; then
+ # If the user set $PYTHON, use it and don't search something else.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
+printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
+ ($PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "Python interpreter is too old" "$LINENO" 5
+fi
+ am_display_PYTHON=$PYTHON
+ else
+ # Otherwise, try each interpreter until we find one that satisfies
+ # VERSION.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
+printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
+if test ${am_cv_pathless_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
+ test "$am_cv_pathless_PYTHON" = none && break
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
+ ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ break
+fi
+ done
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
+printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
+ # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
+ if test "$am_cv_pathless_PYTHON" = none; then
+ PYTHON=:
+ else
+ # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
+set dummy $am_cv_pathless_PYTHON; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON=$ac_cv_path_PYTHON
+if test -n "$PYTHON"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ fi
+ am_display_PYTHON=$am_cv_pathless_PYTHON
+ fi
+
+
+ if test "$PYTHON" = :; then
+ as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
+ else
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
+printf %s "checking for $am_display_PYTHON version... " >&6; }
+if test ${am_cv_python_version+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
+printf "%s\n" "$am_cv_python_version" >&6; }
+ PYTHON_VERSION=$am_cv_python_version
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
+printf %s "checking for $am_display_PYTHON platform... " >&6; }
+if test ${am_cv_python_platform+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
+printf "%s\n" "$am_cv_python_platform" >&6; }
+ PYTHON_PLATFORM=$am_cv_python_platform
+
+
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
+
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+
+@%:@ Check whether --with-python-sys-prefix was given.
+if test ${with_python_sys_prefix+y}
+then :
+ withval=$with_python_sys_prefix; am_use_python_sys=:
+else $as_nop
+ am_use_python_sys=false
+fi
+
+
+ # Allow user to override whatever the default Python prefix is.
+
+@%:@ Check whether --with-python_prefix was given.
+if test ${with_python_prefix+y}
+then :
+ withval=$with_python_prefix; am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+else $as_nop
+
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
+printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
+if test ${am_cv_python_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
+printf "%s\n" "$am_python_prefix" >&6; }
+ fi
+fi
+
+ # Substituting python_prefix_subst value.
+ PYTHON_PREFIX=$am_python_prefix_subst
+
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+
+@%:@ Check whether --with-python_exec_prefix was given.
+if test ${with_python_exec_prefix+y}
+then :
+ withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ if test -n "$with_python_prefix"
+then :
+ am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
+if test ${am_cv_python_exec_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
+printf "%s\n" "$am_python_exec_prefix" >&6; }
+ fi
+fi
+fi
+
+ # Substituting python_exec_prefix_subst.
+ PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
+
+
+ # Factor out some code duplication into this shell variable.
+ am_python_setup_sysconfig="\
+import sys
+# Prefer sysconfig over distutils.sysconfig, for better compatibility
+# with python 3.x. See automake bug#10227.
+try:
+ import sysconfig
+except ImportError:
+ can_use_sysconfig = 0
+else:
+ can_use_sysconfig = 1
+# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs:
+# <https://github.com/pypa/virtualenv/issues/118>
+try:
+ from platform import python_implementation
+ if python_implementation() == 'CPython' and sys.version[:3] == '2.7':
+ can_use_sysconfig = 0
+except ImportError:
+ pass"
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
+printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
+if test ${am_cv_python_pythondir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+sys.stdout.write(sitedir)"`
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
+ esac
+ ;;
+ esac
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
+printf "%s\n" "$am_cv_python_pythondir" >&6; }
+ pythondir=$am_cv_python_pythondir
+
+
+ pkgpythondir=\${pythondir}/$PACKAGE
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
+printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
+if test ${am_cv_python_pyexecdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
+$am_python_setup_sysconfig
+if can_use_sysconfig:
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
+else:
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
+sys.stdout.write(sitedir)"`
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
+ esac
+ ;;
+ esac
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
+printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
+ pyexecdir=$am_cv_python_pyexecdir
+
+
+ pkgpyexecdir=\${pyexecdir}/$PACKAGE
+
+
+
+ fi
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
+printf %s "checking whether perl bindings are enabled... " >&6; }
+
+@%:@ Check whether --with-perl was given.
+if test ${with_perl+y}
+then :
+ withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+if test "$with_perl" = "yes"; then
+ test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
+ # Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PERL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PERL in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PERL=$ac_cv_path_PERL
+if test -n "$PERL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
+ perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
+ if test -e "$perl_includedir/perl.h"
+then :
+ enable_perl=yes
+else $as_nop
+ enable_perl=no
+fi
+fi
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
+printf %s "checking whether ruby bindings are enabled... " >&6; }
+
+@%:@ Check whether --with-ruby was given.
+if test ${with_ruby+y}
+then :
+ withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+if test "$with_ruby" = "yes"; then
+ test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
+ # Extract the first word of "ruby", so it can be a program name with args.
+set dummy ruby; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_RUBY+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $RUBY in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+RUBY=$ac_cv_path_RUBY
+if test -n "$RUBY"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
+printf "%s\n" "$RUBY" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -z "$RUBY" && as_fn_error $? "ruby is required when enabling ruby bindings" "$LINENO" 5
+fi
+
+
+ if test x$enable_man_pages = xyes; then
+ ENABLE_MAN_PAGES_TRUE=
+ ENABLE_MAN_PAGES_FALSE='#'
+else
+ ENABLE_MAN_PAGES_TRUE='#'
+ ENABLE_MAN_PAGES_FALSE=
+fi
+
+ if test x$with_python = xyes; then
+ HAVE_PYTHON_TRUE=
+ HAVE_PYTHON_FALSE='#'
+else
+ HAVE_PYTHON_TRUE='#'
+ HAVE_PYTHON_FALSE=
+fi
+
+ if test x$with_perl = xyes; then
+ HAVE_PERL_TRUE=
+ HAVE_PERL_FALSE='#'
+else
+ HAVE_PERL_TRUE='#'
+ HAVE_PERL_FALSE=
+fi
+
+ if test x$with_ruby = xyes; then
+ HAVE_RUBY_TRUE=
+ HAVE_RUBY_FALSE='#'
+else
+ HAVE_RUBY_TRUE='#'
+ HAVE_RUBY_FALSE=
+fi
+
+
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
+do
+ if test $ac_cache; then
+ ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+ if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+ printf "%s\n" "#define $ac_item 1" >> confdefs.h
+ fi
+ ac_header= ac_cache=
+ elif test $ac_header; then
+ ac_cache=$ac_item
+ else
+ ac_header=$ac_item
+ fi
+done
+
+
+
+
+
+
+
+
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
+
+printf "%s\n" "@%:@define STDC_HEADERS 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+printf %s "checking for grep that handles long lines and -e... " >&6; }
+if test ${ac_cv_path_GREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in grep ggrep
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ printf %s 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ printf "%s\n" 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+printf "%s\n" "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+# Autoupdate added the next two lines to ensure that your configure
+# script's behavior did not change. They are probably safe to remove.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+printf %s "checking for egrep... " >&6; }
+if test ${ac_cv_path_EGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in egrep
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ printf %s 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ printf "%s\n" 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+printf "%s\n" "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_UNISTD_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_STDINT_H 1" >>confdefs.h
+
+fi
+ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
+if test "x$ac_cv_header_syslog_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SYSLOG_H 1" >>confdefs.h
+
+fi
+
+
+ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
+if test "x$ac_cv_func_asprintf" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_ASPRINTF 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
+if test "x$ac_cv_func___secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE___SECURE_GETENV 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_SECURE_GETENV 1" >>confdefs.h
+
+fi
+ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
+if test "x$ac_cv_func_reallocarray" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_REALLOCARRAY 1" >>confdefs.h
+
+fi
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this sort of thing. */
+ typedef int charset[2];
+ const charset cs = { 0, 0 };
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* IBM XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this sort of thing. */
+ char tx;
+ char *t = &tx;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; } bx;
+ struct s *b = &bx; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_c_const=yes
+else $as_nop
+ ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+printf "%s\n" "@%:@define const /**/" >>confdefs.h
+
+fi
+
+case `pwd` in
+ *\ * | *\ *)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.4.6'
+macro_revision='2.4.6'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain=$ac_aux_dir/ltmain.sh
+
+
+
+ # Make sure we can run config.sub.
+$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+printf %s "checking build system type... " >&6; }
+if test ${ac_cv_build+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+printf "%s\n" "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+printf %s "checking host system type... " >&6; }
+if test ${ac_cv_host+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+printf "%s\n" "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+# Backslashify metacharacters that are still active within
+# double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+printf %s "checking how to print strings... " >&6; }
+# Test print first, because it will be a builtin if present.
+if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
+ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='print -r --'
+elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
+ ECHO='printf %s\n'
+else
+ # Use this function as a fallback that always works.
+ func_fallback_echo ()
+ {
+ eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+ }
+ ECHO='func_fallback_echo'
+fi
+
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+ $ECHO ""
+}
+
+case $ECHO in
+ printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+printf "%s\n" "printf" >&6; } ;;
+ print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+printf "%s\n" "print -r" >&6; } ;;
+ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+printf "%s\n" "cat" >&6; } ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ printf %s 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+printf %s "checking for fgrep... " >&6; }
+if test ${ac_cv_path_FGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+ then ac_cv_path_FGREP="$GREP -F"
+ else
+ if test -z "$FGREP"; then
+ ac_path_FGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in fgrep
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_FGREP" || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+ # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+ ac_count=0
+ printf %s 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ printf "%s\n" 'FGREP' >> "conftest.nl"
+ "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_FGREP="$ac_path_FGREP"
+ ac_path_FGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_FGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_FGREP=$FGREP
+fi
+
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+printf "%s\n" "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+@%:@ Check whether --with-gnu-ld was given.
+if test ${with_gnu_ld+y}
+then :
+ withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
+else $as_nop
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test yes = "$GCC"; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+printf %s "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return, which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD=$ac_prog
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test yes = "$with_gnu_ld"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+printf %s "checking for GNU ld... " >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+printf %s "checking for non-GNU ld... " >&6; }
+fi
+if test ${lt_cv_path_LD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -z "$LD"; then
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS=$lt_save_ifs
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD=$ac_dir/$ac_prog
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test no != "$with_gnu_ld" && break
+ ;;
+ *)
+ test yes != "$with_gnu_ld" && break
+ ;;
+ esac
+ fi
+ done
+ IFS=$lt_save_ifs
+else
+ lt_cv_path_LD=$LD # Let the user override the test with a path.
+fi
+fi
+
+LD=$lt_cv_path_LD
+if test -n "$LD"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+printf "%s\n" "$LD" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
+if test ${lt_cv_prog_gnu_ld+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test ${lt_cv_path_NM+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM=$NM
+else
+ lt_nm_to_check=${ac_tool_prefix}nm
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS=$lt_save_ifs
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm=$ac_dir/$lt_tmp_nm
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the 'sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
+ case $build_os in
+ mingw*) lt_bad_file=conftest.nm/nofile ;;
+ *) lt_bad_file=/dev/null ;;
+ esac
+ case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+ *$lt_bad_file* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break 2
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break 2
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS=$lt_save_ifs
+ done
+ : ${lt_cv_path_NM=no}
+fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+printf "%s\n" "$lt_cv_path_NM" >&6; }
+if test no != "$lt_cv_path_NM"; then
+ NM=$lt_cv_path_NM
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ if test -n "$DUMPBIN"; then :
+ # Let the user override the test.
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in dumpbin "link -dump"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$DUMPBIN"; then
+ ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+printf "%s\n" "$DUMPBIN" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$DUMPBIN" && break
+ done
+fi
+if test -z "$DUMPBIN"; then
+ ac_ct_DUMPBIN=$DUMPBIN
+ for ac_prog in dumpbin "link -dump"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_DUMPBIN"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_DUMPBIN" && break
+done
+
+ if test "x$ac_ct_DUMPBIN" = x; then
+ DUMPBIN=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DUMPBIN=$ac_ct_DUMPBIN
+ fi
+fi
+
+ case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+ *COFF*)
+ DUMPBIN="$DUMPBIN -symbols -headers"
+ ;;
+ *)
+ DUMPBIN=:
+ ;;
+ esac
+ fi
+
+ if test : != "$DUMPBIN"; then
+ NM=$DUMPBIN
+ fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+printf %s "checking the name lister ($NM) interface... " >&6; }
+if test ${lt_cv_nm_interface+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:$LINENO: output\"" >&5)
+ cat conftest.out >&5
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+printf "%s\n" "$lt_cv_nm_interface" >&6; }
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+printf %s "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+printf "%s\n" "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+printf %s "checking the maximum length of command line arguments... " >&6; }
+if test ${lt_cv_sys_max_cmd_len+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ i=0
+ teststring=ABCD
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ mint*)
+ # On MiNT this can take a long time and run out of memory.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ os2*)
+ # The test takes a long time on OS/2.
+ lt_cv_sys_max_cmd_len=8192
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len" && \
+ test undefined != "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test X`env echo "$teststring$teststring" 2>/dev/null` \
+ = "X$teststring$teststring"; } >/dev/null 2>&1 &&
+ test 17 != "$i" # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+
+fi
+
+if test -n "$lt_cv_sys_max_cmd_len"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
+printf "%s\n" "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+printf %s "checking how to convert $build file names to $host format... " >&6; }
+if test ${lt_cv_to_host_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
+ ;;
+ esac
+ ;;
+ *-*-cygwin* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
+ ;;
+ *-*-cygwin* )
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+ * ) # otherwise, assume *nix
+ lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
+ ;;
+ esac
+ ;;
+ * ) # unhandled hosts (and "normal" native builds)
+ lt_cv_to_host_file_cmd=func_convert_file_noop
+ ;;
+esac
+
+fi
+
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+printf %s "checking how to convert $build file names to toolchain format... " >&6; }
+if test ${lt_cv_to_tool_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ #assume ordinary cross tools, or native build.
+lt_cv_to_tool_file_cmd=func_convert_file_noop
+case $host in
+ *-*-mingw* )
+ case $build in
+ *-*-mingw* ) # actually msys
+ lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
+ ;;
+ esac
+ ;;
+esac
+
+fi
+
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+printf %s "checking for $LD option to reload object files... " >&6; }
+if test ${lt_cv_ld_reload_flag+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_ld_reload_flag='-r'
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ if test yes != "$GCC"; then
+ reload_cmds=false
+ fi
+ ;;
+ darwin*)
+ if test yes = "$GCC"; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+printf "%s\n" "$OBJDUMP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+printf %s "checking how to recognize dependent libraries... " >&6; }
+if test ${lt_cv_deplibs_check_method+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# 'unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# that responds to the $file_magic_cmd with a given extended regex.
+# If you have 'file' or equivalent on your system and you're not sure
+# whether 'pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ # Keep this pattern in sync with the one in func_win32_libid.
+ lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc*)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+haiku*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[3-9]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd* | bitrig*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+os2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
+
+file_magic_glob=
+want_nocaseglob=no
+if test "$build" = "$host"; then
+ case $host_os in
+ mingw* | pw32*)
+ if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
+ want_nocaseglob=yes
+ else
+ file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
+ fi
+ ;;
+ esac
+fi
+
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dlltool; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$DLLTOOL"; then
+ ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DLLTOOL=$ac_cv_prog_DLLTOOL
+if test -n "$DLLTOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+printf "%s\n" "$DLLTOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DLLTOOL"; then
+ ac_ct_DLLTOOL=$DLLTOOL
+ # Extract the first word of "dlltool", so it can be a program name with args.
+set dummy dlltool; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_DLLTOOL"; then
+ ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_DLLTOOL="dlltool"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
+if test -n "$ac_ct_DLLTOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_DLLTOOL" = x; then
+ DLLTOOL="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DLLTOOL=$ac_ct_DLLTOOL
+ fi
+else
+ DLLTOOL="$ac_cv_prog_DLLTOOL"
+fi
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+printf %s "checking how to associate runtime and link libraries... " >&6; }
+if test ${lt_cv_sharedlib_from_linklib_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_sharedlib_from_linklib_cmd='unknown'
+
+case $host_os in
+cygwin* | mingw* | pw32* | cegcc*)
+ # two different shell functions defined in ltmain.sh;
+ # decide which one to use based on capabilities of $DLLTOOL
+ case `$DLLTOOL --help 2>&1` in
+ *--identify-strict*)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
+ ;;
+ *)
+ lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
+ ;;
+ esac
+ ;;
+*)
+ # fallback: assume linklib IS sharedlib
+ lt_cv_sharedlib_from_linklib_cmd=$ECHO
+ ;;
+esac
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
+test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ for ac_prog in ar
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+printf "%s\n" "$AR" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$AR" && break
+ done
+fi
+if test -z "$AR"; then
+ ac_ct_AR=$AR
+ for ac_prog in ar
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="$ac_prog"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+printf "%s\n" "$ac_ct_AR" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_AR" && break
+done
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+fi
+
+: ${AR=ar}
+: ${AR_FLAGS=cr}
+
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+printf %s "checking for archiver @FILE support... " >&6; }
+if test ${lt_cv_ar_at_file+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_ar_at_file=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+ echo conftest.$ac_objext > conftest.lst
+ lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+ (eval $lt_ar_try) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test 0 -eq "$ac_status"; then
+ # Ensure the archiver fails upon bogus file names.
+ rm -f conftest.$ac_objext libconftest.a
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+ (eval $lt_ar_try) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if test 0 -ne "$ac_status"; then
+ lt_cv_ar_at_file=@
+ fi
+ fi
+ rm -f conftest.* libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+printf "%s\n" "$lt_cv_ar_at_file" >&6; }
+
+if test no = "$lt_cv_ar_at_file"; then
+ archiver_list_spec=
+else
+ archiver_list_spec=$lt_cv_ar_at_file
+fi
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ bitrig* | openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
+fi
+
+case $host_os in
+ darwin*)
+ lock_old_archive_extraction=yes ;;
+ *)
+ lock_old_archive_extraction=no ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+printf %s "checking command to parse $NM output from $compiler object... " >&6; }
+if test ${lt_cv_sys_global_symbol_pipe+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*)
+ if test ia64 = "$host_cpu"; then
+ symcode='[ABCDEGRST]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Gets list of data symbols to import.
+ lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+ # Adjust the below global symbol transforms to fixup imported variables.
+ lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
+ lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'"
+ lt_c_name_lib_hook="\
+ -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\
+ -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'"
+else
+ # Disable hooks by default.
+ lt_cv_sys_global_symbol_to_import=
+ lt_cdecl_hook=
+ lt_c_name_hook=
+ lt_c_name_lib_hook=
+fi
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+$lt_cdecl_hook\
+" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+$lt_c_name_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'"
+
+# Transform an extracted symbol line into symbol name with lib prefix and
+# symbol address.
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+$lt_c_name_lib_hook\
+" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function,
+ # D for any global variable and I for any imported variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK '"\
+" {last_section=section; section=\$ 3};"\
+" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
+" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
+" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
+" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
+" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+ lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
+ relocations are performed -- see ld's documentation on pseudo-relocs. */
+# define LT@&t@_DLSYM_CONST
+#elif defined __osf__
+/* This system does not cope well with relocations in const data. */
+# define LT@&t@_DLSYM_CONST
+#else
+# define LT@&t@_DLSYM_CONST const
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+LT@&t@_DLSYM_CONST struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_globsym_save_LIBS=$LIBS
+ lt_globsym_save_CFLAGS=$CFLAGS
+ LIBS=conftstm.$ac_objext
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest$ac_exeext; then
+ pipe_works=yes
+ fi
+ LIBS=$lt_globsym_save_LIBS
+ CFLAGS=$lt_globsym_save_CFLAGS
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test yes = "$pipe_works"; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+printf "%s\n" "failed" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+printf "%s\n" "ok" >&6; }
+fi
+
+# Response file support.
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ nm_file_list_spec='@'
+elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
+ nm_file_list_spec='@'
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+printf %s "checking for sysroot... " >&6; }
+
+@%:@ Check whether --with-sysroot was given.
+if test ${with_sysroot+y}
+then :
+ withval=$with_sysroot;
+else $as_nop
+ with_sysroot=no
+fi
+
+
+lt_sysroot=
+case $with_sysroot in #(
+ yes)
+ if test yes = "$GCC"; then
+ lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+ fi
+ ;; #(
+ /*)
+ lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+ ;; #(
+ no|'')
+ ;; #(
+ *)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+printf "%s\n" "$with_sysroot" >&6; }
+ as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
+ ;;
+esac
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+printf "%s\n" "${lt_sysroot:-no}" >&6; }
+
+
+
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+printf %s "checking for a working dd... " >&6; }
+if test ${ac_cv_path_lt_DD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+: ${lt_DD:=$DD}
+if test -z "$lt_DD"; then
+ ac_path_lt_DD_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in dd
+ do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_lt_DD" || continue
+if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
+fi
+ $ac_path_lt_DD_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_lt_DD"; then
+ :
+ fi
+else
+ ac_cv_path_lt_DD=$lt_DD
+fi
+
+rm -f conftest.i conftest2.i conftest.out
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+printf %s "checking how to truncate binary pipes... " >&6; }
+if test ${lt_cv_truncate_bin+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+lt_cv_truncate_bin=
+if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+ cmp -s conftest.i conftest.out \
+ && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
+fi
+rm -f conftest.i conftest2.i conftest.out
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+printf "%s\n" "$lt_cv_truncate_bin" >&6; }
+
+
+
+
+
+
+
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+ for cc_temp in @S|@*""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+ done
+ func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
+@%:@ Check whether --enable-libtool-lock was given.
+if test ${enable_libtool_lock+y}
+then :
+ enableval=$enable_libtool_lock;
+fi
+
+test no = "$enable_libtool_lock" || enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out what ABI is being produced by ac_compile, and set mode
+ # options accordingly.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE=32
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE=64
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
+ echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if test yes = "$lt_cv_prog_gnu_ld"; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+mips64*-*linux*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
+ echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ emul=elf
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ emul="${emul}32"
+ ;;
+ *64-bit*)
+ emul="${emul}64"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *MSB*)
+ emul="${emul}btsmip"
+ ;;
+ *LSB*)
+ emul="${emul}ltsmip"
+ ;;
+ esac
+ case `/usr/bin/file conftest.$ac_objext` in
+ *N32*)
+ emul="${emul}n32"
+ ;;
+ esac
+ LD="${LD-ld} -m $emul"
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly. Note that the listed cases only cover the
+ # situations where additional linker options are needed (such as when
+ # doing 32-bit compilation for a host where ld defaults to 64-bit, or
+ # vice versa); the common cases where no linker options are needed do
+ # not appear in the list.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ case `/usr/bin/file conftest.o` in
+ *x86-64*)
+ LD="${LD-ld} -m elf32_x86_64"
+ ;;
+ *)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ esac
+ ;;
+ powerpc64le-*linux*)
+ LD="${LD-ld} -m elf32lppclinux"
+ ;;
+ powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ powerpcle-*linux*)
+ LD="${LD-ld} -m elf64lppc"
+ ;;
+ powerpc-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS=$CFLAGS
+ CFLAGS="$CFLAGS -belf"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+printf %s "checking whether the C compiler needs -belf... " >&6; }
+if test ${lt_cv_cc_needs_belf+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ lt_cv_cc_needs_belf=yes
+else $as_nop
+ lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
+ if test yes != "$lt_cv_cc_needs_belf"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS=$SAVE_CFLAGS
+ fi
+ ;;
+*-*solaris*)
+ # Find out what ABI is being produced by ac_compile, and set linker
+ # options accordingly.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*)
+ case $host in
+ i?86-*-solaris*|x86_64-*-solaris*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ sparc*-*-solaris*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ # GNU ld 2.21 introduced _sol2 emulations. Use them if available.
+ if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+ LD=${LD-ld}_sol2
+ fi
+ ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks=$enable_libtool_lock
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
+set dummy ${ac_tool_prefix}mt; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$MANIFEST_TOOL"; then
+ ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
+if test -n "$MANIFEST_TOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+printf "%s\n" "$MANIFEST_TOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
+ ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
+ # Extract the first word of "mt", so it can be a program name with args.
+set dummy mt; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_MANIFEST_TOOL"; then
+ ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
+if test -n "$ac_ct_MANIFEST_TOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_MANIFEST_TOOL" = x; then
+ MANIFEST_TOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
+ fi
+else
+ MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
+fi
+
+test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if test ${lt_cv_path_mainfest_tool+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_path_mainfest_tool=no
+ echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
+ $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
+ cat conftest.err >&5
+ if $GREP 'Manifest Tool' conftest.out > /dev/null; then
+ lt_cv_path_mainfest_tool=yes
+ fi
+ rm -f conftest*
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
+if test yes != "$lt_cv_path_mainfest_tool"; then
+ MANIFEST_TOOL=:
+fi
+
+
+
+
+
+
+ case $host_os in
+ rhapsody* | darwin*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$DSYMUTIL"; then
+ ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+printf "%s\n" "$DSYMUTIL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+ ac_ct_DSYMUTIL=$DSYMUTIL
+ # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_DSYMUTIL"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_DSYMUTIL" = x; then
+ DSYMUTIL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DSYMUTIL=$ac_ct_DSYMUTIL
+ fi
+else
+ DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$NMEDIT"; then
+ ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+printf "%s\n" "$NMEDIT" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+ ac_ct_NMEDIT=$NMEDIT
+ # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_NMEDIT"; then
+ ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_NMEDIT="nmedit"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+printf "%s\n" "$ac_ct_NMEDIT" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_NMEDIT" = x; then
+ NMEDIT=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ NMEDIT=$ac_ct_NMEDIT
+ fi
+else
+ NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$LIPO"; then
+ ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+printf "%s\n" "$LIPO" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+ ac_ct_LIPO=$LIPO
+ # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_LIPO"; then
+ ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_LIPO="lipo"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+printf "%s\n" "$ac_ct_LIPO" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_LIPO" = x; then
+ LIPO=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ LIPO=$ac_ct_LIPO
+ fi
+else
+ LIPO="$ac_cv_prog_LIPO"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$OTOOL"; then
+ ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+printf "%s\n" "$OTOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+ ac_ct_OTOOL=$OTOOL
+ # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_OTOOL"; then
+ ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OTOOL="otool"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+printf "%s\n" "$ac_ct_OTOOL" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL" = x; then
+ OTOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL=$ac_ct_OTOOL
+ fi
+else
+ OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$OTOOL64"; then
+ ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+printf "%s\n" "$OTOOL64" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+ ac_ct_OTOOL64=$OTOOL64
+ # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_OTOOL64"; then
+ ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OTOOL64="otool64"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+printf "%s\n" "$ac_ct_OTOOL64" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL64" = x; then
+ OTOOL64=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL64=$ac_ct_OTOOL64
+ fi
+else
+ OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+printf %s "checking for -single_module linker flag... " >&6; }
+if test ${lt_cv_apple_cc_single_mod+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_apple_cc_single_mod=no
+ if test -z "$LT_MULTI_MODULE"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ # If there is a non-empty error log, and "single_module"
+ # appears in it, assume the flag caused a linker warning
+ if test -s conftest.err && $GREP single_module conftest.err; then
+ cat conftest.err >&5
+ # Otherwise, if the output was created with a 0 exit code from
+ # the compiler, it worked.
+ elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+printf %s "checking for -exported_symbols_list linker flag... " >&6; }
+if test ${lt_cv_ld_exported_symbols_list+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ lt_cv_ld_exported_symbols_list=yes
+else $as_nop
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+printf %s "checking for -force_load linker flag... " >&6; }
+if test ${lt_cv_ld_force_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_ld_force_load=no
+ cat > conftest.c << _LT_EOF
+int forced_loaded() { return 2;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
+ $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
+ echo "$AR cr libconftest.a conftest.o" >&5
+ $AR cr libconftest.a conftest.o 2>&5
+ echo "$RANLIB libconftest.a" >&5
+ $RANLIB libconftest.a 2>&5
+ cat > conftest.c << _LT_EOF
+int main() { return 0;}
+_LT_EOF
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
+ _lt_result=$?
+ if test -s conftest.err && $GREP force_load conftest.err; then
+ cat conftest.err >&5
+ elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
+ lt_cv_ld_force_load=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -f conftest.err libconftest.a conftest conftest.c
+ rm -rf conftest.dSYM
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+printf "%s\n" "$lt_cv_ld_force_load" >&6; }
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+ 10.[012][,.]*)
+ _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+ 10.*|11.*)
+ _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test yes = "$lt_cv_apple_cc_single_mod"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test yes = "$lt_cv_ld_exported_symbols_list"; then
+ _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
+ fi
+ if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+# string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+# string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+# "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+# VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+ case x@S|@2 in
+ x)
+ ;;
+ *:)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
+ ;;
+ x:*)
+ eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ *::*)
+ eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+ eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
+ ;;
+ *)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ esac
+}
+
+ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = xyes
+then :
+ printf "%s\n" "@%:@define HAVE_DLFCN_H 1" >>confdefs.h
+
+fi
+
+
+
+
+
+# Set options
+
+
+
+ enable_dlopen=no
+
+
+ enable_win32_dll=no
+
+
+ @%:@ Check whether --enable-shared was given.
+if test ${enable_shared+y}
+then :
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+ for pkg in $enableval; do
+ IFS=$lt_save_ifs
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS=$lt_save_ifs
+ ;;
+ esac
+else $as_nop
+ enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+ @%:@ Check whether --enable-static was given.
+if test ${enable_static+y}
+then :
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+ for pkg in $enableval; do
+ IFS=$lt_save_ifs
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS=$lt_save_ifs
+ ;;
+ esac
+else $as_nop
+ enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+@%:@ Check whether --with-pic was given.
+if test ${with_pic+y}
+then :
+ withval=$with_pic; lt_p=${PACKAGE-default}
+ case $withval in
+ yes|no) pic_mode=$withval ;;
+ *)
+ pic_mode=default
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+ for lt_pkg in $withval; do
+ IFS=$lt_save_ifs
+ if test "X$lt_pkg" = "X$lt_p"; then
+ pic_mode=yes
+ fi
+ done
+ IFS=$lt_save_ifs
+ ;;
+ esac
+else $as_nop
+ pic_mode=default
+fi
+
+
+
+
+
+
+
+
+ @%:@ Check whether --enable-fast-install was given.
+if test ${enable_fast_install+y}
+then :
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+ for pkg in $enableval; do
+ IFS=$lt_save_ifs
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS=$lt_save_ifs
+ ;;
+ esac
+else $as_nop
+ enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+ shared_archive_member_spec=
+case $host,$enable_shared in
+power*-*-aix[5-9]*,yes)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+printf %s "checking which variant of shared library versioning to provide... " >&6; }
+
+@%:@ Check whether --with-aix-soname was given.
+if test ${with_aix_soname+y}
+then :
+ withval=$with_aix_soname; case $withval in
+ aix|svr4|both)
+ ;;
+ *)
+ as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
+ ;;
+ esac
+ lt_cv_with_aix_soname=$with_aix_soname
+else $as_nop
+ if test ${lt_cv_with_aix_soname+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_with_aix_soname=aix
+fi
+
+ with_aix_soname=$lt_cv_with_aix_soname
+fi
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+printf "%s\n" "$with_aix_soname" >&6; }
+ if test aix != "$with_aix_soname"; then
+ # For the AIX way of multilib, we name the shared archive member
+ # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
+ # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
+ # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
+ # the AIX toolchain works better with OBJECT_MODE set (default 32).
+ if test 64 = "${OBJECT_MODE-32}"; then
+ shared_archive_member_spec=shr_64
+ else
+ shared_archive_member_spec=shr
+ fi
+ fi
+ ;;
+*)
+ with_aix_soname=aix
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS=$ltmain
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}"; then
+ setopt NO_GLOB_SUBST
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+printf %s "checking for objdir... " >&6; }
+if test ${lt_cv_objdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+printf "%s\n" "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+printf "%s\n" "@%:@define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test set != "${COLLECT_NAMES+set}"; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a '.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+old_CC=$CC
+old_CFLAGS=$CFLAGS
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+func_cc_basename $compiler
+cc_basename=$func_cc_basename_result
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+printf %s "checking for ${ac_tool_prefix}file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD=$MAGIC_CMD
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS=$lt_save_ifs
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/${ac_tool_prefix}file"; then
+ lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS=$lt_save_ifs
+ MAGIC_CMD=$lt_save_MAGIC_CMD
+ ;;
+esac
+fi
+
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+if test -n "$MAGIC_CMD"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+printf %s "checking for file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD=$MAGIC_CMD
+ lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS=$lt_save_ifs
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/file"; then
+ lt_cv_path_MAGIC_CMD=$ac_dir/"file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS=$lt_save_ifs
+ MAGIC_CMD=$lt_save_MAGIC_CMD
+ ;;
+esac
+fi
+
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+if test -n "$MAGIC_CMD"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC=$CC
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test yes = "$GCC"; then
+ case $cc_basename in
+ nvcc*)
+ lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
+ *)
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
+ esac
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test ${lt_cv_prog_compiler_rtti_exceptions+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+
+
+
+
+
+ lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+
+ if test yes = "$GCC"; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test ia64 = "$host_cpu"; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the '-m68020' flag to GCC prevents building anything better,
+ # like '-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ case $host_os in
+ os2*)
+ lt_prog_compiler_static='$wl-static'
+ ;;
+ esac
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ haiku*)
+ # PIC is the default for Haiku.
+ # The "-static" flag exists, but is broken.
+ lt_prog_compiler_static=
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+
+ case $cc_basename in
+ nvcc*) # Cuda Compiler Driver 2.2
+ lt_prog_compiler_wl='-Xlinker '
+ if test -n "$lt_prog_compiler_pic"; then
+ lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+ fi
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test ia64 = "$host_cpu"; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ case $cc_basename in
+ nagfor*)
+ # NAG Fortran compiler
+ lt_prog_compiler_wl='-Wl,-Wl,,'
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ esac
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ case $host_os in
+ os2*)
+ lt_prog_compiler_static='$wl-static'
+ ;;
+ esac
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='$wl-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+ case $cc_basename in
+ # old Intel for x86_64, which still supported -KPIC.
+ ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ nagfor*)
+ # NAG Fortran compiler
+ lt_prog_compiler_wl='-Wl,-Wl,,'
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ xl* | bgxl* | bgf* | mpixl*)
+ # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-qpic'
+ lt_prog_compiler_static='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ *Sun\ F* | *Sun*Fortran*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Qoption ld '
+ ;;
+ *Sun\ C*)
+ # Sun C 5.9
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ *Intel*\ [CF]*Compiler*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ *Portland\ Group*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ rdos*)
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms that do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic@&t@ -DPIC"
+ ;;
+esac
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+printf %s "checking for $compiler option to produce PIC... " >&6; }
+if test ${lt_cv_prog_compiler_pic+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
+lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test ${lt_cv_prog_compiler_pic_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic@&t@ -DPIC" ## exclude from sc_useless_quotes_in_assignment
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_pic_works"; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test ${lt_cv_prog_compiler_static_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_static_works=no
+ save_LDFLAGS=$LDFLAGS
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS=$save_LDFLAGS
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_static_works"; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links=nottested
+if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
+ # do not overwrite the value of need_locks provided by the user
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+printf %s "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+printf "%s\n" "$hard_links" >&6; }
+ if test no = "$hard_links"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ always_export_symbols=no
+ archive_cmds=
+ archive_expsym_cmds=
+ compiler_needs_object=no
+ enable_shared_with_static_runtimes=no
+ export_dynamic_flag_spec=
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ hardcode_automatic=no
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_separator=
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ inherit_rpath=no
+ link_all_deplibs=unknown
+ module_cmds=
+ module_expsym_cmds=
+ old_archive_from_new_cmds=
+ old_archive_from_expsyms_cmds=
+ thread_safe_flag_spec=
+ whole_archive_flag_spec=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ' (' and ')$', so one must not match beginning or
+ # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
+ # as well as any symbol that contains 'd'.
+ exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test yes != "$GCC"; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd* | bitrig*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu | gnu*)
+ link_all_deplibs=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+
+ # On some targets, GNU ld is compatible enough with the native linker
+ # that we're better off using the native interface for both.
+ lt_use_gnu_ld_interface=no
+ if test yes = "$with_gnu_ld"; then
+ case $host_os in
+ aix*)
+ # The AIX port of GNU ld has always aspired to compatibility
+ # with the native linker. However, as the warning in the GNU ld
+ # block says, versions before 2.19.5* couldn't really create working
+ # shared libraries, regardless of the interface used.
+ case `$LD -v 2>&1` in
+ *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+ *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
+ *\ \(GNU\ Binutils\)\ [3-9]*) ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ ;;
+ *)
+ lt_use_gnu_ld_interface=yes
+ ;;
+ esac
+ fi
+
+ if test yes = "$lt_use_gnu_ld_interface"; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='$wl'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ export_dynamic_flag_spec='$wl--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test ia64 != "$host_cpu"; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.19, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to install binutils
+*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+*** You will then need to restart the configuration process.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ export_dynamic_flag_spec='$wl--export-all-symbols'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+ exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file, use it as
+ # is; otherwise, prepend EXPORTS...
+ archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ haiku*)
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ link_all_deplibs=yes
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ shrext_cmds=.dll
+ archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+ export_dynamic_flag_spec='$wl-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test linux-dietlibc = "$host_os"; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test no = "$tmp_diet"
+ then
+ tmp_addflag=' $pic_flag'
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95* | pgfortran*)
+ # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ nagfor*) # NAGFOR 5.3
+ tmp_sharedflag='-Wl,-shared' ;;
+ xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ nvcc*) # Cuda Compiler Driver 2.2
+ whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+ compiler_needs_object=yes
+ ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+ compiler_needs_object=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+
+ if test yes = "$supports_anon_versioning"; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ tcc*)
+ export_dynamic_flag_spec='-rdynamic'
+ ;;
+ xlf* | bgf* | bgxlf* | mpixlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
+ if test yes = "$supports_anon_versioning"; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test no = "$ld_shlibs"; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test ia64 = "$host_cpu"; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+ # Without the "-l" option, or with the "-B" option, AIX nm treats
+ # weak defined symbols like other global defined symbols, whereas
+ # GNU nm marks them as "W".
+ # While the 'weak' keyword is ignored in the Export File, we need
+ # it in the Import File for the 'aix-soname' feature, so we have
+ # to replace the "-B" option with "-P" for AIX nm.
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # have runtime linking enabled, and use it for executables.
+ # For shared libraries, we enable/disable runtime linking
+ # depending on the kind of the shared library created -
+ # when "with_aix_soname,aix_use_runtimelinking" is:
+ # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables
+ # "aix,yes" lib.so shared, rtl:yes, for executables
+ # lib.a static archive
+ # "both,no" lib.so.V(shr.o) shared, rtl:yes
+ # lib.a(lib.so.V) shared, rtl:no, for executables
+ # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a(lib.so.V) shared, rtl:no
+ # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables
+ # lib.a static archive
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+ # With aix-soname=svr4, we create the lib.so.V shared archives only,
+ # so we don't have lib.a shared libs to link our executables.
+ # We have to force runtime linking in this case.
+ aix_use_runtimelinking=yes
+ LDFLAGS="$LDFLAGS -Wl,-brtl"
+ fi
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ file_list_spec='$wl-f,'
+ case $with_aix_soname,$aix_use_runtimelinking in
+ aix,*) ;; # traditional, no import file
+ svr4,* | *,yes) # use import file
+ # The Import File defines what to hardcode.
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ ;;
+ esac
+
+ if test yes = "$GCC"; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`$CC -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag="$shared_flag "'$wl-G'
+ fi
+ # Need to ensure runtime linking is disabled for the traditional
+ # shared library, or the linker may eventually find shared libraries
+ # /with/ Import File - we do not want to mix them.
+ shared_flag_aix='-shared'
+ shared_flag_svr4='-shared $wl-G'
+ else
+ # not using gcc
+ if test ia64 = "$host_cpu"; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test yes = "$aix_use_runtimelinking"; then
+ shared_flag='$wl-G'
+ else
+ shared_flag='$wl-bM:SRE'
+ fi
+ shared_flag_aix='$wl-bM:SRE'
+ shared_flag_svr4='$wl-G'
+ fi
+ fi
+
+ export_dynamic_flag_spec='$wl-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ if test set = "${lt_cv_aix_libpath+set}"; then
+ aix_libpath=$lt_cv_aix_libpath
+else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+ lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\([^ ]*\) *$/\1/
+ p
+ }
+ }'
+ lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ # Check for a 64-bit object if we didn't find anything.
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=/usr/lib:/lib
+ fi
+
+fi
+
+ aix_libpath=$lt_cv_aix_libpath_
+fi
+
+ hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
+ else
+ if test ia64 = "$host_cpu"; then
+ hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ if test set = "${lt_cv_aix_libpath+set}"; then
+ aix_libpath=$lt_cv_aix_libpath
+else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+
+ lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\([^ ]*\) *$/\1/
+ p
+ }
+ }'
+ lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ # Check for a 64-bit object if we didn't find anything.
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ if test -z "$lt_cv_aix_libpath_"; then
+ lt_cv_aix_libpath_=/usr/lib:/lib
+ fi
+
+fi
+
+ aix_libpath=$lt_cv_aix_libpath_
+fi
+
+ hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' $wl-bernotok'
+ allow_undefined_flag=' $wl-berok'
+ if test yes = "$with_gnu_ld"; then
+ # We only use this code for GNU lds that support --whole-archive.
+ whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
+ else
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ fi
+ archive_cmds_need_lc=yes
+ archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+ # -brtl affects multiple linker settings, -berok does not and is overridden later
+ compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
+ if test svr4 != "$with_aix_soname"; then
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+ fi
+ if test aix != "$with_aix_soname"; then
+ archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
+ else
+ # used by -dlpreopen to get the symbols
+ archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir'
+ fi
+ archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ case $cc_basename in
+ cl*)
+ # Native MSVC
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ file_list_spec='@'
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=.dll
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+ archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then
+ cp "$export_symbols" "$output_objdir/$soname.def";
+ echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+ else
+ $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+ fi~
+ $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+ linknames='
+ # The linker will not automatically build a static lib if we build a DLL.
+ # _LT_TAGVAR(old_archive_from_new_cmds, )='true'
+ enable_shared_with_static_runtimes=yes
+ exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+ # Don't use ranlib
+ old_postinstall_cmds='chmod 644 $oldlib'
+ postlink_cmds='lt_outputfile="@OUTPUT@"~
+ lt_tool_outputfile="@TOOL_OUTPUT@"~
+ case $lt_outputfile in
+ *.exe|*.EXE) ;;
+ *)
+ lt_outputfile=$lt_outputfile.exe
+ lt_tool_outputfile=$lt_tool_outputfile.exe
+ ;;
+ esac~
+ if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+ $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+ $RM "$lt_outputfile.manifest";
+ fi'
+ ;;
+ *)
+ # Assume MSVC wrapper
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=.dll
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ enable_shared_with_static_runtimes=yes
+ ;;
+ esac
+ ;;
+
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ if test yes = "$lt_cv_ld_force_load"; then
+ whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
+ else
+ whole_archive_flag_spec=''
+ fi
+ link_all_deplibs=yes
+ allow_undefined_flag=$_lt_dar_allow_undefined
+ case $cc_basename in
+ ifort*|nagfor*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test yes = "$_lt_dar_can_shared"; then
+ output_verbose_link_cmd=func_echo_all
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+ archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+ module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+
+ else
+ ld_shlibs=no
+ fi
+
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2.*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test yes = "$GCC"; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='$wl-E'
+ ;;
+
+ hpux10*)
+ if test yes,no = "$GCC,$with_gnu_ld"; then
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test no = "$with_gnu_ld"; then
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='$wl-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test yes,no = "$GCC,$with_gnu_ld"; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+
+ # Older versions of the 11.00 compiler do not understand -b yet
+ # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+printf %s "checking if $CC understands -b... " >&6; }
+if test ${lt_cv_prog_compiler__b+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_prog_compiler__b=no
+ save_LDFLAGS=$LDFLAGS
+ LDFLAGS="$LDFLAGS -b"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler__b=yes
+ fi
+ else
+ lt_cv_prog_compiler__b=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS=$save_LDFLAGS
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
+
+if test yes = "$lt_cv_prog_compiler__b"; then
+ archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+fi
+
+ ;;
+ esac
+ fi
+ if test no = "$with_gnu_ld"; then
+ hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='$wl-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ # This should be the same for all languages, so no per-tag cache variable.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if test ${lt_cv_irix_exported_symbol+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ save_LDFLAGS=$LDFLAGS
+ LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo (void) { return 0; }
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ lt_cv_irix_exported_symbol=yes
+else $as_nop
+ lt_cv_irix_exported_symbol=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
+ if test yes = "$lt_cv_irix_exported_symbol"; then
+ archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
+ fi
+ link_all_deplibs=no
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ hardcode_libdir_separator=:
+ inherit_rpath=yes
+ link_all_deplibs=yes
+ ;;
+
+ linux*)
+ case $cc_basename in
+ tcc*)
+ # Fabrice Bellard et al's Tiny C Compiler
+ ld_shlibs=yes
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd* | bitrig*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ hardcode_direct_absolute=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+ export_dynamic_flag_spec='$wl-E'
+ else
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ shrext_cmds=.dll
+ archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+ $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+ $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+ $ECHO EXPORTS >> $output_objdir/$libname.def~
+ prefix_cmds="$SED"~
+ if test EXPORTS = "`$SED 1q $export_symbols`"; then
+ prefix_cmds="$prefix_cmds -e 1d";
+ fi~
+ prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+ cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+ $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+ emximp -o $lib $output_objdir/$libname.def'
+ old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ osf3*)
+ if test yes = "$GCC"; then
+ allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test yes = "$GCC"; then
+ allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+ archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+ hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z defs'
+ if test yes = "$GCC"; then
+ wlarc='$wl'
+ archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='$wl'
+ archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands '-z linker_flag'. GCC discards it without '$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test yes = "$GCC"; then
+ whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
+ else
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test sequent = "$host_vendor"; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag='$wl-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We CANNOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='$wl-z,text'
+ allow_undefined_flag='$wl-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='$wl-R,$libdir'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='$wl-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test yes = "$GCC"; then
+ archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+
+ if test sni = "$host_vendor"; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ export_dynamic_flag_spec='$wl-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+printf "%s\n" "$ld_shlibs" >&6; }
+test no = "$ld_shlibs" && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test yes,yes = "$GCC,$enable_shared"; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+printf %s "checking whether -lc should be explicitly linked in... " >&6; }
+if test ${lt_cv_archive_cmds_need_lc+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ lt_cv_archive_cmds_need_lc=no
+ else
+ lt_cv_archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
+ archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+printf %s "checking dynamic linker characteristics... " >&6; }
+
+if test yes = "$GCC"; then
+ case $host_os in
+ darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
+ *) lt_awk_arg='/^libraries:/' ;;
+ esac
+ case $host_os in
+ mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
+ *) lt_sed_strip_eq='s|=/|/|g' ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
+ case $lt_search_path_spec in
+ *\;*)
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
+ ;;
+ *)
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ esac
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary...
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ # ...but if some path component already ends with the multilib dir we assume
+ # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
+ case "$lt_multi_os_dir; $lt_search_path_spec " in
+ "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
+ lt_multi_os_dir=
+ ;;
+ esac
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
+ elif test -n "$lt_multi_os_dir"; then
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
+BEGIN {RS = " "; FS = "/|\n";} {
+ lt_foo = "";
+ lt_count = 0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo = "/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[lt_foo]++; }
+ if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+ # AWK program above erroneously prepends '/' to C:/dos/paths
+ # for these hosts.
+ case $host_os in
+ mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+ $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
+ esac
+ sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=.so
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+
+
+case $host_os in
+aix3*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='$libname$release$shared_ext$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test ia64 = "$host_cpu"; then
+ # AIX 5 supports IA64
+ library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line '#! .'. This would cause the generated library to
+ # depend on '.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # Using Import Files as archive members, it is possible to support
+ # filename-based versioning of shared library archives on AIX. While
+ # this would work for both with and without runtime linking, it will
+ # prevent static linking of such archives. So we do filename-based
+ # shared library versioning with .so extension only, which is used
+ # when both runtime linking and shared linking is enabled.
+ # Unfortunately, runtime linking may impact performance, so we do
+ # not want this to be the default eventually. Also, we use the
+ # versioned .so libs for executables only if there is the -brtl
+ # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+ # To allow for filename-based versioning support, we need to create
+ # libNAME.so.V as an archive file, containing:
+ # *) an Import File, referring to the versioned filename of the
+ # archive as well as the shared archive member, telling the
+ # bitwidth (32 or 64) of that shared object, and providing the
+ # list of exported symbols of that shared object, eventually
+ # decorated with the 'weak' keyword
+ # *) the shared object with the F_LOADONLY flag set, to really avoid
+ # it being seen by the linker.
+ # At run time we better use the real file rather than another symlink,
+ # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+ case $with_aix_soname,$aix_use_runtimelinking in
+ # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ aix,yes) # traditional libtool
+ dynamic_linker='AIX unversionable lib.so'
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ ;;
+ aix,no) # traditional AIX only
+ dynamic_linker='AIX lib.a(lib.so.V)'
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ ;;
+ svr4,*) # full svr4 only
+ dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,yes) # both, prefer svr4
+ dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
+ library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+ # unpreferred sharedlib libNAME.a needs extra handling
+ postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+ postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+ # We do not specify a path in Import Files, so LIBPATH fires.
+ shlibpath_overrides_runpath=yes
+ ;;
+ *,no) # both, prefer aix
+ dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
+ library_names_spec='$libname$release.a $libname.a'
+ soname_spec='$libname$release$shared_ext$major'
+ # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+ postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+ postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+ ;;
+ esac
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='$libname$shared_ext'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=.dll
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$cc_basename in
+ yes,*)
+ # gcc
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ ;;
+
+ *,cl*)
+ # Native MSVC
+ libname_spec='$name'
+ soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+ library_names_spec='$libname.dll.lib'
+
+ case $build_os in
+ mingw*)
+ sys_lib_search_path_spec=
+ lt_save_ifs=$IFS
+ IFS=';'
+ for lt_path in $LIB
+ do
+ IFS=$lt_save_ifs
+ # Let DOS variable expansion print the short 8.3 style file name.
+ lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+ sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+ done
+ IFS=$lt_save_ifs
+ # Convert to MSYS style.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+ ;;
+ cygwin*)
+ # Convert to unix form, then to dos form, then back to unix form
+ # but this time dos style (no spaces!) so that the unix form looks
+ # like /cygdrive/c/PROGRA~1:/cygdr...
+ sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+ sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+ sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ ;;
+ *)
+ sys_lib_search_path_spec=$LIB
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # FIXME: find the short name or the path components, as spaces are
+ # common. (e.g. "Program Files" -> "PROGRA~1")
+ ;;
+ esac
+
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+ dynamic_linker='Win32 link.exe'
+ ;;
+
+ *)
+ # Assume MSVC wrapper
+ library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
+ dynamic_linker='Win32 ld.exe'
+ ;;
+ esac
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$major$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[23].*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2.*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+haiku*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ dynamic_linker="$host_os runtime_loader"
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ if test 32 = "$HPUX_IA64_MODE"; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux32
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ sys_lib_dlsearch_path_spec=/usr/lib/hpux64
+ fi
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
+ postinstall_cmds='chmod 555 $lib'
+ # or fails outright, so override atomically:
+ install_override_mode=555
+ ;;
+
+interix[3-9]*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test yes = "$lt_cv_prog_gnu_ld"; then
+ version_type=linux # correct to gnu/linux during the next big refactor
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+ sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+linux*android*)
+ version_type=none # Android doesn't support versioned libraries.
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext'
+ soname_spec='$libname$release$shared_ext'
+ finish_cmds=
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ dynamic_linker='Android linker'
+ # Don't embed -rpath directories since the linker doesn't support them.
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+
+ # Some binutils ld are patched to set DT_RUNPATH
+ if test ${lt_cv_shlibpath_overrides_runpath+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ lt_cv_shlibpath_overrides_runpath=no
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main (void)
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
+then :
+ lt_cv_shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+fi
+
+ shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Ideally, we could use ldconfig to report *all* directores which are
+ # searched for libraries, however this is still not possible. Aside from not
+ # being certain /sbin/ldconfig is available, command
+ # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+ # even though it is searched at run-time. Try to do the best guess by
+ # appending ld.so.conf contents (and includes) to the search path.
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd* | bitrig*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec=/usr/lib
+ need_lib_prefix=no
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+ need_version=no
+ else
+ need_version=yes
+ fi
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+os2*)
+ libname_spec='$name'
+ version_type=windows
+ shrext_cmds=.dll
+ need_version=no
+ need_lib_prefix=no
+ # OS/2 can only load a DLL with a base name of 8 characters or less.
+ soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+ v=$($ECHO $release$versuffix | tr -d .-);
+ n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+ $ECHO $n$v`$shared_ext'
+ library_names_spec='${libname}_dll.$libext'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=BEGINLIBPATH
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ postinstall_cmds='base_file=`basename \$file`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='$libname$release$shared_ext$major'
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test yes = "$with_gnu_ld"; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec; then
+ version_type=linux # correct to gnu/linux during the next big refactor
+ library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+ soname_spec='$libname$shared_ext.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=sco
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test yes = "$with_gnu_ld"; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux # correct to gnu/linux during the next big refactor
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux # correct to gnu/linux during the next big refactor
+ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+ soname_spec='$libname$release$shared_ext$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+printf "%s\n" "$dynamic_linker" >&6; }
+test no = "$dynamic_linker" && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test yes = "$GCC"; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+ sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
+fi
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+ sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
+fi
+
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+printf %s "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+ test -n "$runpath_var" ||
+ test yes = "$hardcode_automatic"; then
+
+ # We can hardcode non-existent directories.
+ if test no != "$hardcode_direct" &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
+ test no != "$hardcode_minus_L"; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+printf "%s\n" "$hardcode_action" >&6; }
+
+if test relink = "$hardcode_action" ||
+ test yes = "$inherit_rpath"; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test yes = "$shlibpath_overrides_runpath" ||
+ test no = "$enable_shared"; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+ if test yes != "$enable_dlopen"; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen=load_add_on
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen=LoadLibrary
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen=dlopen
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_lib_dl_dlopen=yes
+else $as_nop
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
+else $as_nop
+
+ lt_cv_dlopen=dyld
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ tpf*)
+ # Don't try to run any link tests for TPF. We know it's impossible
+ # because TPF is a cross-compiler, and we know how we open DSOs.
+ lt_cv_dlopen=dlopen
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=no
+ ;;
+
+ *)
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = xyes
+then :
+ lt_cv_dlopen=shl_load
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+printf %s "checking for shl_load in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_shl_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char shl_load ();
+int
+main (void)
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_lib_dld_shl_load=yes
+else $as_nop
+ ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes
+then :
+ lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
+else $as_nop
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = xyes
+then :
+ lt_cv_dlopen=dlopen
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_lib_dl_dlopen=yes
+else $as_nop
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+printf %s "checking for dlopen in -lsvld... " >&6; }
+if test ${ac_cv_lib_svld_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char dlopen ();
+int
+main (void)
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_lib_svld_dlopen=yes
+else $as_nop
+ ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes
+then :
+ lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+printf %s "checking for dld_link in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_dld_link+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char dld_link ();
+int
+main (void)
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_lib_dld_dld_link=yes
+else $as_nop
+ ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes
+then :
+ lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test no = "$lt_cv_dlopen"; then
+ enable_dlopen=no
+ else
+ enable_dlopen=yes
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS=$CPPFLAGS
+ test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS=$LDFLAGS
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS=$LIBS
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+printf %s "checking whether a program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test yes = "$cross_compiling"; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+/* When -fvisibility=hidden is used, assume the code has been annotated
+ correspondingly for the symbols needed. */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+
+int fnord () { return 42; }
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else
+ {
+ if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else puts (dlerror ());
+ }
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+printf "%s\n" "$lt_cv_dlopen_self" >&6; }
+
+ if test yes = "$lt_cv_dlopen_self"; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self_static+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test yes = "$cross_compiling"; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+/* When -fvisibility=hidden is used, assume the code has been annotated
+ correspondingly for the symbols needed. */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+
+int fnord () { return 42; }
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else
+ {
+ if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ else puts (dlerror ());
+ }
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS=$save_CPPFLAGS
+ LDFLAGS=$save_LDFLAGS
+ LIBS=$save_LIBS
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+printf %s "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP"; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ fi
+ ;;
+ *)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+ # Report what library types will actually be built
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+printf %s "checking if libtool supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+printf "%s\n" "$can_build_shared" >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+printf %s "checking whether to build shared libraries... " >&6; }
+ test no = "$can_build_shared" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test yes = "$enable_shared" && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test ia64 != "$host_cpu"; then
+ case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+ yes,aix,yes) ;; # shared object as lib.so file only
+ yes,svr4,*) ;; # shared object as lib.so archive member only
+ yes,*) enable_static=no ;; # shared object in lib.a archive as well
+ esac
+ fi
+ ;;
+ esac
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+printf "%s\n" "$enable_shared" >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+printf %s "checking whether to build static libraries... " >&6; }
+ # Make sure either enable_shared or enable_static is yes.
+ test yes = "$enable_shared" || enable_static=yes
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+printf "%s\n" "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+
+if test "$ac_cv_prog_cc_c99" = "no"; then
+ as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
+fi
+
+ac_config_files="$ac_config_files Makefile doc/Makefile src/Makefile swig/Makefile swig/perl/Makefile swig/perl/Makefile.PL swig/python/Makefile swig/python/setup.py swig/python/test/Makefile swig/ruby/Makefile testsuite/Makefile testsuite/config/Makefile testsuite/libaalogparse.test/Makefile testsuite/lib/Makefile include/Makefile include/sys/Makefile"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ if test "x$cache_file" != "x/dev/null"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Transform confdefs.h into DEFS.
+# Protect against shell expansion while executing Makefile rules.
+# Protect against Makefile macro expansion.
+#
+# If the first sed substitution is executed (which looks for macros that
+# take arguments), then branch to the quote section. Otherwise,
+# look for a macro that doesn't take arguments.
+ac_script='
+:mline
+/\\$/{
+ N
+ s,\\\n,,
+ b mline
+}
+t clear
+:clear
+s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g
+t quote
+s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g
+t quote
+b any
+:quote
+s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g
+s/\[/\\&/g
+s/\]/\\&/g
+s/\$/$$/g
+H
+:any
+${
+ g
+ s/^\n//
+ s/\n/ /g
+ p
+}
+'
+DEFS=`sed -n "$ac_script" confdefs.h`
+
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIB@&t@OBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIB@&t@OBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+printf %s "checking that generated files are newer than configure... " >&6; }
+ if test -n "$am_sleep_pid"; then
+ # Hide warnings about reused PIDs.
+ wait $am_sleep_pid 2>/dev/null
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
+printf "%s\n" "done" >&6; }
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_MAN_PAGES_TRUE}" && test -z "${ENABLE_MAN_PAGES_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_MAN_PAGES\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_PYTHON_TRUE}" && test -z "${HAVE_PYTHON_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_PYTHON\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_PERL_TRUE}" && test -z "${HAVE_PERL_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_PERL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_RUBY_TRUE}" && test -z "${HAVE_RUBY_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_RUBY\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else $as_nop
+ case `(set -o) 2>/dev/null` in @%:@(
+ *posix*) :
+ set -o posix ;; @%:@(
+ *) :
+ ;;
+esac
+fi
+
+
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
+as_nl='
+'
+export as_nl
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
+
+# The user is always right.
+if ${PATH_SEPARATOR+false} :; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# Find who we are. Look in the path if we contain no directory separator.
+as_myself=
+case $0 in @%:@((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+
+
+@%:@ as_fn_error STATUS ERROR [LINENO LOG_FD]
+@%:@ ----------------------------------------
+@%:@ Output "`basename @S|@0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+@%:@ provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+@%:@ script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ printf "%s\n" "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} @%:@ as_fn_error
+
+
+
+@%:@ as_fn_set_status STATUS
+@%:@ -----------------------
+@%:@ Set @S|@? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} @%:@ as_fn_set_status
+
+@%:@ as_fn_exit STATUS
+@%:@ -----------------
+@%:@ Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} @%:@ as_fn_exit
+
+@%:@ as_fn_unset VAR
+@%:@ ---------------
+@%:@ Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+@%:@ as_fn_append VAR VALUE
+@%:@ ----------------------
+@%:@ Append the text in VALUE to the end of the definition contained in VAR. Take
+@%:@ advantage of any shell optimizations that allow amortized linear growth over
+@%:@ repeated appends, instead of the typical quadratic growth present in naive
+@%:@ implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else $as_nop
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+@%:@ as_fn_arith ARG...
+@%:@ ------------------
+@%:@ Perform arithmetic evaluation on the ARGs, and store the result in the
+@%:@ global @S|@as_val. Take advantage of shells that can avoid forks. The arguments
+@%:@ must be portable across @S|@(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else $as_nop
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in @%:@(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_@&t@echo='printf %s\n'
+as_@&t@echo_n='printf %s'
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+@%:@ as_fn_mkdir_p
+@%:@ -------------
+@%:@ Create "@S|@as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} @%:@ as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+
+@%:@ as_fn_executable_p FILE
+@%:@ -----------------------
+@%:@ Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} @%:@ as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by $as_me, which was
+generated by GNU Autoconf 2.71. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+
+Configuration files:
+$config_files
+
+Configuration commands:
+$config_commands
+
+Report bugs to the package provider."
+
+_ACEOF
+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config='$ac_cs_config_escaped'
+ac_cs_version="\\
+config.status
+configured by $0, generated by GNU Autoconf 2.71,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2021 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ printf "%s\n" "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ printf "%s\n" "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h | --help | --hel | -h )
+ printf "%s\n" "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../@%:@@%:@ /;s/...$/ @%:@@%:@/;p;x;p;x' <<_ASBOX
+@%:@@%:@ Running $as_me. @%:@@%:@
+_ASBOX
+ printf "%s\n" "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
+enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
+shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
+SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
+ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
+PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
+host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
+host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
+host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
+build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
+build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
+build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
+SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
+Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
+GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
+EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
+FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
+LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
+NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
+LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
+exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
+file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
+want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
+DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
+sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
+AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
+archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
+STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
+lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
+CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
+compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
+GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
+lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
+nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
+lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
+lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
+objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
+need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
+MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
+LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
+libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
+postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
+need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
+version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
+install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
+configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
+configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
+striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+ eval 'cat <<_LTECHO_EOF
+\$1
+_LTECHO_EOF'
+}
+
+# Quote evaled strings.
+for var in SHELL \
+ECHO \
+PATH_SEPARATOR \
+SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+file_magic_glob \
+want_nocaseglob \
+DLLTOOL \
+sharedlib_from_linklib_cmd \
+AR \
+AR_FLAGS \
+archiver_list_spec \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_import \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+lt_cv_nm_interface \
+nm_file_list_spec \
+lt_cv_truncate_bin \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_pic \
+lt_prog_compiler_wl \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+MANIFEST_TOOL \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_separator \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+install_override_mode \
+finish_eval \
+old_striplib \
+striplib; do
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postlink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+configure_time_dlsearch_path \
+configure_time_lt_sys_library_path; do
+ case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+ac_aux_dir='$ac_aux_dir'
+
+# See if we are running on zsh, and set the options that allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}"; then
+ setopt NO_GLOB_SUBST
+fi
+
+
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ RM='$RM'
+ ofile='$ofile'
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
+ "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+ "swig/Makefile") CONFIG_FILES="$CONFIG_FILES swig/Makefile" ;;
+ "swig/perl/Makefile") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile" ;;
+ "swig/perl/Makefile.PL") CONFIG_FILES="$CONFIG_FILES swig/perl/Makefile.PL" ;;
+ "swig/python/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/Makefile" ;;
+ "swig/python/setup.py") CONFIG_FILES="$CONFIG_FILES swig/python/setup.py" ;;
+ "swig/python/test/Makefile") CONFIG_FILES="$CONFIG_FILES swig/python/test/Makefile" ;;
+ "swig/ruby/Makefile") CONFIG_FILES="$CONFIG_FILES swig/ruby/Makefile" ;;
+ "testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
+ "testsuite/config/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/config/Makefile" ;;
+ "testsuite/libaalogparse.test/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/libaalogparse.test/Makefile" ;;
+ "testsuite/lib/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/lib/Makefile" ;;
+ "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+ "include/sys/Makefile") CONFIG_FILES="$CONFIG_FILES include/sys/Makefile" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
+ test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp= ac_tmp=
+ trap 'exit_status=$?
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "�"
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+
+eval set X " :F $CONFIG_FILES :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$ac_tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+ esac
+ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+printf "%s\n" "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`printf "%s\n" "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
+ case $ac_file in
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+
+
+ :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Older Autoconf quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ case $CONFIG_FILES in @%:@(
+ *\'*) :
+ eval set x "$CONFIG_FILES" ;; @%:@(
+ *) :
+ set x $CONFIG_FILES ;; @%:@(
+ *) :
+ ;;
+esac
+ shift
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
+ do
+ # Strip MF so we end up with the name of the file.
+ am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`$as_dirname -- "$am_mf" ||
+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$am_mf" : 'X\(//\)[^/]' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$am_mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ am_filepart=`$as_basename -- "$am_mf" ||
+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$am_mf" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ { echo "$as_me:$LINENO: cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles" >&5
+ (cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } || am_rc=$?
+ done
+ if test $am_rc -ne 0; then
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE=\"gmake\" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ { am_dirpart=; unset am_dirpart;}
+ { am_filepart=; unset am_filepart;}
+ { am_mf=; unset am_mf;}
+ { am_rc=; unset am_rc;}
+ rm -f conftest-deps.mk
+}
+ ;;
+ "libtool":C)
+
+ # See if we are running on zsh, and set the options that allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}"; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile=${ofile}T
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+# Generated automatically by $as_me ($PACKAGE) $VERSION
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit, 1996
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program or library that is built
+# using GNU Libtool, you may include this file under the same
+# distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags=''
+
+# Configured defaults for sys_lib_dlsearch_path munging.
+: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# Shared archive member basename,for filename based shared library versioning on AIX.
+shared_archive_member_spec=$shared_archive_member_spec
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that protects backslashes.
+ECHO=$lt_ECHO
+
+# The PATH separator for the build system.
+PATH_SEPARATOR=$lt_PATH_SEPARATOR
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# convert \$build file names to \$host format.
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+
+# convert \$build files to toolchain format.
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method = "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# How to find potential files when deplibs_check_method = "file_magic".
+file_magic_glob=$lt_file_magic_glob
+
+# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
+want_nocaseglob=$lt_want_nocaseglob
+
+# DLL creation program.
+DLLTOOL=$lt_DLLTOOL
+
+# Command to associate shared and link libraries.
+sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
+
+# The archiver.
+AR=$lt_AR
+
+# Flags to create an archive.
+AR_FLAGS=$lt_AR_FLAGS
+
+# How to feed a file listing to the archiver.
+archiver_list_spec=$lt_archiver_list_spec
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Whether to use a lock for old archive extraction.
+lock_old_archive_extraction=$lock_old_archive_extraction
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm into a list of symbols to manually relocate.
+global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name lister interface.
+nm_interface=$lt_lt_cv_nm_interface
+
+# Specify filename containing input files for \$NM.
+nm_file_list_spec=$lt_nm_file_list_spec
+
+# The root where to search for dependent libraries,and where our libraries should be installed.
+lt_sysroot=$lt_sysroot
+
+# Command to truncate a binary pipe.
+lt_truncate_bin=$lt_lt_cv_truncate_bin
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Manifest tool.
+MANIFEST_TOOL=$lt_MANIFEST_TOOL
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Permission mode override for installation of shared libraries.
+install_override_mode=$lt_install_override_mode
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Detected run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
+
+# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
+configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \$shlibpath_var if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Commands necessary for finishing linking programs.
+postlink_cmds=$lt_postlink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ cat <<'_LT_EOF' >> "$cfgfile"
+
+# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
+
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+# string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+# string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+# string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+# "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+# VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+ case x@S|@2 in
+ x)
+ ;;
+ *:)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
+ ;;
+ x:*)
+ eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ *::*)
+ eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+ eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
+ ;;
+ *)
+ eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
+ ;;
+ esac
+}
+
+
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+ for cc_temp in @S|@*""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+ done
+ func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
+
+# ### END FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test set != "${COLLECT_NAMES+set}"; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+
+
+ltmain=$ac_aux_dir/ltmain.sh
+
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '$q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+ ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/libraries/libapparmor/autom4te.cache/requests b/libraries/libapparmor/autom4te.cache/requests
index 09a3a17ca0e12ec66627b8c375b842a27323d225..7c434648926b328e314c1eb780567da7f07b8d61 100644
--- a/libraries/libapparmor/autom4te.cache/requests
+++ b/libraries/libapparmor/autom4te.cache/requests
@@ -1,4 +1,4 @@
-# This file was generated by Autom4te Sun Aug 20 23:09:08 UTC 2017.
+# This file was generated by Autom4te 2.71.
# It contains the lists of macros which have been traced.
# It can be safely removed.
@@ -11,232 +11,203 @@
],
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
- '-',
- '/usr/share/aclocal-1.15/internal/ac-config-macro-dirs.m4',
+ '/usr/share/aclocal-1.16/internal/ac-config-macro-dirs.m4',
'/usr/share/aclocal/libtool.m4',
- '/usr/share/aclocal/ltargz.m4',
- '/usr/share/aclocal/ltdl.m4',
'/usr/share/aclocal/ltoptions.m4',
'/usr/share/aclocal/ltsugar.m4',
'/usr/share/aclocal/ltversion.m4',
'/usr/share/aclocal/lt~obsolete.m4',
'/usr/share/aclocal/pkg.m4',
- '/usr/share/aclocal-1.15/amversion.m4',
- '/usr/share/aclocal-1.15/auxdir.m4',
- '/usr/share/aclocal-1.15/cond.m4',
- '/usr/share/aclocal-1.15/depend.m4',
- '/usr/share/aclocal-1.15/depout.m4',
- '/usr/share/aclocal-1.15/init.m4',
- '/usr/share/aclocal-1.15/install-sh.m4',
- '/usr/share/aclocal-1.15/lead-dot.m4',
- '/usr/share/aclocal-1.15/lex.m4',
- '/usr/share/aclocal-1.15/make.m4',
- '/usr/share/aclocal-1.15/missing.m4',
- '/usr/share/aclocal-1.15/options.m4',
- '/usr/share/aclocal-1.15/prog-cc-c-o.m4',
- '/usr/share/aclocal-1.15/python.m4',
- '/usr/share/aclocal-1.15/runlog.m4',
- '/usr/share/aclocal-1.15/sanity.m4',
- '/usr/share/aclocal-1.15/silent.m4',
- '/usr/share/aclocal-1.15/strip.m4',
- '/usr/share/aclocal-1.15/substnot.m4',
- '/usr/share/aclocal-1.15/tar.m4',
+ '/usr/share/aclocal-1.16/amversion.m4',
+ '/usr/share/aclocal-1.16/auxdir.m4',
+ '/usr/share/aclocal-1.16/cond.m4',
+ '/usr/share/aclocal-1.16/depend.m4',
+ '/usr/share/aclocal-1.16/depout.m4',
+ '/usr/share/aclocal-1.16/init.m4',
+ '/usr/share/aclocal-1.16/install-sh.m4',
+ '/usr/share/aclocal-1.16/lead-dot.m4',
+ '/usr/share/aclocal-1.16/lex.m4',
+ '/usr/share/aclocal-1.16/make.m4',
+ '/usr/share/aclocal-1.16/missing.m4',
+ '/usr/share/aclocal-1.16/options.m4',
+ '/usr/share/aclocal-1.16/prog-cc-c-o.m4',
+ '/usr/share/aclocal-1.16/python.m4',
+ '/usr/share/aclocal-1.16/runlog.m4',
+ '/usr/share/aclocal-1.16/sanity.m4',
+ '/usr/share/aclocal-1.16/silent.m4',
+ '/usr/share/aclocal-1.16/strip.m4',
+ '/usr/share/aclocal-1.16/substnot.m4',
+ '/usr/share/aclocal-1.16/tar.m4',
'configure.ac'
],
{
- 'LTDL_CONVENIENCE' => 1,
- 'AM_ENABLE_STATIC' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
- 'LT_SYS_DLSEARCH_PATH' => 1,
- 'AC_CHECK_LIBM' => 1,
- '_AM_CONFIG_MACRO_DIRS' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- '_LT_AC_LANG_F77_CONFIG' => 1,
- 'AM_PROG_LD' => 1,
- 'AM_ENABLE_SHARED' => 1,
- '_LT_AC_CHECK_DLFCN' => 1,
- 'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
- 'AC_WITH_LTDL' => 1,
- 'AM_SET_LEADING_DOT' => 1,
- 'LTDL_INSTALLABLE' => 1,
- 'LT_LIB_DLLOAD' => 1,
+ 'AC_PYTHON_DEVEL' => 1,
+ 'LTOBSOLETE_VERSION' => 1,
+ 'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
+ '_LT_AC_PROG_CXXCPP' => 1,
+ 'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
+ '_LT_AC_SHELL_INIT' => 1,
+ '_AM_DEPENDENCIES' => 1,
+ '_LT_PROG_F77' => 1,
+ 'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
+ '_LT_AC_PROG_ECHO_BACKSLASH' => 1,
+ 'AC_LIBTOOL_LANG_C_CONFIG' => 1,
'_AM_IF_OPTION' => 1,
- 'PKG_CHECK_EXISTS' => 1,
- '_LT_AC_FILE_LTDLL_C' => 1,
- '_LT_AC_TAGVAR' => 1,
- 'AC_PATH_TOOL_PREFIX' => 1,
- 'AC_LIBLTDL_INSTALLABLE' => 1,
- 'AC_LTDL_SYMBOL_USCORE' => 1,
- 'AC_DEFUN_ONCE' => 1,
- 'LT_PATH_NM' => 1,
- 'AM_AUX_DIR_EXPAND' => 1,
- 'AC_PROG_LD' => 1,
- 'AC_LTDL_DLLIB' => 1,
- 'AM_PROG_LIBTOOL' => 1,
- '_LT_PROG_ECHO_BACKSLASH' => 1,
- 'LT_PROG_GCJ' => 1,
+ '_LT_AC_LANG_CXX' => 1,
+ 'AC_LTDL_PREOPEN' => 1,
+ '_LT_PROG_LTMAIN' => 1,
'AM_PROG_INSTALL_SH' => 1,
- '_LT_AC_PROG_CXXCPP' => 1,
- 'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
- 'AM_SANITY_CHECK' => 1,
- '_LT_WITH_SYSROOT' => 1,
- 'LTOBSOLETE_VERSION' => 1,
- '_AC_PROG_LIBTOOL' => 1,
+ 'PKG_PROG_PKG_CONFIG' => 1,
+ 'AM_SET_DEPDIR' => 1,
'AC_CONFIG_MACRO_DIR' => 1,
- 'AM_DISABLE_SHARED' => 1,
- 'AC_DEFUN' => 1,
- '_LT_AC_LOCK' => 1,
- 'AM_PROG_INSTALL_STRIP' => 1,
+ 'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
+ '_LT_AC_LANG_F77' => 1,
+ 'AM_PATH_PYTHON' => 1,
+ '_AC_AM_CONFIG_HEADER_HOOK' => 1,
+ 'AM_PYTHON_CHECK_VERSION' => 1,
+ 'LT_AC_PROG_EGREP' => 1,
+ '_LT_LINKER_BOILERPLATE' => 1,
+ 'AC_PROG_LD_GNU' => 1,
+ '_AM_PROG_TAR' => 1,
+ 'AM_ENABLE_STATIC' => 1,
+ '_LT_COMPILER_BOILERPLATE' => 1,
+ '_LT_REQUIRED_DARWIN_CHECKS' => 1,
+ 'PKG_CHECK_MODULES' => 1,
'AC_LIBTOOL_COMPILER_OPTION' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
+ 'AM_MAKE_INCLUDE' => 1,
+ 'AC_LIBTOOL_OBJDIR' => 1,
+ 'AM_PROG_INSTALL_STRIP' => 1,
+ 'LT_LANG' => 1,
+ 'LT_INIT' => 1,
+ 'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
+ 'LTOPTIONS_VERSION' => 1,
'_LT_DLL_DEF_P' => 1,
- 'include' => 1,
+ 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
+ 'PKG_INSTALLDIR' => 1,
'_LT_PROG_CXX' => 1,
- '_LT_AC_LANG_CXX' => 1,
- 'AC_PROG_EGREP' => 1,
- 'AC_LIBTOOL_SYS_HARD_LINK_LOCKS' => 1,
- 'AM_PROG_NM' => 1,
- '_LT_AC_LANG_C_CONFIG' => 1,
- 'LT_AC_PROG_SED' => 1,
- 'm4_include' => 1,
- '_LT_PROG_F77' => 1,
- 'PROG_PODCHECKER' => 1,
- '_AM_MANGLE_OPTION' => 1,
- 'AM_PYTHON_CHECK_VERSION' => 1,
- 'AM_SILENT_RULES' => 1,
- '_LT_LINKER_OPTION' => 1,
'm4_pattern_allow' => 1,
- 'AM_DEP_TRACK' => 1,
- 'PKG_CHECK_MODULES' => 1,
- 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
- 'AC_LIBTOOL_F77' => 1,
- 'AC_LIBTOOL_CONFIG' => 1,
+ 'AC_DEFUN' => 1,
+ '_LT_AC_LOCK' => 1,
'AC_LIBTOOL_PROG_CC_C_O' => 1,
- 'LT_LANG' => 1,
- 'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
- 'LT_SYS_DLOPEN_SELF' => 1,
- 'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
- 'AC_LIBTOOL_RC' => 1,
- 'AC_LIBTOOL_SYS_MAX_CMD_LEN' => 1,
- 'AC_PYTHON_DEVEL' => 1,
- 'AC_LTDL_ENABLE_INSTALL' => 1,
- 'LT_SYS_MODULE_PATH' => 1,
- 'LT_SYS_SYMBOL_USCORE' => 1,
- 'AM_MISSING_HAS_RUN' => 1,
- 'AM_MAKE_INCLUDE' => 1,
- 'AM_SET_DEPDIR' => 1,
- '_LT_COMPILER_BOILERPLATE' => 1,
+ 'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
+ '_LT_AC_TAGVAR' => 1,
+ 'AC_LIBTOOL_PICMODE' => 1,
+ 'AM_SET_CURRENT_AUTOMAKE_VERSION' => 1,
+ '_LT_WITH_SYSROOT' => 1,
+ 'AC_LIBTOOL_SETUP' => 1,
+ 'LT_AC_PROG_GCJ' => 1,
+ 'AM_RUN_LOG' => 1,
+ '_AC_PROG_LIBTOOL' => 1,
+ 'AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE' => 1,
+ '_LT_PREPARE_SED_QUOTE_VARS' => 1,
'AC_LIBTOOL_FC' => 1,
+ 'AC_PATH_MAGIC' => 1,
+ 'AC_LIBTOOL_LINKER_OPTION' => 1,
+ 'AC_ENABLE_STATIC' => 1,
+ '_LT_AC_LANG_C_CONFIG' => 1,
+ 'AC_PROG_EGREP' => 1,
+ '_LT_AC_LANG_GCJ_CONFIG' => 1,
+ '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ '_AM_PROG_CC_C_O' => 1,
+ '_LT_AC_CHECK_DLFCN' => 1,
+ '_LT_AC_TRY_DLOPEN_SELF' => 1,
+ 'AC_LIBTOOL_RC' => 1,
+ '_LT_PROG_ECHO_BACKSLASH' => 1,
+ '_PKG_SHORT_ERRORS_SUPPORTED' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ 'AC_LIBTOOL_GCJ' => 1,
+ '_LT_AC_SYS_COMPILER' => 1,
+ 'AM_SANITY_CHECK' => 1,
+ 'AM_INIT_AUTOMAKE' => 1,
+ 'LT_LIB_M' => 1,
+ '_AM_SET_OPTIONS' => 1,
+ 'LT_OUTPUT' => 1,
+ 'LT_AC_PROG_RC' => 1,
+ '_LT_AC_SYS_LIBPATH_AIX' => 1,
+ '_LT_AC_LANG_GCJ' => 1,
+ 'AC_DEFUN_ONCE' => 1,
+ 'LT_PROG_GCJ' => 1,
+ 'AM_DISABLE_STATIC' => 1,
+ 'PKG_NOARCH_INSTALLDIR' => 1,
+ '_m4_warn' => 1,
+ 'AC_PATH_TOOL_PREFIX' => 1,
+ 'AC_ENABLE_SHARED' => 1,
+ 'AC_LIBTOOL_CONFIG' => 1,
+ '_LT_LINKER_OPTION' => 1,
'_AM_AUTOCONF_VERSION' => 1,
- 'AC_PROG_LD_RELOAD_FLAG' => 1,
- '_LT_LINKER_BOILERPLATE' => 1,
- '_LT_AC_LANG_RC_CONFIG' => 1,
- 'AU_DEFUN' => 1,
- 'AC_LIBTOOL_LANG_C_CONFIG' => 1,
- 'PKG_CHECK_MODULES_STATIC' => 1,
- 'AC_LIBTOOL_DLOPEN_SELF' => 1,
- '_LT_REQUIRED_DARWIN_CHECKS' => 1,
- '_LT_PATH_TOOL_PREFIX' => 1,
- 'AC_LIBLTDL_CONVENIENCE' => 1,
- 'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1,
- 'AM_CONDITIONAL' => 1,
- 'LTOPTIONS_VERSION' => 1,
'AM_SUBST_NOTMAKE' => 1,
- 'PKG_INSTALLDIR' => 1,
+ 'AM_PROG_LIBTOOL' => 1,
+ 'AC_LIBTOOL_DLOPEN_SELF' => 1,
+ 'LT_AC_PROG_SED' => 1,
+ 'LT_SYS_DLOPEN_SELF' => 1,
'_AM_SET_OPTION' => 1,
- '_LT_AC_TAGCONFIG' => 1,
- '_LT_AC_TRY_DLOPEN_SELF' => 1,
- 'LT_AC_PROG_RC' => 1,
- 'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
- '_LT_AC_LANG_F77' => 1,
+ '_AM_MANGLE_OPTION' => 1,
+ 'AC_CHECK_LIBM' => 1,
+ 'LT_SUPPORTED_TAG' => 1,
'AC_LIBTOOL_PROG_COMPILER_PIC' => 1,
- 'AC_LIBTOOL_GCJ' => 1,
- '_AM_SET_OPTIONS' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
- 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
- '_PKG_SHORT_ERRORS_SUPPORTED' => 1,
- 'AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH' => 1,
- 'AC_LIBTOOL_SETUP' => 1,
+ 'PKG_CHECK_VAR' => 1,
+ '_LT_AC_LANG_RC_CONFIG' => 1,
+ 'AU_DEFUN' => 1,
+ 'AM_PROG_LD' => 1,
+ 'AM_DISABLE_SHARED' => 1,
'_LT_COMPILER_OPTION' => 1,
- 'AC_LTDL_DLSYM_USCORE' => 1,
- 'AC_LIBTOOL_OBJDIR' => 1,
- '_AC_AM_CONFIG_HEADER_HOOK' => 1,
- 'PKG_PROG_PKG_CONFIG' => 1,
- 'AC_PATH_MAGIC' => 1,
- 'AC_LTDL_SHLIBPATH' => 1,
+ 'AM_PROG_LEX' => 1,
'PROG_POD2MAN' => 1,
- 'm4_pattern_forbid' => 1,
- 'AC_LIBTOOL_LANG_RC_CONFIG' => 1,
- 'LT_SYS_MODULE_EXT' => 1,
- 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- 'AM_MISSING_PROG' => 1,
- '_m4_warn' => 1,
- 'AM_DISABLE_STATIC' => 1,
+ '_AM_CONFIG_MACRO_DIRS' => 1,
+ 'AM_SET_LEADING_DOT' => 1,
+ 'AM_MISSING_HAS_RUN' => 1,
+ 'LT_CMD_MAX_LEN' => 1,
+ 'AM_PROG_NM' => 1,
+ '_LT_AC_LANG_CXX_CONFIG' => 1,
+ 'LT_PROG_RC' => 1,
+ 'LT_PATH_LD' => 1,
+ 'AC_LTDL_OBJDIR' => 1,
+ 'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
+ 'AC_LTDL_ENABLE_INSTALL' => 1,
+ '_LT_PATH_TOOL_PREFIX' => 1,
+ '_LT_AC_LANG_F77_CONFIG' => 1,
+ 'AC_LIBTOOL_LANG_F77_CONFIG' => 1,
'LTVERSION_VERSION' => 1,
- 'AM_RUN_LOG' => 1,
- 'AC_DEPLIBS_CHECK_METHOD' => 1,
- '_LT_AC_PROG_ECHO_BACKSLASH' => 1,
'AC_LIBTOOL_PROG_LD_SHLIBS' => 1,
- 'AM_PROG_CC_C_O' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
+ 'AM_MISSING_PROG' => 1,
+ 'AC_DISABLE_FAST_INSTALL' => 1,
+ 'AM_SILENT_RULES' => 1,
'AC_DISABLE_STATIC' => 1,
- 'AC_LTDL_SYSSEARCHPATH' => 1,
+ 'LT_PATH_NM' => 1,
+ 'PKG_CHECK_MODULES_STATIC' => 1,
+ '_LT_AC_FILE_LTDLL_C' => 1,
'AC_LIBTOOL_DLOPEN' => 1,
- 'AM_PROG_LEX' => 1,
- '_AM_PROG_CC_C_O' => 1,
- '_AM_PROG_TAR' => 1,
- 'LT_CMD_MAX_LEN' => 1,
'AC_LIBTOOL_CXX' => 1,
- 'AC_LIBTOOL_SYS_DYNAMIC_LINKER' => 1,
- '_AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
- 'LT_AC_PROG_EGREP' => 1,
- 'AC_LTDL_OBJDIR' => 1,
- 'PKG_CHECK_VAR' => 1,
- '_LT_AC_SYS_COMPILER' => 1,
- 'AC_LTDL_SYS_DLOPEN_DEPLIBS' => 1,
'_LT_PROG_FC' => 1,
- '_LT_AC_LANG_GCJ_CONFIG' => 1,
- 'LT_LIB_M' => 1,
- 'LT_WITH_LTDL' => 1,
- 'AC_PROG_LD_GNU' => 1,
- '_LT_AC_LANG_GCJ' => 1,
- 'AC_LIBTOOL_LANG_GCJ_CONFIG' => 1,
- 'AC_ENABLE_SHARED' => 1,
- 'LT_FUNC_DLSYM_USCORE' => 1,
- '_LT_AC_LANG_CXX_CONFIG' => 1,
- 'LT_CONFIG_LTDL_DIR' => 1,
- 'LTSUGAR_VERSION' => 1,
- '_LT_AC_SYS_LIBPATH_AIX' => 1,
- 'AC_LIBTOOL_WIN32_DLL' => 1,
- 'PKG_NOARCH_INSTALLDIR' => 1,
'AC_ENABLE_FAST_INSTALL' => 1,
- '_LT_PREPARE_SED_QUOTE_VARS' => 1,
- 'AC_DISABLE_SHARED' => 1,
- '_LTDL_SETUP' => 1,
- '_AM_DEPENDENCIES' => 1,
- 'LT_INIT' => 1,
- 'AC_LIBTOOL_LINKER_OPTION' => 1,
- 'AC_PROG_LIBTOOL' => 1,
- 'AC_LIB_LTDL' => 1,
- 'LT_AC_PROG_GCJ' => 1,
- 'AC_LIBTOOL_LANG_CXX_CONFIG' => 1,
- '_LT_AC_SHELL_INIT' => 1,
- 'AC_PROG_NM' => 1,
- '_LT_LIBOBJ' => 1,
- 'LT_OUTPUT' => 1,
- 'AC_ENABLE_STATIC' => 1,
- '_LT_PROG_LTMAIN' => 1,
- 'AC_LIBTOOL_PICMODE' => 1,
+ 'AC_PROG_LD' => 1,
+ 'AC_LIBTOOL_POSTDEP_PREDEP' => 1,
'_LT_CC_BASENAME' => 1,
- 'AM_PATH_PYTHON' => 1,
- 'AC_LTDL_PREOPEN' => 1,
+ 'AC_DEPLIBS_CHECK_METHOD' => 1,
+ 'm4_include' => 1,
+ 'm4_pattern_forbid' => 1,
+ 'AM_DEP_TRACK' => 1,
+ 'PROG_PODCHECKER' => 1,
+ 'include' => 1,
+ 'LTSUGAR_VERSION' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ 'AM_ENABLE_SHARED' => 1,
'LT_PROG_GO' => 1,
- 'LT_FUNC_ARGZ' => 1,
- 'AC_LTDL_SHLIBEXT' => 1,
- 'LT_SYS_DLOPEN_DEPLIBS' => 1,
- 'LT_PROG_RC' => 1,
- 'LTDL_INIT' => 1,
- 'AC_DISABLE_FAST_INSTALL' => 1,
- 'LT_PATH_LD' => 1
+ 'AC_PROG_LD_RELOAD_FLAG' => 1,
+ 'AM_OUTPUT_DEPENDENCY_COMMANDS' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
+ 'AC_LIBTOOL_SYS_OLD_ARCHIVE' => 1,
+ 'AC_LIBTOOL_F77' => 1,
+ 'PKG_CHECK_EXISTS' => 1,
+ 'AC_PROG_NM' => 1,
+ 'AM_CONDITIONAL' => 1,
+ 'AM_AUX_DIR_EXPAND' => 1,
+ 'AC_LIBTOOL_SYS_LIB_STRIP' => 1,
+ 'AC_LIBTOOL_WIN32_DLL' => 1,
+ 'AC_DISABLE_SHARED' => 1,
+ '_LT_AC_TAGCONFIG' => 1,
+ 'AC_LIBTOOL_PROG_COMPILER_NO_RTTI' => 1
}
], 'Autom4te::Request' ),
bless( [
@@ -248,69 +219,150 @@
[
'/usr/share/autoconf/autoconf/autoconf.m4f',
'aclocal.m4',
+ '/usr/share/autoconf/autoconf/trailer.m4',
'configure.ac'
],
{
- '_LT_AC_TAGCONFIG' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ '_AM_MAKEFILE_INCLUDE' => 1,
+ 'm4_sinclude' => 1,
+ 'AM_INIT_AUTOMAKE' => 1,
+ 'AC_FC_SRCEXT' => 1,
'AC_CONFIG_LINKS' => 1,
+ 'AC_CANONICAL_SYSTEM' => 1,
+ 'sinclude' => 1,
+ 'AC_FC_PP_SRCEXT' => 1,
+ 'AM_NLS' => 1,
+ 'AC_FC_PP_DEFINE' => 1,
+ 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
+ 'AM_PATH_GUILE' => 1,
+ 'AC_SUBST' => 1,
+ 'AM_POT_TOOLS' => 1,
+ '_m4_warn' => 1,
'AM_ENABLE_MULTILIB' => 1,
- 'AM_INIT_AUTOMAKE' => 1,
- 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
+ 'AC_CANONICAL_BUILD' => 1,
+ 'AM_PROG_LIBTOOL' => 1,
+ 'AM_PROG_F77_C_O' => 1,
+ 'AM_PROG_MKDIR_P' => 1,
+ '_AM_COND_ENDIF' => 1,
+ 'LT_SUPPORTED_TAG' => 1,
'AC_CANONICAL_TARGET' => 1,
+ 'AM_PROG_MOC' => 1,
+ 'AC_INIT' => 1,
+ 'AC_CONFIG_HEADERS' => 1,
'AC_CANONICAL_HOST' => 1,
- 'm4_include' => 1,
+ 'AC_CONFIG_FILES' => 1,
+ 'AC_FC_FREEFORM' => 1,
+ 'GTK_DOC_CHECK' => 1,
+ 'AM_MAKEFILE_INCLUDE' => 1,
+ 'AC_CONFIG_SUBDIRS' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
+ 'AM_PROG_CXX_C_O' => 1,
+ 'AH_OUTPUT' => 1,
+ 'AM_PROG_FC_C_O' => 1,
+ 'AC_LIBSOURCE' => 1,
+ 'AM_SILENT_RULES' => 1,
'AM_XGETTEXT_OPTION' => 1,
- 'AM_AUTOMAKE_VERSION' => 1,
+ '_AM_COND_ELSE' => 1,
+ 'LT_INIT' => 1,
+ 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
'AC_DEFINE_TRACE_LITERAL' => 1,
- 'AM_GNU_GETTEXT' => 1,
- 'LT_SUPPORTED_TAG' => 1,
- 'AM_PROG_MKDIR_P' => 1,
- 'sinclude' => 1,
+ 'AC_SUBST_TRACE' => 1,
+ 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
+ 'm4_pattern_allow' => 1,
+ 'm4_pattern_forbid' => 1,
+ 'AC_CONFIG_AUX_DIR' => 1,
+ 'm4_include' => 1,
+ 'AC_REQUIRE_AUX_FILE' => 1,
'include' => 1,
- 'AC_CONFIG_FILES' => 1,
- 'AC_CANONICAL_SYSTEM' => 1,
+ 'AC_CONFIG_LIBOBJ_DIR' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
'_AM_COND_IF' => 1,
- 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
- 'AC_SUBST_TRACE' => 1,
- 'AC_CANONICAL_BUILD' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ 'IT_PROG_INTLTOOL' => 1,
+ 'AM_GNU_GETTEXT' => 1,
+ 'AM_CONDITIONAL' => 1,
+ 'LT_CONFIG_LTDL_DIR' => 1,
+ '_LT_AC_TAGCONFIG' => 1,
+ 'AM_MAINTAINER_MODE' => 1,
+ 'AM_PROG_AR' => 1
+ }
+ ], 'Autom4te::Request' ),
+ bless( [
+ '2',
+ 1,
+ [
+ '/usr/share/autoconf'
+ ],
+ [
+ '/usr/share/autoconf/autoconf/autoconf.m4f',
+ 'aclocal.m4',
+ 'configure.ac'
+ ],
+ {
'm4_pattern_allow' => 1,
- 'AM_SILENT_RULES' => 1,
- 'AC_CONFIG_SUBDIRS' => 1,
- '_m4_warn' => 1,
- 'AM_PROG_AR' => 1,
- 'AM_POT_TOOLS' => 1,
- '_AM_MAKEFILE_INCLUDE' => 1,
- 'AC_SUBST' => 1,
+ 'AM_GNU_GETTEXT_INTL_SUBDIR' => 1,
+ 'AC_SUBST_TRACE' => 1,
+ 'm4_include' => 1,
'm4_pattern_forbid' => 1,
- '_AM_COND_ELSE' => 1,
- '_AM_COND_ENDIF' => 1,
+ 'AC_CONFIG_AUX_DIR' => 1,
+ 'AC_CONFIG_LIBOBJ_DIR' => 1,
+ 'include' => 1,
'AC_REQUIRE_AUX_FILE' => 1,
- 'AC_LIBSOURCE' => 1,
+ 'AM_AUTOMAKE_VERSION' => 1,
+ '_AM_COND_IF' => 1,
+ 'AC_PROG_LIBTOOL' => 1,
+ 'IT_PROG_INTLTOOL' => 1,
'LT_CONFIG_LTDL_DIR' => 1,
+ 'AM_CONDITIONAL' => 1,
+ 'AM_GNU_GETTEXT' => 1,
+ 'AM_PROG_AR' => 1,
+ 'AM_MAINTAINER_MODE' => 1,
+ '_LT_AC_TAGCONFIG' => 1,
+ '_AM_SUBST_NOTMAKE' => 1,
+ 'AM_PROG_FC_C_O' => 1,
+ 'AM_PROG_CXX_C_O' => 1,
'AH_OUTPUT' => 1,
- 'AC_PROG_LIBTOOL' => 1,
+ 'AC_LIBSOURCE' => 1,
+ 'AM_SILENT_RULES' => 1,
+ '_AM_COND_ELSE' => 1,
+ 'AM_XGETTEXT_OPTION' => 1,
'LT_INIT' => 1,
+ 'AC_DEFINE_TRACE_LITERAL' => 1,
+ 'AC_CONFIG_MACRO_DIR_TRACE' => 1,
+ 'AM_PROG_F77_C_O' => 1,
+ 'AM_PROG_LIBTOOL' => 1,
+ 'AM_PROG_MKDIR_P' => 1,
+ 'AM_PROG_MOC' => 1,
+ 'AC_CANONICAL_TARGET' => 1,
'AC_INIT' => 1,
+ '_AM_COND_ENDIF' => 1,
+ 'LT_SUPPORTED_TAG' => 1,
+ 'AC_CANONICAL_HOST' => 1,
+ 'AC_CONFIG_FILES' => 1,
+ 'AC_CONFIG_HEADERS' => 1,
'AC_FC_FREEFORM' => 1,
+ 'GTK_DOC_CHECK' => 1,
+ 'AC_CONFIG_SUBDIRS' => 1,
+ 'AM_MAKEFILE_INCLUDE' => 1,
+ '_AM_MAKEFILE_INCLUDE' => 1,
+ 'AM_PROG_CC_C_O' => 1,
+ 'm4_sinclude' => 1,
+ 'sinclude' => 1,
+ 'AC_CONFIG_LINKS' => 1,
+ 'AC_CANONICAL_SYSTEM' => 1,
'AC_FC_SRCEXT' => 1,
- 'AM_PROG_LIBTOOL' => 1,
+ 'AM_INIT_AUTOMAKE' => 1,
'AC_FC_PP_DEFINE' => 1,
- 'AM_PROG_FC_C_O' => 1,
- 'AM_PROG_F77_C_O' => 1,
- 'AM_PROG_CC_C_O' => 1,
'AM_NLS' => 1,
- 'AC_CONFIG_HEADERS' => 1,
- 'AM_MAKEFILE_INCLUDE' => 1,
- 'AM_PATH_GUILE' => 1,
- 'AM_PROG_MOC' => 1,
- 'AC_CONFIG_LIBOBJ_DIR' => 1,
'AC_FC_PP_SRCEXT' => 1,
- '_AM_SUBST_NOTMAKE' => 1,
- 'AC_CONFIG_AUX_DIR' => 1,
- 'm4_sinclude' => 1,
- 'AM_PROG_CXX_C_O' => 1,
- 'AM_MAINTAINER_MODE' => 1,
- 'AM_CONDITIONAL' => 1
+ 'AM_PATH_GUILE' => 1,
+ 'AM_EXTRA_RECURSIVE_TARGETS' => 1,
+ 'AC_SUBST' => 1,
+ 'AC_CANONICAL_BUILD' => 1,
+ 'AM_ENABLE_MULTILIB' => 1,
+ '_m4_warn' => 1,
+ 'AM_POT_TOOLS' => 1
}
], 'Autom4te::Request' )
);
diff --git a/libraries/libapparmor/autom4te.cache/traces.0 b/libraries/libapparmor/autom4te.cache/traces.0
index 1017bb6e6327ee01826c7ff2d37f2e5dee06eb3b..749ef1616b7900b3d1714af1b83c1c1f178826c2 100644
--- a/libraries/libapparmor/autom4te.cache/traces.0
+++ b/libraries/libapparmor/autom4te.cache/traces.0
@@ -33,12 +33,12 @@ _LT_SETUP
# Only expand once:
m4_define([LT_INIT])
])
-m4trace:/usr/share/aclocal/libtool.m4:99: -1- AU_DEFUN([AC_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:99: -1- AC_DEFUN([AC_PROG_LIBTOOL], [AC_DIAGNOSE([obsolete], [The macro `AC_PROG_LIBTOOL' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:99: -1- AU_DEFUN([AC_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:99: -1- AC_DEFUN([AC_PROG_LIBTOOL], [m4_warn([obsolete], [The macro `AC_PROG_LIBTOOL' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:100: -1- AU_DEFUN([AM_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:100: -1- AC_DEFUN([AM_PROG_LIBTOOL], [AC_DIAGNOSE([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:100: -1- AU_DEFUN([AM_PROG_LIBTOOL], [m4_if($#, 0, [LT_INIT], [LT_INIT($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:100: -1- AC_DEFUN([AM_PROG_LIBTOOL], [m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_INIT], [LT_INIT($@)])])
m4trace:/usr/share/aclocal/libtool.m4:619: -1- AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt}
@@ -141,23 +141,23 @@ m4_case([$1],
[m4_fatal([$0: unsupported language: "$1"])])])dnl
])
m4trace:/usr/share/aclocal/libtool.m4:914: -1- AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-m4trace:/usr/share/aclocal/libtool.m4:914: -1- AC_DEFUN([AC_LIBTOOL_CXX], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_CXX' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:914: -1- AC_DEFUN([AC_LIBTOOL_CXX], [m4_warn([obsolete], [The macro `AC_LIBTOOL_CXX' is obsolete.
You should run autoupdate.])dnl
LT_LANG(C++)])
m4trace:/usr/share/aclocal/libtool.m4:915: -1- AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-m4trace:/usr/share/aclocal/libtool.m4:915: -1- AC_DEFUN([AC_LIBTOOL_F77], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_F77' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:915: -1- AC_DEFUN([AC_LIBTOOL_F77], [m4_warn([obsolete], [The macro `AC_LIBTOOL_F77' is obsolete.
You should run autoupdate.])dnl
LT_LANG(Fortran 77)])
m4trace:/usr/share/aclocal/libtool.m4:916: -1- AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-m4trace:/usr/share/aclocal/libtool.m4:916: -1- AC_DEFUN([AC_LIBTOOL_FC], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_FC' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:916: -1- AC_DEFUN([AC_LIBTOOL_FC], [m4_warn([obsolete], [The macro `AC_LIBTOOL_FC' is obsolete.
You should run autoupdate.])dnl
LT_LANG(Fortran)])
m4trace:/usr/share/aclocal/libtool.m4:917: -1- AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-m4trace:/usr/share/aclocal/libtool.m4:917: -1- AC_DEFUN([AC_LIBTOOL_GCJ], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_GCJ' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:917: -1- AC_DEFUN([AC_LIBTOOL_GCJ], [m4_warn([obsolete], [The macro `AC_LIBTOOL_GCJ' is obsolete.
You should run autoupdate.])dnl
LT_LANG(Java)])
m4trace:/usr/share/aclocal/libtool.m4:918: -1- AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-m4trace:/usr/share/aclocal/libtool.m4:918: -1- AC_DEFUN([AC_LIBTOOL_RC], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_RC' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:918: -1- AC_DEFUN([AC_LIBTOOL_RC], [m4_warn([obsolete], [The macro `AC_LIBTOOL_RC' is obsolete.
You should run autoupdate.])dnl
LT_LANG(Windows Resource)])
m4trace:/usr/share/aclocal/libtool.m4:1246: -1- AC_DEFUN([_LT_WITH_SYSROOT], [AC_MSG_CHECKING([for sysroot])
@@ -229,8 +229,8 @@ else
m4_if([$6], , :, [$6])
fi
])
-m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AU_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [m4_if($#, 0, [_LT_COMPILER_OPTION], [_LT_COMPILER_OPTION($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_COMPILER_OPTION' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AU_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [m4_if($#, 0, [_LT_COMPILER_OPTION], [_LT_COMPILER_OPTION($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:1619: -1- AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [m4_warn([obsolete], [The macro `AC_LIBTOOL_COMPILER_OPTION' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [_LT_COMPILER_OPTION], [_LT_COMPILER_OPTION($@)])])
m4trace:/usr/share/aclocal/libtool.m4:1628: -1- AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl
@@ -265,8 +265,8 @@ else
m4_if([$5], , :, [$5])
fi
])
-m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AU_DEFUN([AC_LIBTOOL_LINKER_OPTION], [m4_if($#, 0, [_LT_LINKER_OPTION], [_LT_LINKER_OPTION($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_LINKER_OPTION' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AU_DEFUN([AC_LIBTOOL_LINKER_OPTION], [m4_if($#, 0, [_LT_LINKER_OPTION], [_LT_LINKER_OPTION($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:1663: -1- AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [m4_warn([obsolete], [The macro `AC_LIBTOOL_LINKER_OPTION' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [_LT_LINKER_OPTION], [_LT_LINKER_OPTION($@)])])
m4trace:/usr/share/aclocal/libtool.m4:1670: -1- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl
@@ -405,8 +405,8 @@ max_cmd_len=$lt_cv_sys_max_cmd_len
_LT_DECL([], [max_cmd_len], [0],
[What is the maximum length of a command?])
])
-m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AU_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [m4_if($#, 0, [LT_CMD_MAX_LEN], [LT_CMD_MAX_LEN($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_SYS_MAX_CMD_LEN' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AU_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [m4_if($#, 0, [LT_CMD_MAX_LEN], [LT_CMD_MAX_LEN($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:1809: -1- AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [m4_warn([obsolete], [The macro `AC_LIBTOOL_SYS_MAX_CMD_LEN' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_CMD_MAX_LEN], [LT_CMD_MAX_LEN($@)])])
m4trace:/usr/share/aclocal/libtool.m4:1920: -1- AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl
@@ -531,8 +531,8 @@ _LT_DECL([dlopen_self], [enable_dlopen_self], [0],
_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
[Whether dlopen of statically linked programs is supported])
])
-m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AU_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [m4_if($#, 0, [LT_SYS_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_DLOPEN_SELF' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AU_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [m4_if($#, 0, [LT_SYS_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:2045: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [m4_warn([obsolete], [The macro `AC_LIBTOOL_DLOPEN_SELF' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_SYS_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF($@)])])
m4trace:/usr/share/aclocal/libtool.m4:3166: -1- AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl
@@ -594,8 +594,8 @@ fi
_LT_DECL([], [MAGIC_CMD], [0],
[Used to examine libraries when file_magic_cmd begins with "file"])dnl
])
-m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AU_DEFUN([AC_PATH_TOOL_PREFIX], [m4_if($#, 0, [_LT_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AC_DEFUN([AC_PATH_TOOL_PREFIX], [AC_DIAGNOSE([obsolete], [The macro `AC_PATH_TOOL_PREFIX' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AU_DEFUN([AC_PATH_TOOL_PREFIX], [m4_if($#, 0, [_LT_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3228: -1- AC_DEFUN([AC_PATH_TOOL_PREFIX], [m4_warn([obsolete], [The macro `AC_PATH_TOOL_PREFIX' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [_LT_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX($@)])])
m4trace:/usr/share/aclocal/libtool.m4:3251: -1- AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl
@@ -684,12 +684,12 @@ AC_SUBST([LD])
_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
])
-m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AU_DEFUN([AM_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AC_DEFUN([AM_PROG_LD], [AC_DIAGNOSE([obsolete], [The macro `AM_PROG_LD' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AU_DEFUN([AM_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3340: -1- AC_DEFUN([AM_PROG_LD], [m4_warn([obsolete], [The macro `AM_PROG_LD' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AU_DEFUN([AC_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AC_DEFUN([AC_PROG_LD], [AC_DIAGNOSE([obsolete], [The macro `AC_PROG_LD' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AU_DEFUN([AC_PROG_LD], [m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3341: -1- AC_DEFUN([AC_PROG_LD], [m4_warn([obsolete], [The macro `AC_PROG_LD' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PATH_LD], [LT_PATH_LD($@)])])
m4trace:/usr/share/aclocal/libtool.m4:3670: -1- AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl
@@ -784,12 +784,12 @@ AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
fi
rm -f conftest*])
])
-m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AU_DEFUN([AM_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AC_DEFUN([AM_PROG_NM], [AC_DIAGNOSE([obsolete], [The macro `AM_PROG_NM' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AU_DEFUN([AM_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3765: -1- AC_DEFUN([AM_PROG_NM], [m4_warn([obsolete], [The macro `AM_PROG_NM' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AU_DEFUN([AC_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AC_DEFUN([AC_PROG_NM], [AC_DIAGNOSE([obsolete], [The macro `AC_PROG_NM' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AU_DEFUN([AC_PROG_NM], [m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3766: -1- AC_DEFUN([AC_PROG_NM], [m4_warn([obsolete], [The macro `AC_PROG_NM' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PATH_NM], [LT_PATH_NM($@)])])
m4trace:/usr/share/aclocal/libtool.m4:3837: -1- AC_DEFUN([_LT_DLL_DEF_P], [dnl
@@ -816,737 +816,39 @@ case $host in
esac
AC_SUBST([LIBM])
])
-m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AU_DEFUN([AC_CHECK_LIBM], [m4_if($#, 0, [LT_LIB_M], [LT_LIB_M($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AC_DEFUN([AC_CHECK_LIBM], [AC_DIAGNOSE([obsolete], [The macro `AC_CHECK_LIBM' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AU_DEFUN([AC_CHECK_LIBM], [m4_if($#, 0, [LT_LIB_M], [LT_LIB_M($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:3870: -1- AC_DEFUN([AC_CHECK_LIBM], [m4_warn([obsolete], [The macro `AC_CHECK_LIBM' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_LIB_M], [LT_LIB_M($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8140: -1- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+m4trace:/usr/share/aclocal/libtool.m4:8147: -1- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
[m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
[AC_CHECK_TOOL(GCJ, gcj,)
test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
AC_SUBST(GCJFLAGS)])])[]dnl
])
-m4trace:/usr/share/aclocal/libtool.m4:8149: -1- AU_DEFUN([LT_AC_PROG_GCJ], [m4_if($#, 0, [LT_PROG_GCJ], [LT_PROG_GCJ($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8149: -1- AC_DEFUN([LT_AC_PROG_GCJ], [AC_DIAGNOSE([obsolete], [The macro `LT_AC_PROG_GCJ' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:8156: -1- AU_DEFUN([LT_AC_PROG_GCJ], [m4_if($#, 0, [LT_PROG_GCJ], [LT_PROG_GCJ($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:8156: -1- AC_DEFUN([LT_AC_PROG_GCJ], [m4_warn([obsolete], [The macro `LT_AC_PROG_GCJ' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PROG_GCJ], [LT_PROG_GCJ($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8156: -1- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,)
+m4trace:/usr/share/aclocal/libtool.m4:8163: -1- AC_DEFUN([LT_PROG_GO], [AC_CHECK_TOOL(GOC, gccgo,)
])
-m4trace:/usr/share/aclocal/libtool.m4:8163: -1- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,)
+m4trace:/usr/share/aclocal/libtool.m4:8170: -1- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,)
])
-m4trace:/usr/share/aclocal/libtool.m4:8168: -1- AU_DEFUN([LT_AC_PROG_RC], [m4_if($#, 0, [LT_PROG_RC], [LT_PROG_RC($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8168: -1- AC_DEFUN([LT_AC_PROG_RC], [AC_DIAGNOSE([obsolete], [The macro `LT_AC_PROG_RC' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:8175: -1- AU_DEFUN([LT_AC_PROG_RC], [m4_if($#, 0, [LT_PROG_RC], [LT_PROG_RC($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:8175: -1- AC_DEFUN([LT_AC_PROG_RC], [m4_warn([obsolete], [The macro `LT_AC_PROG_RC' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [LT_PROG_RC], [LT_PROG_RC($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8288: -1- AU_DEFUN([LT_AC_PROG_SED], [m4_if($#, 0, [AC_PROG_SED], [AC_PROG_SED($@)])])
-m4trace:/usr/share/aclocal/libtool.m4:8288: -1- AC_DEFUN([LT_AC_PROG_SED], [AC_DIAGNOSE([obsolete], [The macro `LT_AC_PROG_SED' is obsolete.
+m4trace:/usr/share/aclocal/libtool.m4:8295: -1- AU_DEFUN([LT_AC_PROG_SED], [m4_if($#, 0, [AC_PROG_SED], [AC_PROG_SED($@)])], [], [])
+m4trace:/usr/share/aclocal/libtool.m4:8295: -1- AC_DEFUN([LT_AC_PROG_SED], [m4_warn([obsolete], [The macro `LT_AC_PROG_SED' is obsolete.
You should run autoupdate.])dnl
m4_if($#, 0, [AC_PROG_SED], [AC_PROG_SED($@)])])
-m4trace:/usr/share/aclocal/ltargz.m4:12: -1- AC_DEFUN([LT_FUNC_ARGZ], [
-AC_CHECK_HEADERS([argz.h], [], [], [AC_INCLUDES_DEFAULT])
-
-AC_CHECK_TYPES([error_t],
- [],
- [AC_DEFINE([error_t], [int],
- [Define to a type to use for 'error_t' if it is not otherwise available.])
- AC_DEFINE([__error_t_defined], [1], [Define so that glibc/gnulib argp.h
- does not typedef error_t.])],
- [#if defined(HAVE_ARGZ_H)
-# include <argz.h>
-#endif])
-
-LT_ARGZ_H=
-AC_CHECK_FUNCS([argz_add argz_append argz_count argz_create_sep argz_insert \
- argz_next argz_stringify], [], [LT_ARGZ_H=lt__argz.h; AC_LIBOBJ([lt__argz])])
-
-dnl if have system argz functions, allow forced use of
-dnl libltdl-supplied implementation (and default to do so
-dnl on "known bad" systems). Could use a runtime check, but
-dnl (a) detecting malloc issues is notoriously unreliable
-dnl (b) only known system that declares argz functions,
-dnl provides them, yet they are broken, is cygwin
-dnl releases prior to 16-Mar-2007 (1.5.24 and earlier)
-dnl So, it's more straightforward simply to special case
-dnl this for known bad systems.
-AS_IF([test -z "$LT_ARGZ_H"],
- [AC_CACHE_CHECK(
- [if argz actually works],
- [lt_cv_sys_argz_works],
- [[case $host_os in #(
- *cygwin*)
- lt_cv_sys_argz_works=no
- if test no != "$cross_compiling"; then
- lt_cv_sys_argz_works="guessing no"
- else
- lt_sed_extract_leading_digits='s/^\([0-9\.]*\).*/\1/'
- save_IFS=$IFS
- IFS=-.
- set x `uname -r | sed -e "$lt_sed_extract_leading_digits"`
- IFS=$save_IFS
- lt_os_major=${2-0}
- lt_os_minor=${3-0}
- lt_os_micro=${4-0}
- if test 1 -lt "$lt_os_major" \
- || { test 1 -eq "$lt_os_major" \
- && { test 5 -lt "$lt_os_minor" \
- || { test 5 -eq "$lt_os_minor" \
- && test 24 -lt "$lt_os_micro"; }; }; }; then
- lt_cv_sys_argz_works=yes
- fi
- fi
- ;; #(
- *) lt_cv_sys_argz_works=yes ;;
- esac]])
- AS_IF([test yes = "$lt_cv_sys_argz_works"],
- [AC_DEFINE([HAVE_WORKING_ARGZ], 1,
- [This value is set to 1 to indicate that the system argz facility works])],
- [LT_ARGZ_H=lt__argz.h
- AC_LIBOBJ([lt__argz])])])
-
-AC_SUBST([LT_ARGZ_H])
-])
-m4trace:/usr/share/aclocal/ltdl.m4:16: -1- AC_DEFUN([LT_CONFIG_LTDL_DIR], [AC_BEFORE([$0], [LTDL_INIT])
-_$0($*)
-])
-m4trace:/usr/share/aclocal/ltdl.m4:68: -1- AC_DEFUN([LTDL_CONVENIENCE], [AC_BEFORE([$0], [LTDL_INIT])dnl
-dnl Although the argument is deprecated and no longer documented,
-dnl LTDL_CONVENIENCE used to take a DIRECTORY orgument, if we have one
-dnl here make sure it is the same as any other declaration of libltdl's
-dnl location! This also ensures lt_ltdl_dir is set when configure.ac is
-dnl not yet using an explicit LT_CONFIG_LTDL_DIR.
-m4_ifval([$1], [_LT_CONFIG_LTDL_DIR([$1])])dnl
-_$0()
-])
-m4trace:/usr/share/aclocal/ltdl.m4:81: -1- AU_DEFUN([AC_LIBLTDL_CONVENIENCE], [_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
-_LTDL_CONVENIENCE])
-m4trace:/usr/share/aclocal/ltdl.m4:81: -1- AC_DEFUN([AC_LIBLTDL_CONVENIENCE], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBLTDL_CONVENIENCE' is obsolete.
-You should run autoupdate.])dnl
-_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
-_LTDL_CONVENIENCE])
-m4trace:/usr/share/aclocal/ltdl.m4:124: -1- AC_DEFUN([LTDL_INSTALLABLE], [AC_BEFORE([$0], [LTDL_INIT])dnl
-dnl Although the argument is deprecated and no longer documented,
-dnl LTDL_INSTALLABLE used to take a DIRECTORY orgument, if we have one
-dnl here make sure it is the same as any other declaration of libltdl's
-dnl location! This also ensures lt_ltdl_dir is set when configure.ac is
-dnl not yet using an explicit LT_CONFIG_LTDL_DIR.
-m4_ifval([$1], [_LT_CONFIG_LTDL_DIR([$1])])dnl
-_$0()
-])
-m4trace:/usr/share/aclocal/ltdl.m4:137: -1- AU_DEFUN([AC_LIBLTDL_INSTALLABLE], [_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
-_LTDL_INSTALLABLE])
-m4trace:/usr/share/aclocal/ltdl.m4:137: -1- AC_DEFUN([AC_LIBLTDL_INSTALLABLE], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBLTDL_INSTALLABLE' is obsolete.
-You should run autoupdate.])dnl
-_LT_CONFIG_LTDL_DIR([m4_default([$1], [libltdl])])
-_LTDL_INSTALLABLE])
-m4trace:/usr/share/aclocal/ltdl.m4:213: -1- AC_DEFUN([_LT_LIBOBJ], [
- m4_pattern_allow([^_LT_LIBOBJS$])
- _LT_LIBOBJS="$_LT_LIBOBJS $1.$ac_objext"
-])
-m4trace:/usr/share/aclocal/ltdl.m4:226: -1- AC_DEFUN([LTDL_INIT], [dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-dnl We need to keep our own list of libobjs separate from our parent project,
-dnl and the easiest way to do that is redefine the AC_LIBOBJs macro while
-dnl we look for our own LIBOBJs.
-m4_pushdef([AC_LIBOBJ], m4_defn([_LT_LIBOBJ]))
-m4_pushdef([AC_LIBSOURCES])
-
-dnl If not otherwise defined, default to the 1.5.x compatible subproject mode:
-m4_if(_LTDL_MODE, [],
- [m4_define([_LTDL_MODE], m4_default([$2], [subproject]))
- m4_if([-1], [m4_bregexp(_LTDL_MODE, [\(subproject\|\(non\)?recursive\)])],
- [m4_fatal([unknown libltdl mode: ]_LTDL_MODE)])])
-
-AC_ARG_WITH([included_ltdl],
- [AS_HELP_STRING([--with-included-ltdl],
- [use the GNU ltdl sources included here])])
-
-if test yes != "$with_included_ltdl"; then
- # We are not being forced to use the included libltdl sources, so
- # decide whether there is a useful installed version we can use.
- AC_CHECK_HEADER([ltdl.h],
- [AC_CHECK_DECL([lt_dlinterface_register],
- [AC_CHECK_LIB([ltdl], [lt_dladvise_preload],
- [with_included_ltdl=no],
- [with_included_ltdl=yes])],
- [with_included_ltdl=yes],
- [AC_INCLUDES_DEFAULT
- #include <ltdl.h>])],
- [with_included_ltdl=yes],
- [AC_INCLUDES_DEFAULT]
- )
-fi
-
-dnl If neither LT_CONFIG_LTDL_DIR, LTDL_CONVENIENCE nor LTDL_INSTALLABLE
-dnl was called yet, then for old times' sake, we assume libltdl is in an
-dnl eponymous directory:
-AC_PROVIDE_IFELSE([LT_CONFIG_LTDL_DIR], [], [_LT_CONFIG_LTDL_DIR([libltdl])])
-
-AC_ARG_WITH([ltdl_include],
- [AS_HELP_STRING([--with-ltdl-include=DIR],
- [use the ltdl headers installed in DIR])])
-
-if test -n "$with_ltdl_include"; then
- if test -f "$with_ltdl_include/ltdl.h"; then :
- else
- AC_MSG_ERROR([invalid ltdl include directory: '$with_ltdl_include'])
- fi
-else
- with_ltdl_include=no
-fi
-
-AC_ARG_WITH([ltdl_lib],
- [AS_HELP_STRING([--with-ltdl-lib=DIR],
- [use the libltdl.la installed in DIR])])
-
-if test -n "$with_ltdl_lib"; then
- if test -f "$with_ltdl_lib/libltdl.la"; then :
- else
- AC_MSG_ERROR([invalid ltdl library directory: '$with_ltdl_lib'])
- fi
-else
- with_ltdl_lib=no
-fi
-
-case ,$with_included_ltdl,$with_ltdl_include,$with_ltdl_lib, in
- ,yes,no,no,)
- m4_case(m4_default(_LTDL_TYPE, [convenience]),
- [convenience], [_LTDL_CONVENIENCE],
- [installable], [_LTDL_INSTALLABLE],
- [m4_fatal([unknown libltdl build type: ]_LTDL_TYPE)])
- ;;
- ,no,no,no,)
- # If the included ltdl is not to be used, then use the
- # preinstalled libltdl we found.
- AC_DEFINE([HAVE_LTDL], [1],
- [Define this if a modern libltdl is already installed])
- LIBLTDL=-lltdl
- LTDLDEPS=
- LTDLINCL=
- ;;
- ,no*,no,*)
- AC_MSG_ERROR(['--with-ltdl-include' and '--with-ltdl-lib' options must be used together])
- ;;
- *) with_included_ltdl=no
- LIBLTDL="-L$with_ltdl_lib -lltdl"
- LTDLDEPS=
- LTDLINCL=-I$with_ltdl_include
- ;;
-esac
-INCLTDL=$LTDLINCL
-
-# Report our decision...
-AC_MSG_CHECKING([where to find libltdl headers])
-AC_MSG_RESULT([$LTDLINCL])
-AC_MSG_CHECKING([where to find libltdl library])
-AC_MSG_RESULT([$LIBLTDL])
-
-_LTDL_SETUP
-
-dnl restore autoconf definition.
-m4_popdef([AC_LIBOBJ])
-m4_popdef([AC_LIBSOURCES])
-
-AC_CONFIG_COMMANDS_PRE([
- _ltdl_libobjs=
- _ltdl_ltlibobjs=
- if test -n "$_LT_LIBOBJS"; then
- # Remove the extension.
- _lt_sed_drop_objext='s/\.o$//;s/\.obj$//'
- for i in `for i in $_LT_LIBOBJS; do echo "$i"; done | sed "$_lt_sed_drop_objext" | sort -u`; do
- _ltdl_libobjs="$_ltdl_libobjs $lt_libobj_prefix$i.$ac_objext"
- _ltdl_ltlibobjs="$_ltdl_ltlibobjs $lt_libobj_prefix$i.lo"
- done
- fi
- AC_SUBST([ltdl_LIBOBJS], [$_ltdl_libobjs])
- AC_SUBST([ltdl_LTLIBOBJS], [$_ltdl_ltlibobjs])
-])
-
-# Only expand once:
-m4_define([LTDL_INIT])
-])
-m4trace:/usr/share/aclocal/ltdl.m4:352: -1- AU_DEFUN([AC_LIB_LTDL], [LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:352: -1- AC_DEFUN([AC_LIB_LTDL], [AC_DIAGNOSE([obsolete], [The macro `AC_LIB_LTDL' is obsolete.
-You should run autoupdate.])dnl
-LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:353: -1- AU_DEFUN([AC_WITH_LTDL], [LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:353: -1- AC_DEFUN([AC_WITH_LTDL], [AC_DIAGNOSE([obsolete], [The macro `AC_WITH_LTDL' is obsolete.
-You should run autoupdate.])dnl
-LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:354: -1- AU_DEFUN([LT_WITH_LTDL], [LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:354: -1- AC_DEFUN([LT_WITH_LTDL], [AC_DIAGNOSE([obsolete], [The macro `LT_WITH_LTDL' is obsolete.
-You should run autoupdate.])dnl
-LTDL_INIT($@)])
-m4trace:/usr/share/aclocal/ltdl.m4:367: -1- AC_DEFUN([_LTDL_SETUP], [AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_SYS_MODULE_EXT])dnl
-AC_REQUIRE([LT_SYS_MODULE_PATH])dnl
-AC_REQUIRE([LT_SYS_DLSEARCH_PATH])dnl
-AC_REQUIRE([LT_LIB_DLLOAD])dnl
-AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl
-AC_REQUIRE([LT_FUNC_DLSYM_USCORE])dnl
-AC_REQUIRE([LT_SYS_DLOPEN_DEPLIBS])dnl
-AC_REQUIRE([LT_FUNC_ARGZ])dnl
-
-m4_require([_LT_CHECK_OBJDIR])dnl
-m4_require([_LT_HEADER_DLFCN])dnl
-m4_require([_LT_CHECK_DLPREOPEN])dnl
-m4_require([_LT_DECL_SED])dnl
-
-dnl Don't require this, or it will be expanded earlier than the code
-dnl that sets the variables it relies on:
-_LT_ENABLE_INSTALL
-
-dnl _LTDL_MODE specific code must be called at least once:
-_LTDL_MODE_DISPATCH
-
-# In order that ltdl.c can compile, find out the first AC_CONFIG_HEADERS
-# the user used. This is so that ltdl.h can pick up the parent projects
-# config.h file, The first file in AC_CONFIG_HEADERS must contain the
-# definitions required by ltdl.c.
-# FIXME: Remove use of undocumented AC_LIST_HEADERS (2.59 compatibility).
-AC_CONFIG_COMMANDS_PRE([dnl
-m4_pattern_allow([^LT_CONFIG_H$])dnl
-m4_ifset([AH_HEADER],
- [LT_CONFIG_H=AH_HEADER],
- [m4_ifset([AC_LIST_HEADERS],
- [LT_CONFIG_H=`echo "AC_LIST_HEADERS" | $SED 's|^[[ ]]*||;s|[[ :]].*$||'`],
- [])])])
-AC_SUBST([LT_CONFIG_H])
-
-AC_CHECK_HEADERS([unistd.h dl.h sys/dl.h dld.h mach-o/dyld.h dirent.h],
- [], [], [AC_INCLUDES_DEFAULT])
-
-AC_CHECK_FUNCS([closedir opendir readdir], [], [AC_LIBOBJ([lt__dirent])])
-AC_CHECK_FUNCS([strlcat strlcpy], [], [AC_LIBOBJ([lt__strl])])
-
-m4_pattern_allow([LT_LIBEXT])dnl
-AC_DEFINE_UNQUOTED([LT_LIBEXT],["$libext"],[The archive extension])
-
-name=
-eval "lt_libprefix=\"$libname_spec\""
-m4_pattern_allow([LT_LIBPREFIX])dnl
-AC_DEFINE_UNQUOTED([LT_LIBPREFIX],["$lt_libprefix"],[The archive prefix])
-
-name=ltdl
-eval "LTDLOPEN=\"$libname_spec\""
-AC_SUBST([LTDLOPEN])
-])
-m4trace:/usr/share/aclocal/ltdl.m4:443: -1- AC_DEFUN([LT_SYS_DLOPEN_DEPLIBS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_CACHE_CHECK([whether deplibs are loaded by dlopen],
- [lt_cv_sys_dlopen_deplibs],
- [# PORTME does your system automatically load deplibs for dlopen?
- # or its logical equivalent (e.g. shl_load for HP-UX < 11)
- # For now, we just catch OSes we know something about -- in the
- # future, we'll try test this programmatically.
- lt_cv_sys_dlopen_deplibs=unknown
- case $host_os in
- aix3*|aix4.1.*|aix4.2.*)
- # Unknown whether this is true for these versions of AIX, but
- # we want this 'case' here to explicitly catch those versions.
- lt_cv_sys_dlopen_deplibs=unknown
- ;;
- aix[[4-9]]*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- amigaos*)
- case $host_cpu in
- powerpc)
- lt_cv_sys_dlopen_deplibs=no
- ;;
- esac
- ;;
- bitrig*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- darwin*)
- # Assuming the user has installed a libdl from somewhere, this is true
- # If you are looking for one http://www.opendarwin.org/projects/dlcompat
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- freebsd* | dragonfly*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- gnu* | linux* | k*bsd*-gnu | kopensolaris*-gnu)
- # GNU and its variants, using gnu ld.so (Glibc)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- hpux10*|hpux11*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- interix*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- irix[[12345]]*|irix6.[[01]]*)
- # Catch all versions of IRIX before 6.2, and indicate that we don't
- # know how it worked for any of those versions.
- lt_cv_sys_dlopen_deplibs=unknown
- ;;
- irix*)
- # The case above catches anything before 6.2, and it's known that
- # at 6.2 and later dlopen does load deplibs.
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- netbsd* | netbsdelf*-gnu)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- openbsd*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- osf[[1234]]*)
- # dlopen did load deplibs (at least at 4.x), but until the 5.x series,
- # it did *not* use an RPATH in a shared library to find objects the
- # library depends on, so we explicitly say 'no'.
- lt_cv_sys_dlopen_deplibs=no
- ;;
- osf5.0|osf5.0a|osf5.1)
- # dlopen *does* load deplibs and with the right loader patch applied
- # it even uses RPATH in a shared library to search for shared objects
- # that the library depends on, but there's no easy way to know if that
- # patch is installed. Since this is the case, all we can really
- # say is unknown -- it depends on the patch being installed. If
- # it is, this changes to 'yes'. Without it, it would be 'no'.
- lt_cv_sys_dlopen_deplibs=unknown
- ;;
- osf*)
- # the two cases above should catch all versions of osf <= 5.1. Read
- # the comments above for what we know about them.
- # At > 5.1, deplibs are loaded *and* any RPATH in a shared library
- # is used to find them so we can finally say 'yes'.
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- qnx*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- solaris*)
- lt_cv_sys_dlopen_deplibs=yes
- ;;
- sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
- libltdl_cv_sys_dlopen_deplibs=yes
- ;;
- esac
- ])
-if test yes != "$lt_cv_sys_dlopen_deplibs"; then
- AC_DEFINE([LTDL_DLOPEN_DEPLIBS], [1],
- [Define if the OS needs help to load dependent libraries for dlopen().])
-fi
-])
-m4trace:/usr/share/aclocal/ltdl.m4:545: -1- AU_DEFUN([AC_LTDL_SYS_DLOPEN_DEPLIBS], [m4_if($#, 0, [LT_SYS_DLOPEN_DEPLIBS], [LT_SYS_DLOPEN_DEPLIBS($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:545: -1- AC_DEFUN([AC_LTDL_SYS_DLOPEN_DEPLIBS], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_SYS_DLOPEN_DEPLIBS' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_DLOPEN_DEPLIBS], [LT_SYS_DLOPEN_DEPLIBS($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:552: -1- AC_DEFUN([LT_SYS_MODULE_EXT], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
-AC_CACHE_CHECK([what extension is used for runtime loadable modules],
- [libltdl_cv_shlibext],
-[
-module=yes
-eval libltdl_cv_shlibext=$shrext_cmds
-module=no
-eval libltdl_cv_shrext=$shrext_cmds
- ])
-if test -n "$libltdl_cv_shlibext"; then
- m4_pattern_allow([LT_MODULE_EXT])dnl
- AC_DEFINE_UNQUOTED([LT_MODULE_EXT], ["$libltdl_cv_shlibext"],
- [Define to the extension used for runtime loadable modules, say, ".so".])
-fi
-if test "$libltdl_cv_shrext" != "$libltdl_cv_shlibext"; then
- m4_pattern_allow([LT_SHARED_EXT])dnl
- AC_DEFINE_UNQUOTED([LT_SHARED_EXT], ["$libltdl_cv_shrext"],
- [Define to the shared library suffix, say, ".dylib".])
-fi
-if test -n "$shared_archive_member_spec"; then
- m4_pattern_allow([LT_SHARED_LIB_MEMBER])dnl
- AC_DEFINE_UNQUOTED([LT_SHARED_LIB_MEMBER], ["($shared_archive_member_spec.o)"],
- [Define to the shared archive member specification, say "(shr.o)".])
-fi
-])
-m4trace:/usr/share/aclocal/ltdl.m4:580: -1- AU_DEFUN([AC_LTDL_SHLIBEXT], [m4_if($#, 0, [LT_SYS_MODULE_EXT], [LT_SYS_MODULE_EXT($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:580: -1- AC_DEFUN([AC_LTDL_SHLIBEXT], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_SHLIBEXT' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_MODULE_EXT], [LT_SYS_MODULE_EXT($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:587: -1- AC_DEFUN([LT_SYS_MODULE_PATH], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
-AC_CACHE_CHECK([what variable specifies run-time module search path],
- [lt_cv_module_path_var], [lt_cv_module_path_var=$shlibpath_var])
-if test -n "$lt_cv_module_path_var"; then
- m4_pattern_allow([LT_MODULE_PATH_VAR])dnl
- AC_DEFINE_UNQUOTED([LT_MODULE_PATH_VAR], ["$lt_cv_module_path_var"],
- [Define to the name of the environment variable that determines the run-time module search path.])
-fi
-])
-m4trace:/usr/share/aclocal/ltdl.m4:599: -1- AU_DEFUN([AC_LTDL_SHLIBPATH], [m4_if($#, 0, [LT_SYS_MODULE_PATH], [LT_SYS_MODULE_PATH($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:599: -1- AC_DEFUN([AC_LTDL_SHLIBPATH], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_SHLIBPATH' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_MODULE_PATH], [LT_SYS_MODULE_PATH($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:606: -1- AC_DEFUN([LT_SYS_DLSEARCH_PATH], [m4_require([_LT_SYS_DYNAMIC_LINKER])dnl
-AC_CACHE_CHECK([for the default library search path],
- [lt_cv_sys_dlsearch_path],
- [lt_cv_sys_dlsearch_path=$sys_lib_dlsearch_path_spec])
-if test -n "$lt_cv_sys_dlsearch_path"; then
- sys_dlsearch_path=
- for dir in $lt_cv_sys_dlsearch_path; do
- if test -z "$sys_dlsearch_path"; then
- sys_dlsearch_path=$dir
- else
- sys_dlsearch_path=$sys_dlsearch_path$PATH_SEPARATOR$dir
- fi
- done
- m4_pattern_allow([LT_DLSEARCH_PATH])dnl
- AC_DEFINE_UNQUOTED([LT_DLSEARCH_PATH], ["$sys_dlsearch_path"],
- [Define to the system default library search path.])
-fi
-])
-m4trace:/usr/share/aclocal/ltdl.m4:627: -1- AU_DEFUN([AC_LTDL_SYSSEARCHPATH], [m4_if($#, 0, [LT_SYS_DLSEARCH_PATH], [LT_SYS_DLSEARCH_PATH($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:627: -1- AC_DEFUN([AC_LTDL_SYSSEARCHPATH], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_SYSSEARCHPATH' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_DLSEARCH_PATH], [LT_SYS_DLSEARCH_PATH($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:653: -1- AC_DEFUN([LT_LIB_DLLOAD], [m4_pattern_allow([^LT_DLLOADERS$])
-LT_DLLOADERS=
-AC_SUBST([LT_DLLOADERS])
-
-AC_LANG_PUSH([C])
-lt_dlload_save_LIBS=$LIBS
-
-LIBADD_DLOPEN=
-AC_SEARCH_LIBS([dlopen], [dl],
- [AC_DEFINE([HAVE_LIBDL], [1],
- [Define if you have the libdl library or equivalent.])
- if test "$ac_cv_search_dlopen" != "none required"; then
- LIBADD_DLOPEN=-ldl
- fi
- libltdl_cv_lib_dl_dlopen=yes
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"],
- [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#if HAVE_DLFCN_H
-# include <dlfcn.h>
-#endif
- ]], [[dlopen(0, 0);]])],
- [AC_DEFINE([HAVE_LIBDL], [1],
- [Define if you have the libdl library or equivalent.])
- libltdl_cv_func_dlopen=yes
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"],
- [AC_CHECK_LIB([svld], [dlopen],
- [AC_DEFINE([HAVE_LIBDL], [1],
- [Define if you have the libdl library or equivalent.])
- LIBADD_DLOPEN=-lsvld libltdl_cv_func_dlopen=yes
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dlopen.la"])])])
-if test yes = "$libltdl_cv_func_dlopen" || test yes = "$libltdl_cv_lib_dl_dlopen"
-then
- lt_save_LIBS=$LIBS
- LIBS="$LIBS $LIBADD_DLOPEN"
- AC_CHECK_FUNCS([dlerror])
- LIBS=$lt_save_LIBS
-fi
-AC_SUBST([LIBADD_DLOPEN])
-
-LIBADD_SHL_LOAD=
-AC_CHECK_FUNC([shl_load],
- [AC_DEFINE([HAVE_SHL_LOAD], [1],
- [Define if you have the shl_load function.])
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"],
- [AC_CHECK_LIB([dld], [shl_load],
- [AC_DEFINE([HAVE_SHL_LOAD], [1],
- [Define if you have the shl_load function.])
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}shl_load.la"
- LIBADD_SHL_LOAD=-ldld])])
-AC_SUBST([LIBADD_SHL_LOAD])
-
-case $host_os in
-darwin[[1567]].*)
-# We only want this for pre-Mac OS X 10.4.
- AC_CHECK_FUNC([_dyld_func_lookup],
- [AC_DEFINE([HAVE_DYLD], [1],
- [Define if you have the _dyld_func_lookup function.])
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dyld.la"])
- ;;
-beos*)
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}load_add_on.la"
- ;;
-cygwin* | mingw* | pw32*)
- AC_CHECK_DECLS([cygwin_conv_path], [], [], [[#include <sys/cygwin.h>]])
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}loadlibrary.la"
- ;;
-esac
-
-AC_CHECK_LIB([dld], [dld_link],
- [AC_DEFINE([HAVE_DLD], [1],
- [Define if you have the GNU dld library.])
- LT_DLLOADERS="$LT_DLLOADERS ${lt_dlopen_dir+$lt_dlopen_dir/}dld_link.la"])
-AC_SUBST([LIBADD_DLD_LINK])
-
-m4_pattern_allow([^LT_DLPREOPEN$])
-LT_DLPREOPEN=
-if test -n "$LT_DLLOADERS"
-then
- for lt_loader in $LT_DLLOADERS; do
- LT_DLPREOPEN="$LT_DLPREOPEN-dlpreopen $lt_loader "
- done
- AC_DEFINE([HAVE_LIBDLLOADER], [1],
- [Define if libdlloader will be built on this platform])
-fi
-AC_SUBST([LT_DLPREOPEN])
-
-dnl This isn't used anymore, but set it for backwards compatibility
-LIBADD_DL="$LIBADD_DLOPEN $LIBADD_SHL_LOAD"
-AC_SUBST([LIBADD_DL])
-
-LIBS=$lt_dlload_save_LIBS
-AC_LANG_POP
-])
-m4trace:/usr/share/aclocal/ltdl.m4:748: -1- AU_DEFUN([AC_LTDL_DLLIB], [m4_if($#, 0, [LT_LIB_DLLOAD], [LT_LIB_DLLOAD($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:748: -1- AC_DEFUN([AC_LTDL_DLLIB], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_DLLIB' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_LIB_DLLOAD], [LT_LIB_DLLOAD($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:756: -1- AC_DEFUN([LT_SYS_SYMBOL_USCORE], [m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-AC_CACHE_CHECK([for _ prefix in compiled symbols],
- [lt_cv_sys_symbol_underscore],
- [lt_cv_sys_symbol_underscore=no
- cat > conftest.$ac_ext <<_LT_EOF
-void nm_test_func(){}
-int main(){nm_test_func;return 0;}
-_LT_EOF
- if AC_TRY_EVAL(ac_compile); then
- # Now try to grab the symbols.
- ac_nlist=conftest.nm
- if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $ac_nlist) && test -s "$ac_nlist"; then
- # See whether the symbols have a leading underscore.
- if grep '^. _nm_test_func' "$ac_nlist" >/dev/null; then
- lt_cv_sys_symbol_underscore=yes
- else
- if grep '^. nm_test_func ' "$ac_nlist" >/dev/null; then
- :
- else
- echo "configure: cannot find nm_test_func in $ac_nlist" >&AS_MESSAGE_LOG_FD
- fi
- fi
- else
- echo "configure: cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
- fi
- else
- echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD
- cat conftest.c >&AS_MESSAGE_LOG_FD
- fi
- rm -rf conftest*
- ])
- sys_symbol_underscore=$lt_cv_sys_symbol_underscore
- AC_SUBST([sys_symbol_underscore])
-])
-m4trace:/usr/share/aclocal/ltdl.m4:793: -1- AU_DEFUN([AC_LTDL_SYMBOL_USCORE], [m4_if($#, 0, [LT_SYS_SYMBOL_USCORE], [LT_SYS_SYMBOL_USCORE($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:793: -1- AC_DEFUN([AC_LTDL_SYMBOL_USCORE], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_SYMBOL_USCORE' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_SYS_SYMBOL_USCORE], [LT_SYS_SYMBOL_USCORE($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:800: -1- AC_DEFUN([LT_FUNC_DLSYM_USCORE], [AC_REQUIRE([_LT_COMPILER_PIC])dnl for lt_prog_compiler_wl
-AC_REQUIRE([LT_SYS_SYMBOL_USCORE])dnl for lt_cv_sys_symbol_underscore
-AC_REQUIRE([LT_SYS_MODULE_EXT])dnl for libltdl_cv_shlibext
-if test yes = "$lt_cv_sys_symbol_underscore"; then
- if test yes = "$libltdl_cv_func_dlopen" || test yes = "$libltdl_cv_lib_dl_dlopen"; then
- AC_CACHE_CHECK([whether we have to add an underscore for dlsym],
- [libltdl_cv_need_uscore],
- [libltdl_cv_need_uscore=unknown
- dlsym_uscore_save_LIBS=$LIBS
- LIBS="$LIBS $LIBADD_DLOPEN"
- libname=conftmod # stay within 8.3 filename limits!
- cat >$libname.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-/* When -fvisibility=hidden is used, assume the code has been annotated
- correspondingly for the symbols needed. */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-int fnord () { return 42; }]
-_LT_EOF
-
- # ltfn_module_cmds module_cmds
- # Execute tilde-delimited MODULE_CMDS with environment primed for
- # $module_cmds or $archive_cmds type content.
- ltfn_module_cmds ()
- {( # subshell avoids polluting parent global environment
- module_cmds_save_ifs=$IFS; IFS='~'
- for cmd in @S|@1; do
- IFS=$module_cmds_save_ifs
- libobjs=$libname.$ac_objext; lib=$libname$libltdl_cv_shlibext
- rpath=/not-exists; soname=$libname$libltdl_cv_shlibext; output_objdir=.
- major=; versuffix=; verstring=; deplibs=
- ECHO=echo; wl=$lt_prog_compiler_wl; allow_undefined_flag=
- eval $cmd
- done
- IFS=$module_cmds_save_ifs
- )}
-
- # Compile a loadable module using libtool macro expansion results.
- $CC $pic_flag -c $libname.$ac_ext
- ltfn_module_cmds "${module_cmds:-$archive_cmds}"
-
- # Try to fetch fnord with dlsym().
- libltdl_dlunknown=0; libltdl_dlnouscore=1; libltdl_dluscore=2
- cat >conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-#include <stdio.h>
-#ifndef RTLD_GLOBAL
-# ifdef DL_GLOBAL
-# define RTLD_GLOBAL DL_GLOBAL
-# else
-# define RTLD_GLOBAL 0
-# endif
-#endif
-#ifndef RTLD_NOW
-# ifdef DL_NOW
-# define RTLD_NOW DL_NOW
-# else
-# define RTLD_NOW 0
-# endif
-#endif
-int main () {
- void *handle = dlopen ("`pwd`/$libname$libltdl_cv_shlibext", RTLD_GLOBAL|RTLD_NOW);
- int status = $libltdl_dlunknown;
- if (handle) {
- if (dlsym (handle, "fnord"))
- status = $libltdl_dlnouscore;
- else {
- if (dlsym (handle, "_fnord"))
- status = $libltdl_dluscore;
- else
- puts (dlerror ());
- }
- dlclose (handle);
- } else
- puts (dlerror ());
- return status;
-}]
-_LT_EOF
- if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
- (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
- libltdl_status=$?
- case x$libltdl_status in
- x$libltdl_dlnouscore) libltdl_cv_need_uscore=no ;;
- x$libltdl_dluscore) libltdl_cv_need_uscore=yes ;;
- x*) libltdl_cv_need_uscore=unknown ;;
- esac
- fi
- rm -rf conftest* $libname*
- LIBS=$dlsym_uscore_save_LIBS
- ])
- fi
-fi
-
-if test yes = "$libltdl_cv_need_uscore"; then
- AC_DEFINE([NEED_USCORE], [1],
- [Define if dlsym() requires a leading underscore in symbol names.])
-fi
-])
-m4trace:/usr/share/aclocal/ltdl.m4:907: -1- AU_DEFUN([AC_LTDL_DLSYM_USCORE], [m4_if($#, 0, [LT_FUNC_DLSYM_USCORE], [LT_FUNC_DLSYM_USCORE($@)])])
-m4trace:/usr/share/aclocal/ltdl.m4:907: -1- AC_DEFUN([AC_LTDL_DLSYM_USCORE], [AC_DIAGNOSE([obsolete], [The macro `AC_LTDL_DLSYM_USCORE' is obsolete.
-You should run autoupdate.])dnl
-m4_if($#, 0, [LT_FUNC_DLSYM_USCORE], [LT_FUNC_DLSYM_USCORE($@)])])
m4trace:/usr/share/aclocal/ltoptions.m4:14: -1- AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
m4trace:/usr/share/aclocal/ltoptions.m4:113: -1- AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the 'dlopen' option into LT_INIT's first parameter.])
])
-m4trace:/usr/share/aclocal/ltoptions.m4:113: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_DLOPEN' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:113: -1- AC_DEFUN([AC_LIBTOOL_DLOPEN], [m4_warn([obsolete], [The macro `AC_LIBTOOL_DLOPEN' is obsolete.
You should run autoupdate.])dnl
_LT_SET_OPTION([LT_INIT], [dlopen])
AC_DIAGNOSE([obsolete],
@@ -1559,7 +861,7 @@ AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the 'win32-dll' option into LT_INIT's first parameter.])
])
-m4trace:/usr/share/aclocal/ltoptions.m4:148: -1- AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_WIN32_DLL' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:148: -1- AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [m4_warn([obsolete], [The macro `AC_LIBTOOL_WIN32_DLL' is obsolete.
You should run autoupdate.])dnl
AC_REQUIRE([AC_CANONICAL_HOST])dnl
_LT_SET_OPTION([LT_INIT], [win32-dll])
@@ -1572,11 +874,11 @@ m4trace:/usr/share/aclocal/ltoptions.m4:197: -1- AC_DEFUN([AC_ENABLE_SHARED], [_
m4trace:/usr/share/aclocal/ltoptions.m4:201: -1- AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared])
])
m4trace:/usr/share/aclocal/ltoptions.m4:205: -1- AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:205: -1- AC_DEFUN([AM_ENABLE_SHARED], [AC_DIAGNOSE([obsolete], [The macro `AM_ENABLE_SHARED' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:205: -1- AC_DEFUN([AM_ENABLE_SHARED], [m4_warn([obsolete], [The macro `AM_ENABLE_SHARED' is obsolete.
You should run autoupdate.])dnl
AC_ENABLE_SHARED($@)])
m4trace:/usr/share/aclocal/ltoptions.m4:206: -1- AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:206: -1- AC_DEFUN([AM_DISABLE_SHARED], [AC_DIAGNOSE([obsolete], [The macro `AM_DISABLE_SHARED' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:206: -1- AC_DEFUN([AM_DISABLE_SHARED], [m4_warn([obsolete], [The macro `AM_DISABLE_SHARED' is obsolete.
You should run autoupdate.])dnl
AC_DISABLE_SHARED($@)])
m4trace:/usr/share/aclocal/ltoptions.m4:251: -1- AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
@@ -1584,11 +886,11 @@ m4trace:/usr/share/aclocal/ltoptions.m4:251: -1- AC_DEFUN([AC_ENABLE_STATIC], [_
m4trace:/usr/share/aclocal/ltoptions.m4:255: -1- AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static])
])
m4trace:/usr/share/aclocal/ltoptions.m4:259: -1- AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:259: -1- AC_DEFUN([AM_ENABLE_STATIC], [AC_DIAGNOSE([obsolete], [The macro `AM_ENABLE_STATIC' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:259: -1- AC_DEFUN([AM_ENABLE_STATIC], [m4_warn([obsolete], [The macro `AM_ENABLE_STATIC' is obsolete.
You should run autoupdate.])dnl
AC_ENABLE_STATIC($@)])
m4trace:/usr/share/aclocal/ltoptions.m4:260: -1- AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-m4trace:/usr/share/aclocal/ltoptions.m4:260: -1- AC_DEFUN([AM_DISABLE_STATIC], [AC_DIAGNOSE([obsolete], [The macro `AM_DISABLE_STATIC' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:260: -1- AC_DEFUN([AM_DISABLE_STATIC], [m4_warn([obsolete], [The macro `AM_DISABLE_STATIC' is obsolete.
You should run autoupdate.])dnl
AC_DISABLE_STATIC($@)])
m4trace:/usr/share/aclocal/ltoptions.m4:305: -1- AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
@@ -1596,7 +898,7 @@ AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the 'fast-install' option into LT_INIT's first parameter.])
])
-m4trace:/usr/share/aclocal/ltoptions.m4:305: -1- AC_DEFUN([AC_ENABLE_FAST_INSTALL], [AC_DIAGNOSE([obsolete], [The macro `AC_ENABLE_FAST_INSTALL' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:305: -1- AC_DEFUN([AC_ENABLE_FAST_INSTALL], [m4_warn([obsolete], [The macro `AC_ENABLE_FAST_INSTALL' is obsolete.
You should run autoupdate.])dnl
_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
AC_DIAGNOSE([obsolete],
@@ -1608,7 +910,7 @@ AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you put
the 'disable-fast-install' option into LT_INIT's first parameter.])
])
-m4trace:/usr/share/aclocal/ltoptions.m4:312: -1- AC_DEFUN([AC_DISABLE_FAST_INSTALL], [AC_DIAGNOSE([obsolete], [The macro `AC_DISABLE_FAST_INSTALL' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:312: -1- AC_DEFUN([AC_DISABLE_FAST_INSTALL], [m4_warn([obsolete], [The macro `AC_DISABLE_FAST_INSTALL' is obsolete.
You should run autoupdate.])dnl
_LT_SET_OPTION([LT_INIT], [disable-fast-install])
AC_DIAGNOSE([obsolete],
@@ -1620,7 +922,7 @@ AC_DIAGNOSE([obsolete],
[$0: Remove this warning and the call to _LT_SET_OPTION when you
put the 'pic-only' option into LT_INIT's first parameter.])
])
-m4trace:/usr/share/aclocal/ltoptions.m4:411: -1- AC_DEFUN([AC_LIBTOOL_PICMODE], [AC_DIAGNOSE([obsolete], [The macro `AC_LIBTOOL_PICMODE' is obsolete.
+m4trace:/usr/share/aclocal/ltoptions.m4:411: -1- AC_DEFUN([AC_LIBTOOL_PICMODE], [m4_warn([obsolete], [The macro `AC_LIBTOOL_PICMODE' is obsolete.
You should run autoupdate.])dnl
_LT_SET_OPTION([LT_INIT], [pic-only])
AC_DIAGNOSE([obsolete],
@@ -1724,7 +1026,7 @@ AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
-AC_MSG_CHECKING([for $1])
+AC_MSG_CHECKING([for $2])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
@@ -1734,11 +1036,11 @@ and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
- AC_MSG_RESULT([no])
+ AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
- else
+ else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
@@ -1755,7 +1057,7 @@ installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
- AC_MSG_RESULT([no])
+ AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
@@ -1806,21 +1108,21 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])
-m4trace:/usr/share/aclocal-1.15/amversion.m4:14: -1- AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.15'
+m4trace:/usr/share/aclocal-1.16/amversion.m4:14: -1- AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.15.1], [],
+m4_if([$1], [1.16.5], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
-m4trace:/usr/share/aclocal-1.15/amversion.m4:33: -1- AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.15.1])dnl
+m4trace:/usr/share/aclocal-1.16/amversion.m4:33: -1- AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.16.5])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
-m4trace:/usr/share/aclocal-1.15/auxdir.m4:47: -1- AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
+m4trace:/usr/share/aclocal-1.16/auxdir.m4:47: -1- AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
])
-m4trace:/usr/share/aclocal-1.15/cond.m4:12: -1- AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl
+m4trace:/usr/share/aclocal-1.16/cond.m4:12: -1- AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl
m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
AC_SUBST([$1_TRUE])dnl
@@ -1840,7 +1142,7 @@ AC_CONFIG_COMMANDS_PRE(
AC_MSG_ERROR([[conditional "$1" was never defined.
Usually this means the macro was only invoked conditionally.]])
fi])])
-m4trace:/usr/share/aclocal-1.15/depend.m4:26: -1- AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl
+m4trace:/usr/share/aclocal-1.16/depend.m4:26: -1- AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl
AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
AC_REQUIRE([AM_MAKE_INCLUDE])dnl
AC_REQUIRE([AM_DEP_TRACK])dnl
@@ -1970,10 +1272,10 @@ AM_CONDITIONAL([am__fastdep$1], [
test "x$enable_dependency_tracking" != xno \
&& test "$am_cv_$1_dependencies_compiler_type" = gcc3])
])
-m4trace:/usr/share/aclocal-1.15/depend.m4:163: -1- AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+m4trace:/usr/share/aclocal-1.16/depend.m4:163: -1- AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl
AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
])
-m4trace:/usr/share/aclocal-1.15/depend.m4:171: -1- AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl
+m4trace:/usr/share/aclocal-1.16/depend.m4:171: -1- AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl
AS_HELP_STRING(
[--enable-dependency-tracking],
[do not reject slow dependency extractors])
@@ -1991,60 +1293,57 @@ _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
AC_SUBST([am__nodep])dnl
_AM_SUBST_NOTMAKE([am__nodep])dnl
])
-m4trace:/usr/share/aclocal-1.15/depout.m4:12: -1- AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{
+m4trace:/usr/share/aclocal-1.16/depout.m4:11: -1- AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
- case $CONFIG_FILES in
- *\'*) eval set x "$CONFIG_FILES" ;;
- *) set x $CONFIG_FILES ;;
- esac
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ AS_CASE([$CONFIG_FILES],
+ [*\'*], [eval set x "$CONFIG_FILES"],
+ [*], [set x $CONFIG_FILES])
shift
- for mf
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
do
# Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named 'Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
+ am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`AS_DIRNAME("$mf")`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running 'make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "$am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`AS_DIRNAME(["$file"])`
- AS_MKDIR_P([$dirpart/$fdir])
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`AS_DIRNAME(["$am_mf"])`
+ am_filepart=`AS_BASENAME(["$am_mf"])`
+ AM_RUN_LOG([cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles]) || am_rc=$?
done
+ if test $am_rc -ne 0; then
+ AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE="gmake" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).])
+ fi
+ AS_UNSET([am_dirpart])
+ AS_UNSET([am_filepart])
+ AS_UNSET([am_mf])
+ AS_UNSET([am_rc])
+ rm -f conftest-deps.mk
}
])
-m4trace:/usr/share/aclocal-1.15/depout.m4:71: -1- AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles],
+m4trace:/usr/share/aclocal-1.16/depout.m4:64: -1- AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles],
[test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
- [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
-m4trace:/usr/share/aclocal-1.15/init.m4:29: -1- AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl
+ [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])
+m4trace:/usr/share/aclocal-1.16/init.m4:29: -1- AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl
+m4_ifdef([_$0_ALREADY_INIT],
+ [m4_fatal([$0 expanded multiple times
+]m4_defn([_$0_ALREADY_INIT]))],
+ [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
@@ -2081,7 +1380,7 @@ m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
[_AM_SET_OPTIONS([$1])dnl
dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
m4_if(
- m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]),
+ m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]),
[ok:ok],,
[m4_fatal([AC_INIT should be called with package and version arguments])])dnl
AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
@@ -2104,8 +1403,8 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
AC_REQUIRE([AC_PROG_MKDIR_P])dnl
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
# We need awk for the "check" target (and possibly the TAP driver). The
# system "awk" is bad on some platforms.
@@ -2133,6 +1432,20 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
[m4_define([AC_PROG_OBJCXX],
m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
])
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+AC_SUBST([CTAGS])
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+AC_SUBST([ETAGS])
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+AC_SUBST([CSCOPE])
+
AC_REQUIRE([AM_SILENT_RULES])dnl
dnl The testsuite driver may need to know about EXEEXT, so add the
dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This
@@ -2172,7 +1485,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -2186,7 +1499,7 @@ dnl The trailing newline in this macro's definition is deliberate, for
dnl backward compatibility and to allow trailing 'dnl'-style comments
dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
])
-m4trace:/usr/share/aclocal-1.15/init.m4:186: -1- AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers.
+m4trace:/usr/share/aclocal-1.16/init.m4:204: -1- AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers.
_am_arg=$1
_am_stamp_count=1
for _am_header in $config_headers :; do
@@ -2198,7 +1511,7 @@ for _am_header in $config_headers :; do
esac
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
-m4trace:/usr/share/aclocal-1.15/install-sh.m4:11: -1- AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+m4trace:/usr/share/aclocal-1.16/install-sh.m4:11: -1- AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
if test x"${install_sh+set}" != xset; then
case $am_aux_dir in
*\ * | *\ *)
@@ -2208,7 +1521,7 @@ if test x"${install_sh+set}" != xset; then
esac
fi
AC_SUBST([install_sh])])
-m4trace:/usr/share/aclocal-1.15/lead-dot.m4:10: -1- AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null
+m4trace:/usr/share/aclocal-1.16/lead-dot.m4:10: -1- AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null
mkdir .tst 2>/dev/null
if test -d .tst; then
am__leading_dot=.
@@ -2217,61 +1530,48 @@ else
fi
rmdir .tst 2>/dev/null
AC_SUBST([am__leading_dot])])
-m4trace:/usr/share/aclocal-1.15/lex.m4:13: -1- AC_DEFUN([AM_PROG_LEX], [AC_PREREQ([2.50])dnl
+m4trace:/usr/share/aclocal-1.16/lex.m4:13: -1- AC_DEFUN([AM_PROG_LEX], [AC_PREREQ([2.50])dnl
AC_REQUIRE([AM_MISSING_HAS_RUN])dnl
AC_REQUIRE([AC_PROG_LEX])dnl
if test "$LEX" = :; then
LEX=${am_missing_run}flex
fi])
-m4trace:/usr/share/aclocal-1.15/make.m4:12: -1- AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make}
-cat > confinc << 'END'
+m4trace:/usr/share/aclocal-1.16/make.m4:13: -1- AC_DEFUN([AM_MAKE_INCLUDE], [AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
+cat > confinc.mk << 'END'
am__doit:
- @echo this is the am__doit target
+ @echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
am__include="#"
am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
- am__include=include
- am__quote=
- _am_result=GNU
- ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- case `$am_make -s -f confmf 2> /dev/null` in #(
- *the\ am__doit\ target*)
- am__include=.include
- am__quote="\""
- _am_result=BSD
- ;;
- esac
-fi
-AC_SUBST([am__include])
-AC_SUBST([am__quote])
-AC_MSG_RESULT([$_am_result])
-rm -f confinc confmf
-])
-m4trace:/usr/share/aclocal-1.15/missing.m4:11: -1- AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN])
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
+ AS_CASE([$?:`cat confinc.out 2>/dev/null`],
+ ['0:this is the am__doit target'],
+ [AS_CASE([$s],
+ [BSD], [am__include='.include' am__quote='"'],
+ [am__include='include' am__quote=''])])
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+AC_MSG_RESULT([${_am_result}])
+AC_SUBST([am__include])])
+m4trace:/usr/share/aclocal-1.16/make.m4:42: -1- m4_pattern_allow([^am__quote$])
+m4trace:/usr/share/aclocal-1.16/missing.m4:11: -1- AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN])
$1=${$1-"${am_missing_run}$2"}
AC_SUBST($1)])
-m4trace:/usr/share/aclocal-1.15/missing.m4:20: -1- AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+m4trace:/usr/share/aclocal-1.16/missing.m4:20: -1- AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([missing])dnl
if test x"${MISSING+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
- *)
- MISSING="\${SHELL} $am_aux_dir/missing" ;;
- esac
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
@@ -2281,11 +1581,11 @@ else
AC_MSG_WARN(['missing' script is too old or missing])
fi
])
-m4trace:/usr/share/aclocal-1.15/options.m4:11: -1- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
-m4trace:/usr/share/aclocal-1.15/options.m4:17: -1- AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])])
-m4trace:/usr/share/aclocal-1.15/options.m4:23: -1- AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
-m4trace:/usr/share/aclocal-1.15/options.m4:29: -1- AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
-m4trace:/usr/share/aclocal-1.15/prog-cc-c-o.m4:12: -1- AC_DEFUN([_AM_PROG_CC_C_O], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+m4trace:/usr/share/aclocal-1.16/options.m4:11: -1- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+m4trace:/usr/share/aclocal-1.16/options.m4:17: -1- AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])])
+m4trace:/usr/share/aclocal-1.16/options.m4:23: -1- AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+m4trace:/usr/share/aclocal-1.16/options.m4:29: -1- AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+m4trace:/usr/share/aclocal-1.16/prog-cc-c-o.m4:12: -1- AC_DEFUN([_AM_PROG_CC_C_O], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
AC_REQUIRE_AUX_FILE([compile])dnl
AC_LANG_PUSH([C])dnl
AC_CACHE_CHECK(
@@ -2317,14 +1617,17 @@ if test "$am_cv_prog_cc_c_o" != yes; then
CC="$am_aux_dir/compile $CC"
fi
AC_LANG_POP([C])])
-m4trace:/usr/share/aclocal-1.15/prog-cc-c-o.m4:47: -1- AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
-m4trace:/usr/share/aclocal-1.15/python.m4:35: -1- AC_DEFUN([AM_PATH_PYTHON], [
+m4trace:/usr/share/aclocal-1.16/prog-cc-c-o.m4:47: -1- AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
+m4trace:/usr/share/aclocal-1.16/python.m4:35: -1- AC_DEFUN([AM_PATH_PYTHON], [
dnl Find a Python interpreter. Python versions prior to 2.0 are not
dnl supported. (2.0 was released on October 16, 2000).
- dnl FIXME: Remove the need to hard-code Python versions here.
m4_define_default([_AM_PYTHON_INTERPRETER_LIST],
-[python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 dnl
- python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
+[python python2 python3 dnl
+ python3.11 python3.10 dnl
+ python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl
+ python3.2 python3.1 python3.0 dnl
+ python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl
+ python2.0])
AC_ARG_VAR([PYTHON], [the Python interpreter])
@@ -2365,34 +1668,141 @@ m4trace:/usr/share/aclocal-1.15/python.m4:35: -1- AC_DEFUN([AM_PATH_PYTHON], [
])
if test "$PYTHON" = :; then
- dnl Run any user-specified action, or abort.
+ dnl Run any user-specified action, or abort.
m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])])
else
- dnl Query Python for its version number. Getting [:3] seems to be
- dnl the best way to do this; it's what "site.py" does in the standard
- dnl library.
-
+ dnl Query Python for its version number. Although site.py simply uses
+ dnl sys.version[:3], printing that failed with Python 3.10, since the
+ dnl trailing zero was eliminated. So now we output just the major
+ dnl and minor version numbers, as numbers. Apparently the tertiary
+ dnl version is not of interest.
+ dnl
AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version],
- [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`])
+ [am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[[:2]])"`])
AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
- dnl Use the values of $prefix and $exec_prefix for the corresponding
- dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made
- dnl distinct variables so they can be overridden if need be. However,
- dnl general consensus is that you shouldn't need this ability.
-
- AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
- AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
-
- dnl At times (like when building shared libraries) you may want
+ dnl At times, e.g., when building shared libraries, you may want
dnl to know which OS platform Python thinks this is.
-
+ dnl
AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform],
[am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`])
AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
- # Just factor out some code duplication.
+ dnl emacs-page
+ dnl If --with-python-sys-prefix is given, use the values of sys.prefix
+ dnl and sys.exec_prefix for the corresponding values of PYTHON_PREFIX
+ dnl and PYTHON_EXEC_PREFIX. Otherwise, use the GNU ${prefix} and
+ dnl ${exec_prefix} variables.
+ dnl
+ dnl The two are made distinct variables so they can be overridden if
+ dnl need be, although general consensus is that you shouldn't need
+ dnl this separation.
+ dnl
+ dnl Also allow directly setting the prefixes via configure options,
+ dnl overriding any default.
+ dnl
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
+
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+ AC_ARG_WITH([python-sys-prefix],
+ [AS_HELP_STRING([--with-python-sys-prefix],
+ [use Python's sys.prefix and sys.exec_prefix values])],
+ [am_use_python_sys=:],
+ [am_use_python_sys=false])
+
+ # Allow user to override whatever the default Python prefix is.
+ AC_ARG_WITH([python_prefix],
+ [AS_HELP_STRING([--with-python_prefix],
+ [override the default PYTHON_PREFIX])],
+ [am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ AC_MSG_CHECKING([for explicit $am_display_PYTHON prefix])
+ AC_MSG_RESULT([$am_cv_python_prefix])],
+ [
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ AC_CACHE_CHECK([for python default $am_display_PYTHON prefix],
+ [am_cv_python_prefix],
+ [am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`])
+
+ dnl If sys.prefix is a subdir of $prefix, replace the literal value of
+ dnl $prefix with a variable reference so it can be overridden.
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ AC_MSG_CHECKING([for GNU default $am_display_PYTHON prefix])
+ AC_MSG_RESULT([$am_python_prefix])
+ fi])
+ # Substituting python_prefix_subst value.
+ AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+ AC_ARG_WITH([python_exec_prefix],
+ [AS_HELP_STRING([--with-python_exec_prefix],
+ [override the default PYTHON_EXEC_PREFIX])],
+ [am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ AC_MSG_CHECKING([for explicit $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_cv_python_exec_prefix])],
+ [
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ AS_IF([test -n "$with_python_prefix"],
+ [am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ AC_MSG_CHECKING([for python_prefix-given $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_cv_python_exec_prefix])],
+ [
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ AC_CACHE_CHECK([for python default $am_display_PYTHON exec_prefix],
+ [am_cv_python_exec_prefix],
+ [am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`])
+ dnl If sys.exec_prefix is a subdir of $exec_prefix, replace the
+ dnl literal value of $exec_prefix with a variable reference so it can
+ dnl be overridden.
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ AC_MSG_CHECKING([for GNU default $am_display_PYTHON exec_prefix])
+ AC_MSG_RESULT([$am_python_exec_prefix])
+ fi])])
+ # Substituting python_exec_prefix_subst.
+ AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
+
+ # Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
@@ -2412,98 +1822,111 @@ try:
except ImportError:
pass"
- dnl Set up 4 directories:
+ dnl emacs-page Set up 4 directories:
- dnl pythondir -- where to install python scripts. This is the
- dnl site-packages directory, not the python standard library
- dnl directory like in previous automake betas. This behavior
- dnl is more consistent with lispdir.m4 for example.
+ dnl 1. pythondir: where to install python scripts. This is the
+ dnl site-packages directory, not the python standard library
+ dnl directory like in previous automake betas. This behavior
+ dnl is more consistent with lispdir.m4 for example.
dnl Query distutils for this directory.
- AC_CACHE_CHECK([for $am_display_PYTHON script directory],
- [am_cv_python_pythondir],
- [if test "x$prefix" = xNONE
- then
- am_py_prefix=$ac_default_prefix
- else
- am_py_prefix=$prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
+ dnl
+ AC_CACHE_CHECK([for $am_display_PYTHON script directory (pythondir)],
+ [am_cv_python_pythondir],
+ [if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
- ])
+ ;;
+ esac
+ ])
AC_SUBST([pythondir], [$am_cv_python_pythondir])
- dnl pkgpythondir -- $PACKAGE directory under pythondir. Was
- dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
- dnl more consistent with the rest of automake.
-
+ dnl 2. pkgpythondir: $PACKAGE directory under pythondir. Was
+ dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is
+ dnl more consistent with the rest of automake.
+ dnl
AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
- dnl pyexecdir -- directory for installing python extension modules
- dnl (shared libraries)
+ dnl 3. pyexecdir: directory for installing python extension modules
+ dnl (shared libraries).
dnl Query distutils for this directory.
- AC_CACHE_CHECK([for $am_display_PYTHON extension module directory],
- [am_cv_python_pyexecdir],
- [if test "x$exec_prefix" = xNONE
- then
- am_py_exec_prefix=$am_py_prefix
- else
- am_py_exec_prefix=$exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
+ dnl
+ AC_CACHE_CHECK([for $am_display_PYTHON extension module directory (pyexecdir)],
+ [am_cv_python_pyexecdir],
+ [if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
- ])
+ ;;
+ esac
+ ])
AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
- dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE)
-
+ dnl 4. pkgpyexecdir: $(pyexecdir)/$(PACKAGE)
+ dnl
AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
dnl Run any user-specified action.
$2
fi
-
])
-m4trace:/usr/share/aclocal-1.15/python.m4:230: -1- AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys
+m4trace:/usr/share/aclocal-1.16/python.m4:353: -1- AC_DEFUN([AM_PYTHON_CHECK_VERSION], [prog="import sys
# split strings by '.' and convert to numeric. Append some zeros
# because we need at least 4 digits for the hex conversion.
# map returns an iterator in Python 3.0 and a list in 2.x
@@ -2513,12 +1936,12 @@ minverhex = 0
for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]]
sys.exit(sys.hexversion < minverhex)"
AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])])
-m4trace:/usr/share/aclocal-1.15/runlog.m4:12: -1- AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
+m4trace:/usr/share/aclocal-1.16/runlog.m4:12: -1- AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
(exit $ac_status); }])
-m4trace:/usr/share/aclocal-1.15/sanity.m4:11: -1- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane])
+m4trace:/usr/share/aclocal-1.16/sanity.m4:11: -1- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane])
# Reject unsafe characters in $srcdir or the absolute working directory
# name. Accept space and tab only in the latter.
am_lf='
@@ -2589,7 +2012,7 @@ AC_CONFIG_COMMANDS_PRE(
AC_MSG_RESULT([done])])
rm -f conftest.file
])
-m4trace:/usr/share/aclocal-1.15/silent.m4:12: -1- AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl
+m4trace:/usr/share/aclocal-1.16/silent.m4:12: -1- AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl
AS_HELP_STRING(
[--enable-silent-rules],
[less verbose build output (undo: "make V=1")])
@@ -2637,7 +2060,7 @@ AM_BACKSLASH='\'
AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
-m4trace:/usr/share/aclocal-1.15/strip.m4:17: -1- AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+m4trace:/usr/share/aclocal-1.16/strip.m4:17: -1- AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
# Installed binaries are usually stripped using 'strip' when the user
# run "make install-strip". However 'strip' might not be the right
# tool to use in cross-compilation environments, therefore Automake
@@ -2648,9 +2071,9 @@ if test "$cross_compiling" != no; then
fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
-m4trace:/usr/share/aclocal-1.15/substnot.m4:12: -1- AC_DEFUN([_AM_SUBST_NOTMAKE])
-m4trace:/usr/share/aclocal-1.15/substnot.m4:17: -1- AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
-m4trace:/usr/share/aclocal-1.15/tar.m4:23: -1- AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used
+m4trace:/usr/share/aclocal-1.16/substnot.m4:12: -1- AC_DEFUN([_AM_SUBST_NOTMAKE])
+m4trace:/usr/share/aclocal-1.16/substnot.m4:17: -1- AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+m4trace:/usr/share/aclocal-1.16/tar.m4:23: -1- AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used
# in the wild :-( We should find a proper way to deprecate it ...
AC_SUBST([AMTAR], ['$${TAR-tar}'])
@@ -2811,18 +2234,19 @@ m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
m4trace:configure.ac:6: -1- m4_pattern_allow([^build_alias$])
m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
-m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.13.6])
+m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.0.8])
m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
m4trace:configure.ac:8: -1- AM_SET_CURRENT_AUTOMAKE_VERSION
-m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.15.1])
-m4trace:configure.ac:8: -1- _AM_AUTOCONF_VERSION([2.69])
+m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
+m4trace:configure.ac:8: -1- _AM_AUTOCONF_VERSION([2.71])
m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_DATA$])
m4trace:configure.ac:8: -1- m4_pattern_allow([^am__isrc$])
m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
-m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [/usr/share/aclocal-1.15/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
+m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
+/usr/share/aclocal-1.16/init.m4:29: AM_INIT_AUTOMAKE is expanded from...
configure.ac:8: the top level])
m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
@@ -2882,6 +2306,9 @@ AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
])
m4trace:configure.ac:8: -2- _AM_MANGLE_OPTION([no-dependencies])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
m4trace:configure.ac:8: -1- AM_SILENT_RULES
m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_V$])
m4trace:configure.ac:8: -1- AM_SUBST_NOTMAKE([AM_V])
@@ -2893,6 +2320,10 @@ m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
m4trace:configure.ac:10: -1- AM_PROG_LEX
+m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
+./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
+/usr/share/aclocal-1.16/lex.m4:13: AM_PROG_LEX is expanded from...
+configure.ac:10: the top level])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
@@ -2905,6 +2336,7 @@ m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
m4trace:configure.ac:10: -1- _AM_PROG_CC_C_O
@@ -2914,8 +2346,8 @@ m4trace:configure.ac:10: -1- AM_SET_DEPDIR
m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
m4trace:configure.ac:10: -1- AM_OUTPUT_DEPENDENCY_COMMANDS
m4trace:configure.ac:10: -1- AM_MAKE_INCLUDE
+m4trace:configure.ac:10: -1- AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:10: -1- AM_DEP_TRACK
m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
@@ -2992,6 +2424,11 @@ m4trace:m4/ac_python_devel.m4:1: -1- AC_DEFUN([AC_PYTHON_DEVEL], [
PYTHON_VERSION=""
fi
+ AC_PATH_TOOL([PYTHON_CONFIG],[`basename [$PYTHON]-config`])
+ if test -z "$PYTHON_CONFIG"; then
+ AC_MSG_ERROR([Cannot find python$PYTHON_VERSION-config in your system path])
+ fi
+
#
# Check for a version of Python >= 2.1.0
#
@@ -3040,17 +2477,17 @@ variable to configure. See ``configure --help'' for reference.
fi
#
- # Check if you have distutils, else fail
+ # Check if you have setuptools, else fail
#
- AC_MSG_CHECKING([for the distutils Python package])
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
+ AC_MSG_CHECKING([for the setuptools Python package])
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "distutils".
+ AC_MSG_ERROR([cannot import Python module "setuptools".
Please check your Python installation. The error was:
-$ac_distutils_result])
+$ac_setuptools_result])
PYTHON_VERSION=""
fi
@@ -3058,12 +2495,12 @@ $ac_distutils_result])
# Check for Python include path
#
AC_MSG_CHECKING([for Python include path])
- if type $PYTHON-config; then
- PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
fi
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
@@ -3076,14 +2513,14 @@ sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
# Check for Python library path
#
AC_MSG_CHECKING([for Python library path])
- if type $PYTHON-config; then
- PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
fi
if test -z "$PYTHON_LDFLAGS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
- py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
if test "$py_version" == "[None]"; then
if test -n "$PYTHON_VERSION"; then
py_version=$PYTHON_VERSION
@@ -3093,8 +2530,8 @@ sys.stdout.write("%s\n" % sys.version[[:3]])"`
fi
fi
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
fi
AC_MSG_RESULT([$PYTHON_LDFLAGS])
@@ -3105,8 +2542,8 @@ sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHO
#
AC_MSG_CHECKING([for Python site-packages path])
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
fi
AC_MSG_RESULT([$PYTHON_SITE_PKG])
AC_SUBST([PYTHON_SITE_PKG])
@@ -3115,9 +2552,13 @@ sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
# libraries which must be linked in when embedding
#
AC_MSG_CHECKING(python extra libraries)
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
@@ -3127,9 +2568,13 @@ sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf(
# linking flags needed when embedding
#
AC_MSG_CHECKING(python extra linking flags)
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
@@ -3143,7 +2588,7 @@ sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_TRY_LINK([
#include <Python.h>
@@ -3179,29 +2624,33 @@ sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
m4trace:configure.ac:48: -1- AC_PYTHON_DEVEL
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_LDFLAGS$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_SITE_PKG$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LIBS$])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
-You should run autoupdate.], [../../lib/autoconf/general.m4:2698: AC_TRY_LINK is expanded from...
+You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
configure.ac:48: the top level])
-m4trace:configure.ac:49: -1- AM_PATH_PYTHON
+m4trace:configure.ac:49: -1- AM_PATH_PYTHON([3.0])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:49: -1- AM_PYTHON_CHECK_VERSION([$PYTHON], [3.0], [AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])
+ AC_MSG_ERROR([Python interpreter is too old])])
+m4trace:configure.ac:49: -1- AM_RUN_LOG([$PYTHON -c "$prog"])
+m4trace:configure.ac:49: -1- AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [3.0], [break])
+m4trace:configure.ac:49: -1- AM_RUN_LOG([$am_cv_pathless_PYTHON -c "$prog"])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpythondir$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^pyexecdir$])
m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
-m4trace:configure.ac:61: -1- _m4_warn([cross], [cannot check for file existence when cross compiling], [../../lib/autoconf/general.m4:2788: AC_CHECK_FILE is expanded from...
-configure.ac:61: the top level])
m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
m4trace:configure.ac:76: -1- AM_CONDITIONAL([ENABLE_MAN_PAGES], [test x$enable_man_pages = xyes])
m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_TRUE$])
@@ -3223,13 +2672,47 @@ m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_TRUE$])
m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPP$])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPPFLAGS$])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPP$])
+m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
+You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
+configure.ac:81: the top level])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdio_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" stdio.h ]AS_TR_SH([stdio.h]) AS_TR_CPP([HAVE_stdio.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdlib_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" stdlib.h ]AS_TR_SH([stdlib.h]) AS_TR_CPP([HAVE_stdlib.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_string_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" string.h ]AS_TR_SH([string.h]) AS_TR_CPP([HAVE_string.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_inttypes_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" inttypes.h ]AS_TR_SH([inttypes.h]) AS_TR_CPP([HAVE_inttypes.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_stdint_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" stdint.h ]AS_TR_SH([stdint.h]) AS_TR_CPP([HAVE_stdint.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_strings_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" strings.h ]AS_TR_SH([strings.h]) AS_TR_CPP([HAVE_strings.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_sys_stat_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" sys/stat.h ]AS_TR_SH([sys/stat.h]) AS_TR_CPP([HAVE_sys/stat.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_sys_types_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" sys/types.h ]AS_TR_SH([sys/types.h]) AS_TR_CPP([HAVE_sys/types.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- AC_DEFUN([_AC_Header_unistd_h], [m4_divert_text([INIT_PREPARE],
+ [AS_VAR_APPEND([ac_header_]]_AC_LANG_ABBREV[[_list],
+ [" unistd.h ]AS_TR_SH([unistd.h]) AS_TR_CPP([HAVE_unistd.h])["])])_AC_HEADERS_EXPANSION(_AC_LANG_ABBREV)])
+m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
m4trace:configure.ac:81: -1- AC_PROG_EGREP
m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
m4trace:configure.ac:88: -1- AM_PROG_LIBTOOL
@@ -3304,6 +2787,9 @@ m4trace:configure.ac:88: -1- _LT_LINKER_OPTION([if $CC understands -b], [lt_cv_p
m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
m4trace:configure.ac:88: -1- LT_SYS_DLOPEN_SELF
m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
+m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
+You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
+configure.ac:90: the top level])
m4trace:configure.ac:95: -1- _m4_warn([obsolete], [AC_OUTPUT should be used without arguments.
You should run autoupdate.], [])
m4trace:configure.ac:95: -1- m4_pattern_allow([^LIB@&t@OBJS$])
@@ -3314,4 +2800,7 @@ m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
m4trace:configure.ac:95: -1- _AM_OUTPUT_DEPENDENCY_COMMANDS
+m4trace:configure.ac:95: -1- AM_RUN_LOG([cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles])
m4trace:configure.ac:95: -1- _LT_PROG_LTMAIN
diff --git a/libraries/libapparmor/autom4te.cache/traces.1 b/libraries/libapparmor/autom4te.cache/traces.1
index cc55204a8ecf992432384ad52d1b8b5686d1d5d7..bd5b240401c8f7c01f2b8ebdfbf1fc190169c34d 100644
--- a/libraries/libapparmor/autom4te.cache/traces.1
+++ b/libraries/libapparmor/autom4te.cache/traces.1
@@ -1,3 +1,6 @@
+m4trace:aclocal.m4:10047: -1- AC_SUBST([am__quote])
+m4trace:aclocal.m4:10047: -1- AC_SUBST_TRACE([am__quote])
+m4trace:aclocal.m4:10047: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:1: -2- m4_sinclude([common/Version])
m4trace:configure.ac:2: -3- m4_sinclude([../../common/Version])
m4trace:configure.ac:6: -1- AC_INIT([configure.ac])
@@ -151,9 +154,9 @@ m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
m4trace:configure.ac:6: -1- AC_SUBST([target_alias])
m4trace:configure.ac:6: -1- AC_SUBST_TRACE([target_alias])
m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
-m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [2.13.6])
+m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.0.8])
m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
-m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.15.1])
+m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_PROGRAM])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
@@ -171,12 +174,13 @@ m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
m4trace:configure.ac:8: -1- AC_SUBST([CYGPATH_W])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CYGPATH_W])
m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
-m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [aclocal.m4:9760: AM_INIT_AUTOMAKE is expanded from...
+m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
+aclocal.m4:9759: AM_INIT_AUTOMAKE is expanded from...
configure.ac:8: the top level])
m4trace:configure.ac:8: -1- AC_SUBST([PACKAGE], [libapparmor1])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([PACKAGE])
m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
-m4trace:configure.ac:8: -1- AC_SUBST([VERSION], [2.13.6])
+m4trace:configure.ac:8: -1- AC_SUBST([VERSION], [3.0.8])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([VERSION])
m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
@@ -237,6 +241,15 @@ m4trace:configure.ac:8: -1- m4_pattern_allow([^am__tar$])
m4trace:configure.ac:8: -1- AC_SUBST([am__untar])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__untar])
m4trace:configure.ac:8: -1- m4_pattern_allow([^am__untar$])
+m4trace:configure.ac:8: -1- AC_SUBST([CTAGS])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CTAGS])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
+m4trace:configure.ac:8: -1- AC_SUBST([ETAGS])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ETAGS])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
+m4trace:configure.ac:8: -1- AC_SUBST([CSCOPE])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CSCOPE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
m4trace:configure.ac:8: -1- AM_SILENT_RULES
m4trace:configure.ac:8: -1- AC_SUBST([AM_V])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_V])
@@ -253,6 +266,10 @@ m4trace:configure.ac:8: -1- AC_SUBST([AM_BACKSLASH])
m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_BACKSLASH])
m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
+m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
+./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
+aclocal.m4:9998: AM_PROG_LEX is expanded from...
+configure.ac:10: the top level])
m4trace:configure.ac:10: -1- AC_SUBST([LEX])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX])
m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
@@ -289,6 +306,9 @@ m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
@@ -302,9 +322,6 @@ m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
m4trace:configure.ac:10: -1- AC_SUBST([am__include])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
-m4trace:configure.ac:10: -1- AC_SUBST([am__quote])
-m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__quote])
-m4trace:configure.ac:10: -1- m4_pattern_allow([^am__quote$])
m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
@@ -396,6 +413,9 @@ m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
m4trace:configure.ac:48: -1- AC_SUBST([PYTHON])
m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CONFIG])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CONFIG])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CPPFLAGS])
m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CPPFLAGS])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
@@ -412,7 +432,7 @@ m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LDFLAGS])
m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LDFLAGS])
m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
-You should run autoupdate.], [../../lib/autoconf/general.m4:2698: AC_TRY_LINK is expanded from...
+You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
configure.ac:48: the top level])
m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
@@ -424,15 +444,15 @@ m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_VERSION])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PREFIX], ['${prefix}'])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PREFIX])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}'])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_EXEC_PREFIX])
m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
-m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
-m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
-m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
m4trace:configure.ac:49: -1- AC_SUBST([pythondir], [$am_cv_python_pythondir])
m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pythondir])
m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
@@ -448,8 +468,6 @@ m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
m4trace:configure.ac:58: -1- AC_SUBST([PERL])
m4trace:configure.ac:58: -1- AC_SUBST_TRACE([PERL])
m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
-m4trace:configure.ac:61: -1- _m4_warn([cross], [cannot check for file existence when cross compiling], [../../lib/autoconf/general.m4:2788: AC_CHECK_FILE is expanded from...
-configure.ac:61: the top level])
m4trace:configure.ac:71: -1- AC_SUBST([RUBY])
m4trace:configure.ac:71: -1- AC_SUBST_TRACE([RUBY])
m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
@@ -489,57 +507,67 @@ m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_FALSE])
m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
-m4trace:configure.ac:81: -1- AC_SUBST([CPP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([CPP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPP$])
-m4trace:configure.ac:81: -1- AC_SUBST([CPPFLAGS])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([CPPFLAGS])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPPFLAGS$])
-m4trace:configure.ac:81: -1- AC_SUBST([CPP])
-m4trace:configure.ac:81: -1- AC_SUBST_TRACE([CPP])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^CPP$])
+m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
+You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
+configure.ac:81: the top level])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDIO_H], [/* Define to 1 if you have the <stdio.h> header file. */
+@%:@undef HAVE_STDIO_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
+@%:@undef HAVE_STDLIB_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
+@%:@undef HAVE_STRING_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
+@%:@undef HAVE_INTTYPES_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+@%:@undef HAVE_STDINT_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+@%:@undef HAVE_STRINGS_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+@%:@undef HAVE_SYS_STAT_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
+@%:@undef HAVE_SYS_TYPES_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
+@%:@undef HAVE_UNISTD_H])
+m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
+m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
+m4trace:configure.ac:81: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if all of the C90 standard headers exist (not just the ones
+ required in a freestanding environment). This macro is provided for
+ backward compatibility; new code need not use it. */
+@%:@undef STDC_HEADERS])
m4trace:configure.ac:81: -1- AC_SUBST([GREP])
m4trace:configure.ac:81: -1- AC_SUBST_TRACE([GREP])
m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
m4trace:configure.ac:81: -1- AC_SUBST([EGREP])
m4trace:configure.ac:81: -1- AC_SUBST_TRACE([EGREP])
m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
-m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
-m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
-m4trace:configure.ac:81: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if you have the ANSI C header files. */
-@%:@undef STDC_HEADERS])
m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
@%:@undef HAVE_UNISTD_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UNISTD_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
@%:@undef HAVE_STDINT_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDINT_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYSLOG_H], [/* Define to 1 if you have the <syslog.h> header file. */
@%:@undef HAVE_SYSLOG_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
-@%:@undef HAVE_SYS_TYPES_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
-@%:@undef HAVE_SYS_STAT_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
-@%:@undef HAVE_STDLIB_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
-@%:@undef HAVE_STRING_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_MEMORY_H], [/* Define to 1 if you have the <memory.h> header file. */
-@%:@undef HAVE_MEMORY_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
-@%:@undef HAVE_STRINGS_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
-@%:@undef HAVE_INTTYPES_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
-@%:@undef HAVE_STDINT_H])
-m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
-@%:@undef HAVE_UNISTD_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLOG_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_ASPRINTF], [/* Define to 1 if you have the `asprintf\' function. */
@%:@undef HAVE_ASPRINTF])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ASPRINTF])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE___SECURE_GETENV], [/* Define to 1 if you have the `__secure_getenv\' function. */
@%:@undef HAVE___SECURE_GETENV])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SECURE_GETENV])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_SECURE_GETENV], [/* Define to 1 if you have the `secure_getenv\' function. */
@%:@undef HAVE_SECURE_GETENV])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECURE_GETENV])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_REALLOCARRAY], [/* Define to 1 if you have the `reallocarray\' function. */
@%:@undef HAVE_REALLOCARRAY])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOCARRAY])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([const])
m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
@@ -666,6 +694,9 @@ m4trace:configure.ac:88: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you ha
@%:@undef HAVE_DLFCN_H])
m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
+m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
+You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
+configure.ac:90: the top level])
m4trace:configure.ac:95: -1- AC_CONFIG_FILES([Makefile
doc/Makefile
src/Makefile
diff --git a/libraries/libapparmor/autom4te.cache/traces.2 b/libraries/libapparmor/autom4te.cache/traces.2
new file mode 100644
index 0000000000000000000000000000000000000000..bd5b240401c8f7c01f2b8ebdfbf1fc190169c34d
--- /dev/null
+++ b/libraries/libapparmor/autom4te.cache/traces.2
@@ -0,0 +1,745 @@
+m4trace:aclocal.m4:10047: -1- AC_SUBST([am__quote])
+m4trace:aclocal.m4:10047: -1- AC_SUBST_TRACE([am__quote])
+m4trace:aclocal.m4:10047: -1- m4_pattern_allow([^am__quote$])
+m4trace:configure.ac:1: -2- m4_sinclude([common/Version])
+m4trace:configure.ac:2: -3- m4_sinclude([../../common/Version])
+m4trace:configure.ac:6: -1- AC_INIT([configure.ac])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?A[CHUM]_])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([_AC_])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([^LIBOBJS$], [do not use LIBOBJS directly, use AC_LIBOBJ (see section `AC_LIBOBJ vs LIBOBJS'])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^AS_FLAGS$])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?m4_])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([^dnl$])
+m4trace:configure.ac:6: -1- m4_pattern_forbid([^_?AS_])
+m4trace:configure.ac:6: -1- AC_SUBST([SHELL])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([SHELL])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^SHELL$])
+m4trace:configure.ac:6: -1- AC_SUBST([PATH_SEPARATOR])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PATH_SEPARATOR])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PATH_SEPARATOR$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_NAME], [m4_ifdef([AC_PACKAGE_NAME], ['AC_PACKAGE_NAME'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_NAME])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_TARNAME], [m4_ifdef([AC_PACKAGE_TARNAME], ['AC_PACKAGE_TARNAME'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_TARNAME])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_VERSION], [m4_ifdef([AC_PACKAGE_VERSION], ['AC_PACKAGE_VERSION'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_VERSION])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_STRING], [m4_ifdef([AC_PACKAGE_STRING], ['AC_PACKAGE_STRING'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_STRING])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_BUGREPORT], [m4_ifdef([AC_PACKAGE_BUGREPORT], ['AC_PACKAGE_BUGREPORT'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_BUGREPORT])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
+m4trace:configure.ac:6: -1- AC_SUBST([PACKAGE_URL], [m4_ifdef([AC_PACKAGE_URL], ['AC_PACKAGE_URL'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([PACKAGE_URL])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
+m4trace:configure.ac:6: -1- AC_SUBST([exec_prefix], [NONE])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([exec_prefix])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^exec_prefix$])
+m4trace:configure.ac:6: -1- AC_SUBST([prefix], [NONE])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([prefix])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^prefix$])
+m4trace:configure.ac:6: -1- AC_SUBST([program_transform_name], [s,x,x,])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([program_transform_name])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^program_transform_name$])
+m4trace:configure.ac:6: -1- AC_SUBST([bindir], ['${exec_prefix}/bin'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([bindir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^bindir$])
+m4trace:configure.ac:6: -1- AC_SUBST([sbindir], ['${exec_prefix}/sbin'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sbindir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^sbindir$])
+m4trace:configure.ac:6: -1- AC_SUBST([libexecdir], ['${exec_prefix}/libexec'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libexecdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^libexecdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([datarootdir], ['${prefix}/share'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datarootdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^datarootdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([datadir], ['${datarootdir}'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([datadir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^datadir$])
+m4trace:configure.ac:6: -1- AC_SUBST([sysconfdir], ['${prefix}/etc'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sysconfdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^sysconfdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([sharedstatedir], ['${prefix}/com'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([sharedstatedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^sharedstatedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([localstatedir], ['${prefix}/var'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localstatedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^localstatedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([runstatedir], ['${localstatedir}/run'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([runstatedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^runstatedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([includedir], ['${prefix}/include'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([includedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^includedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([oldincludedir], ['/usr/include'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([oldincludedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^oldincludedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([docdir], [m4_ifset([AC_PACKAGE_TARNAME],
+ ['${datarootdir}/doc/${PACKAGE_TARNAME}'],
+ ['${datarootdir}/doc/${PACKAGE}'])])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([docdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^docdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([infodir], ['${datarootdir}/info'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([infodir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^infodir$])
+m4trace:configure.ac:6: -1- AC_SUBST([htmldir], ['${docdir}'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([htmldir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^htmldir$])
+m4trace:configure.ac:6: -1- AC_SUBST([dvidir], ['${docdir}'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([dvidir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^dvidir$])
+m4trace:configure.ac:6: -1- AC_SUBST([pdfdir], ['${docdir}'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([pdfdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^pdfdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([psdir], ['${docdir}'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([psdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^psdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([libdir], ['${exec_prefix}/lib'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([libdir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^libdir$])
+m4trace:configure.ac:6: -1- AC_SUBST([localedir], ['${datarootdir}/locale'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([localedir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^localedir$])
+m4trace:configure.ac:6: -1- AC_SUBST([mandir], ['${datarootdir}/man'])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([mandir])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^mandir$])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_NAME])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_NAME$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_NAME], [/* Define to the full name of this package. */
+@%:@undef PACKAGE_NAME])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_TARNAME])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_TARNAME$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_TARNAME], [/* Define to the one symbol short name of this package. */
+@%:@undef PACKAGE_TARNAME])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_VERSION])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_VERSION$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_VERSION], [/* Define to the version of this package. */
+@%:@undef PACKAGE_VERSION])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_STRING])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_STRING$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_STRING], [/* Define to the full name and version of this package. */
+@%:@undef PACKAGE_STRING])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_BUGREPORT])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_BUGREPORT$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_BUGREPORT], [/* Define to the address where bug reports for this package should be sent. */
+@%:@undef PACKAGE_BUGREPORT])
+m4trace:configure.ac:6: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE_URL])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^PACKAGE_URL$])
+m4trace:configure.ac:6: -1- AH_OUTPUT([PACKAGE_URL], [/* Define to the home page for this package. */
+@%:@undef PACKAGE_URL])
+m4trace:configure.ac:6: -1- AC_SUBST([DEFS])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([DEFS])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^DEFS$])
+m4trace:configure.ac:6: -1- AC_SUBST([ECHO_C])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_C])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_C$])
+m4trace:configure.ac:6: -1- AC_SUBST([ECHO_N])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_N])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_N$])
+m4trace:configure.ac:6: -1- AC_SUBST([ECHO_T])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([ECHO_T])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^ECHO_T$])
+m4trace:configure.ac:6: -1- AC_SUBST([LIBS])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([LIBS])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^LIBS$])
+m4trace:configure.ac:6: -1- AC_SUBST([build_alias])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([build_alias])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^build_alias$])
+m4trace:configure.ac:6: -1- AC_SUBST([host_alias])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([host_alias])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^host_alias$])
+m4trace:configure.ac:6: -1- AC_SUBST([target_alias])
+m4trace:configure.ac:6: -1- AC_SUBST_TRACE([target_alias])
+m4trace:configure.ac:6: -1- m4_pattern_allow([^target_alias$])
+m4trace:configure.ac:8: -1- AM_INIT_AUTOMAKE([libapparmor1], [3.0.8])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_[A-Z]+FLAGS$])
+m4trace:configure.ac:8: -1- AM_AUTOMAKE_VERSION([1.16.5])
+m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
+m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_PROGRAM])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_PROGRAM])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_PROGRAM$])
+m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_SCRIPT])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_SCRIPT])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_SCRIPT$])
+m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_DATA])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_DATA])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_DATA$])
+m4trace:configure.ac:8: -1- AC_SUBST([am__isrc], [' -I$(srcdir)'])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__isrc])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^am__isrc$])
+m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([am__isrc])
+m4trace:configure.ac:8: -1- AC_SUBST([CYGPATH_W])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CYGPATH_W])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CYGPATH_W$])
+m4trace:configure.ac:8: -1- _m4_warn([obsolete], [AM_INIT_AUTOMAKE: two- and three-arguments forms are deprecated.], [./lib/autoconf/general.m4:2434: AC_DIAGNOSE is expanded from...
+aclocal.m4:9759: AM_INIT_AUTOMAKE is expanded from...
+configure.ac:8: the top level])
+m4trace:configure.ac:8: -1- AC_SUBST([PACKAGE], [libapparmor1])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([PACKAGE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
+m4trace:configure.ac:8: -1- AC_SUBST([VERSION], [3.0.8])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([VERSION])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
+m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([PACKAGE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^PACKAGE$])
+m4trace:configure.ac:8: -1- AH_OUTPUT([PACKAGE], [/* Name of package */
+@%:@undef PACKAGE])
+m4trace:configure.ac:8: -1- AC_DEFINE_TRACE_LITERAL([VERSION])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^VERSION$])
+m4trace:configure.ac:8: -1- AH_OUTPUT([VERSION], [/* Version number of package */
+@%:@undef VERSION])
+m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([missing])
+m4trace:configure.ac:8: -1- AC_SUBST([ACLOCAL])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ACLOCAL])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^ACLOCAL$])
+m4trace:configure.ac:8: -1- AC_SUBST([AUTOCONF])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOCONF])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOCONF$])
+m4trace:configure.ac:8: -1- AC_SUBST([AUTOMAKE])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOMAKE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOMAKE$])
+m4trace:configure.ac:8: -1- AC_SUBST([AUTOHEADER])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AUTOHEADER])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AUTOHEADER$])
+m4trace:configure.ac:8: -1- AC_SUBST([MAKEINFO])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MAKEINFO])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^MAKEINFO$])
+m4trace:configure.ac:8: -1- AC_SUBST([install_sh])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([install_sh])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^install_sh$])
+m4trace:configure.ac:8: -1- AC_SUBST([STRIP])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([STRIP])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^STRIP$])
+m4trace:configure.ac:8: -1- AC_SUBST([INSTALL_STRIP_PROGRAM])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([INSTALL_STRIP_PROGRAM])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^INSTALL_STRIP_PROGRAM$])
+m4trace:configure.ac:8: -1- AC_REQUIRE_AUX_FILE([install-sh])
+m4trace:configure.ac:8: -1- AC_SUBST([MKDIR_P])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([MKDIR_P])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^MKDIR_P$])
+m4trace:configure.ac:8: -1- AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([mkdir_p])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^mkdir_p$])
+m4trace:configure.ac:8: -1- AC_SUBST([AWK])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AWK])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AWK$])
+m4trace:configure.ac:8: -1- AC_SUBST([SET_MAKE])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([SET_MAKE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^SET_MAKE$])
+m4trace:configure.ac:8: -1- AC_SUBST([am__leading_dot])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__leading_dot])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^am__leading_dot$])
+m4trace:configure.ac:8: -1- AC_SUBST([AMTAR], ['$${TAR-tar}'])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AMTAR])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AMTAR$])
+m4trace:configure.ac:8: -1- AC_SUBST([am__tar])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__tar])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^am__tar$])
+m4trace:configure.ac:8: -1- AC_SUBST([am__untar])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([am__untar])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^am__untar$])
+m4trace:configure.ac:8: -1- AC_SUBST([CTAGS])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CTAGS])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CTAGS$])
+m4trace:configure.ac:8: -1- AC_SUBST([ETAGS])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([ETAGS])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^ETAGS$])
+m4trace:configure.ac:8: -1- AC_SUBST([CSCOPE])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([CSCOPE])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^CSCOPE$])
+m4trace:configure.ac:8: -1- AM_SILENT_RULES
+m4trace:configure.ac:8: -1- AC_SUBST([AM_V])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_V])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_V$])
+m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_V])
+m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_V])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_V])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_V$])
+m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_DEFAULT_V])
+m4trace:configure.ac:8: -1- AC_SUBST([AM_DEFAULT_VERBOSITY])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_DEFAULT_VERBOSITY])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_DEFAULT_VERBOSITY$])
+m4trace:configure.ac:8: -1- AC_SUBST([AM_BACKSLASH])
+m4trace:configure.ac:8: -1- AC_SUBST_TRACE([AM_BACKSLASH])
+m4trace:configure.ac:8: -1- m4_pattern_allow([^AM_BACKSLASH$])
+m4trace:configure.ac:8: -1- _AM_SUBST_NOTMAKE([AM_BACKSLASH])
+m4trace:configure.ac:10: -1- _m4_warn([obsolete], [AC_PROG_LEX without either yywrap or noyywrap is obsolete], [./lib/autoconf/programs.m4:716: _AC_PROG_LEX is expanded from...
+./lib/autoconf/programs.m4:709: AC_PROG_LEX is expanded from...
+aclocal.m4:9998: AM_PROG_LEX is expanded from...
+configure.ac:10: the top level])
+m4trace:configure.ac:10: -1- AC_SUBST([LEX])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX$])
+m4trace:configure.ac:10: -1- AC_SUBST([LEX_OUTPUT_ROOT], [$ac_cv_prog_lex_root])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEX_OUTPUT_ROOT])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^LEX_OUTPUT_ROOT$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CFLAGS])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CFLAGS])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CFLAGS$])
+m4trace:configure.ac:10: -1- AC_SUBST([LDFLAGS])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LDFLAGS])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^LDFLAGS$])
+m4trace:configure.ac:10: -1- AC_SUBST([LIBS])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LIBS])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^LIBS$])
+m4trace:configure.ac:10: -1- AC_SUBST([CPPFLAGS])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CPPFLAGS])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CPPFLAGS$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([ac_ct_CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([ac_ct_CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^ac_ct_CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([CC])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CC])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CC$])
+m4trace:configure.ac:10: -1- AC_SUBST([EXEEXT], [$ac_cv_exeext])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([EXEEXT])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^EXEEXT$])
+m4trace:configure.ac:10: -1- AC_SUBST([OBJEXT], [$ac_cv_objext])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([OBJEXT])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^OBJEXT$])
+m4trace:configure.ac:10: -1- AC_REQUIRE_AUX_FILE([compile])
+m4trace:configure.ac:10: -1- AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([DEPDIR])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^DEPDIR$])
+m4trace:configure.ac:10: -1- AC_SUBST([am__include])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__include])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^am__include$])
+m4trace:configure.ac:10: -1- AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_TRUE])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_TRUE])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_TRUE$])
+m4trace:configure.ac:10: -1- AC_SUBST([AMDEP_FALSE])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEP_FALSE])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEP_FALSE$])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_TRUE])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEP_FALSE])
+m4trace:configure.ac:10: -1- AC_SUBST([AMDEPBACKSLASH])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([AMDEPBACKSLASH])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^AMDEPBACKSLASH$])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])
+m4trace:configure.ac:10: -1- AC_SUBST([am__nodep])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__nodep])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^am__nodep$])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__nodep])
+m4trace:configure.ac:10: -1- AC_SUBST([CCDEPMODE], [depmode=$am_cv_CC_dependencies_compiler_type])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([CCDEPMODE])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^CCDEPMODE$])
+m4trace:configure.ac:10: -1- AM_CONDITIONAL([am__fastdepCC], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3])
+m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_TRUE])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_TRUE])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_TRUE$])
+m4trace:configure.ac:10: -1- AC_SUBST([am__fastdepCC_FALSE])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([am__fastdepCC_FALSE])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^am__fastdepCC_FALSE$])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_TRUE])
+m4trace:configure.ac:10: -1- _AM_SUBST_NOTMAKE([am__fastdepCC_FALSE])
+m4trace:configure.ac:10: -1- AC_SUBST([LEXLIB])
+m4trace:configure.ac:10: -1- AC_SUBST_TRACE([LEXLIB])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^LEXLIB$])
+m4trace:configure.ac:10: -1- AC_DEFINE_TRACE_LITERAL([YYTEXT_POINTER])
+m4trace:configure.ac:10: -1- m4_pattern_allow([^YYTEXT_POINTER$])
+m4trace:configure.ac:10: -1- AH_OUTPUT([YYTEXT_POINTER], [/* Define to 1 if `lex\' declares `yytext\' as a `char *\' by default, not a
+ `char@<:@@:>@\'. */
+@%:@undef YYTEXT_POINTER])
+m4trace:configure.ac:11: -1- AC_SUBST([YACC])
+m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
+m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
+m4trace:configure.ac:11: -1- AC_SUBST([YACC])
+m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YACC])
+m4trace:configure.ac:11: -1- m4_pattern_allow([^YACC$])
+m4trace:configure.ac:11: -1- AC_SUBST([YFLAGS])
+m4trace:configure.ac:11: -1- AC_SUBST_TRACE([YFLAGS])
+m4trace:configure.ac:11: -1- m4_pattern_allow([^YFLAGS$])
+m4trace:configure.ac:12: -1- AC_SUBST([SED])
+m4trace:configure.ac:12: -1- AC_SUBST_TRACE([SED])
+m4trace:configure.ac:12: -1- m4_pattern_allow([^SED$])
+m4trace:configure.ac:13: -1- m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
+m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
+m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_PATH])
+m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_PATH])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_PATH$])
+m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG_LIBDIR])
+m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG_LIBDIR])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG_LIBDIR$])
+m4trace:configure.ac:13: -1- AC_SUBST([PKG_CONFIG])
+m4trace:configure.ac:13: -1- AC_SUBST_TRACE([PKG_CONFIG])
+m4trace:configure.ac:13: -1- m4_pattern_allow([^PKG_CONFIG$])
+m4trace:configure.ac:15: -1- AC_SUBST([SWIG])
+m4trace:configure.ac:15: -1- AC_SUBST_TRACE([SWIG])
+m4trace:configure.ac:15: -1- m4_pattern_allow([^SWIG$])
+m4trace:configure.ac:23: -1- AC_DEFINE_TRACE_LITERAL([ENABLE_DEBUG_OUTPUT])
+m4trace:configure.ac:23: -1- m4_pattern_allow([^ENABLE_DEBUG_OUTPUT$])
+m4trace:configure.ac:23: -1- AH_OUTPUT([ENABLE_DEBUG_OUTPUT], [/* debug output */
+@%:@undef ENABLE_DEBUG_OUTPUT])
+m4trace:configure.ac:32: -1- sinclude([m4/ac_podchecker.m4])
+m4trace:configure.ac:33: -1- AC_SUBST([PODCHECKER])
+m4trace:configure.ac:33: -1- AC_SUBST_TRACE([PODCHECKER])
+m4trace:configure.ac:33: -1- m4_pattern_allow([^PODCHECKER$])
+m4trace:configure.ac:35: -1- sinclude([m4/ac_pod2man.m4])
+m4trace:configure.ac:36: -1- AC_SUBST([POD2MAN])
+m4trace:configure.ac:36: -1- AC_SUBST_TRACE([POD2MAN])
+m4trace:configure.ac:36: -1- m4_pattern_allow([^POD2MAN$])
+m4trace:configure.ac:45: -1- AC_SUBST([PYTHON])
+m4trace:configure.ac:45: -1- AC_SUBST_TRACE([PYTHON])
+m4trace:configure.ac:45: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:47: -1- sinclude([m4/ac_python_devel.m4])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_VERSION])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_VERSION])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_VERSION$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CONFIG])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CONFIG])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CONFIG$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_CPPFLAGS])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_CPPFLAGS])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_CPPFLAGS$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_LDFLAGS])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_LDFLAGS])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_LDFLAGS$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_SITE_PKG])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_SITE_PKG])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_SITE_PKG$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LIBS])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LIBS])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LIBS$])
+m4trace:configure.ac:48: -1- AC_SUBST([PYTHON_EXTRA_LDFLAGS])
+m4trace:configure.ac:48: -1- AC_SUBST_TRACE([PYTHON_EXTRA_LDFLAGS])
+m4trace:configure.ac:48: -1- m4_pattern_allow([^PYTHON_EXTRA_LDFLAGS$])
+m4trace:configure.ac:48: -1- _m4_warn([obsolete], [The macro `AC_TRY_LINK' is obsolete.
+You should run autoupdate.], [./lib/autoconf/general.m4:2920: AC_TRY_LINK is expanded from...
+m4/ac_python_devel.m4:1: AC_PYTHON_DEVEL is expanded from...
+configure.ac:48: the top level])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_VERSION], [$am_cv_python_version])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_VERSION])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_VERSION$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PLATFORM])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PLATFORM$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_PREFIX], [$am_python_prefix_subst])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_PREFIX])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_PREFIX$])
+m4trace:configure.ac:49: -1- AC_SUBST([PYTHON_EXEC_PREFIX], [$am_python_exec_prefix_subst])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([PYTHON_EXEC_PREFIX])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^PYTHON_EXEC_PREFIX$])
+m4trace:configure.ac:49: -1- AC_SUBST([pythondir], [$am_cv_python_pythondir])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pythondir])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^pythondir$])
+m4trace:configure.ac:49: -1- AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpythondir])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpythondir$])
+m4trace:configure.ac:49: -1- AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pyexecdir])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^pyexecdir$])
+m4trace:configure.ac:49: -1- AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])
+m4trace:configure.ac:49: -1- AC_SUBST_TRACE([pkgpyexecdir])
+m4trace:configure.ac:49: -1- m4_pattern_allow([^pkgpyexecdir$])
+m4trace:configure.ac:58: -1- AC_SUBST([PERL])
+m4trace:configure.ac:58: -1- AC_SUBST_TRACE([PERL])
+m4trace:configure.ac:58: -1- m4_pattern_allow([^PERL$])
+m4trace:configure.ac:71: -1- AC_SUBST([RUBY])
+m4trace:configure.ac:71: -1- AC_SUBST_TRACE([RUBY])
+m4trace:configure.ac:71: -1- m4_pattern_allow([^RUBY$])
+m4trace:configure.ac:76: -1- AM_CONDITIONAL([ENABLE_MAN_PAGES], [test x$enable_man_pages = xyes])
+m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_TRUE])
+m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_TRUE])
+m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_TRUE$])
+m4trace:configure.ac:76: -1- AC_SUBST([ENABLE_MAN_PAGES_FALSE])
+m4trace:configure.ac:76: -1- AC_SUBST_TRACE([ENABLE_MAN_PAGES_FALSE])
+m4trace:configure.ac:76: -1- m4_pattern_allow([^ENABLE_MAN_PAGES_FALSE$])
+m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_TRUE])
+m4trace:configure.ac:76: -1- _AM_SUBST_NOTMAKE([ENABLE_MAN_PAGES_FALSE])
+m4trace:configure.ac:77: -1- AM_CONDITIONAL([HAVE_PYTHON], [test x$with_python = xyes])
+m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_TRUE])
+m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_TRUE])
+m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_TRUE$])
+m4trace:configure.ac:77: -1- AC_SUBST([HAVE_PYTHON_FALSE])
+m4trace:configure.ac:77: -1- AC_SUBST_TRACE([HAVE_PYTHON_FALSE])
+m4trace:configure.ac:77: -1- m4_pattern_allow([^HAVE_PYTHON_FALSE$])
+m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_TRUE])
+m4trace:configure.ac:77: -1- _AM_SUBST_NOTMAKE([HAVE_PYTHON_FALSE])
+m4trace:configure.ac:78: -1- AM_CONDITIONAL([HAVE_PERL], [test x$with_perl = xyes])
+m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_TRUE])
+m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_TRUE])
+m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_TRUE$])
+m4trace:configure.ac:78: -1- AC_SUBST([HAVE_PERL_FALSE])
+m4trace:configure.ac:78: -1- AC_SUBST_TRACE([HAVE_PERL_FALSE])
+m4trace:configure.ac:78: -1- m4_pattern_allow([^HAVE_PERL_FALSE$])
+m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_TRUE])
+m4trace:configure.ac:78: -1- _AM_SUBST_NOTMAKE([HAVE_PERL_FALSE])
+m4trace:configure.ac:79: -1- AM_CONDITIONAL([HAVE_RUBY], [test x$with_ruby = xyes])
+m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_TRUE])
+m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_TRUE])
+m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_TRUE$])
+m4trace:configure.ac:79: -1- AC_SUBST([HAVE_RUBY_FALSE])
+m4trace:configure.ac:79: -1- AC_SUBST_TRACE([HAVE_RUBY_FALSE])
+m4trace:configure.ac:79: -1- m4_pattern_allow([^HAVE_RUBY_FALSE$])
+m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_TRUE])
+m4trace:configure.ac:79: -1- _AM_SUBST_NOTMAKE([HAVE_RUBY_FALSE])
+m4trace:configure.ac:81: -1- _m4_warn([obsolete], [The macro `AC_HEADER_STDC' is obsolete.
+You should run autoupdate.], [./lib/autoconf/headers.m4:704: AC_HEADER_STDC is expanded from...
+configure.ac:81: the top level])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDIO_H], [/* Define to 1 if you have the <stdio.h> header file. */
+@%:@undef HAVE_STDIO_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDLIB_H], [/* Define to 1 if you have the <stdlib.h> header file. */
+@%:@undef HAVE_STDLIB_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRING_H], [/* Define to 1 if you have the <string.h> header file. */
+@%:@undef HAVE_STRING_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_INTTYPES_H], [/* Define to 1 if you have the <inttypes.h> header file. */
+@%:@undef HAVE_INTTYPES_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+@%:@undef HAVE_STDINT_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_STRINGS_H], [/* Define to 1 if you have the <strings.h> header file. */
+@%:@undef HAVE_STRINGS_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_STAT_H], [/* Define to 1 if you have the <sys/stat.h> header file. */
+@%:@undef HAVE_SYS_STAT_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_SYS_TYPES_H], [/* Define to 1 if you have the <sys/types.h> header file. */
+@%:@undef HAVE_SYS_TYPES_H])
+m4trace:configure.ac:81: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
+@%:@undef HAVE_UNISTD_H])
+m4trace:configure.ac:81: -1- AC_DEFINE_TRACE_LITERAL([STDC_HEADERS])
+m4trace:configure.ac:81: -1- m4_pattern_allow([^STDC_HEADERS$])
+m4trace:configure.ac:81: -1- AH_OUTPUT([STDC_HEADERS], [/* Define to 1 if all of the C90 standard headers exist (not just the ones
+ required in a freestanding environment). This macro is provided for
+ backward compatibility; new code need not use it. */
+@%:@undef STDC_HEADERS])
+m4trace:configure.ac:81: -1- AC_SUBST([GREP])
+m4trace:configure.ac:81: -1- AC_SUBST_TRACE([GREP])
+m4trace:configure.ac:81: -1- m4_pattern_allow([^GREP$])
+m4trace:configure.ac:81: -1- AC_SUBST([EGREP])
+m4trace:configure.ac:81: -1- AC_SUBST_TRACE([EGREP])
+m4trace:configure.ac:81: -1- m4_pattern_allow([^EGREP$])
+m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_UNISTD_H], [/* Define to 1 if you have the <unistd.h> header file. */
+@%:@undef HAVE_UNISTD_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_UNISTD_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_UNISTD_H$])
+m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_STDINT_H], [/* Define to 1 if you have the <stdint.h> header file. */
+@%:@undef HAVE_STDINT_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_STDINT_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_STDINT_H$])
+m4trace:configure.ac:82: -1- AH_OUTPUT([HAVE_SYSLOG_H], [/* Define to 1 if you have the <syslog.h> header file. */
+@%:@undef HAVE_SYSLOG_H])
+m4trace:configure.ac:82: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SYSLOG_H])
+m4trace:configure.ac:82: -1- m4_pattern_allow([^HAVE_SYSLOG_H$])
+m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_ASPRINTF], [/* Define to 1 if you have the `asprintf\' function. */
+@%:@undef HAVE_ASPRINTF])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_ASPRINTF])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_ASPRINTF$])
+m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE___SECURE_GETENV], [/* Define to 1 if you have the `__secure_getenv\' function. */
+@%:@undef HAVE___SECURE_GETENV])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE___SECURE_GETENV])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE___SECURE_GETENV$])
+m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_SECURE_GETENV], [/* Define to 1 if you have the `secure_getenv\' function. */
+@%:@undef HAVE_SECURE_GETENV])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_SECURE_GETENV])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_SECURE_GETENV$])
+m4trace:configure.ac:84: -1- AH_OUTPUT([HAVE_REALLOCARRAY], [/* Define to 1 if you have the `reallocarray\' function. */
+@%:@undef HAVE_REALLOCARRAY])
+m4trace:configure.ac:84: -1- AC_DEFINE_TRACE_LITERAL([HAVE_REALLOCARRAY])
+m4trace:configure.ac:84: -1- m4_pattern_allow([^HAVE_REALLOCARRAY$])
+m4trace:configure.ac:86: -1- AM_PROG_CC_C_O
+m4trace:configure.ac:87: -1- AC_DEFINE_TRACE_LITERAL([const])
+m4trace:configure.ac:87: -1- m4_pattern_allow([^const$])
+m4trace:configure.ac:87: -1- AH_OUTPUT([const], [/* Define to empty if `const\' does not conform to ANSI C. */
+@%:@undef const])
+m4trace:configure.ac:88: -1- AM_PROG_LIBTOOL
+m4trace:configure.ac:88: -1- _m4_warn([obsolete], [The macro `AM_PROG_LIBTOOL' is obsolete.
+You should run autoupdate.], [aclocal.m4:122: AM_PROG_LIBTOOL is expanded from...
+configure.ac:88: the top level])
+m4trace:configure.ac:88: -1- LT_INIT
+m4trace:configure.ac:88: -1- m4_pattern_forbid([^_?LT_[A-Z_]+$])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])
+m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
+m4trace:configure.ac:88: -1- AC_SUBST([LIBTOOL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIBTOOL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LIBTOOL$])
+m4trace:configure.ac:88: -1- AC_CANONICAL_HOST
+m4trace:configure.ac:88: -1- AC_CANONICAL_BUILD
+m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.sub])
+m4trace:configure.ac:88: -1- AC_REQUIRE_AUX_FILE([config.guess])
+m4trace:configure.ac:88: -1- AC_SUBST([build], [$ac_cv_build])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^build$])
+m4trace:configure.ac:88: -1- AC_SUBST([build_cpu], [$[1]])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_cpu])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^build_cpu$])
+m4trace:configure.ac:88: -1- AC_SUBST([build_vendor], [$[2]])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_vendor])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^build_vendor$])
+m4trace:configure.ac:88: -1- AC_SUBST([build_os])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([build_os])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^build_os$])
+m4trace:configure.ac:88: -1- AC_SUBST([host], [$ac_cv_host])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^host$])
+m4trace:configure.ac:88: -1- AC_SUBST([host_cpu], [$[1]])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_cpu])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^host_cpu$])
+m4trace:configure.ac:88: -1- AC_SUBST([host_vendor], [$[2]])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_vendor])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^host_vendor$])
+m4trace:configure.ac:88: -1- AC_SUBST([host_os])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([host_os])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^host_os$])
+m4trace:configure.ac:88: -1- AC_SUBST([SED])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([SED])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^SED$])
+m4trace:configure.ac:88: -1- AC_SUBST([FGREP])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([FGREP])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^FGREP$])
+m4trace:configure.ac:88: -1- AC_SUBST([GREP])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([GREP])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^GREP$])
+m4trace:configure.ac:88: -1- AC_SUBST([LD])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LD])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LD$])
+m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
+m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_DUMPBIN])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_DUMPBIN])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_DUMPBIN$])
+m4trace:configure.ac:88: -1- AC_SUBST([DUMPBIN])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DUMPBIN])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^DUMPBIN$])
+m4trace:configure.ac:88: -1- AC_SUBST([NM])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NM])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^NM$])
+m4trace:configure.ac:88: -1- AC_SUBST([LN_S], [$as_ln_s])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LN_S])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LN_S$])
+m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
+m4trace:configure.ac:88: -1- AC_SUBST([OBJDUMP])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OBJDUMP])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^OBJDUMP$])
+m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
+m4trace:configure.ac:88: -1- AC_SUBST([DLLTOOL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DLLTOOL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^DLLTOOL$])
+m4trace:configure.ac:88: -1- AC_SUBST([AR])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([AR])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^AR$])
+m4trace:configure.ac:88: -1- AC_SUBST([ac_ct_AR])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([ac_ct_AR])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^ac_ct_AR$])
+m4trace:configure.ac:88: -1- AC_SUBST([STRIP])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([STRIP])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^STRIP$])
+m4trace:configure.ac:88: -1- AC_SUBST([RANLIB])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([RANLIB])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^RANLIB$])
+m4trace:configure.ac:88: -1- m4_pattern_allow([LT_OBJDIR])
+m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([LT_OBJDIR])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_OBJDIR$])
+m4trace:configure.ac:88: -1- AH_OUTPUT([LT_OBJDIR], [/* Define to the sub-directory where libtool stores uninstalled libraries. */
+@%:@undef LT_OBJDIR])
+m4trace:configure.ac:88: -1- LT_SUPPORTED_TAG([CC])
+m4trace:configure.ac:88: -1- AC_SUBST([MANIFEST_TOOL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([MANIFEST_TOOL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^MANIFEST_TOOL$])
+m4trace:configure.ac:88: -1- AC_SUBST([DSYMUTIL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([DSYMUTIL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^DSYMUTIL$])
+m4trace:configure.ac:88: -1- AC_SUBST([NMEDIT])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([NMEDIT])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^NMEDIT$])
+m4trace:configure.ac:88: -1- AC_SUBST([LIPO])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LIPO])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LIPO$])
+m4trace:configure.ac:88: -1- AC_SUBST([OTOOL])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL$])
+m4trace:configure.ac:88: -1- AC_SUBST([OTOOL64])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([OTOOL64])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^OTOOL64$])
+m4trace:configure.ac:88: -1- AC_SUBST([LT_SYS_LIBRARY_PATH])
+m4trace:configure.ac:88: -1- AC_SUBST_TRACE([LT_SYS_LIBRARY_PATH])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^LT_SYS_LIBRARY_PATH$])
+m4trace:configure.ac:88: -1- AH_OUTPUT([HAVE_DLFCN_H], [/* Define to 1 if you have the <dlfcn.h> header file. */
+@%:@undef HAVE_DLFCN_H])
+m4trace:configure.ac:88: -1- AC_DEFINE_TRACE_LITERAL([HAVE_DLFCN_H])
+m4trace:configure.ac:88: -1- m4_pattern_allow([^HAVE_DLFCN_H$])
+m4trace:configure.ac:90: -1- _m4_warn([obsolete], [The macro `AC_PROG_CC_C99' is obsolete.
+You should run autoupdate.], [./lib/autoconf/c.m4:1659: AC_PROG_CC_C99 is expanded from...
+configure.ac:90: the top level])
+m4trace:configure.ac:95: -1- AC_CONFIG_FILES([Makefile
+doc/Makefile
+src/Makefile
+swig/Makefile
+swig/perl/Makefile
+swig/perl/Makefile.PL
+swig/python/Makefile
+swig/python/setup.py
+swig/python/test/Makefile
+swig/ruby/Makefile
+testsuite/Makefile
+testsuite/config/Makefile
+testsuite/libaalogparse.test/Makefile
+testsuite/lib/Makefile
+include/Makefile
+include/sys/Makefile
+])
+m4trace:configure.ac:95: -1- _m4_warn([obsolete], [AC_OUTPUT should be used without arguments.
+You should run autoupdate.], [])
+m4trace:configure.ac:95: -1- AC_SUBST([LIB@&t@OBJS], [$ac_libobjs])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LIB@&t@OBJS])
+m4trace:configure.ac:95: -1- m4_pattern_allow([^LIB@&t@OBJS$])
+m4trace:configure.ac:95: -1- AC_SUBST([LTLIBOBJS], [$ac_ltlibobjs])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([LTLIBOBJS])
+m4trace:configure.ac:95: -1- m4_pattern_allow([^LTLIBOBJS$])
+m4trace:configure.ac:95: -1- AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])
+m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_TRUE])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_TRUE])
+m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_TRUE$])
+m4trace:configure.ac:95: -1- AC_SUBST([am__EXEEXT_FALSE])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([am__EXEEXT_FALSE])
+m4trace:configure.ac:95: -1- m4_pattern_allow([^am__EXEEXT_FALSE$])
+m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_TRUE])
+m4trace:configure.ac:95: -1- _AM_SUBST_NOTMAKE([am__EXEEXT_FALSE])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_builddir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_build_prefix])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([srcdir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_srcdir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([top_srcdir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_srcdir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([builddir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_builddir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([abs_top_builddir])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([INSTALL])
+m4trace:configure.ac:95: -1- AC_SUBST_TRACE([MKDIR_P])
+m4trace:configure.ac:95: -1- AC_REQUIRE_AUX_FILE([ltmain.sh])
diff --git a/libraries/libapparmor/compile b/libraries/libapparmor/compile
index a85b723c7e67d46316e85e7422bd5088e9136042..df363c8fbfbcbba9df21d8c9455b58c038697b61 100755
--- a/libraries/libapparmor/compile
+++ b/libraries/libapparmor/compile
@@ -1,9 +1,9 @@
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2012-10-14.11; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2014 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2012-10-14.11; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -53,7 +53,7 @@ func_file_conv ()
MINGW*)
file_conv=mingw
;;
- CYGWIN*)
+ CYGWIN* | MSYS*)
file_conv=cygwin
;;
*)
@@ -67,7 +67,7 @@ func_file_conv ()
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
- cygwin/*)
+ cygwin/* | msys/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
@@ -255,7 +255,8 @@ EOF
echo "compile $scriptversion"
exit $?
;;
- cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
+ cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \
+ icl | *[/\\]icl | icl.exe | *[/\\]icl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
@@ -339,9 +340,9 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff --git a/libraries/libapparmor/config.guess b/libraries/libapparmor/config.guess
index f50dcdb6de2af0a2e33f44704da3ec1286e5f291..7f76b6228f73d674f58cfcc3523f99e253ee5515 100755
--- a/libraries/libapparmor/config.guess
+++ b/libraries/libapparmor/config.guess
@@ -1,12 +1,14 @@
#! /bin/sh
# Attempt to guess a canonical system name.
-# Copyright 1992-2018 Free Software Foundation, Inc.
+# Copyright 1992-2022 Free Software Foundation, Inc.
-timestamp='2018-02-24'
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2022-01-09'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
+# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@@ -27,11 +29,19 @@ timestamp='2018-02-24'
# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
#
# You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
#
# Please send patches to <config-patches@gnu.org>.
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX. However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
+
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
@@ -50,7 +60,7 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright 1992-2018 Free Software Foundation, Inc.
+Copyright 1992-2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -84,7 +94,8 @@ if test $# != 0; then
exit 1
fi
-trap 'exit 1' 1 2 15
+# Just in case it came from the environment.
+GUESS=
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
# compiler to aid in system detection is discouraged as it requires
@@ -96,73 +107,90 @@ trap 'exit 1' 1 2 15
# Portable tmp directory creation inspired by the Autoconf team.
-set_cc_for_build='
-trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
-trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
-: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
- { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
- { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
- { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
-dummy=$tmp/dummy ;
-tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
-case $CC_FOR_BUILD,$HOST_CC,$CC in
- ,,) echo "int x;" > "$dummy.c" ;
- for c in cc gcc c89 c99 ; do
- if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
- CC_FOR_BUILD="$c"; break ;
- fi ;
- done ;
- if test x"$CC_FOR_BUILD" = x ; then
- CC_FOR_BUILD=no_compiler_found ;
- fi
- ;;
- ,,*) CC_FOR_BUILD=$CC ;;
- ,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ; set_cc_for_build= ;'
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
+
+set_cc_for_build() {
+ # prevent multiple calls if $tmp is already set
+ test "$tmp" && return 0
+ : "${TMPDIR=/tmp}"
+ # shellcheck disable=SC2039,SC3028
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+ dummy=$tmp/dummy
+ case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+ ,,) echo "int x;" > "$dummy.c"
+ for driver in cc gcc c89 c99 ; do
+ if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+ CC_FOR_BUILD=$driver
+ break
+ fi
+ done
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+ esac
+}
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
-if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+if test -f /.attbin/uname ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
-UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
-case "$UNAME_SYSTEM" in
+case $UNAME_SYSTEM in
Linux|GNU|GNU/*)
- # If the system lacks a compiler, then just pick glibc.
- # We could probably try harder.
- LIBC=gnu
+ LIBC=unknown
- eval "$set_cc_for_build"
+ set_cc_for_build
cat <<-EOF > "$dummy.c"
#include <features.h>
#if defined(__UCLIBC__)
LIBC=uclibc
#elif defined(__dietlibc__)
LIBC=dietlibc
- #else
+ #elif defined(__GLIBC__)
LIBC=gnu
+ #else
+ #include <stdarg.h>
+ /* First heuristic to detect musl libc. */
+ #ifdef __DEFINED_va_list
+ LIBC=musl
+ #endif
#endif
EOF
- eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
+ cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+ eval "$cc_set_libc"
- # If ldd exists, use it to detect musl libc.
- if command -v ldd >/dev/null && \
- ldd --version 2>&1 | grep -q ^musl
- then
- LIBC=musl
+ # Second heuristic to detect musl libc.
+ if [ "$LIBC" = unknown ] &&
+ command -v ldd >/dev/null &&
+ ldd --version 2>&1 | grep -q ^musl; then
+ LIBC=musl
+ fi
+
+ # If the system lacks a compiler, then just pick glibc.
+ # We could probably try harder.
+ if [ "$LIBC" = unknown ]; then
+ LIBC=gnu
fi
;;
esac
# Note: order is significant - the case branches are not exclusive.
-case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
+case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
@@ -174,12 +202,12 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
- sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
- "/sbin/$sysctl" 2>/dev/null || \
- "/usr/sbin/$sysctl" 2>/dev/null || \
+ /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+ /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
echo unknown)`
- case "$UNAME_MACHINE_ARCH" in
+ case $UNAME_MACHINE_ARCH in
+ aarch64eb) machine=aarch64_be-unknown ;;
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
@@ -188,18 +216,18 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
earmv*)
arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
- machine="${arch}${endian}"-unknown
+ machine=${arch}${endian}-unknown
;;
- *) machine="$UNAME_MACHINE_ARCH"-unknown ;;
+ *) machine=$UNAME_MACHINE_ARCH-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently (or will in the future) and ABI.
- case "$UNAME_MACHINE_ARCH" in
+ case $UNAME_MACHINE_ARCH in
earm*)
os=netbsdelf
;;
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
- eval "$set_cc_for_build"
+ set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
then
@@ -215,7 +243,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
;;
esac
# Determine ABI tags.
- case "$UNAME_MACHINE_ARCH" in
+ case $UNAME_MACHINE_ARCH in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
@@ -226,7 +254,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
- case "$UNAME_VERSION" in
+ case $UNAME_VERSION in
Debian*)
release='-gnu'
;;
@@ -237,45 +265,57 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
- echo "$machine-${os}${release}${abi}"
- exit ;;
+ GUESS=$machine-${os}${release}${abi-}
+ ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
- echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE
+ ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
- echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE
+ ;;
+ *:SecBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'`
+ GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE
+ ;;
*:LibertyBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
- echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE
+ ;;
*:MidnightBSD:*:*)
- echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE
+ ;;
*:ekkoBSD:*:*)
- echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE
+ ;;
*:SolidBSD:*:*)
- echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE
+ ;;
+ *:OS108:*:*)
+ GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE
+ ;;
macppc:MirBSD:*:*)
- echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE
+ ;;
*:MirBSD:*:*)
- echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE
+ ;;
*:Sortix:*:*)
- echo "$UNAME_MACHINE"-unknown-sortix
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-sortix
+ ;;
+ *:Twizzler:*:*)
+ GUESS=$UNAME_MACHINE-unknown-twizzler
+ ;;
*:Redox:*:*)
- echo "$UNAME_MACHINE"-unknown-redox
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-redox
+ ;;
mips:OSF1:*.*)
- echo mips-dec-osf1
- exit ;;
+ GUESS=mips-dec-osf1
+ ;;
alpha:OSF1:*:*)
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ trap '' 0
case $UNAME_RELEASE in
*4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
@@ -289,7 +329,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
- case "$ALPHA_CPU_TYPE" in
+ case $ALPHA_CPU_TYPE in
"EV4 (21064)")
UNAME_MACHINE=alpha ;;
"EV4.5 (21064)")
@@ -326,117 +366,121 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
- # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
- exitcode=$?
- trap '' 0
- exit $exitcode ;;
+ OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+ GUESS=$UNAME_MACHINE-dec-osf$OSF_REL
+ ;;
Amiga*:UNIX_System_V:4.0:*)
- echo m68k-unknown-sysv4
- exit ;;
+ GUESS=m68k-unknown-sysv4
+ ;;
*:[Aa]miga[Oo][Ss]:*:*)
- echo "$UNAME_MACHINE"-unknown-amigaos
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-amigaos
+ ;;
*:[Mm]orph[Oo][Ss]:*:*)
- echo "$UNAME_MACHINE"-unknown-morphos
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-morphos
+ ;;
*:OS/390:*:*)
- echo i370-ibm-openedition
- exit ;;
+ GUESS=i370-ibm-openedition
+ ;;
*:z/VM:*:*)
- echo s390-ibm-zvmoe
- exit ;;
+ GUESS=s390-ibm-zvmoe
+ ;;
*:OS400:*:*)
- echo powerpc-ibm-os400
- exit ;;
+ GUESS=powerpc-ibm-os400
+ ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
- echo arm-acorn-riscix"$UNAME_RELEASE"
- exit ;;
+ GUESS=arm-acorn-riscix$UNAME_RELEASE
+ ;;
arm*:riscos:*:*|arm*:RISCOS:*:*)
- echo arm-unknown-riscos
- exit ;;
+ GUESS=arm-unknown-riscos
+ ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
- echo hppa1.1-hitachi-hiuxmpp
- exit ;;
+ GUESS=hppa1.1-hitachi-hiuxmpp
+ ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
- if test "`(/bin/universe) 2>/dev/null`" = att ; then
- echo pyramid-pyramid-sysv3
- else
- echo pyramid-pyramid-bsd
- fi
- exit ;;
+ case `(/bin/universe) 2>/dev/null` in
+ att) GUESS=pyramid-pyramid-sysv3 ;;
+ *) GUESS=pyramid-pyramid-bsd ;;
+ esac
+ ;;
NILE*:*:*:dcosx)
- echo pyramid-pyramid-svr4
- exit ;;
+ GUESS=pyramid-pyramid-svr4
+ ;;
DRS?6000:unix:4.0:6*)
- echo sparc-icl-nx6
- exit ;;
+ GUESS=sparc-icl-nx6
+ ;;
DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
- sparc) echo sparc-icl-nx7; exit ;;
- esac ;;
+ sparc) GUESS=sparc-icl-nx7 ;;
+ esac
+ ;;
s390x:SunOS:*:*)
- echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL
+ ;;
sun4H:SunOS:5.*:*)
- echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=sparc-hal-solaris2$SUN_REL
+ ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
- echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=sparc-sun-solaris2$SUN_REL
+ ;;
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
- echo i386-pc-auroraux"$UNAME_RELEASE"
- exit ;;
+ GUESS=i386-pc-auroraux$UNAME_RELEASE
+ ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
- eval "$set_cc_for_build"
+ set_cc_for_build
SUN_ARCH=i386
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
- if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+ if test "$CC_FOR_BUILD" != no_compiler_found; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+ (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH=x86_64
fi
fi
- echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=$SUN_ARCH-pc-solaris2$SUN_REL
+ ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
- echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=sparc-sun-solaris3$SUN_REL
+ ;;
sun4*:SunOS:*:*)
- case "`/usr/bin/arch -k`" in
+ case `/usr/bin/arch -k` in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
- echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'`
+ GUESS=sparc-sun-sunos$SUN_REL
+ ;;
sun3*:SunOS:*:*)
- echo m68k-sun-sunos"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-sun-sunos$UNAME_RELEASE
+ ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
- case "`/bin/arch`" in
+ case `/bin/arch` in
sun3)
- echo m68k-sun-sunos"$UNAME_RELEASE"
+ GUESS=m68k-sun-sunos$UNAME_RELEASE
;;
sun4)
- echo sparc-sun-sunos"$UNAME_RELEASE"
+ GUESS=sparc-sun-sunos$UNAME_RELEASE
;;
esac
- exit ;;
+ ;;
aushp:SunOS:*:*)
- echo sparc-auspex-sunos"$UNAME_RELEASE"
- exit ;;
+ GUESS=sparc-auspex-sunos$UNAME_RELEASE
+ ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
@@ -446,43 +490,43 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-atari-mint$UNAME_RELEASE
+ ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-atari-mint$UNAME_RELEASE
+ ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-atari-mint$UNAME_RELEASE
+ ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-milan-mint$UNAME_RELEASE
+ ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-hades-mint$UNAME_RELEASE
+ ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-unknown-mint$UNAME_RELEASE
+ ;;
m68k:machten:*:*)
- echo m68k-apple-machten"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-apple-machten$UNAME_RELEASE
+ ;;
powerpc:machten:*:*)
- echo powerpc-apple-machten"$UNAME_RELEASE"
- exit ;;
+ GUESS=powerpc-apple-machten$UNAME_RELEASE
+ ;;
RISC*:Mach:*:*)
- echo mips-dec-mach_bsd4.3
- exit ;;
+ GUESS=mips-dec-mach_bsd4.3
+ ;;
RISC*:ULTRIX:*:*)
- echo mips-dec-ultrix"$UNAME_RELEASE"
- exit ;;
+ GUESS=mips-dec-ultrix$UNAME_RELEASE
+ ;;
VAX*:ULTRIX*:*:*)
- echo vax-dec-ultrix"$UNAME_RELEASE"
- exit ;;
+ GUESS=vax-dec-ultrix$UNAME_RELEASE
+ ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
- echo clipper-intergraph-clix"$UNAME_RELEASE"
- exit ;;
+ GUESS=clipper-intergraph-clix$UNAME_RELEASE
+ ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
- eval "$set_cc_for_build"
+ set_cc_for_build
sed 's/^ //' << EOF > "$dummy.c"
#ifdef __cplusplus
#include <stdio.h> /* for printf() prototype */
@@ -508,78 +552,79 @@ EOF
dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
{ echo "$SYSTEM_NAME"; exit; }
- echo mips-mips-riscos"$UNAME_RELEASE"
- exit ;;
+ GUESS=mips-mips-riscos$UNAME_RELEASE
+ ;;
Motorola:PowerMAX_OS:*:*)
- echo powerpc-motorola-powermax
- exit ;;
+ GUESS=powerpc-motorola-powermax
+ ;;
Motorola:*:4.3:PL8-*)
- echo powerpc-harris-powermax
- exit ;;
+ GUESS=powerpc-harris-powermax
+ ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
- echo powerpc-harris-powermax
- exit ;;
+ GUESS=powerpc-harris-powermax
+ ;;
Night_Hawk:Power_UNIX:*:*)
- echo powerpc-harris-powerunix
- exit ;;
+ GUESS=powerpc-harris-powerunix
+ ;;
m88k:CX/UX:7*:*)
- echo m88k-harris-cxux7
- exit ;;
+ GUESS=m88k-harris-cxux7
+ ;;
m88k:*:4*:R4*)
- echo m88k-motorola-sysv4
- exit ;;
+ GUESS=m88k-motorola-sysv4
+ ;;
m88k:*:3*:R3*)
- echo m88k-motorola-sysv3
- exit ;;
+ GUESS=m88k-motorola-sysv3
+ ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
- if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ]
+ if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110
then
- if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \
- [ "$TARGET_BINARY_INTERFACE"x = x ]
+ if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \
+ test "$TARGET_BINARY_INTERFACE"x = x
then
- echo m88k-dg-dgux"$UNAME_RELEASE"
+ GUESS=m88k-dg-dgux$UNAME_RELEASE
else
- echo m88k-dg-dguxbcs"$UNAME_RELEASE"
+ GUESS=m88k-dg-dguxbcs$UNAME_RELEASE
fi
else
- echo i586-dg-dgux"$UNAME_RELEASE"
+ GUESS=i586-dg-dgux$UNAME_RELEASE
fi
- exit ;;
+ ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
- echo m88k-dolphin-sysv3
- exit ;;
+ GUESS=m88k-dolphin-sysv3
+ ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
- echo m88k-motorola-sysv3
- exit ;;
+ GUESS=m88k-motorola-sysv3
+ ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
- echo m88k-tektronix-sysv3
- exit ;;
+ GUESS=m88k-tektronix-sysv3
+ ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
- echo m68k-tektronix-bsd
- exit ;;
+ GUESS=m68k-tektronix-bsd
+ ;;
*:IRIX*:*:*)
- echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
- exit ;;
+ IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'`
+ GUESS=mips-sgi-irix$IRIX_REL
+ ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
- echo i386-ibm-aix
- exit ;;
+ GUESS=i386-ibm-aix
+ ;;
ia64:AIX:*:*)
- if [ -x /usr/bin/oslevel ] ; then
+ if test -x /usr/bin/oslevel ; then
IBM_REV=`/usr/bin/oslevel`
else
- IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+ IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
fi
- echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV"
- exit ;;
+ GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV
+ ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
- eval "$set_cc_for_build"
+ set_cc_for_build
sed 's/^ //' << EOF > "$dummy.c"
#include <sys/systemcfg.h>
@@ -593,16 +638,16 @@ EOF
EOF
if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
then
- echo "$SYSTEM_NAME"
+ GUESS=$SYSTEM_NAME
else
- echo rs6000-ibm-aix3.2.5
+ GUESS=rs6000-ibm-aix3.2.5
fi
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
- echo rs6000-ibm-aix3.2.4
+ GUESS=rs6000-ibm-aix3.2.4
else
- echo rs6000-ibm-aix3.2
+ GUESS=rs6000-ibm-aix3.2
fi
- exit ;;
+ ;;
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
@@ -610,57 +655,57 @@ EOF
else
IBM_ARCH=powerpc
fi
- if [ -x /usr/bin/lslpp ] ; then
- IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
+ if test -x /usr/bin/lslpp ; then
+ IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
- IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+ IBM_REV=$UNAME_VERSION.$UNAME_RELEASE
fi
- echo "$IBM_ARCH"-ibm-aix"$IBM_REV"
- exit ;;
+ GUESS=$IBM_ARCH-ibm-aix$IBM_REV
+ ;;
*:AIX:*:*)
- echo rs6000-ibm-aix
- exit ;;
+ GUESS=rs6000-ibm-aix
+ ;;
ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
- echo romp-ibm-bsd4.4
- exit ;;
+ GUESS=romp-ibm-bsd4.4
+ ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
- echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to
- exit ;; # report: romp-ibm BSD 4.3
+ GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to
+ ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
- echo rs6000-bull-bosx
- exit ;;
+ GUESS=rs6000-bull-bosx
+ ;;
DPX/2?00:B.O.S.:*:*)
- echo m68k-bull-sysv3
- exit ;;
+ GUESS=m68k-bull-sysv3
+ ;;
9000/[34]??:4.3bsd:1.*:*)
- echo m68k-hp-bsd
- exit ;;
+ GUESS=m68k-hp-bsd
+ ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
- echo m68k-hp-bsd4.4
- exit ;;
+ GUESS=m68k-hp-bsd4.4
+ ;;
9000/[34678]??:HP-UX:*:*)
- HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
- case "$UNAME_MACHINE" in
+ HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+ case $UNAME_MACHINE in
9000/31?) HP_ARCH=m68000 ;;
9000/[34]??) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
- if [ -x /usr/bin/getconf ]; then
+ if test -x /usr/bin/getconf; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "$sc_cpu_version" in
+ case $sc_cpu_version in
523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
- case "$sc_kernel_bits" in
+ case $sc_kernel_bits in
32) HP_ARCH=hppa2.0n ;;
64) HP_ARCH=hppa2.0w ;;
'') HP_ARCH=hppa2.0 ;; # HP-UX 10.20
esac ;;
esac
fi
- if [ "$HP_ARCH" = "" ]; then
- eval "$set_cc_for_build"
+ if test "$HP_ARCH" = ""; then
+ set_cc_for_build
sed 's/^ //' << EOF > "$dummy.c"
#define _HPUX_SOURCE
@@ -698,9 +743,9 @@ EOF
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
- if [ "$HP_ARCH" = hppa2.0w ]
+ if test "$HP_ARCH" = hppa2.0w
then
- eval "$set_cc_for_build"
+ set_cc_for_build
# hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
# 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
@@ -719,14 +764,14 @@ EOF
HP_ARCH=hppa64
fi
fi
- echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
- exit ;;
+ GUESS=$HP_ARCH-hp-hpux$HPUX_REV
+ ;;
ia64:HP-UX:*:*)
- HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
- echo ia64-hp-hpux"$HPUX_REV"
- exit ;;
+ HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'`
+ GUESS=ia64-hp-hpux$HPUX_REV
+ ;;
3050*:HI-UX:*:*)
- eval "$set_cc_for_build"
+ set_cc_for_build
sed 's/^ //' << EOF > "$dummy.c"
#include <unistd.h>
int
@@ -754,36 +799,36 @@ EOF
EOF
$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
{ echo "$SYSTEM_NAME"; exit; }
- echo unknown-hitachi-hiuxwe2
- exit ;;
+ GUESS=unknown-hitachi-hiuxwe2
+ ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
- echo hppa1.1-hp-bsd
- exit ;;
+ GUESS=hppa1.1-hp-bsd
+ ;;
9000/8??:4.3bsd:*:*)
- echo hppa1.0-hp-bsd
- exit ;;
+ GUESS=hppa1.0-hp-bsd
+ ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
- echo hppa1.0-hp-mpeix
- exit ;;
+ GUESS=hppa1.0-hp-mpeix
+ ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
- echo hppa1.1-hp-osf
- exit ;;
+ GUESS=hppa1.1-hp-osf
+ ;;
hp8??:OSF1:*:*)
- echo hppa1.0-hp-osf
- exit ;;
+ GUESS=hppa1.0-hp-osf
+ ;;
i*86:OSF1:*:*)
- if [ -x /usr/sbin/sysversion ] ; then
- echo "$UNAME_MACHINE"-unknown-osf1mk
+ if test -x /usr/sbin/sysversion ; then
+ GUESS=$UNAME_MACHINE-unknown-osf1mk
else
- echo "$UNAME_MACHINE"-unknown-osf1
+ GUESS=$UNAME_MACHINE-unknown-osf1
fi
- exit ;;
+ ;;
parisc*:Lites*:*:*)
- echo hppa1.1-hp-lites
- exit ;;
+ GUESS=hppa1.1-hp-lites
+ ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
- echo c1-convex-bsd
- exit ;;
+ GUESS=c1-convex-bsd
+ ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
@@ -791,17 +836,18 @@ EOF
fi
exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
- echo c34-convex-bsd
- exit ;;
+ GUESS=c34-convex-bsd
+ ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
- echo c38-convex-bsd
- exit ;;
+ GUESS=c38-convex-bsd
+ ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
- echo c4-convex-bsd
- exit ;;
+ GUESS=c4-convex-bsd
+ ;;
CRAY*Y-MP:*:*:*)
- echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
- exit ;;
+ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+ GUESS=ymp-cray-unicos$CRAY_REL
+ ;;
CRAY*[A-Z]90:*:*:*)
echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
@@ -809,103 +855,129 @@ EOF
-e 's/\.[^.]*$/.X/'
exit ;;
CRAY*TS:*:*:*)
- echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
- exit ;;
+ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+ GUESS=t90-cray-unicos$CRAY_REL
+ ;;
CRAY*T3E:*:*:*)
- echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
- exit ;;
+ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+ GUESS=alphaev5-cray-unicosmk$CRAY_REL
+ ;;
CRAY*SV1:*:*:*)
- echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
- exit ;;
+ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+ GUESS=sv1-cray-unicos$CRAY_REL
+ ;;
*:UNICOS/mp:*:*)
- echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
- exit ;;
+ CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'`
+ GUESS=craynv-cray-unicosmp$CRAY_REL
+ ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit ;;
+ GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+ ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit ;;
+ GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}
+ ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
- echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE
+ ;;
sparc*:BSD/OS:*:*)
- echo sparc-unknown-bsdi"$UNAME_RELEASE"
- exit ;;
+ GUESS=sparc-unknown-bsdi$UNAME_RELEASE
+ ;;
*:BSD/OS:*:*)
- echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE
+ ;;
+ arm:FreeBSD:*:*)
+ UNAME_PROCESSOR=`uname -p`
+ set_cc_for_build
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi
+ else
+ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf
+ fi
+ ;;
*:FreeBSD:*:*)
UNAME_PROCESSOR=`/usr/bin/uname -p`
- case "$UNAME_PROCESSOR" in
+ case $UNAME_PROCESSOR in
amd64)
UNAME_PROCESSOR=x86_64 ;;
i386)
UNAME_PROCESSOR=i586 ;;
esac
- echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
- exit ;;
+ FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+ GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL
+ ;;
i*:CYGWIN*:*)
- echo "$UNAME_MACHINE"-pc-cygwin
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-cygwin
+ ;;
*:MINGW64*:*)
- echo "$UNAME_MACHINE"-pc-mingw64
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-mingw64
+ ;;
*:MINGW*:*)
- echo "$UNAME_MACHINE"-pc-mingw32
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-mingw32
+ ;;
*:MSYS*:*)
- echo "$UNAME_MACHINE"-pc-msys
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-msys
+ ;;
i*:PW*:*)
- echo "$UNAME_MACHINE"-pc-pw32
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-pw32
+ ;;
+ *:SerenityOS:*:*)
+ GUESS=$UNAME_MACHINE-pc-serenity
+ ;;
*:Interix*:*)
- case "$UNAME_MACHINE" in
+ case $UNAME_MACHINE in
x86)
- echo i586-pc-interix"$UNAME_RELEASE"
- exit ;;
+ GUESS=i586-pc-interix$UNAME_RELEASE
+ ;;
authenticamd | genuineintel | EM64T)
- echo x86_64-unknown-interix"$UNAME_RELEASE"
- exit ;;
+ GUESS=x86_64-unknown-interix$UNAME_RELEASE
+ ;;
IA64)
- echo ia64-unknown-interix"$UNAME_RELEASE"
- exit ;;
+ GUESS=ia64-unknown-interix$UNAME_RELEASE
+ ;;
esac ;;
i*:UWIN*:*)
- echo "$UNAME_MACHINE"-pc-uwin
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-uwin
+ ;;
amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
- echo x86_64-unknown-cygwin
- exit ;;
+ GUESS=x86_64-pc-cygwin
+ ;;
prep*:SunOS:5.*:*)
- echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
- exit ;;
+ SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`
+ GUESS=powerpcle-unknown-solaris2$SUN_REL
+ ;;
*:GNU:*:*)
# the GNU system
- echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
- exit ;;
+ GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'`
+ GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'`
+ GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL
+ ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
- echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
- exit ;;
- i*86:Minix:*:*)
- echo "$UNAME_MACHINE"-pc-minix
- exit ;;
+ GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"`
+ GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+ GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
+ ;;
+ *:Minix:*:*)
+ GUESS=$UNAME_MACHINE-unknown-minix
+ ;;
aarch64:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
@@ -916,187 +988,225 @@ EOF
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
- arc:Linux:*:* | arceb:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
+ arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*)
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
arm*:Linux:*:*)
- eval "$set_cc_for_build"
+ set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
else
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi
+ GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi
else
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf
+ GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf
fi
fi
- exit ;;
+ ;;
avr32*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
cris:Linux:*:*)
- echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+ ;;
crisv32:Linux:*:*)
- echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-axis-linux-$LIBC
+ ;;
e2k:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
frv:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
hexagon:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
i*86:Linux:*:*)
- echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-linux-$LIBC
+ ;;
ia64:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
k1om:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
+ loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
m32r*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
m68*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
mips:Linux:*:* | mips64:Linux:*:*)
- eval "$set_cc_for_build"
+ set_cc_for_build
+ IS_GLIBC=0
+ test x"${LIBC}" = xgnu && IS_GLIBC=1
sed 's/^ //' << EOF > "$dummy.c"
#undef CPU
- #undef ${UNAME_MACHINE}
- #undef ${UNAME_MACHINE}el
+ #undef mips
+ #undef mipsel
+ #undef mips64
+ #undef mips64el
+ #if ${IS_GLIBC} && defined(_ABI64)
+ LIBCABI=gnuabi64
+ #else
+ #if ${IS_GLIBC} && defined(_ABIN32)
+ LIBCABI=gnuabin32
+ #else
+ LIBCABI=${LIBC}
+ #endif
+ #endif
+
+ #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+ CPU=mipsisa64r6
+ #else
+ #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+ CPU=mipsisa32r6
+ #else
+ #if defined(__mips64)
+ CPU=mips64
+ #else
+ CPU=mips
+ #endif
+ #endif
+ #endif
+
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=${UNAME_MACHINE}el
+ MIPS_ENDIAN=el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=${UNAME_MACHINE}
+ MIPS_ENDIAN=
#else
- CPU=
+ MIPS_ENDIAN=
#endif
#endif
EOF
- eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`"
- test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; }
+ cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`
+ eval "$cc_set_vars"
+ test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
;;
mips64el:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
openrisc*:Linux:*:*)
- echo or1k-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=or1k-unknown-linux-$LIBC
+ ;;
or32:Linux:*:* | or1k*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
padre:Linux:*:*)
- echo sparc-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=sparc-unknown-linux-$LIBC
+ ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=hppa64-unknown-linux-$LIBC
+ ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
- PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
- PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
- *) echo hppa-unknown-linux-"$LIBC" ;;
+ PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;;
+ PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;;
+ *) GUESS=hppa-unknown-linux-$LIBC ;;
esac
- exit ;;
+ ;;
ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=powerpc64-unknown-linux-$LIBC
+ ;;
ppc:Linux:*:*)
- echo powerpc-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=powerpc-unknown-linux-$LIBC
+ ;;
ppc64le:Linux:*:*)
- echo powerpc64le-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=powerpc64le-unknown-linux-$LIBC
+ ;;
ppcle:Linux:*:*)
- echo powerpcle-unknown-linux-"$LIBC"
- exit ;;
- riscv32:Linux:*:* | riscv64:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=powerpcle-unknown-linux-$LIBC
+ ;;
+ riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*)
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
s390:Linux:*:* | s390x:Linux:*:*)
- echo "$UNAME_MACHINE"-ibm-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-ibm-linux-$LIBC
+ ;;
sh64*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
sh*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
tile*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
vax:Linux:*:*)
- echo "$UNAME_MACHINE"-dec-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-dec-linux-$LIBC
+ ;;
x86_64:Linux:*:*)
- if objdump -f /bin/sh | grep -q elf32-x86-64; then
- echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32
- else
- echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
+ set_cc_for_build
+ LIBCABI=$LIBC
+ if test "$CC_FOR_BUILD" != no_compiler_found; then
+ if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_X32 >/dev/null
+ then
+ LIBCABI=${LIBC}x32
+ fi
fi
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
+ ;;
xtensa*:Linux:*:*)
- echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
+ ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
- echo i386-sequent-sysv4
- exit ;;
+ GUESS=i386-sequent-sysv4
+ ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
- echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION"
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION
+ ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
- echo "$UNAME_MACHINE"-pc-os2-emx
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-os2-emx
+ ;;
i*86:XTS-300:*:STOP)
- echo "$UNAME_MACHINE"-unknown-stop
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-stop
+ ;;
i*86:atheos:*:*)
- echo "$UNAME_MACHINE"-unknown-atheos
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-atheos
+ ;;
i*86:syllable:*:*)
- echo "$UNAME_MACHINE"-pc-syllable
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-syllable
+ ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
- echo i386-unknown-lynxos"$UNAME_RELEASE"
- exit ;;
+ GUESS=i386-unknown-lynxos$UNAME_RELEASE
+ ;;
i*86:*DOS:*:*)
- echo "$UNAME_MACHINE"-pc-msdosdjgpp
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-msdosdjgpp
+ ;;
i*86:*:4.*:*)
UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
- echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
+ GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL
else
- echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL"
+ GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL
fi
- exit ;;
+ ;;
i*86:*:5:[678]*)
# UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
@@ -1104,12 +1214,12 @@ EOF
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
- echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}"
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
- echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
+ GUESS=$UNAME_MACHINE-pc-isc$UNAME_REL
elif /bin/uname -X 2>/dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
@@ -1119,11 +1229,11 @@ EOF
&& UNAME_MACHINE=i686
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
- echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL"
+ GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL
else
- echo "$UNAME_MACHINE"-pc-sysv32
+ GUESS=$UNAME_MACHINE-pc-sysv32
fi
- exit ;;
+ ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
@@ -1131,31 +1241,31 @@ EOF
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configure will decide that
# this is a cross-build.
- echo i586-pc-msdosdjgpp
- exit ;;
+ GUESS=i586-pc-msdosdjgpp
+ ;;
Intel:Mach:3*:*)
- echo i386-pc-mach3
- exit ;;
+ GUESS=i386-pc-mach3
+ ;;
paragon:*:*:*)
- echo i860-intel-osf1
- exit ;;
+ GUESS=i860-intel-osf1
+ ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
- echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4
+ GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
- echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4
+ GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4
fi
- exit ;;
+ ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
- echo m68010-convergent-sysv
- exit ;;
+ GUESS=m68010-convergent-sysv
+ ;;
mc68k:UNIX:SYSTEM5:3.51m)
- echo m68k-convergent-sysv
- exit ;;
+ GUESS=m68k-convergent-sysv
+ ;;
M680?0:D-NIX:5.3:*)
- echo m68k-diab-dnix
- exit ;;
+ GUESS=m68k-diab-dnix
+ ;;
M68*:*:R3V[5678]*:*)
test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
@@ -1180,249 +1290,404 @@ EOF
/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
&& { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
- echo m68k-unknown-lynxos"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-unknown-lynxos$UNAME_RELEASE
+ ;;
mc68030:UNIX_System_V:4.*:*)
- echo m68k-atari-sysv4
- exit ;;
+ GUESS=m68k-atari-sysv4
+ ;;
TSUNAMI:LynxOS:2.*:*)
- echo sparc-unknown-lynxos"$UNAME_RELEASE"
- exit ;;
+ GUESS=sparc-unknown-lynxos$UNAME_RELEASE
+ ;;
rs6000:LynxOS:2.*:*)
- echo rs6000-unknown-lynxos"$UNAME_RELEASE"
- exit ;;
+ GUESS=rs6000-unknown-lynxos$UNAME_RELEASE
+ ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
- echo powerpc-unknown-lynxos"$UNAME_RELEASE"
- exit ;;
+ GUESS=powerpc-unknown-lynxos$UNAME_RELEASE
+ ;;
SM[BE]S:UNIX_SV:*:*)
- echo mips-dde-sysv"$UNAME_RELEASE"
- exit ;;
+ GUESS=mips-dde-sysv$UNAME_RELEASE
+ ;;
RM*:ReliantUNIX-*:*:*)
- echo mips-sni-sysv4
- exit ;;
+ GUESS=mips-sni-sysv4
+ ;;
RM*:SINIX-*:*:*)
- echo mips-sni-sysv4
- exit ;;
+ GUESS=mips-sni-sysv4
+ ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
- echo "$UNAME_MACHINE"-sni-sysv4
+ GUESS=$UNAME_MACHINE-sni-sysv4
else
- echo ns32k-sni-sysv
+ GUESS=ns32k-sni-sysv
fi
- exit ;;
+ ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit ;;
+ GUESS=i586-unisys-sysv4
+ ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
- echo hppa1.1-stratus-sysv4
- exit ;;
+ GUESS=hppa1.1-stratus-sysv4
+ ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
- echo i860-stratus-sysv4
- exit ;;
+ GUESS=i860-stratus-sysv4
+ ;;
i*86:VOS:*:*)
# From Paul.Green@stratus.com.
- echo "$UNAME_MACHINE"-stratus-vos
- exit ;;
+ GUESS=$UNAME_MACHINE-stratus-vos
+ ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
- echo hppa1.1-stratus-vos
- exit ;;
+ GUESS=hppa1.1-stratus-vos
+ ;;
mc68*:A/UX:*:*)
- echo m68k-apple-aux"$UNAME_RELEASE"
- exit ;;
+ GUESS=m68k-apple-aux$UNAME_RELEASE
+ ;;
news*:NEWS-OS:6*:*)
- echo mips-sony-newsos6
- exit ;;
+ GUESS=mips-sony-newsos6
+ ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
- if [ -d /usr/nec ]; then
- echo mips-nec-sysv"$UNAME_RELEASE"
+ if test -d /usr/nec; then
+ GUESS=mips-nec-sysv$UNAME_RELEASE
else
- echo mips-unknown-sysv"$UNAME_RELEASE"
+ GUESS=mips-unknown-sysv$UNAME_RELEASE
fi
- exit ;;
+ ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
- echo powerpc-be-beos
- exit ;;
+ GUESS=powerpc-be-beos
+ ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
- echo powerpc-apple-beos
- exit ;;
+ GUESS=powerpc-apple-beos
+ ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
- echo i586-pc-beos
- exit ;;
+ GUESS=i586-pc-beos
+ ;;
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
- echo i586-pc-haiku
- exit ;;
+ GUESS=i586-pc-haiku
+ ;;
x86_64:Haiku:*:*)
- echo x86_64-unknown-haiku
- exit ;;
+ GUESS=x86_64-unknown-haiku
+ ;;
SX-4:SUPER-UX:*:*)
- echo sx4-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx4-nec-superux$UNAME_RELEASE
+ ;;
SX-5:SUPER-UX:*:*)
- echo sx5-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx5-nec-superux$UNAME_RELEASE
+ ;;
SX-6:SUPER-UX:*:*)
- echo sx6-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx6-nec-superux$UNAME_RELEASE
+ ;;
SX-7:SUPER-UX:*:*)
- echo sx7-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx7-nec-superux$UNAME_RELEASE
+ ;;
SX-8:SUPER-UX:*:*)
- echo sx8-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx8-nec-superux$UNAME_RELEASE
+ ;;
SX-8R:SUPER-UX:*:*)
- echo sx8r-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sx8r-nec-superux$UNAME_RELEASE
+ ;;
SX-ACE:SUPER-UX:*:*)
- echo sxace-nec-superux"$UNAME_RELEASE"
- exit ;;
+ GUESS=sxace-nec-superux$UNAME_RELEASE
+ ;;
Power*:Rhapsody:*:*)
- echo powerpc-apple-rhapsody"$UNAME_RELEASE"
- exit ;;
+ GUESS=powerpc-apple-rhapsody$UNAME_RELEASE
+ ;;
*:Rhapsody:*:*)
- echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE
+ ;;
+ arm64:Darwin:*:*)
+ GUESS=aarch64-apple-darwin$UNAME_RELEASE
+ ;;
*:Darwin:*:*)
- UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
- eval "$set_cc_for_build"
- if test "$UNAME_PROCESSOR" = unknown ; then
- UNAME_PROCESSOR=powerpc
+ UNAME_PROCESSOR=`uname -p`
+ case $UNAME_PROCESSOR in
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ if command -v xcode-select > /dev/null 2> /dev/null && \
+ ! xcode-select --print-path > /dev/null 2> /dev/null ; then
+ # Avoid executing cc if there is no toolchain installed as
+ # cc will be a stub that puts up a graphical alert
+ # prompting the user to install developer tools.
+ CC_FOR_BUILD=no_compiler_found
+ else
+ set_cc_for_build
fi
- if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then
- if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
- if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_64BIT_ARCH >/dev/null
- then
- case $UNAME_PROCESSOR in
- i386) UNAME_PROCESSOR=x86_64 ;;
- powerpc) UNAME_PROCESSOR=powerpc64 ;;
- esac
- fi
- # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
- if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
- (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
- grep IS_PPC >/dev/null
- then
- UNAME_PROCESSOR=powerpc
- fi
+ if test "$CC_FOR_BUILD" != no_compiler_found; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ case $UNAME_PROCESSOR in
+ i386) UNAME_PROCESSOR=x86_64 ;;
+ powerpc) UNAME_PROCESSOR=powerpc64 ;;
+ esac
+ fi
+ # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+ if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+ (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_PPC >/dev/null
+ then
+ UNAME_PROCESSOR=powerpc
fi
elif test "$UNAME_PROCESSOR" = i386 ; then
- # Avoid executing cc on OS X 10.9, as it ships with a stub
- # that puts up a graphical alert prompting to install
- # developer tools. Any system running Mac OS X 10.7 or
- # later (Darwin 11 and later) is required to have a 64-bit
- # processor. This is not true of the ARM version of Darwin
- # that Apple uses in portable devices.
- UNAME_PROCESSOR=x86_64
+ # uname -m returns i386 or x86_64
+ UNAME_PROCESSOR=$UNAME_MACHINE
fi
- echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE
+ ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = x86; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
- echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE
+ ;;
*:QNX:*:4*)
- echo i386-pc-qnx
- exit ;;
+ GUESS=i386-pc-qnx
+ ;;
NEO-*:NONSTOP_KERNEL:*:*)
- echo neo-tandem-nsk"$UNAME_RELEASE"
- exit ;;
+ GUESS=neo-tandem-nsk$UNAME_RELEASE
+ ;;
NSE-*:NONSTOP_KERNEL:*:*)
- echo nse-tandem-nsk"$UNAME_RELEASE"
- exit ;;
+ GUESS=nse-tandem-nsk$UNAME_RELEASE
+ ;;
NSR-*:NONSTOP_KERNEL:*:*)
- echo nsr-tandem-nsk"$UNAME_RELEASE"
- exit ;;
+ GUESS=nsr-tandem-nsk$UNAME_RELEASE
+ ;;
NSV-*:NONSTOP_KERNEL:*:*)
- echo nsv-tandem-nsk"$UNAME_RELEASE"
- exit ;;
+ GUESS=nsv-tandem-nsk$UNAME_RELEASE
+ ;;
NSX-*:NONSTOP_KERNEL:*:*)
- echo nsx-tandem-nsk"$UNAME_RELEASE"
- exit ;;
+ GUESS=nsx-tandem-nsk$UNAME_RELEASE
+ ;;
*:NonStop-UX:*:*)
- echo mips-compaq-nonstopux
- exit ;;
+ GUESS=mips-compaq-nonstopux
+ ;;
BS2000:POSIX*:*:*)
- echo bs2000-siemens-sysv
- exit ;;
+ GUESS=bs2000-siemens-sysv
+ ;;
DS/*:UNIX_System_V:*:*)
- echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE"
- exit ;;
+ GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE
+ ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
- if test "$cputype" = 386; then
+ if test "${cputype-}" = 386; then
UNAME_MACHINE=i386
- else
- UNAME_MACHINE="$cputype"
+ elif test "x${cputype-}" != x; then
+ UNAME_MACHINE=$cputype
fi
- echo "$UNAME_MACHINE"-unknown-plan9
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-plan9
+ ;;
*:TOPS-10:*:*)
- echo pdp10-unknown-tops10
- exit ;;
+ GUESS=pdp10-unknown-tops10
+ ;;
*:TENEX:*:*)
- echo pdp10-unknown-tenex
- exit ;;
+ GUESS=pdp10-unknown-tenex
+ ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
- echo pdp10-dec-tops20
- exit ;;
+ GUESS=pdp10-dec-tops20
+ ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
- echo pdp10-xkl-tops20
- exit ;;
+ GUESS=pdp10-xkl-tops20
+ ;;
*:TOPS-20:*:*)
- echo pdp10-unknown-tops20
- exit ;;
+ GUESS=pdp10-unknown-tops20
+ ;;
*:ITS:*:*)
- echo pdp10-unknown-its
- exit ;;
+ GUESS=pdp10-unknown-its
+ ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux"$UNAME_RELEASE"
- exit ;;
+ GUESS=mips-sei-seiux$UNAME_RELEASE
+ ;;
*:DragonFly:*:*)
- echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
- exit ;;
+ DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
+ GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL
+ ;;
*:*VMS:*:*)
UNAME_MACHINE=`(uname -p) 2>/dev/null`
- case "$UNAME_MACHINE" in
- A*) echo alpha-dec-vms ; exit ;;
- I*) echo ia64-dec-vms ; exit ;;
- V*) echo vax-dec-vms ; exit ;;
+ case $UNAME_MACHINE in
+ A*) GUESS=alpha-dec-vms ;;
+ I*) GUESS=ia64-dec-vms ;;
+ V*) GUESS=vax-dec-vms ;;
esac ;;
*:XENIX:*:SysV)
- echo i386-pc-xenix
- exit ;;
+ GUESS=i386-pc-xenix
+ ;;
i*86:skyos:*:*)
- echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
- exit ;;
+ SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`
+ GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL
+ ;;
i*86:rdos:*:*)
- echo "$UNAME_MACHINE"-pc-rdos
- exit ;;
- i*86:AROS:*:*)
- echo "$UNAME_MACHINE"-pc-aros
- exit ;;
+ GUESS=$UNAME_MACHINE-pc-rdos
+ ;;
+ i*86:Fiwix:*:*)
+ GUESS=$UNAME_MACHINE-pc-fiwix
+ ;;
+ *:AROS:*:*)
+ GUESS=$UNAME_MACHINE-unknown-aros
+ ;;
x86_64:VMkernel:*:*)
- echo "$UNAME_MACHINE"-unknown-esx
- exit ;;
+ GUESS=$UNAME_MACHINE-unknown-esx
+ ;;
amd64:Isilon\ OneFS:*:*)
- echo x86_64-unknown-onefs
- exit ;;
+ GUESS=x86_64-unknown-onefs
+ ;;
+ *:Unleashed:*:*)
+ GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE
+ ;;
esac
+# Do we have a guess based on uname results?
+if test "x$GUESS" != x; then
+ echo "$GUESS"
+ exit
+fi
+
+# No uname command or uname output not recognized.
+set_cc_for_build
+cat > "$dummy.c" <<EOF
+#ifdef _SEQUENT_
+#include <sys/types.h>
+#include <sys/utsname.h>
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#include <signal.h>
+#if defined(_SIZE_T_) || defined(SIGLOST)
+#include <sys/utsname.h>
+#endif
+#endif
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+#include <sys/param.h>
+#if defined (BSD)
+#if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+#else
+#if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#else
+ printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#endif
+#else
+ printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#else
+#if defined(_SIZE_T_) || defined(SIGLOST)
+ struct utsname un;
+ uname (&un);
+ printf ("vax-dec-ultrix%s\n", un.release); exit (0);
+#else
+ printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#if defined(_SIZE_T_) || defined(SIGLOST)
+ struct utsname *un;
+ uname (&un);
+ printf ("mips-dec-ultrix%s\n", un.release); exit (0);
+#else
+ printf ("mips-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
+
echo "$0: unable to guess system type" >&2
-case "$UNAME_MACHINE:$UNAME_SYSTEM" in
+case $UNAME_MACHINE:$UNAME_SYSTEM in
mips:Linux | mips64:Linux)
# If we got here on MIPS GNU/Linux, output extra information.
cat >&2 <<EOF
@@ -1439,9 +1704,17 @@ This script (version $timestamp), has failed to recognize the
operating system you are using. If your script is old, overwrite *all*
copies of config.guess and config.sub with the latest versions from:
- https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+ https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
and
- https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+ https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
+EOF
+
+our_year=`echo $timestamp | sed 's,-.*,,'`
+thisyear=`date +%Y`
+# shellcheck disable=SC2003
+script_age=`expr "$thisyear" - "$our_year"`
+if test "$script_age" -lt 3 ; then
+ cat >&2 <<EOF
If $0 has already been updated, send the following data and any
information you think might be pertinent to config-patches@gnu.org to
@@ -1469,11 +1742,12 @@ UNAME_RELEASE = "$UNAME_RELEASE"
UNAME_SYSTEM = "$UNAME_SYSTEM"
UNAME_VERSION = "$UNAME_VERSION"
EOF
+fi
exit 1
# Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
diff --git a/libraries/libapparmor/config.sub b/libraries/libapparmor/config.sub
index 1d8e98bcee23a0421e4fafe9a6c9ac75180cff25..dba16e84c77c7d25871d80c24deff717faf4c094 100755
--- a/libraries/libapparmor/config.sub
+++ b/libraries/libapparmor/config.sub
@@ -1,12 +1,14 @@
#! /bin/sh
# Configuration validation subroutine script.
-# Copyright 1992-2018 Free Software Foundation, Inc.
+# Copyright 1992-2022 Free Software Foundation, Inc.
-timestamp='2018-02-22'
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
+timestamp='2022-01-03'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
+# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
@@ -33,7 +35,7 @@ timestamp='2018-02-22'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
-# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@@ -50,6 +52,13 @@ timestamp='2018-02-22'
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX. However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
@@ -67,7 +76,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
-Copyright 1992-2018 Free Software Foundation, Inc.
+Copyright 1992-2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -89,7 +98,7 @@ while test $# -gt 0 ; do
- ) # Use stdin as input.
break ;;
-* )
- echo "$me: invalid option $1$help"
+ echo "$me: invalid option $1$help" >&2
exit 1 ;;
*local*)
@@ -110,1223 +119,1186 @@ case $# in
exit 1;;
esac
-# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
-# Here we must recognize all the valid KERNEL-OS combinations.
-maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
-case $maybe_os in
- nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
- linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
- knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
- kopensolaris*-gnu* | cloudabi*-eabi* | \
- storm-chaos* | os2-emx* | rtmk-nova*)
- os=-$maybe_os
- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
- ;;
- android-linux)
- os=-linux-android
- basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
- ;;
- *)
- basic_machine=`echo "$1" | sed 's/-[^-]*$//'`
- if [ "$basic_machine" != "$1" ]
- then os=`echo "$1" | sed 's/.*-/-/'`
- else os=; fi
- ;;
-esac
+# Split fields of configuration type
+# shellcheck disable=SC2162
+saved_IFS=$IFS
+IFS="-" read field1 field2 field3 field4 <<EOF
+$1
+EOF
+IFS=$saved_IFS
-### Let's recognize common machines as not being operating systems so
-### that things like config.sub decstation-3100 work. We also
-### recognize some manufacturers as not being operating systems, so we
-### can provide default operating systems below.
-case $os in
- -sun*os*)
- # Prevent following clause from handling this invalid input.
- ;;
- -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
- -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
- -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
- -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
- -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
- -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis | -knuth | -cray | -microblaze*)
- os=
- basic_machine=$1
- ;;
- -bluegene*)
- os=-cnk
- ;;
- -sim | -cisco | -oki | -wec | -winbond)
- os=
- basic_machine=$1
- ;;
- -scout)
- ;;
- -wrs)
- os=-vxworks
- basic_machine=$1
- ;;
- -chorusos*)
- os=-chorusos
- basic_machine=$1
- ;;
- -chorusrdb)
- os=-chorusrdb
- basic_machine=$1
- ;;
- -hiux*)
- os=-hiuxwe2
- ;;
- -sco6)
- os=-sco5v6
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5)
- os=-sco3.2v5
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco4)
- os=-sco3.2v4
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2.[4-9]*)
- os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco3.2v[4-9]*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco5v6*)
- # Don't forget version if it is 3.2v4 or newer.
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -sco*)
- os=-sco3.2v2
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -udk*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -isc)
- os=-isc2.2
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -clix*)
- basic_machine=clipper-intergraph
- ;;
- -isc*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
- ;;
- -lynx*178)
- os=-lynxos178
- ;;
- -lynx*5)
- os=-lynxos5
+# Separate into logical components for further validation
+case $1 in
+ *-*-*-*-*)
+ echo Invalid configuration \`"$1"\': more than four components >&2
+ exit 1
;;
- -lynx*)
- os=-lynxos
+ *-*-*-*)
+ basic_machine=$field1-$field2
+ basic_os=$field3-$field4
;;
- -ptx*)
- basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'`
+ *-*-*)
+ # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
+ # parts
+ maybe_os=$field2-$field3
+ case $maybe_os in
+ nto-qnx* | linux-* | uclinux-uclibc* \
+ | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
+ | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
+ | storm-chaos* | os2-emx* | rtmk-nova*)
+ basic_machine=$field1
+ basic_os=$maybe_os
+ ;;
+ android-linux)
+ basic_machine=$field1-unknown
+ basic_os=linux-android
+ ;;
+ *)
+ basic_machine=$field1-$field2
+ basic_os=$field3
+ ;;
+ esac
;;
- -psos*)
- os=-psos
+ *-*)
+ # A lone config we happen to match not fitting any pattern
+ case $field1-$field2 in
+ decstation-3100)
+ basic_machine=mips-dec
+ basic_os=
+ ;;
+ *-*)
+ # Second component is usually, but not always the OS
+ case $field2 in
+ # Prevent following clause from handling this valid os
+ sun*os*)
+ basic_machine=$field1
+ basic_os=$field2
+ ;;
+ zephyr*)
+ basic_machine=$field1-unknown
+ basic_os=$field2
+ ;;
+ # Manufacturers
+ dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
+ | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
+ | unicom* | ibm* | next | hp | isi* | apollo | altos* \
+ | convergent* | ncr* | news | 32* | 3600* | 3100* \
+ | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
+ | ultra | tti* | harris | dolphin | highlevel | gould \
+ | cbm | ns | masscomp | apple | axis | knuth | cray \
+ | microblaze* | sim | cisco \
+ | oki | wec | wrs | winbond)
+ basic_machine=$field1-$field2
+ basic_os=
+ ;;
+ *)
+ basic_machine=$field1
+ basic_os=$field2
+ ;;
+ esac
+ ;;
+ esac
;;
- -mint | -mint[0-9]*)
- basic_machine=m68k-atari
- os=-mint
+ *)
+ # Convert single-component short-hands not valid as part of
+ # multi-component configurations.
+ case $field1 in
+ 386bsd)
+ basic_machine=i386-pc
+ basic_os=bsd
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ basic_os=udi
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ basic_os=scout
+ ;;
+ alliant)
+ basic_machine=fx80-alliant
+ basic_os=
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ basic_os=
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ basic_os=bsd
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ basic_os=sysv
+ ;;
+ amiga)
+ basic_machine=m68k-unknown
+ basic_os=
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ basic_os=amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ basic_os=sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ basic_os=sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ basic_os=bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ basic_os=aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ basic_os=aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ basic_os=dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ basic_os=linux
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ basic_os=cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ basic_os=bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ basic_os=bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ basic_os=bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ basic_os=bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ basic_os=bsd
+ ;;
+ cray)
+ basic_machine=j90-cray
+ basic_os=unicos
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ basic_os=
+ ;;
+ da30)
+ basic_machine=m68k-da30
+ basic_os=
+ ;;
+ decstation | pmax | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ basic_os=
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ basic_os=sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ basic_os=dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ basic_os=msdosdjgpp
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ basic_os=ebmon
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ basic_os=ose
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ basic_os=sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ basic_os=go32
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ basic_os=hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ basic_os=xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ basic_os=hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ basic_os=sysv3
+ ;;
+ hp300 | hp300hpux)
+ basic_machine=m68k-hp
+ basic_os=hpux
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ basic_os=bsd
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ basic_os=osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ basic_os=proelf
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ basic_os=mach
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ basic_os=sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ basic_os=linux
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ basic_os=sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ basic_os=sysv
+ ;;
+ mingw64)
+ basic_machine=x86_64-pc
+ basic_os=mingw64
+ ;;
+ mingw32)
+ basic_machine=i686-pc
+ basic_os=mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ basic_os=mingw32ce
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ basic_os=coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ basic_os=morphos
+ ;;
+ moxiebox)
+ basic_machine=moxie-unknown
+ basic_os=moxiebox
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ basic_os=msdos
+ ;;
+ msys)
+ basic_machine=i686-pc
+ basic_os=msys
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ basic_os=mvs
+ ;;
+ nacl)
+ basic_machine=le32-unknown
+ basic_os=nacl
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ basic_os=sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-pc
+ basic_os=netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ basic_os=linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ basic_os=newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ basic_os=newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ basic_os=sysv
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ basic_os=cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ basic_os=cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ basic_os=nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ basic_os=mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ basic_os=nonstopux
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ basic_os=os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ basic_os=ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ basic_os=os68k
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ basic_os=osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ basic_os=linux
+ ;;
+ psp)
+ basic_machine=mipsallegrexel-sony
+ basic_os=psp
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ basic_os=pw32
+ ;;
+ rdos | rdos64)
+ basic_machine=x86_64-pc
+ basic_os=rdos
+ ;;
+ rdos32)
+ basic_machine=i386-pc
+ basic_os=rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ basic_os=coff
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ basic_os=udi
+ ;;
+ sei)
+ basic_machine=mips-sei
+ basic_os=seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ basic_os=
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ basic_os=sysv2
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ basic_os=
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ basic_os=sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ basic_os=
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ basic_os=sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ basic_os=sunos4
+ ;;
+ sun3)
+ basic_machine=m68k-sun
+ basic_os=
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ basic_os=sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ basic_os=sunos4
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ basic_os=
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ basic_os=sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ basic_os=sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ basic_os=solaris2
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ basic_os=
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ basic_os=unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ basic_os=dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ basic_os=unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ basic_os=unicos
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ basic_os=tops20
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ basic_os=tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ basic_os=udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ basic_os=sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ basic_os=none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ basic_os=sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ basic_os=vms
+ ;;
+ vsta)
+ basic_machine=i386-pc
+ basic_os=vsta
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ basic_os=vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ basic_os=vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ basic_os=vxworks
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ basic_os=mingw32
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ basic_os=unicos
+ ;;
+ *)
+ basic_machine=$1
+ basic_os=
+ ;;
+ esac
;;
esac
-# Decode aliases for certain CPU-COMPANY combinations.
+# Decode 1-component or ad-hoc basic machines
case $basic_machine in
- # Recognize the basic CPU types without company name.
- # Some are omitted here because they have special meanings below.
- 1750a | 580 \
- | a29k \
- | aarch64 | aarch64_be \
- | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
- | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
- | am33_2.0 \
- | arc | arceb \
- | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
- | avr | avr32 \
- | ba \
- | be32 | be64 \
- | bfin \
- | c4x | c8051 | clipper \
- | d10v | d30v | dlx | dsp16xx \
- | e2k | epiphany \
- | fido | fr30 | frv | ft32 \
- | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
- | hexagon \
- | i370 | i860 | i960 | ia16 | ia64 \
- | ip2k | iq2000 \
- | k1om \
- | le32 | le64 \
- | lm32 \
- | m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | microblazeel | mcore | mep | metag \
- | mips | mipsbe | mipseb | mipsel | mipsle \
- | mips16 \
- | mips64 | mips64el \
- | mips64octeon | mips64octeonel \
- | mips64orion | mips64orionel \
- | mips64r5900 | mips64r5900el \
- | mips64vr | mips64vrel \
- | mips64vr4100 | mips64vr4100el \
- | mips64vr4300 | mips64vr4300el \
- | mips64vr5000 | mips64vr5000el \
- | mips64vr5900 | mips64vr5900el \
- | mipsisa32 | mipsisa32el \
- | mipsisa32r2 | mipsisa32r2el \
- | mipsisa32r6 | mipsisa32r6el \
- | mipsisa64 | mipsisa64el \
- | mipsisa64r2 | mipsisa64r2el \
- | mipsisa64r6 | mipsisa64r6el \
- | mipsisa64sb1 | mipsisa64sb1el \
- | mipsisa64sr71k | mipsisa64sr71kel \
- | mipsr5900 | mipsr5900el \
- | mipstx39 | mipstx39el \
- | mn10200 | mn10300 \
- | moxie \
- | mt \
- | msp430 \
- | nds32 | nds32le | nds32be \
- | nios | nios2 | nios2eb | nios2el \
- | ns16k | ns32k \
- | open8 | or1k | or1knd | or32 \
- | pdp10 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle \
- | pru \
- | pyramid \
- | riscv32 | riscv64 \
- | rl78 | rx \
- | score \
- | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
- | sh64 | sh64le \
- | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
- | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
- | spu \
- | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
- | ubicom32 \
- | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
- | visium \
- | wasm32 \
- | x86 | xc16x | xstormy16 | xtensa \
- | z8k | z80)
- basic_machine=$basic_machine-unknown
- ;;
- c54x)
- basic_machine=tic54x-unknown
- ;;
- c55x)
- basic_machine=tic55x-unknown
- ;;
- c6x)
- basic_machine=tic6x-unknown
- ;;
- leon|leon[3-9])
- basic_machine=sparc-$basic_machine
- ;;
- m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
- basic_machine=$basic_machine-unknown
- os=-none
+ # Here we handle the default manufacturer of certain CPU types. It is in
+ # some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ cpu=hppa1.1
+ vendor=winbond
;;
- m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65)
+ op50n)
+ cpu=hppa1.1
+ vendor=oki
;;
- ms1)
- basic_machine=mt-unknown
+ op60c)
+ cpu=hppa1.1
+ vendor=oki
;;
-
- strongarm | thumb | xscale)
- basic_machine=arm-unknown
+ ibm*)
+ cpu=i370
+ vendor=ibm
;;
- xgate)
- basic_machine=$basic_machine-unknown
- os=-none
+ orion105)
+ cpu=clipper
+ vendor=highlevel
;;
- xscaleeb)
- basic_machine=armeb-unknown
+ mac | mpw | mac-mpw)
+ cpu=m68k
+ vendor=apple
;;
-
- xscaleel)
- basic_machine=armel-unknown
+ pmac | pmac-mpw)
+ cpu=powerpc
+ vendor=apple
;;
- # We use `pc' rather than `unknown'
- # because (1) that's what they normally are, and
- # (2) the word "unknown" tends to confuse beginning users.
- i*86 | x86_64)
- basic_machine=$basic_machine-pc
- ;;
- # Object if more than one company name word.
- *-*-*)
- echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
- exit 1
- ;;
- # Recognize the basic CPU types with company name.
- 580-* \
- | a29k-* \
- | aarch64-* | aarch64_be-* \
- | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
- | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
- | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
- | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* | avr32-* \
- | ba-* \
- | be32-* | be64-* \
- | bfin-* | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* \
- | c8051-* | clipper-* | craynv-* | cydra-* \
- | d10v-* | d30v-* | dlx-* \
- | e2k-* | elxsi-* \
- | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
- | h8300-* | h8500-* \
- | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
- | hexagon-* \
- | i*86-* | i860-* | i960-* | ia16-* | ia64-* \
- | ip2k-* | iq2000-* \
- | k1om-* \
- | le32-* | le64-* \
- | lm32-* \
- | m32c-* | m32r-* | m32rle-* \
- | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
- | microblaze-* | microblazeel-* \
- | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
- | mips16-* \
- | mips64-* | mips64el-* \
- | mips64octeon-* | mips64octeonel-* \
- | mips64orion-* | mips64orionel-* \
- | mips64r5900-* | mips64r5900el-* \
- | mips64vr-* | mips64vrel-* \
- | mips64vr4100-* | mips64vr4100el-* \
- | mips64vr4300-* | mips64vr4300el-* \
- | mips64vr5000-* | mips64vr5000el-* \
- | mips64vr5900-* | mips64vr5900el-* \
- | mipsisa32-* | mipsisa32el-* \
- | mipsisa32r2-* | mipsisa32r2el-* \
- | mipsisa32r6-* | mipsisa32r6el-* \
- | mipsisa64-* | mipsisa64el-* \
- | mipsisa64r2-* | mipsisa64r2el-* \
- | mipsisa64r6-* | mipsisa64r6el-* \
- | mipsisa64sb1-* | mipsisa64sb1el-* \
- | mipsisa64sr71k-* | mipsisa64sr71kel-* \
- | mipsr5900-* | mipsr5900el-* \
- | mipstx39-* | mipstx39el-* \
- | mmix-* \
- | mt-* \
- | msp430-* \
- | nds32-* | nds32le-* | nds32be-* \
- | nios-* | nios2-* | nios2eb-* | nios2el-* \
- | none-* | np1-* | ns16k-* | ns32k-* \
- | open8-* \
- | or1k*-* \
- | orion-* \
- | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
- | pru-* \
- | pyramid-* \
- | riscv32-* | riscv64-* \
- | rl78-* | romp-* | rs6000-* | rx-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
- | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
- | sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
- | tahoe-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
- | tile*-* \
- | tron-* \
- | ubicom32-* \
- | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
- | vax-* \
- | visium-* \
- | wasm32-* \
- | we32k-* \
- | x86-* | x86_64-* | xc16x-* | xps100-* \
- | xstormy16-* | xtensa*-* \
- | ymp-* \
- | z8k-* | z80-*)
- ;;
- # Recognize the basic CPU types without company name, with glob match.
- xtensa*)
- basic_machine=$basic_machine-unknown
- ;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
- 386bsd)
- basic_machine=i386-pc
- os=-bsd
- ;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
- basic_machine=m68000-att
+ cpu=m68000
+ vendor=att
;;
3b*)
- basic_machine=we32k-att
- ;;
- a29khif)
- basic_machine=a29k-amd
- os=-udi
- ;;
- abacus)
- basic_machine=abacus-unknown
- ;;
- adobe68k)
- basic_machine=m68010-adobe
- os=-scout
- ;;
- alliant | fx80)
- basic_machine=fx80-alliant
- ;;
- altos | altos3068)
- basic_machine=m68k-altos
- ;;
- am29k)
- basic_machine=a29k-none
- os=-bsd
- ;;
- amd64)
- basic_machine=x86_64-pc
- ;;
- amd64-*)
- basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- amdahl)
- basic_machine=580-amdahl
- os=-sysv
- ;;
- amiga | amiga-*)
- basic_machine=m68k-unknown
- ;;
- amigaos | amigados)
- basic_machine=m68k-unknown
- os=-amigaos
- ;;
- amigaunix | amix)
- basic_machine=m68k-unknown
- os=-sysv4
- ;;
- apollo68)
- basic_machine=m68k-apollo
- os=-sysv
- ;;
- apollo68bsd)
- basic_machine=m68k-apollo
- os=-bsd
- ;;
- aros)
- basic_machine=i386-pc
- os=-aros
- ;;
- asmjs)
- basic_machine=asmjs-unknown
- ;;
- aux)
- basic_machine=m68k-apple
- os=-aux
- ;;
- balance)
- basic_machine=ns32k-sequent
- os=-dynix
- ;;
- blackfin)
- basic_machine=bfin-unknown
- os=-linux
- ;;
- blackfin-*)
- basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
+ cpu=we32k
+ vendor=att
;;
bluegene*)
- basic_machine=powerpc-ibm
- os=-cnk
- ;;
- c54x-*)
- basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c55x-*)
- basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c6x-*)
- basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- c90)
- basic_machine=c90-cray
- os=-unicos
- ;;
- cegcc)
- basic_machine=arm-unknown
- os=-cegcc
- ;;
- convex-c1)
- basic_machine=c1-convex
- os=-bsd
- ;;
- convex-c2)
- basic_machine=c2-convex
- os=-bsd
- ;;
- convex-c32)
- basic_machine=c32-convex
- os=-bsd
- ;;
- convex-c34)
- basic_machine=c34-convex
- os=-bsd
- ;;
- convex-c38)
- basic_machine=c38-convex
- os=-bsd
- ;;
- cray | j90)
- basic_machine=j90-cray
- os=-unicos
- ;;
- craynv)
- basic_machine=craynv-cray
- os=-unicosmp
- ;;
- cr16 | cr16-*)
- basic_machine=cr16-unknown
- os=-elf
- ;;
- crds | unos)
- basic_machine=m68k-crds
- ;;
- crisv32 | crisv32-* | etraxfs*)
- basic_machine=crisv32-axis
- ;;
- cris | cris-* | etrax*)
- basic_machine=cris-axis
- ;;
- crx)
- basic_machine=crx-unknown
- os=-elf
- ;;
- da30 | da30-*)
- basic_machine=m68k-da30
- ;;
- decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
- basic_machine=mips-dec
+ cpu=powerpc
+ vendor=ibm
+ basic_os=cnk
;;
decsystem10* | dec10*)
- basic_machine=pdp10-dec
- os=-tops10
+ cpu=pdp10
+ vendor=dec
+ basic_os=tops10
;;
decsystem20* | dec20*)
- basic_machine=pdp10-dec
- os=-tops20
+ cpu=pdp10
+ vendor=dec
+ basic_os=tops20
;;
delta | 3300 | motorola-3300 | motorola-delta \
| 3300-motorola | delta-motorola)
- basic_machine=m68k-motorola
- ;;
- delta88)
- basic_machine=m88k-motorola
- os=-sysv3
- ;;
- dicos)
- basic_machine=i686-pc
- os=-dicos
- ;;
- djgpp)
- basic_machine=i586-pc
- os=-msdosdjgpp
- ;;
- dpx20 | dpx20-*)
- basic_machine=rs6000-bull
- os=-bosx
+ cpu=m68k
+ vendor=motorola
;;
dpx2*)
- basic_machine=m68k-bull
- os=-sysv3
- ;;
- e500v[12])
- basic_machine=powerpc-unknown
- os=$os"spe"
- ;;
- e500v[12]-*)
- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=$os"spe"
- ;;
- ebmon29k)
- basic_machine=a29k-amd
- os=-ebmon
- ;;
- elxsi)
- basic_machine=elxsi-elxsi
- os=-bsd
+ cpu=m68k
+ vendor=bull
+ basic_os=sysv3
;;
encore | umax | mmax)
- basic_machine=ns32k-encore
+ cpu=ns32k
+ vendor=encore
;;
- es1800 | OSE68k | ose68k | ose | OSE)
- basic_machine=m68k-ericsson
- os=-ose
+ elxsi)
+ cpu=elxsi
+ vendor=elxsi
+ basic_os=${basic_os:-bsd}
;;
fx2800)
- basic_machine=i860-alliant
+ cpu=i860
+ vendor=alliant
;;
genix)
- basic_machine=ns32k-ns
- ;;
- gmicro)
- basic_machine=tron-gmicro
- os=-sysv
- ;;
- go32)
- basic_machine=i386-pc
- os=-go32
+ cpu=ns32k
+ vendor=ns
;;
h3050r* | hiux*)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- h8300hms)
- basic_machine=h8300-hitachi
- os=-hms
- ;;
- h8300xray)
- basic_machine=h8300-hitachi
- os=-xray
- ;;
- h8500hms)
- basic_machine=h8500-hitachi
- os=-hms
- ;;
- harris)
- basic_machine=m88k-harris
- os=-sysv3
- ;;
- hp300-*)
- basic_machine=m68k-hp
- ;;
- hp300bsd)
- basic_machine=m68k-hp
- os=-bsd
- ;;
- hp300hpux)
- basic_machine=m68k-hp
- os=-hpux
+ cpu=hppa1.1
+ vendor=hitachi
+ basic_os=hiuxwe2
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
- basic_machine=hppa1.0-hp
+ cpu=hppa1.0
+ vendor=hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
- basic_machine=m68000-hp
+ cpu=m68000
+ vendor=hp
;;
hp9k3[2-9][0-9])
- basic_machine=m68k-hp
+ cpu=m68k
+ vendor=hp
;;
hp9k6[0-9][0-9] | hp6[0-9][0-9])
- basic_machine=hppa1.0-hp
+ cpu=hppa1.0
+ vendor=hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
- basic_machine=hppa1.1-hp
+ cpu=hppa1.1
+ vendor=hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
- basic_machine=hppa1.0-hp
- ;;
- hppaosf)
- basic_machine=hppa1.1-hp
- os=-osf
- ;;
- hppro)
- basic_machine=hppa1.1-hp
- os=-proelf
- ;;
- i370-ibm* | ibm*)
- basic_machine=i370-ibm
+ cpu=hppa1.0
+ vendor=hp
;;
i*86v32)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv32
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ basic_os=sysv32
;;
i*86v4*)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv4
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ basic_os=sysv4
;;
i*86v)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-sysv
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ basic_os=sysv
;;
i*86sol2)
- basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
- os=-solaris2
- ;;
- i386mach)
- basic_machine=i386-mach
- os=-mach
+ cpu=`echo "$1" | sed -e 's/86.*/86/'`
+ vendor=pc
+ basic_os=solaris2
;;
- vsta)
- basic_machine=i386-unknown
- os=-vsta
+ j90 | j90-cray)
+ cpu=j90
+ vendor=cray
+ basic_os=${basic_os:-unicos}
;;
iris | iris4d)
- basic_machine=mips-sgi
- case $os in
- -irix*)
+ cpu=mips
+ vendor=sgi
+ case $basic_os in
+ irix*)
;;
*)
- os=-irix4
+ basic_os=irix4
;;
esac
;;
- isi68 | isi)
- basic_machine=m68k-isi
- os=-sysv
- ;;
- leon-*|leon[3-9]-*)
- basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'`
- ;;
- m68knommu)
- basic_machine=m68k-unknown
- os=-linux
- ;;
- m68knommu-*)
- basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
- ;;
- magnum | m3230)
- basic_machine=mips-mips
- os=-sysv
- ;;
- merlin)
- basic_machine=ns32k-utek
- os=-sysv
- ;;
- microblaze*)
- basic_machine=microblaze-xilinx
- ;;
- mingw64)
- basic_machine=x86_64-pc
- os=-mingw64
- ;;
- mingw32)
- basic_machine=i686-pc
- os=-mingw32
- ;;
- mingw32ce)
- basic_machine=arm-unknown
- os=-mingw32ce
- ;;
miniframe)
- basic_machine=m68000-convergent
- ;;
- *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
- basic_machine=m68k-atari
- os=-mint
- ;;
- mips3*-*)
- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`
- ;;
- mips3*)
- basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown
- ;;
- monitor)
- basic_machine=m68k-rom68k
- os=-coff
- ;;
- morphos)
- basic_machine=powerpc-unknown
- os=-morphos
- ;;
- moxiebox)
- basic_machine=moxie-unknown
- os=-moxiebox
+ cpu=m68000
+ vendor=convergent
;;
- msdos)
- basic_machine=i386-pc
- os=-msdos
- ;;
- ms1-*)
- basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'`
- ;;
- msys)
- basic_machine=i686-pc
- os=-msys
- ;;
- mvs)
- basic_machine=i370-ibm
- os=-mvs
- ;;
- nacl)
- basic_machine=le32-unknown
- os=-nacl
- ;;
- ncr3000)
- basic_machine=i486-ncr
- os=-sysv4
- ;;
- netbsd386)
- basic_machine=i386-unknown
- os=-netbsd
- ;;
- netwinder)
- basic_machine=armv4l-rebel
- os=-linux
- ;;
- news | news700 | news800 | news900)
- basic_machine=m68k-sony
- os=-newsos
- ;;
- news1000)
- basic_machine=m68030-sony
- os=-newsos
+ *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ cpu=m68k
+ vendor=atari
+ basic_os=mint
;;
news-3600 | risc-news)
- basic_machine=mips-sony
- os=-newsos
- ;;
- necv70)
- basic_machine=v70-nec
- os=-sysv
+ cpu=mips
+ vendor=sony
+ basic_os=newsos
;;
next | m*-next)
- basic_machine=m68k-next
- case $os in
- -nextstep* )
+ cpu=m68k
+ vendor=next
+ case $basic_os in
+ openstep*)
+ ;;
+ nextstep*)
;;
- -ns2*)
- os=-nextstep2
+ ns2*)
+ basic_os=nextstep2
;;
*)
- os=-nextstep3
+ basic_os=nextstep3
;;
esac
;;
- nh3000)
- basic_machine=m68k-harris
- os=-cxux
- ;;
- nh[45]000)
- basic_machine=m88k-harris
- os=-cxux
- ;;
- nindy960)
- basic_machine=i960-intel
- os=-nindy
- ;;
- mon960)
- basic_machine=i960-intel
- os=-mon960
- ;;
- nonstopux)
- basic_machine=mips-compaq
- os=-nonstopux
- ;;
np1)
- basic_machine=np1-gould
- ;;
- neo-tandem)
- basic_machine=neo-tandem
- ;;
- nse-tandem)
- basic_machine=nse-tandem
- ;;
- nsr-tandem)
- basic_machine=nsr-tandem
- ;;
- nsv-tandem)
- basic_machine=nsv-tandem
- ;;
- nsx-tandem)
- basic_machine=nsx-tandem
+ cpu=np1
+ vendor=gould
;;
op50n-* | op60c-*)
- basic_machine=hppa1.1-oki
- os=-proelf
- ;;
- openrisc | openrisc-*)
- basic_machine=or32-unknown
- ;;
- os400)
- basic_machine=powerpc-ibm
- os=-os400
- ;;
- OSE68000 | ose68000)
- basic_machine=m68000-ericsson
- os=-ose
- ;;
- os68k)
- basic_machine=m68k-none
- os=-os68k
+ cpu=hppa1.1
+ vendor=oki
+ basic_os=proelf
;;
pa-hitachi)
- basic_machine=hppa1.1-hitachi
- os=-hiuxwe2
- ;;
- paragon)
- basic_machine=i860-intel
- os=-osf
- ;;
- parisc)
- basic_machine=hppa-unknown
- os=-linux
- ;;
- parisc-*)
- basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- os=-linux
+ cpu=hppa1.1
+ vendor=hitachi
+ basic_os=hiuxwe2
;;
pbd)
- basic_machine=sparc-tti
+ cpu=sparc
+ vendor=tti
;;
pbb)
- basic_machine=m68k-tti
- ;;
- pc532 | pc532-*)
- basic_machine=ns32k-pc532
- ;;
- pc98)
- basic_machine=i386-pc
+ cpu=m68k
+ vendor=tti
;;
- pc98-*)
- basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentium | p5 | k5 | k6 | nexgen | viac3)
- basic_machine=i586-pc
- ;;
- pentiumpro | p6 | 6x86 | athlon | athlon_*)
- basic_machine=i686-pc
- ;;
- pentiumii | pentium2 | pentiumiii | pentium3)
- basic_machine=i686-pc
- ;;
- pentium4)
- basic_machine=i786-pc
- ;;
- pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
- basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentiumpro-* | p6-* | 6x86-* | athlon-*)
- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
- basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- pentium4-*)
- basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ pc532)
+ cpu=ns32k
+ vendor=pc532
;;
pn)
- basic_machine=pn-gould
- ;;
- power) basic_machine=power-ibm
- ;;
- ppc | ppcbe) basic_machine=powerpc-unknown
+ cpu=pn
+ vendor=gould
;;
- ppc-* | ppcbe-*)
- basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
- ;;
- ppcle | powerpclittle)
- basic_machine=powerpcle-unknown
+ power)
+ cpu=power
+ vendor=ibm
;;
- ppcle-* | powerpclittle-*)
- basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ ps2)
+ cpu=i386
+ vendor=ibm
;;
- ppc64) basic_machine=powerpc64-unknown
+ rm[46]00)
+ cpu=mips
+ vendor=siemens
;;
- ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ rtpc | rtpc-*)
+ cpu=romp
+ vendor=ibm
;;
- ppc64le | powerpc64little)
- basic_machine=powerpc64le-unknown
+ sde)
+ cpu=mipsisa32
+ vendor=sde
+ basic_os=${basic_os:-elf}
;;
- ppc64le-* | powerpc64little-*)
- basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ simso-wrs)
+ cpu=sparclite
+ vendor=wrs
+ basic_os=vxworks
;;
- ps2)
- basic_machine=i386-ibm
+ tower | tower-32)
+ cpu=m68k
+ vendor=ncr
;;
- pw32)
- basic_machine=i586-unknown
- os=-pw32
+ vpp*|vx|vx-*)
+ cpu=f301
+ vendor=fujitsu
;;
- rdos | rdos64)
- basic_machine=x86_64-pc
- os=-rdos
+ w65)
+ cpu=w65
+ vendor=wdc
;;
- rdos32)
- basic_machine=i386-pc
- os=-rdos
+ w89k-*)
+ cpu=hppa1.1
+ vendor=winbond
+ basic_os=proelf
;;
- rom68k)
- basic_machine=m68k-rom68k
- os=-coff
+ none)
+ cpu=none
+ vendor=none
;;
- rm[46]00)
- basic_machine=mips-siemens
+ leon|leon[3-9])
+ cpu=sparc
+ vendor=$basic_machine
;;
- rtpc | rtpc-*)
- basic_machine=romp-ibm
+ leon-*|leon[3-9]-*)
+ cpu=sparc
+ vendor=`echo "$basic_machine" | sed 's/-.*//'`
;;
- s390 | s390-*)
- basic_machine=s390-ibm
+
+ *-*)
+ # shellcheck disable=SC2162
+ saved_IFS=$IFS
+ IFS="-" read cpu vendor <<EOF
+$basic_machine
+EOF
+ IFS=$saved_IFS
;;
- s390x | s390x-*)
- basic_machine=s390x-ibm
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ cpu=$basic_machine
+ vendor=pc
;;
- sa29200)
- basic_machine=a29k-amd
- os=-udi
+ # These rules are duplicated from below for sake of the special case above;
+ # i.e. things that normalized to x86 arches should also default to "pc"
+ pc98)
+ cpu=i386
+ vendor=pc
;;
- sb1)
- basic_machine=mipsisa64sb1-unknown
+ x64 | amd64)
+ cpu=x86_64
+ vendor=pc
;;
- sb1el)
- basic_machine=mipsisa64sb1el-unknown
+ # Recognize the basic CPU types without company name.
+ *)
+ cpu=$basic_machine
+ vendor=unknown
;;
- sde)
- basic_machine=mipsisa32-sde
- os=-elf
+esac
+
+unset -v basic_machine
+
+# Decode basic machines in the full and proper CPU-Company form.
+case $cpu-$vendor in
+ # Here we handle the default manufacturer of certain CPU types in canonical form. It is in
+ # some cases the only manufacturer, in others, it is the most popular.
+ craynv-unknown)
+ vendor=cray
+ basic_os=${basic_os:-unicosmp}
;;
- sei)
- basic_machine=mips-sei
- os=-seiux
+ c90-unknown | c90-cray)
+ vendor=cray
+ basic_os=${Basic_os:-unicos}
;;
- sequent)
- basic_machine=i386-sequent
+ fx80-unknown)
+ vendor=alliant
;;
- sh5el)
- basic_machine=sh5le-unknown
+ romp-unknown)
+ vendor=ibm
;;
- simso-wrs)
- basic_machine=sparclite-wrs
- os=-vxworks
+ mmix-unknown)
+ vendor=knuth
;;
- sps7)
- basic_machine=m68k-bull
- os=-sysv2
+ microblaze-unknown | microblazeel-unknown)
+ vendor=xilinx
;;
- spur)
- basic_machine=spur-unknown
+ rs6000-unknown)
+ vendor=ibm
;;
- st2000)
- basic_machine=m68k-tandem
+ vax-unknown)
+ vendor=dec
;;
- stratus)
- basic_machine=i860-stratus
- os=-sysv4
+ pdp11-unknown)
+ vendor=dec
;;
- strongarm-* | thumb-*)
- basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'`
+ we32k-unknown)
+ vendor=att
;;
- sun2)
- basic_machine=m68000-sun
+ cydra-unknown)
+ vendor=cydrome
;;
- sun2os3)
- basic_machine=m68000-sun
- os=-sunos3
+ i370-ibm*)
+ vendor=ibm
;;
- sun2os4)
- basic_machine=m68000-sun
- os=-sunos4
+ orion-unknown)
+ vendor=highlevel
;;
- sun3os3)
- basic_machine=m68k-sun
- os=-sunos3
+ xps-unknown | xps100-unknown)
+ cpu=xps100
+ vendor=honeywell
;;
- sun3os4)
- basic_machine=m68k-sun
- os=-sunos4
+
+ # Here we normalize CPU types with a missing or matching vendor
+ armh-unknown | armh-alt)
+ cpu=armv7l
+ vendor=alt
+ basic_os=${basic_os:-linux-gnueabihf}
;;
- sun4os3)
- basic_machine=sparc-sun
- os=-sunos3
+ dpx20-unknown | dpx20-bull)
+ cpu=rs6000
+ vendor=bull
+ basic_os=${basic_os:-bosx}
;;
- sun4os4)
- basic_machine=sparc-sun
- os=-sunos4
+
+ # Here we normalize CPU types irrespective of the vendor
+ amd64-*)
+ cpu=x86_64
;;
- sun4sol2)
- basic_machine=sparc-sun
- os=-solaris2
+ blackfin-*)
+ cpu=bfin
+ basic_os=linux
;;
- sun3 | sun3-*)
- basic_machine=m68k-sun
+ c54x-*)
+ cpu=tic54x
;;
- sun4)
- basic_machine=sparc-sun
+ c55x-*)
+ cpu=tic55x
;;
- sun386 | sun386i | roadrunner)
- basic_machine=i386-sun
+ c6x-*)
+ cpu=tic6x
;;
- sv1)
- basic_machine=sv1-cray
- os=-unicos
+ e500v[12]-*)
+ cpu=powerpc
+ basic_os=${basic_os}"spe"
;;
- symmetry)
- basic_machine=i386-sequent
- os=-dynix
+ mips3*-*)
+ cpu=mips64
;;
- t3e)
- basic_machine=alphaev5-cray
- os=-unicos
+ ms1-*)
+ cpu=mt
;;
- t90)
- basic_machine=t90-cray
- os=-unicos
+ m68knommu-*)
+ cpu=m68k
+ basic_os=linux
;;
- tile*)
- basic_machine=$basic_machine-unknown
- os=-linux-gnu
+ m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
+ cpu=s12z
;;
- tx39)
- basic_machine=mipstx39-unknown
+ openrisc-*)
+ cpu=or32
;;
- tx39el)
- basic_machine=mipstx39el-unknown
+ parisc-*)
+ cpu=hppa
+ basic_os=linux
;;
- toad1)
- basic_machine=pdp10-xkl
- os=-tops20
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ cpu=i586
;;
- tower | tower-32)
- basic_machine=m68k-ncr
+ pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*)
+ cpu=i686
;;
- tpf)
- basic_machine=s390x-ibm
- os=-tpf
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ cpu=i686
;;
- udi29k)
- basic_machine=a29k-amd
- os=-udi
+ pentium4-*)
+ cpu=i786
;;
- ultra3)
- basic_machine=a29k-nyu
- os=-sym1
+ pc98-*)
+ cpu=i386
;;
- v810 | necv810)
- basic_machine=v810-nec
- os=-none
+ ppc-* | ppcbe-*)
+ cpu=powerpc
;;
- vaxv)
- basic_machine=vax-dec
- os=-sysv
+ ppcle-* | powerpclittle-*)
+ cpu=powerpcle
;;
- vms)
- basic_machine=vax-dec
- os=-vms
+ ppc64-*)
+ cpu=powerpc64
;;
- vpp*|vx|vx-*)
- basic_machine=f301-fujitsu
+ ppc64le-* | powerpc64little-*)
+ cpu=powerpc64le
;;
- vxworks960)
- basic_machine=i960-wrs
- os=-vxworks
+ sb1-*)
+ cpu=mipsisa64sb1
;;
- vxworks68)
- basic_machine=m68k-wrs
- os=-vxworks
+ sb1el-*)
+ cpu=mipsisa64sb1el
;;
- vxworks29k)
- basic_machine=a29k-wrs
- os=-vxworks
+ sh5e[lb]-*)
+ cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
;;
- w65*)
- basic_machine=w65-wdc
- os=-none
+ spur-*)
+ cpu=spur
;;
- w89k-*)
- basic_machine=hppa1.1-winbond
- os=-proelf
+ strongarm-* | thumb-*)
+ cpu=arm
;;
- x64)
- basic_machine=x86_64-pc
+ tx39-*)
+ cpu=mipstx39
;;
- xbox)
- basic_machine=i686-pc
- os=-mingw32
+ tx39el-*)
+ cpu=mipstx39el
;;
- xps | xps100)
- basic_machine=xps100-honeywell
+ x64-*)
+ cpu=x86_64
;;
xscale-* | xscalee[bl]-*)
- basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'`
- ;;
- ymp)
- basic_machine=ymp-cray
- os=-unicos
+ cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
;;
- none)
- basic_machine=none-none
- os=-none
+ arm64-* | aarch64le-*)
+ cpu=aarch64
;;
-# Here we handle the default manufacturer of certain CPU types. It is in
-# some cases the only manufacturer, in others, it is the most popular.
- w89k)
- basic_machine=hppa1.1-winbond
- ;;
- op50n)
- basic_machine=hppa1.1-oki
- ;;
- op60c)
- basic_machine=hppa1.1-oki
- ;;
- romp)
- basic_machine=romp-ibm
- ;;
- mmix)
- basic_machine=mmix-knuth
+ # Recognize the canonical CPU Types that limit and/or modify the
+ # company names they are paired with.
+ cr16-*)
+ basic_os=${basic_os:-elf}
;;
- rs6000)
- basic_machine=rs6000-ibm
+ crisv32-* | etraxfs*-*)
+ cpu=crisv32
+ vendor=axis
;;
- vax)
- basic_machine=vax-dec
+ cris-* | etrax*-*)
+ cpu=cris
+ vendor=axis
;;
- pdp11)
- basic_machine=pdp11-dec
+ crx-*)
+ basic_os=${basic_os:-elf}
;;
- we32k)
- basic_machine=we32k-att
+ neo-tandem)
+ cpu=neo
+ vendor=tandem
;;
- sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
- basic_machine=sh-unknown
+ nse-tandem)
+ cpu=nse
+ vendor=tandem
;;
- cydra)
- basic_machine=cydra-cydrome
+ nsr-tandem)
+ cpu=nsr
+ vendor=tandem
;;
- orion)
- basic_machine=orion-highlevel
+ nsv-tandem)
+ cpu=nsv
+ vendor=tandem
;;
- orion105)
- basic_machine=clipper-highlevel
+ nsx-tandem)
+ cpu=nsx
+ vendor=tandem
;;
- mac | mpw | mac-mpw)
- basic_machine=m68k-apple
+ mipsallegrexel-sony)
+ cpu=mipsallegrexel
+ vendor=sony
;;
- pmac | pmac-mpw)
- basic_machine=powerpc-apple
- ;;
- *-unknown)
- # Make sure to match an already-canonicalized machine name.
+ tile*-*)
+ basic_os=${basic_os:-linux-gnu}
;;
+
*)
- echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
- exit 1
+ # Recognize the canonical CPU types that are allowed with any
+ # company name.
+ case $cpu in
+ 1750a | 580 \
+ | a29k \
+ | aarch64 | aarch64_be \
+ | abacus \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
+ | alphapca5[67] | alpha64pca5[67] \
+ | am33_2.0 \
+ | amdgcn \
+ | arc | arceb | arc32 | arc64 \
+ | arm | arm[lb]e | arme[lb] | armv* \
+ | avr | avr32 \
+ | asmjs \
+ | ba \
+ | be32 | be64 \
+ | bfin | bpf | bs2000 \
+ | c[123]* | c30 | [cjt]90 | c4x \
+ | c8051 | clipper | craynv | csky | cydra \
+ | d10v | d30v | dlx | dsp16xx \
+ | e2k | elxsi | epiphany \
+ | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+ | h8300 | h8500 \
+ | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | hexagon \
+ | i370 | i*86 | i860 | i960 | ia16 | ia64 \
+ | ip2k | iq2000 \
+ | k1om \
+ | le32 | le64 \
+ | lm32 \
+ | loongarch32 | loongarch64 | loongarchx32 \
+ | m32c | m32r | m32rle \
+ | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
+ | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
+ | m88110 | m88k | maxq | mb | mcore | mep | metag \
+ | microblaze | microblazeel \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64eb | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa32r3 | mipsisa32r3el \
+ | mipsisa32r5 | mipsisa32r5el \
+ | mipsisa32r6 | mipsisa32r6el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64r3 | mipsisa64r3el \
+ | mipsisa64r5 | mipsisa64r5el \
+ | mipsisa64r6 | mipsisa64r6el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipsr5900 | mipsr5900el \
+ | mipstx39 | mipstx39el \
+ | mmix \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nfp \
+ | nios | nios2 | nios2eb | nios2el \
+ | none | np1 | ns16k | ns32k | nvptx \
+ | open8 \
+ | or1k* \
+ | or32 \
+ | orion \
+ | picochip \
+ | pdp10 | pdp11 | pj | pjl | pn | power \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+ | pru \
+ | pyramid \
+ | riscv | riscv32 | riscv32be | riscv64 | riscv64be \
+ | rl78 | romp | rs6000 | rx \
+ | s390 | s390x \
+ | score \
+ | sh | shl \
+ | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
+ | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+ | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+ | spu \
+ | tahoe \
+ | thumbv7* \
+ | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+ | tron \
+ | ubicom32 \
+ | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+ | vax \
+ | visium \
+ | w65 \
+ | wasm32 | wasm64 \
+ | we32k \
+ | x86 | x86_64 | xc16x | xgate | xps100 \
+ | xstormy16 | xtensa* \
+ | ymp \
+ | z8k | z80)
+ ;;
+
+ *)
+ echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
+ exit 1
+ ;;
+ esac
;;
esac
# Here we canonicalize certain aliases for manufacturers.
-case $basic_machine in
- *-digital*)
- basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'`
+case $vendor in
+ digital*)
+ vendor=dec
;;
- *-commodore*)
- basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'`
+ commodore*)
+ vendor=cbm
;;
*)
;;
@@ -1334,203 +1306,215 @@ esac
# Decode manufacturer-specific aliases for certain operating systems.
-if [ x"$os" != x"" ]
+if test x$basic_os != x
then
+
+# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just
+# set os.
+case $basic_os in
+ gnu/linux*)
+ kernel=linux
+ os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'`
+ ;;
+ os2-emx)
+ kernel=os2
+ os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'`
+ ;;
+ nto-qnx*)
+ kernel=nto
+ os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'`
+ ;;
+ *-*)
+ # shellcheck disable=SC2162
+ saved_IFS=$IFS
+ IFS="-" read kernel os <<EOF
+$basic_os
+EOF
+ IFS=$saved_IFS
+ ;;
+ # Default OS when just kernel was specified
+ nto*)
+ kernel=nto
+ os=`echo "$basic_os" | sed -e 's|nto|qnx|'`
+ ;;
+ linux*)
+ kernel=linux
+ os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
+ ;;
+ *)
+ kernel=
+ os=$basic_os
+ ;;
+esac
+
+# Now, normalize the OS (knowing we just have one component, it's not a kernel,
+# etc.)
case $os in
# First match some system type aliases that might get confused
# with valid system types.
- # -solaris* is a basic system type, with this one exception.
- -auroraux)
- os=-auroraux
+ # solaris* is a basic system type, with this one exception.
+ auroraux)
+ os=auroraux
;;
- -solaris1 | -solaris1.*)
- os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ bluegene*)
+ os=cnk
;;
- -solaris)
- os=-solaris2
+ solaris1 | solaris1.*)
+ os=`echo "$os" | sed -e 's|solaris1|sunos4|'`
;;
- -unixware*)
- os=-sysv4.2uw
+ solaris)
+ os=solaris2
;;
- -gnu/linux*)
- os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ unixware*)
+ os=sysv4.2uw
;;
# es1800 is here to avoid being matched by es* (a different OS)
- -es1800*)
- os=-ose
+ es1800*)
+ os=ose
;;
- # Now accept the basic system types.
- # The portable systems comes first.
- # Each alternative MUST end in a * to match a version number.
- # -sysv* is not here because it comes later, after sysvr4.
- -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
- | -sym* | -kopensolaris* | -plan9* \
- | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* | -aros* | -cloudabi* | -sortix* \
- | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
- | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \
- | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
- | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
- | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
- | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
- | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
- | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
- | -linux-newlib* | -linux-musl* | -linux-uclibc* \
- | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
- | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \
- | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
- | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
- | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
- | -morphos* | -superux* | -rtmk* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
- | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \
- | -midnightbsd*)
- # Remember, each alternative MUST END IN *, to match a version number.
- ;;
- -qnx*)
- case $basic_machine in
- x86-* | i*86-*)
- ;;
- *)
- os=-nto$os
- ;;
- esac
+ # Some version numbers need modification
+ chorusos*)
+ os=chorusos
;;
- -nto-qnx*)
+ isc)
+ os=isc2.2
;;
- -nto*)
- os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ sco6)
+ os=sco5v6
;;
- -sim | -xray | -os68k* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* \
- | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ sco5)
+ os=sco3.2v5
;;
- -mac*)
- os=`echo "$os" | sed -e 's|mac|macos|'`
+ sco4)
+ os=sco3.2v4
;;
- -linux-dietlibc)
- os=-linux-dietlibc
+ sco3.2.[4-9]*)
+ os=`echo "$os" | sed -e 's/sco3.2./sco3.2v/'`
;;
- -linux*)
- os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ sco*v* | scout)
+ # Don't match below
;;
- -sunos5*)
- os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
+ sco*)
+ os=sco3.2v2
;;
- -sunos6*)
- os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
+ psos*)
+ os=psos
;;
- -opened*)
- os=-openedition
+ qnx*)
+ os=qnx
;;
- -os400*)
- os=-os400
+ hiux*)
+ os=hiuxwe2
;;
- -wince*)
- os=-wince
+ lynx*178)
+ os=lynxos178
;;
- -utek*)
- os=-bsd
+ lynx*5)
+ os=lynxos5
;;
- -dynix*)
- os=-bsd
+ lynxos*)
+ # don't get caught up in next wildcard
;;
- -acis*)
- os=-aos
+ lynx*)
+ os=lynxos
;;
- -atheos*)
- os=-atheos
+ mac[0-9]*)
+ os=`echo "$os" | sed -e 's|mac|macos|'`
;;
- -syllable*)
- os=-syllable
+ opened*)
+ os=openedition
;;
- -386bsd)
- os=-bsd
+ os400*)
+ os=os400
;;
- -ctix* | -uts*)
- os=-sysv
+ sunos5*)
+ os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
;;
- -nova*)
- os=-rtmk-nova
+ sunos6*)
+ os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
;;
- -ns2)
- os=-nextstep2
+ wince*)
+ os=wince
;;
- -nsk*)
- os=-nsk
+ utek*)
+ os=bsd
;;
- # Preserve the version number of sinix5.
- -sinix5.*)
- os=`echo $os | sed -e 's|sinix|sysv|'`
+ dynix*)
+ os=bsd
;;
- -sinix*)
- os=-sysv4
+ acis*)
+ os=aos
;;
- -tpf*)
- os=-tpf
+ atheos*)
+ os=atheos
;;
- -triton*)
- os=-sysv3
+ syllable*)
+ os=syllable
+ ;;
+ 386bsd)
+ os=bsd
+ ;;
+ ctix* | uts*)
+ os=sysv
+ ;;
+ nova*)
+ os=rtmk-nova
+ ;;
+ ns2)
+ os=nextstep2
+ ;;
+ # Preserve the version number of sinix5.
+ sinix5.*)
+ os=`echo "$os" | sed -e 's|sinix|sysv|'`
;;
- -oss*)
- os=-sysv3
+ sinix*)
+ os=sysv4
;;
- -svr4*)
- os=-sysv4
+ tpf*)
+ os=tpf
;;
- -svr3)
- os=-sysv3
+ triton*)
+ os=sysv3
;;
- -sysvr4)
- os=-sysv4
+ oss*)
+ os=sysv3
;;
- # This must come after -sysvr4.
- -sysv*)
+ svr4*)
+ os=sysv4
;;
- -ose*)
- os=-ose
+ svr3)
+ os=sysv3
;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
- os=-mint
+ sysvr4)
+ os=sysv4
;;
- -zvmoe)
- os=-zvmoe
+ ose*)
+ os=ose
;;
- -dicos*)
- os=-dicos
+ *mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+ os=mint
;;
- -pikeos*)
+ dicos*)
+ os=dicos
+ ;;
+ pikeos*)
# Until real need of OS specific support for
# particular features comes up, bare metal
# configurations are quite functional.
- case $basic_machine in
+ case $cpu in
arm*)
- os=-eabi
+ os=eabi
;;
*)
- os=-elf
+ os=elf
;;
esac
;;
- -nacl*)
- ;;
- -ios)
- ;;
- -none)
- ;;
*)
- # Get rid of the `-' at the beginning of $os.
- os=`echo $os | sed 's/[^-]*-//'`
- echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
- exit 1
+ # No normalization, but not necessarily accepted, that comes below.
;;
esac
+
else
# Here we handle the default operating systems that come with various machines.
@@ -1543,258 +1527,363 @@ else
# will signal an error saying that MANUFACTURER isn't an operating
# system, and we'll never get to this point.
-case $basic_machine in
+kernel=
+case $cpu-$vendor in
score-*)
- os=-elf
+ os=elf
;;
spu-*)
- os=-elf
+ os=elf
;;
*-acorn)
- os=-riscix1.2
+ os=riscix1.2
;;
arm*-rebel)
- os=-linux
+ kernel=linux
+ os=gnu
;;
arm*-semi)
- os=-aout
+ os=aout
;;
c4x-* | tic4x-*)
- os=-coff
+ os=coff
;;
c8051-*)
- os=-elf
+ os=elf
+ ;;
+ clipper-intergraph)
+ os=clix
;;
hexagon-*)
- os=-elf
+ os=elf
;;
tic54x-*)
- os=-coff
+ os=coff
;;
tic55x-*)
- os=-coff
+ os=coff
;;
tic6x-*)
- os=-coff
+ os=coff
;;
# This must come before the *-dec entry.
pdp10-*)
- os=-tops20
+ os=tops20
;;
pdp11-*)
- os=-none
+ os=none
;;
*-dec | vax-*)
- os=-ultrix4.2
+ os=ultrix4.2
;;
m68*-apollo)
- os=-domain
+ os=domain
;;
i386-sun)
- os=-sunos4.0.2
+ os=sunos4.0.2
;;
m68000-sun)
- os=-sunos3
+ os=sunos3
;;
m68*-cisco)
- os=-aout
+ os=aout
;;
mep-*)
- os=-elf
+ os=elf
;;
mips*-cisco)
- os=-elf
+ os=elf
;;
mips*-*)
- os=-elf
+ os=elf
;;
or32-*)
- os=-coff
+ os=coff
;;
*-tti) # must be before sparc entry or we get the wrong os.
- os=-sysv3
+ os=sysv3
;;
sparc-* | *-sun)
- os=-sunos4.1.1
+ os=sunos4.1.1
;;
pru-*)
- os=-elf
+ os=elf
;;
*-be)
- os=-beos
+ os=beos
;;
*-ibm)
- os=-aix
+ os=aix
;;
*-knuth)
- os=-mmixware
+ os=mmixware
;;
*-wec)
- os=-proelf
+ os=proelf
;;
*-winbond)
- os=-proelf
+ os=proelf
;;
*-oki)
- os=-proelf
+ os=proelf
;;
*-hp)
- os=-hpux
+ os=hpux
;;
*-hitachi)
- os=-hiux
+ os=hiux
;;
i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
- os=-sysv
+ os=sysv
;;
*-cbm)
- os=-amigaos
+ os=amigaos
;;
*-dg)
- os=-dgux
+ os=dgux
;;
*-dolphin)
- os=-sysv3
+ os=sysv3
;;
m68k-ccur)
- os=-rtu
+ os=rtu
;;
m88k-omron*)
- os=-luna
+ os=luna
;;
*-next)
- os=-nextstep
+ os=nextstep
;;
*-sequent)
- os=-ptx
+ os=ptx
;;
*-crds)
- os=-unos
+ os=unos
;;
*-ns)
- os=-genix
+ os=genix
;;
i370-*)
- os=-mvs
+ os=mvs
;;
*-gould)
- os=-sysv
+ os=sysv
;;
*-highlevel)
- os=-bsd
+ os=bsd
;;
*-encore)
- os=-bsd
+ os=bsd
;;
*-sgi)
- os=-irix
+ os=irix
;;
*-siemens)
- os=-sysv4
+ os=sysv4
;;
*-masscomp)
- os=-rtu
+ os=rtu
;;
f30[01]-fujitsu | f700-fujitsu)
- os=-uxpv
+ os=uxpv
;;
*-rom68k)
- os=-coff
+ os=coff
;;
*-*bug)
- os=-coff
+ os=coff
;;
*-apple)
- os=-macos
+ os=macos
;;
*-atari*)
- os=-mint
+ os=mint
+ ;;
+ *-wrs)
+ os=vxworks
;;
*)
- os=-none
+ os=none
;;
esac
+
fi
+# Now, validate our (potentially fixed-up) OS.
+case $os in
+ # Sometimes we do "kernel-libc", so those need to count as OSes.
+ musl* | newlib* | relibc* | uclibc*)
+ ;;
+ # Likewise for "kernel-abi"
+ eabi* | gnueabi*)
+ ;;
+ # VxWorks passes extra cpu info in the 4th filed.
+ simlinux | simwindows | spe)
+ ;;
+ # Now accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST end in a * to match a version number.
+ gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
+ | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \
+ | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
+ | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \
+ | hiux* | abug | nacl* | netware* | windows* \
+ | os9* | macos* | osx* | ios* \
+ | mpw* | magic* | mmixware* | mon960* | lnews* \
+ | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
+ | aos* | aros* | cloudabi* | sortix* | twizzler* \
+ | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
+ | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
+ | mirbsd* | netbsd* | dicos* | openedition* | ose* \
+ | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \
+ | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \
+ | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
+ | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+ | udi* | lites* | ieee* | go32* | aux* | hcos* \
+ | chorusrdb* | cegcc* | glidix* | serenity* \
+ | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+ | midipix* | mingw32* | mingw64* | mint* \
+ | uxpv* | beos* | mpeix* | udk* | moxiebox* \
+ | interix* | uwin* | mks* | rhapsody* | darwin* \
+ | openstep* | oskit* | conix* | pw32* | nonstopux* \
+ | storm-chaos* | tops10* | tenex* | tops20* | its* \
+ | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \
+ | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \
+ | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
+ | skyos* | haiku* | rdos* | toppers* | drops* | es* \
+ | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
+ | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
+ | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
+ | fiwix* )
+ ;;
+ # This one is extra strict with allowed versions
+ sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ ;;
+ none)
+ ;;
+ *)
+ echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# As a final step for OS-related things, validate the OS-kernel combination
+# (given a valid OS), if there is a kernel.
+case $kernel-$os in
+ linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
+ | linux-musl* | linux-relibc* | linux-uclibc* )
+ ;;
+ uclinux-uclibc* )
+ ;;
+ -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
+ # These are just libc implementations, not actual OSes, and thus
+ # require a kernel.
+ echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
+ exit 1
+ ;;
+ kfreebsd*-gnu* | kopensolaris*-gnu*)
+ ;;
+ vxworks-simlinux | vxworks-simwindows | vxworks-spe)
+ ;;
+ nto-qnx*)
+ ;;
+ os2-emx)
+ ;;
+ *-eabi* | *-gnueabi*)
+ ;;
+ -*)
+ # Blank kernel with real OS is always fine.
+ ;;
+ *-*)
+ echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2
+ exit 1
+ ;;
+esac
+
# Here we handle the case where we know the os, and the CPU type, but not the
# manufacturer. We pick the logical manufacturer.
-vendor=unknown
-case $basic_machine in
- *-unknown)
- case $os in
- -riscix*)
+case $vendor in
+ unknown)
+ case $cpu-$os in
+ *-riscix*)
vendor=acorn
;;
- -sunos*)
+ *-sunos*)
vendor=sun
;;
- -cnk*|-aix*)
+ *-cnk* | *-aix*)
vendor=ibm
;;
- -beos*)
+ *-beos*)
vendor=be
;;
- -hpux*)
+ *-hpux*)
vendor=hp
;;
- -mpeix*)
+ *-mpeix*)
vendor=hp
;;
- -hiux*)
+ *-hiux*)
vendor=hitachi
;;
- -unos*)
+ *-unos*)
vendor=crds
;;
- -dgux*)
+ *-dgux*)
vendor=dg
;;
- -luna*)
+ *-luna*)
vendor=omron
;;
- -genix*)
+ *-genix*)
vendor=ns
;;
- -mvs* | -opened*)
+ *-clix*)
+ vendor=intergraph
+ ;;
+ *-mvs* | *-opened*)
+ vendor=ibm
+ ;;
+ *-os400*)
vendor=ibm
;;
- -os400*)
+ s390-* | s390x-*)
vendor=ibm
;;
- -ptx*)
+ *-ptx*)
vendor=sequent
;;
- -tpf*)
+ *-tpf*)
vendor=ibm
;;
- -vxsim* | -vxworks* | -windiss*)
+ *-vxsim* | *-vxworks* | *-windiss*)
vendor=wrs
;;
- -aux*)
+ *-aux*)
vendor=apple
;;
- -hms*)
+ *-hms*)
vendor=hitachi
;;
- -mpw* | -macos*)
+ *-mpw* | *-macos*)
vendor=apple
;;
- -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*)
vendor=atari
;;
- -vos*)
+ *-vos*)
vendor=stratus
;;
esac
- basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"`
;;
esac
-echo "$basic_machine$os"
+echo "$cpu-$vendor-${kernel:+$kernel-}$os"
exit
# Local variables:
-# eval: (add-hook 'write-file-functions 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
diff --git a/libraries/libapparmor/configure b/libraries/libapparmor/configure
index ccea532b8bf7262b09659991648625e783aba1dd..13ddd6edffd6f78e4b5de3cee4c37108b8bd9324 100755
--- a/libraries/libapparmor/configure
+++ b/libraries/libapparmor/configure
@@ -1,9 +1,10 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69.
+# Generated by GNU Autoconf 2.71.
#
#
-# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
+# Inc.
#
#
# This configure script is free software; the Free Software Foundation
@@ -14,14 +15,16 @@
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in #(
*posix*) :
set -o posix ;; #(
@@ -31,46 +34,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in #((
@@ -94,8 +90,12 @@ case $0 in #((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -107,30 +107,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# Use a proper internal environment variable to ensure we don't fall
# into an infinite loop, continuously re-executing ourselves.
@@ -152,20 +132,22 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
-as_fn_exit 255
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
fi
# We don't want this to propagate to other subprocesses.
{ _as_can_reexec=; unset _as_can_reexec;}
if test "x$CONFIG_SHELL" = x; then
- as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ as_bourne_compatible="as_nop=:
+if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
# is contrary to our usage. Disable this feature.
alias -g '\${1+\"\$@\"}'='\"\$@\"'
setopt NO_GLOB_SUBST
-else
+else \$as_nop
case \`(set -o) 2>/dev/null\` in #(
*posix*) :
set -o posix ;; #(
@@ -185,12 +167,15 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; }
as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
-if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+if ( set x; as_fn_ret_success y && test x = \"\$1\" )
+then :
-else
+else \$as_nop
exitcode=1; echo positional parameters were not saved.
fi
test x\$exitcode = x0 || exit 1
+blah=\$(echo \$(echo blah))
+test x\"\$blah\" = xblah || exit 1
test -x / || exit 1"
as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
@@ -205,30 +190,38 @@ test \$(( 1 + 1 )) = 2 || exit 1
PATH=/empty FPATH=/empty; export PATH FPATH
test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
|| test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1"
- if (eval "$as_required") 2>/dev/null; then :
+ if (eval "$as_required") 2>/dev/null
+then :
as_have_required=yes
-else
+else $as_nop
as_have_required=no
fi
- if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null
+then :
-else
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
as_found=false
for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
as_found=:
case $as_dir in #(
/*)
for as_base in sh bash ksh sh5; do
# Try only shells that exist, to save several forks.
- as_shell=$as_dir/$as_base
+ as_shell=$as_dir$as_base
if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
CONFIG_SHELL=$as_shell as_have_required=yes
- if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null
+then :
break 2
fi
fi
@@ -236,14 +229,21 @@ fi
esac
as_found=false
done
-$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
- { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
- CONFIG_SHELL=$SHELL as_have_required=yes
-fi; }
IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null
+then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi
+fi
- if test "x$CONFIG_SHELL" != x; then :
+ if test "x$CONFIG_SHELL" != x
+then :
export CONFIG_SHELL
# We cannot yet assume a decent shell, so we have to provide a
# neutralization value for shells without unset; and this also
@@ -261,18 +261,19 @@ esac
exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
# Admittedly, this is quite paranoid, since all the known shells bail
# out after a failed `exec'.
-$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2
exit 255
fi
- if test x$as_have_required = xno; then :
- $as_echo "$0: This script requires a shell more modern than all"
- $as_echo "$0: the shells that I found on your system."
- if test x${ZSH_VERSION+set} = xset ; then
- $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
- $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ if test x$as_have_required = xno
+then :
+ printf "%s\n" "$0: This script requires a shell more modern than all"
+ printf "%s\n" "$0: the shells that I found on your system."
+ if test ${ZSH_VERSION+y} ; then
+ printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later."
else
- $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+ printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system,
$0: including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
@@ -299,6 +300,7 @@ as_fn_unset ()
}
as_unset=as_fn_unset
+
# as_fn_set_status STATUS
# -----------------------
# Set $? to STATUS, without forking.
@@ -316,6 +318,14 @@ as_fn_exit ()
as_fn_set_status $1
exit $1
} # as_fn_exit
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
# as_fn_mkdir_p
# -------------
@@ -330,7 +340,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -339,7 +349,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -378,12 +388,13 @@ as_fn_executable_p ()
# advantage of any shell optimizations that allow amortized linear growth over
# repeated appends, instead of the typical quadratic growth present in naive
# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -395,18 +406,27 @@ fi # as_fn_append
# Perform arithmetic evaluation on the ARGs, and store the result in the
# global $as_val. Take advantage of shells that can avoid forks. The arguments
# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
}
fi # as_fn_arith
+# as_fn_nop
+# ---------
+# Do nothing but, unlike ":", preserve the value of $?.
+as_fn_nop ()
+{
+ return $?
+}
+as_nop=as_fn_nop
# as_fn_error STATUS ERROR [LINENO LOG_FD]
# ----------------------------------------
@@ -418,9 +438,9 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} # as_fn_error
@@ -447,7 +467,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -491,7 +511,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
s/-\n.*//
' >$as_me.lineno &&
chmod +x "$as_me.lineno" ||
- { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+ { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
# If we had to re-execute with $CONFIG_SHELL, we're ensured to have
# already done that, so ensure we don't try to do so again and fall
@@ -505,6 +525,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits
exit
}
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in #(((((
-n*)
@@ -518,6 +542,13 @@ case `echo -n x` in #(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_echo='printf %s\n'
+as_echo_n='printf %s'
+
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -585,50 +616,46 @@ MFLAGS=
MAKEFLAGS=
# Identity of this package.
-PACKAGE_NAME=
-PACKAGE_TARNAME=
-PACKAGE_VERSION=
-PACKAGE_STRING=
-PACKAGE_BUGREPORT=
-PACKAGE_URL=
+PACKAGE_NAME=''
+PACKAGE_TARNAME=''
+PACKAGE_VERSION=''
+PACKAGE_STRING=''
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
ac_unique_file="configure.ac"
# Factoring default headers for most tests.
ac_includes_default="\
-#include <stdio.h>
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_STAT_H
-# include <sys/stat.h>
+#include <stddef.h>
+#ifdef HAVE_STDIO_H
+# include <stdio.h>
#endif
-#ifdef STDC_HEADERS
+#ifdef HAVE_STDLIB_H
# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
#endif
#ifdef HAVE_STRING_H
-# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
-# include <memory.h>
-# endif
# include <string.h>
#endif
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif
#ifdef HAVE_INTTYPES_H
# include <inttypes.h>
#endif
#ifdef HAVE_STDINT_H
# include <stdint.h>
#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"
+ac_header_c_list=
ac_subst_vars='am__EXEEXT_FALSE
am__EXEEXT_TRUE
LTLIBOBJS
@@ -662,7 +689,6 @@ build
LIBTOOL
EGREP
GREP
-CPP
HAVE_RUBY_FALSE
HAVE_RUBY_TRUE
HAVE_PERL_FALSE
@@ -677,14 +703,15 @@ pkgpyexecdir
pyexecdir
pkgpythondir
pythondir
-PYTHON_PLATFORM
PYTHON_EXEC_PREFIX
PYTHON_PREFIX
+PYTHON_PLATFORM
PYTHON_EXTRA_LDFLAGS
PYTHON_EXTRA_LIBS
PYTHON_SITE_PKG
PYTHON_LDFLAGS
PYTHON_CPPFLAGS
+PYTHON_CONFIG
PYTHON_VERSION
PYTHON
POD2MAN
@@ -704,7 +731,6 @@ am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
AMDEP_TRUE
-am__quote
am__include
DEPDIR
OBJEXT
@@ -720,6 +746,9 @@ AM_BACKSLASH
AM_DEFAULT_VERBOSITY
AM_DEFAULT_V
AM_V
+CSCOPE
+ETAGS
+CTAGS
am__untar
am__tar
AMTAR
@@ -781,7 +810,8 @@ PACKAGE_VERSION
PACKAGE_TARNAME
PACKAGE_NAME
PATH_SEPARATOR
-SHELL'
+SHELL
+am__quote'
ac_subst_files=''
ac_user_opts='
enable_option_checking
@@ -790,6 +820,9 @@ enable_dependency_tracking
enable_debug_output
enable_man_pages
with_python
+with_python_sys_prefix
+with_python_prefix
+with_python_exec_prefix
with_perl
with_ruby
enable_shared
@@ -816,7 +849,6 @@ PKG_CONFIG_PATH
PKG_CONFIG_LIBDIR
PYTHON_VERSION
PYTHON
-CPP
LT_SYS_LIBRARY_PATH'
@@ -886,8 +918,6 @@ do
*) ac_optarg=yes ;;
esac
- # Accept the important Cygnus configure options, so we can diagnose typos.
-
case $ac_dashdash$ac_option in
--)
ac_dashdash=yes ;;
@@ -928,9 +958,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -954,9 +984,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid feature name: $ac_useropt"
+ as_fn_error $? "invalid feature name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"enable_$ac_useropt"
@@ -1167,9 +1197,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1183,9 +1213,9 @@ do
ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
- as_fn_error $? "invalid package name: $ac_useropt"
+ as_fn_error $? "invalid package name: \`$ac_useropt'"
ac_useropt_orig=$ac_useropt
- ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'`
case $ac_user_opts in
*"
"with_$ac_useropt"
@@ -1229,9 +1259,9 @@ Try \`$0 --help' for more information"
*)
# FIXME: should be removed in autoconf 3.0.
- $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2
: "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
@@ -1247,7 +1277,7 @@ if test -n "$ac_unrecognized_opts"; then
case $enable_option_checking in
no) ;;
fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
- *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
esac
fi
@@ -1311,7 +1341,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_myself" : 'X\(//\)[^/]' \| \
X"$as_myself" : 'X\(//\)$' \| \
X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_myself" |
+printf "%s\n" X"$as_myself" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -1463,6 +1493,11 @@ Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-python enable the python wrapper [default=no]
+ --with-python-sys-prefix
+ use Python's sys.prefix and sys.exec_prefix values
+ --with-python_prefix override the default PYTHON_PREFIX
+ --with-python_exec_prefix
+ override the default PYTHON_EXEC_PREFIX
--with-perl enable the perl wrapper [default=no]
--with-ruby enable the ruby wrapper [default=no]
--with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use
@@ -1498,7 +1533,6 @@ Some influential environment variables:
string will be appended to the Python interpreter canonical
name.
PYTHON the Python interpreter
- CPP C preprocessor
LT_SYS_LIBRARY_PATH
User-defined run-time library search path.
@@ -1521,9 +1555,9 @@ if test "$ac_init_help" = "recursive"; then
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -1551,7 +1585,8 @@ esac
ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
cd "$ac_dir" || { ac_status=$?; continue; }
- # Check for guested configure.
+ # Check for configure.gnu first; this name is used for a wrapper for
+ # Metaconfig's "Configure" on case-insensitive file systems.
if test -f "$ac_srcdir/configure.gnu"; then
echo &&
$SHELL "$ac_srcdir/configure.gnu" --help=recursive
@@ -1559,7 +1594,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
- $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
@@ -1569,9 +1604,9 @@ test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
configure
-generated by GNU Autoconf 2.69
+generated by GNU Autoconf 2.71
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
@@ -1588,14 +1623,14 @@ fi
ac_fn_c_try_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext
+ rm -f conftest.$ac_objext conftest.beam
if { { ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1603,14 +1638,15 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
- } && test -s conftest.$ac_objext; then :
+ } && test -s conftest.$ac_objext
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1626,14 +1662,14 @@ fi
ac_fn_c_try_link ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- rm -f conftest.$ac_objext conftest$ac_exeext
+ rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -1641,17 +1677,18 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
mv -f conftest.er1 conftest.err
fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext && {
test "$cross_compiling" = yes ||
test -x conftest$ac_exeext
- }; then :
+ }
+then :
ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_retval=1
@@ -1666,172 +1703,6 @@ fi
} # ac_fn_c_try_link
-# ac_fn_c_try_cpp LINENO
-# ----------------------
-# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
-ac_fn_c_try_cpp ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
- ac_status=$?
- if test -s conftest.err; then
- grep -v '^ *+' conftest.err >conftest.er1
- cat conftest.er1 >&5
- mv -f conftest.er1 conftest.err
- fi
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } > conftest.i && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then :
- ac_retval=0
-else
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=1
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_cpp
-
-# ac_fn_c_try_run LINENO
-# ----------------------
-# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
-# that executables *can* be run.
-ac_fn_c_try_run ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if { { ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
- { { case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; }; then :
- ac_retval=0
-else
- $as_echo "$as_me: program exited with status $ac_status" >&5
- $as_echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_retval=$ac_status
-fi
- rm -rf conftest.dSYM conftest_ipa8_conftest.oo
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- as_fn_set_status $ac_retval
-
-} # ac_fn_c_try_run
-
-# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
-# -------------------------------------------------------
-# Tests whether HEADER exists, giving a warning if it cannot be compiled using
-# the include files in INCLUDES and setting the cache variable VAR
-# accordingly.
-ac_fn_c_check_header_mongrel ()
-{
- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- if eval \${$3+:} false; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-else
- # Is the header compilable?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
-$as_echo_n "checking $2 usability... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-$4
-#include <$2>
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_header_compiler=yes
-else
- ac_header_compiler=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
-$as_echo "$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
-$as_echo_n "checking $2 presence... " >&6; }
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <$2>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- ac_header_preproc=yes
-else
- ac_header_preproc=no
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
-$as_echo "$ac_header_preproc" >&6; }
-
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
- yes:no: )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
-$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
- no:yes:* )
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
-$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
-$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
-$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
-$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
-$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
- ;;
-esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- eval "$3=\$ac_header_compiler"
-fi
-eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-fi
- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
-
-} # ac_fn_c_check_header_mongrel
-
# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
# -------------------------------------------------------
# Tests whether HEADER exists and can be compiled using the include files in
@@ -1839,26 +1710,28 @@ fi
ac_fn_c_check_header_compile ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$4
#include <$2>
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_compile
@@ -1869,11 +1742,12 @@ $as_echo "$ac_res" >&6; }
ac_fn_c_check_func ()
{
as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
-$as_echo_n "checking for $2... " >&6; }
-if eval \${$3+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+printf %s "checking for $2... " >&6; }
+if eval test \${$3+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
@@ -1881,16 +1755,9 @@ else
#define $2 innocuous_$2
/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $2 (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
+ which can conflict with char $2 (); below. */
+#include <limits.h>
#undef $2
/* Override any GCC internal prototype to avoid an error.
@@ -1908,35 +1775,56 @@ choke me
#endif
int
-main ()
+main (void)
{
return $2 ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
eval "$3=yes"
-else
+else $as_nop
eval "$3=no"
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
fi
eval ac_res=\$$3
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+printf "%s\n" "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_func
+ac_configure_args_raw=
+for ac_arg
+do
+ case $ac_arg in
+ *\'*)
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append ac_configure_args_raw " '$ac_arg'"
+done
+
+case $ac_configure_args_raw in
+ *$as_nl*)
+ ac_safe_unquote= ;;
+ *)
+ ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab.
+ ac_unsafe_a="$ac_unsafe_z#~"
+ ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g"
+ ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;;
+esac
+
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
- $ $0 $@
+ $ $0$ac_configure_args_raw
_ACEOF
exec 5>>config.log
@@ -1969,8 +1857,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- $as_echo "PATH: $as_dir"
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ printf "%s\n" "PATH: $as_dir"
done
IFS=$as_save_IFS
@@ -2005,7 +1897,7 @@ do
| -silent | --silent | --silen | --sile | --sil)
continue ;;
*\'*)
- ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
esac
case $ac_pass in
1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
@@ -2040,11 +1932,13 @@ done
# WARNING: Use '\'' to represent an apostrophe within the trap.
# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
trap 'exit_status=$?
+ # Sanitize IFS.
+ IFS=" "" $as_nl"
# Save into config.log some information that might help in debugging.
{
echo
- $as_echo "## ---------------- ##
+ printf "%s\n" "## ---------------- ##
## Cache variables. ##
## ---------------- ##"
echo
@@ -2055,8 +1949,8 @@ trap 'exit_status=$?
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -2080,7 +1974,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
)
echo
- $as_echo "## ----------------- ##
+ printf "%s\n" "## ----------------- ##
## Output variables. ##
## ----------------- ##"
echo
@@ -2088,14 +1982,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
if test -n "$ac_subst_files"; then
- $as_echo "## ------------------- ##
+ printf "%s\n" "## ------------------- ##
## File substitutions. ##
## ------------------- ##"
echo
@@ -2103,15 +1997,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
do
eval ac_val=\$$ac_var
case $ac_val in
- *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
esac
- $as_echo "$ac_var='\''$ac_val'\''"
+ printf "%s\n" "$ac_var='\''$ac_val'\''"
done | sort
echo
fi
if test -s confdefs.h; then
- $as_echo "## ----------- ##
+ printf "%s\n" "## ----------- ##
## confdefs.h. ##
## ----------- ##"
echo
@@ -2119,8 +2013,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
echo
fi
test "$ac_signal" != 0 &&
- $as_echo "$as_me: caught signal $ac_signal"
- $as_echo "$as_me: exit $exit_status"
+ printf "%s\n" "$as_me: caught signal $ac_signal"
+ printf "%s\n" "$as_me: exit $exit_status"
} >&5
rm -f core *.core core.conftest.* &&
rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
@@ -2134,63 +2028,48 @@ ac_signal=0
# confdefs.h avoids OS command line length limits that DEFS can exceed.
rm -f -r conftest* confdefs.h
-$as_echo "/* confdefs.h */" > confdefs.h
+printf "%s\n" "/* confdefs.h */" > confdefs.h
# Predefined preprocessor variables.
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
+printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
+printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
+printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
+printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
+printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_URL "$PACKAGE_URL"
-_ACEOF
+printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h
# Let the site file select an alternate cache file if it wants to.
# Prefer an explicitly selected file to automatically selected ones.
-ac_site_file1=NONE
-ac_site_file2=NONE
if test -n "$CONFIG_SITE"; then
- # We do not want a PATH search for config.site.
- case $CONFIG_SITE in #((
- -*) ac_site_file1=./$CONFIG_SITE;;
- */*) ac_site_file1=$CONFIG_SITE;;
- *) ac_site_file1=./$CONFIG_SITE;;
- esac
+ ac_site_files="$CONFIG_SITE"
elif test "x$prefix" != xNONE; then
- ac_site_file1=$prefix/share/config.site
- ac_site_file2=$prefix/etc/config.site
+ ac_site_files="$prefix/share/config.site $prefix/etc/config.site"
else
- ac_site_file1=$ac_default_prefix/share/config.site
- ac_site_file2=$ac_default_prefix/etc/config.site
+ ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
fi
-for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+
+for ac_site_file in $ac_site_files
do
- test "x$ac_site_file" = xNONE && continue
- if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
-$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ case $ac_site_file in #(
+ */*) :
+ ;; #(
+ *) :
+ ac_site_file=./$ac_site_file ;;
+esac
+ if test -f "$ac_site_file" && test -r "$ac_site_file"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;}
sed 's/^/| /' "$ac_site_file" >&5
. "$ac_site_file" \
- || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "failed to load site script $ac_site_file
See \`config.log' for more details" "$LINENO" 5; }
fi
@@ -2200,120 +2079,509 @@ if test -r "$cache_file"; then
# Some versions of bash will fail to source /dev/null (special files
# actually), so we avoid doing that. DJGPP emulates it as a regular file.
if test /dev/null != "$cache_file" && test -f "$cache_file"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
-$as_echo "$as_me: loading cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+printf "%s\n" "$as_me: loading cache $cache_file" >&6;}
case $cache_file in
[\\/]* | ?:[\\/]* ) . "$cache_file";;
*) . "./$cache_file";;
esac
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
-$as_echo "$as_me: creating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+printf "%s\n" "$as_me: creating cache $cache_file" >&6;}
>$cache_file
fi
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
-$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- # differences in whitespace do not lead to failure.
- ac_old_val_w=`echo x $ac_old_val`
- ac_new_val_w=`echo x $ac_new_val`
- if test "$ac_old_val_w" != "$ac_new_val_w"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
-$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- ac_cache_corrupted=:
- else
- { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
-$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
- eval $ac_var=\$ac_old_val
- fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
-$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
-$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) as_fn_append ac_configure_args " '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
- { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
-$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
-fi
-## -------------------- ##
-## Main body of script. ##
-## -------------------- ##
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+# Test code for whether the C compiler supports C89 (global declarations)
+ac_c_conftest_c89_globals='
+/* Does the compiler advertise C89 conformance?
+ Do not test the value of __STDC__, because some compilers set it to 0
+ while being otherwise adequately conformant. */
+#if !defined __STDC__
+# error "Compiler does not advertise C89 conformance"
+#endif
+#include <stddef.h>
+#include <stdarg.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */
+struct buf { int x; };
+struct buf * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not \xHH hex character constants.
+ These do not provoke an error unfortunately, instead are silently treated
+ as an "x". The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously \x00 != x always comes out true, for an
+ array size at least. It is necessary to write \x00 == 0 to get something
+ that is true only with -std. */
+int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1];
-am__api_version='1.15'
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) '\''x'\''
+int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1];
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int),
+ int, int);'
+
+# Test code for whether the C compiler supports C89 (body of main).
+ac_c_conftest_c89_main='
+ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
+'
+
+# Test code for whether the C compiler supports C99 (global declarations)
+ac_c_conftest_c99_globals='
+// Does the compiler advertise C99 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
+# error "Compiler does not advertise C99 conformance"
+#endif
+
+#include <stdbool.h>
+extern int puts (const char *);
+extern int printf (const char *, ...);
+extern int dprintf (int, const char *, ...);
+extern void *malloc (size_t);
+
+// Check varargs macros. These examples are taken from C99 6.10.3.5.
+// dprintf is used instead of fprintf to avoid needing to declare
+// FILE and stderr.
+#define debug(...) dprintf (2, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+ int x = 1234;
+ int y = 5678;
+ debug ("Flag");
+ debug ("X = %d\n", x);
+ showlist (The first, second, and third items.);
+ report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+ #error "your preprocessor is broken"
+#endif
+#if BIG_OK
+#else
+ #error "your preprocessor is broken"
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+ int datasize;
+ double data[];
+};
+
+struct named_init {
+ int number;
+ const wchar_t *name;
+ double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+ // See if C++-style comments work.
+ // Iterate through items via the restricted pointer.
+ // Also check for declarations in for loops.
+ for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
+ continue;
+ return 0;
+}
+
+// Check varargs and va_copy.
+static bool
+test_varargs (const char *format, ...)
+{
+ va_list args;
+ va_start (args, format);
+ va_list args_copy;
+ va_copy (args_copy, args);
+
+ const char *str = "";
+ int number = 0;
+ float fnumber = 0;
+
+ while (*format)
+ {
+ switch (*format++)
+ {
+ case '\''s'\'': // string
+ str = va_arg (args_copy, const char *);
+ break;
+ case '\''d'\'': // int
+ number = va_arg (args_copy, int);
+ break;
+ case '\''f'\'': // float
+ fnumber = va_arg (args_copy, double);
+ break;
+ default:
+ break;
+ }
+ }
+ va_end (args_copy);
+ va_end (args);
+
+ return *str && number && fnumber;
+}
+'
+
+# Test code for whether the C compiler supports C99 (body of main).
+ac_c_conftest_c99_main='
+ // Check bool.
+ _Bool success = false;
+ success |= (argc != 0);
+
+ // Check restrict.
+ if (test_restrict ("String literal") == 0)
+ success = true;
+ char *restrict newvar = "Another string";
+
+ // Check varargs.
+ success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234);
+ test_varargs_macros ();
+
+ // Check flexible array members.
+ struct incomplete_array *ia =
+ malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+ ia->datasize = 10;
+ for (int i = 0; i < ia->datasize; ++i)
+ ia->data[i] = i * 1.234;
+
+ // Check named initializers.
+ struct named_init ni = {
+ .number = 34,
+ .name = L"Test wide string",
+ .average = 543.34343,
+ };
+
+ ni.number = 58;
+
+ int dynamic_array[ni.number];
+ dynamic_array[0] = argv[0][0];
+ dynamic_array[ni.number - 1] = 543;
+
+ // work around unused variable warnings
+ ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\''
+ || dynamic_array[ni.number - 1] != 543);
+'
+
+# Test code for whether the C compiler supports C11 (global declarations)
+ac_c_conftest_c11_globals='
+// Does the compiler advertise C11 conformance?
+#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
+# error "Compiler does not advertise C11 conformance"
+#endif
+
+// Check _Alignas.
+char _Alignas (double) aligned_as_double;
+char _Alignas (0) no_special_alignment;
+extern char aligned_as_int;
+char _Alignas (0) _Alignas (int) aligned_as_int;
+
+// Check _Alignof.
+enum
+{
+ int_alignment = _Alignof (int),
+ int_array_alignment = _Alignof (int[100]),
+ char_alignment = _Alignof (char)
+};
+_Static_assert (0 < -_Alignof (int), "_Alignof is signed");
+
+// Check _Noreturn.
+int _Noreturn does_not_return (void) { for (;;) continue; }
+
+// Check _Static_assert.
+struct test_static_assert
+{
+ int x;
+ _Static_assert (sizeof (int) <= sizeof (long int),
+ "_Static_assert does not work in struct");
+ long int y;
+};
+
+// Check UTF-8 literals.
+#define u8 syntax error!
+char const utf8_literal[] = u8"happens to be ASCII" "another string";
+
+// Check duplicate typedefs.
+typedef long *long_ptr;
+typedef long int *long_ptr;
+typedef long_ptr long_ptr;
+
+// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1.
+struct anonymous
+{
+ union {
+ struct { int i; int j; };
+ struct { int k; long int l; } w;
+ };
+ int m;
+} v1;
+'
+
+# Test code for whether the C compiler supports C11 (body of main).
+ac_c_conftest_c11_main='
+ _Static_assert ((offsetof (struct anonymous, i)
+ == offsetof (struct anonymous, w.k)),
+ "Anonymous union alignment botch");
+ v1.i = 2;
+ v1.w.k = 5;
+ ok |= v1.i != 5;
+'
+
+# Test code for whether the C compiler supports C11 (complete).
+ac_c_conftest_c11_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+${ac_c_conftest_c11_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ ${ac_c_conftest_c11_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C99 (complete).
+ac_c_conftest_c99_program="${ac_c_conftest_c89_globals}
+${ac_c_conftest_c99_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ ${ac_c_conftest_c99_main}
+ return ok;
+}
+"
+
+# Test code for whether the C compiler supports C89 (complete).
+ac_c_conftest_c89_program="${ac_c_conftest_c89_globals}
+
+int
+main (int argc, char **argv)
+{
+ int ok = 0;
+ ${ac_c_conftest_c89_main}
+ return ok;
+}
+"
+
+as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H"
+as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H"
+as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H"
+as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H"
+as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H"
+as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H"
+as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H"
+as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H"
+as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H"
+
+# Auxiliary files required by this configure script.
+ac_aux_files="config.guess config.sub ltmain.sh compile missing install-sh"
+
+# Locations in which to look for auxiliary files.
+ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.."
+
+# Search for a directory containing all of the required auxiliary files,
+# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates.
+# If we don't find one directory that contains all the files we need,
+# we report the set of missing files from the *first* directory in
+# $ac_aux_dir_candidates and give up.
+ac_missing_aux_files=""
+ac_first_candidate=:
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in $ac_aux_dir_candidates
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ as_found=:
+
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5
+ ac_aux_dir_found=yes
+ ac_install_sh=
+ for ac_aux in $ac_aux_files
+ do
+ # As a special case, if "install-sh" is required, that requirement
+ # can be satisfied by any of "install-sh", "install.sh", or "shtool",
+ # and $ac_install_sh is set appropriately for whichever one is found.
+ if test x"$ac_aux" = x"install-sh"
+ then
+ if test -f "${as_dir}install-sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5
+ ac_install_sh="${as_dir}install-sh -c"
+ elif test -f "${as_dir}install.sh"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5
+ ac_install_sh="${as_dir}install.sh -c"
+ elif test -f "${as_dir}shtool"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5
+ ac_install_sh="${as_dir}shtool install -c"
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} install-sh"
+ else
+ break
+ fi
+ fi
+ else
+ if test -f "${as_dir}${ac_aux}"; then
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5
+ else
+ ac_aux_dir_found=no
+ if $ac_first_candidate; then
+ ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}"
+ else
+ break
+ fi
+ fi
+ fi
+ done
+ if test "$ac_aux_dir_found" = yes; then
+ ac_aux_dir="$as_dir"
break
fi
+ ac_first_candidate=false
+
+ as_found=false
done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+IFS=$as_save_IFS
+if $as_found
+then :
+
+else $as_nop
+ as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5
fi
+
# These three variables are undocumented and unsupported,
# and are intended to be withdrawn in a future Autoconf release.
# They can cause serious problems if a builder's source tree is in a directory
# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+if test -f "${ac_aux_dir}config.guess"; then
+ ac_config_guess="$SHELL ${ac_aux_dir}config.guess"
+fi
+if test -f "${ac_aux_dir}config.sub"; then
+ ac_config_sub="$SHELL ${ac_aux_dir}config.sub"
+fi
+if test -f "$ac_aux_dir/configure"; then
+ ac_configure="$SHELL ${ac_aux_dir}configure"
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file'
+ and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+am__api_version='1.16'
-# Find a good install program. We prefer a C program (faster),
+
+ # Find a good install program. We prefer a C program (faster),
# so one script is as good as another. But avoid the broken or
# incompatible versions:
# SysV /etc/install, /usr/sbin/install
@@ -2327,20 +2595,25 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# OS/2's system install, which has a completely different semantic
# ./install, which can be erroneously created by make from ./install.sh.
# Reject install programs that cannot install multiple files.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
-$as_echo_n "checking for a BSD-compatible install... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+printf %s "checking for a BSD-compatible install... " >&6; }
if test -z "$INSTALL"; then
-if ${ac_cv_path_install+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${ac_cv_path_install+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in #((
- ./ | .// | /[cC]/* | \
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ # Account for fact that we put trailing slashes in our PATH walk.
+case $as_dir in #((
+ ./ | /[cC]/* | \
/etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
/usr/ucb/* ) ;;
@@ -2350,13 +2623,13 @@ case $as_dir/ in #((
# by default.
for ac_prog in ginstall scoinst install; do
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then
if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# AIX install. It has an incompatible calling convention.
:
elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
# program-specific install script used by HP pwplus--don't use.
:
else
@@ -2364,12 +2637,12 @@ case $as_dir/ in #((
echo one > conftest.one
echo two > conftest.two
mkdir conftest.dir
- if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" &&
test -s conftest.one && test -s conftest.two &&
test -s conftest.dir/conftest.one &&
test -s conftest.dir/conftest.two
then
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c"
break 3
fi
fi
@@ -2385,7 +2658,7 @@ IFS=$as_save_IFS
rm -rf conftest.one conftest.two conftest.dir
fi
- if test "${ac_cv_path_install+set}" = set; then
+ if test ${ac_cv_path_install+y}; then
INSTALL=$ac_cv_path_install
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2395,8 +2668,8 @@ fi
INSTALL=$ac_install_sh
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
-$as_echo "$INSTALL" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+printf "%s\n" "$INSTALL" >&6; }
# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
# It thinks the first close brace ends the variable substitution.
@@ -2406,8 +2679,8 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
-$as_echo_n "checking whether build environment is sane... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+printf %s "checking whether build environment is sane... " >&6; }
# Reject unsafe characters in $srcdir or the absolute working directory
# name. Accept space and tab only in the latter.
am_lf='
@@ -2461,8 +2734,8 @@ else
as_fn_error $? "newly created file is older than distributed files!
Check your system clock" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
# If we didn't sleep, we still need to ensure time stamps of config.status and
# generated files are strictly newer.
am_sleep_pid=
@@ -2481,26 +2754,23 @@ test "$program_suffix" != NONE &&
# Double any \ or $.
# By default was `s,x,x', remove it if useless.
ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
-program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"`
+
# Expand $ac_aux_dir to an absolute path.
am_aux_dir=`cd "$ac_aux_dir" && pwd`
-if test x"${MISSING+set}" != xset; then
- case $am_aux_dir in
- *\ * | *\ *)
- MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
- *)
- MISSING="\${SHELL} $am_aux_dir/missing" ;;
- esac
+
+ if test x"${MISSING+set}" != xset; then
+ MISSING="\${SHELL} '$am_aux_dir/missing'"
fi
# Use eval to expand $SHELL
if eval "$MISSING --is-lightweight"; then
am_missing_run="$MISSING "
else
am_missing_run=
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
-$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
fi
if test x"${install_sh+set}" != xset; then
@@ -2520,11 +2790,12 @@ if test "$cross_compiling" != no; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -2532,11 +2803,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2547,11 +2822,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -2560,11 +2835,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -2572,11 +2848,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2587,11 +2867,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -2599,8 +2879,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -2612,25 +2892,31 @@ fi
fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
-$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5
+printf %s "checking for a race-free mkdir -p... " >&6; }
if test -z "$MKDIR_P"; then
- if ${ac_cv_path_mkdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${ac_cv_path_mkdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_prog in mkdir gmkdir; do
for ac_exec_ext in '' $ac_executable_extensions; do
- as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir (GNU coreutils) '* | \
- 'mkdir (coreutils) '* | \
+ as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue
+ case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir ('*'coreutils) '* | \
+ 'BusyBox '* | \
'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext
break 3;;
esac
done
@@ -2641,7 +2927,7 @@ IFS=$as_save_IFS
fi
test -d ./--version && rmdir ./--version
- if test "${ac_cv_path_mkdir+set}" = set; then
+ if test ${ac_cv_path_mkdir+y}; then
MKDIR_P="$ac_cv_path_mkdir -p"
else
# As a last resort, use the slow shell script. Don't cache a
@@ -2651,18 +2937,19 @@ fi
MKDIR_P="$ac_install_sh -d"
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
-$as_echo "$MKDIR_P" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+printf "%s\n" "$MKDIR_P" >&6; }
for ac_prog in gawk mawk nawk awk
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AWK+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AWK+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AWK"; then
ac_cv_prog_AWK="$AWK" # Let the user override the test.
else
@@ -2670,11 +2957,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AWK="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2685,24 +2976,25 @@ fi
fi
AWK=$ac_cv_prog_AWK
if test -n "$AWK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
-$as_echo "$AWK" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+printf "%s\n" "$AWK" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -n "$AWK" && break
done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
set x ${MAKE-make}
-ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval test \${ac_cv_prog_make_${ac_make}_set+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat >conftest.make <<\_ACEOF
SHELL = /bin/sh
all:
@@ -2718,12 +3010,12 @@ esac
rm -f conftest.make
fi
if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
SET_MAKE=
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
SET_MAKE="MAKE=${MAKE-make}"
fi
@@ -2737,7 +3029,8 @@ fi
rmdir .tst 2>/dev/null
# Check whether --enable-silent-rules was given.
-if test "${enable_silent_rules+set}" = set; then :
+if test ${enable_silent_rules+y}
+then :
enableval=$enable_silent_rules;
fi
@@ -2747,12 +3040,13 @@ case $enable_silent_rules in # (((
*) AM_DEFAULT_VERBOSITY=1;;
esac
am_make=${MAKE-make}
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
-$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
-if ${am_cv_make_support_nested_variables+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if $as_echo 'TRUE=$(BAR$(V))
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+printf %s "checking whether $am_make supports nested variables... " >&6; }
+if test ${am_cv_make_support_nested_variables+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if printf "%s\n" 'TRUE=$(BAR$(V))
BAR0=false
BAR1=true
V=1
@@ -2764,8 +3058,8 @@ else
am_cv_make_support_nested_variables=no
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
-$as_echo "$am_cv_make_support_nested_variables" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+printf "%s\n" "$am_cv_make_support_nested_variables" >&6; }
if test $am_cv_make_support_nested_variables = yes; then
AM_V='$(V)'
AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
@@ -2798,17 +3092,13 @@ fi
# Define the identity of the package.
PACKAGE=libapparmor1
- VERSION=2.13.6
+ VERSION=3.0.8
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE "$PACKAGE"
-_ACEOF
+printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define VERSION "$VERSION"
-_ACEOF
+printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h
# Some tools Automake needs.
@@ -2828,8 +3118,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
# For better backward compatibility. To be removed once Automake 1.9.x
# dies out for good. For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
mkdir_p='$(MKDIR_P)'
# We need awk for the "check" target (and possibly the TAP driver). The
@@ -2848,6 +3138,20 @@ am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+# Variables for tags utilities; see am/tags.am
+if test -z "$CTAGS"; then
+ CTAGS=ctags
+fi
+
+if test -z "$ETAGS"; then
+ ETAGS=etags
+fi
+
+if test -z "$CSCOPE"; then
+ CSCOPE=cscope
+fi
+
+
# POSIX will say in a future version that running "rm -f" with no argument
# is OK; and we want to be able to make that assumption in our Makefile
@@ -2880,7 +3184,7 @@ END
Aborting the configuration process, to ensure you take notice of the issue.
You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.
If you want to complete the configuration process using your problematic
'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -2892,52 +3196,62 @@ END
fi
+
+
+
+
+
+
+
+
+
DEPDIR="${am__leading_dot}deps"
ac_config_commands="$ac_config_commands depfiles"
-
-am_make=${MAKE-make}
-cat > confinc << 'END'
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5
+printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; }
+cat > confinc.mk << 'END'
am__doit:
- @echo this is the am__doit target
+ @echo this is the am__doit target >confinc.out
.PHONY: am__doit
END
-# If we don't find an include directive, just comment out the code.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
-$as_echo_n "checking for style of include used by $am_make... " >&6; }
am__include="#"
am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
- am__include=include
- am__quote=
- _am_result=GNU
- ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
- echo '.include "confinc"' > confmf
- case `$am_make -s -f confmf 2> /dev/null` in #(
- *the\ am__doit\ target*)
- am__include=.include
- am__quote="\""
- _am_result=BSD
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+ { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5
+ (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ case $?:`cat confinc.out 2>/dev/null` in #(
+ '0:this is the am__doit target') :
+ case $s in #(
+ BSD) :
+ am__include='.include' am__quote='"' ;; #(
+ *) :
+ am__include='include' am__quote='' ;;
+esac ;; #(
+ *) :
;;
- esac
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
-$as_echo "$_am_result" >&6; }
-rm -f confinc confmf
+esac
+ if test "$am__include" != "#"; then
+ _am_result="yes ($s style)"
+ break
+ fi
+done
+rm -f confinc.* confmf.*
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5
+printf "%s\n" "${_am_result}" >&6; }
# Check whether --enable-dependency-tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then :
+if test ${enable_dependency_tracking+y}
+then :
enableval=$enable_dependency_tracking;
fi
@@ -2963,11 +3277,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -2975,11 +3290,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -2990,11 +3309,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3003,11 +3322,12 @@ if test -z "$ac_cv_prog_CC"; then
ac_ct_CC=$CC
# Extract the first word of "gcc", so it can be a program name with args.
set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3015,11 +3335,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="gcc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3030,11 +3354,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_CC" = x; then
@@ -3042,8 +3366,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3056,11 +3380,12 @@ if test -z "$CC"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3068,11 +3393,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="${ac_tool_prefix}cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3083,11 +3412,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3096,11 +3425,12 @@ fi
if test -z "$CC"; then
# Extract the first word of "cc", so it can be a program name with args.
set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3109,15 +3439,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
ac_prog_rejected=yes
continue
fi
ac_cv_prog_CC="cc"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3133,18 +3467,18 @@ if test $ac_prog_rejected = yes; then
# However, it has the same basename, so the bogon will be chosen
# first if we set CC to just the basename; use the full file name.
shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@"
fi
fi
fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3155,11 +3489,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$CC"; then
ac_cv_prog_CC="$CC" # Let the user override the test.
else
@@ -3167,11 +3502,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3182,11 +3521,11 @@ fi
fi
CC=$ac_cv_prog_CC
if test -n "$CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3199,11 +3538,12 @@ if test -z "$CC"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_CC"; then
ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
@@ -3211,11 +3551,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_CC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3226,11 +3570,11 @@ fi
fi
ac_ct_CC=$ac_cv_prog_ac_ct_CC
if test -n "$ac_ct_CC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3242,8 +3586,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
CC=$ac_ct_CC
@@ -3251,25 +3595,129 @@ esac
fi
fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args.
+set dummy ${ac_tool_prefix}clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+printf "%s\n" "$CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
-test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "clang", so it can be a program name with args.
+set dummy clang; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_CC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="clang"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+printf "%s\n" "$ac_ct_CC" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+fi
+
+
+test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "no acceptable C compiler found in \$PATH
See \`config.log' for more details" "$LINENO" 5; }
# Provide some information about the compiler.
-$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
set X $ac_compile
ac_compiler=$2
-for ac_option in --version -v -V -qversion; do
+for ac_option in --version -v -V -qversion -version; do
{ { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
if test -s conftest.err; then
@@ -3279,7 +3727,7 @@ $as_echo "$ac_try_echo"; } >&5
cat conftest.er1 >&5
fi
rm -f conftest.er1 conftest.err
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
done
@@ -3287,7 +3735,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3299,9 +3747,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
# Try to create an executable without -o first, disregard a.out.
# It will help us diagnose broken compilers, and finding out an intuition
# of exeext.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
-$as_echo_n "checking whether the C compiler works... " >&6; }
-ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+printf %s "checking whether the C compiler works... " >&6; }
+ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
# The possible output files:
ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
@@ -3322,11 +3770,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link_default") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
# in a Makefile. We should not override ac_cv_exeext if it was cached,
@@ -3343,7 +3792,7 @@ do
# certainly right.
break;;
*.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no;
then :; else
ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
fi
@@ -3359,44 +3808,46 @@ do
done
test "$ac_cv_exeext" = no && ac_cv_exeext=
-else
+else $as_nop
ac_file=''
fi
-if test -z "$ac_file"; then :
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-$as_echo "$as_me: failed program was:" >&5
+if test -z "$ac_file"
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error 77 "C compiler cannot create executables
See \`config.log' for more details" "$LINENO" 5; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
-$as_echo_n "checking for C compiler default output file name... " >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
-$as_echo "$ac_file" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+printf %s "checking for C compiler default output file name... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+printf "%s\n" "$ac_file" >&6; }
ac_exeext=$ac_cv_exeext
rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
-$as_echo_n "checking for suffix of executables... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+printf %s "checking for suffix of executables... " >&6; }
if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
# If both `conftest.exe' and `conftest' are `present' (well, observable)
# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
# work properly (i.e., refer to `conftest.exe'), while it won't with
@@ -3410,15 +3861,15 @@ for ac_file in conftest.exe conftest conftest.*; do
* ) break;;
esac
done
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+else $as_nop
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of executables: cannot compile and link
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest conftest$ac_cv_exeext
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
-$as_echo "$ac_cv_exeext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+printf "%s\n" "$ac_cv_exeext" >&6; }
rm -f conftest.$ac_ext
EXEEXT=$ac_cv_exeext
@@ -3427,7 +3878,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdio.h>
int
-main ()
+main (void)
{
FILE *f = fopen ("conftest.out", "w");
return ferror (f) || fclose (f) != 0;
@@ -3439,8 +3890,8 @@ _ACEOF
ac_clean_files="$ac_clean_files conftest.out"
# Check that the compiler produces executables we can run. If not, either
# the compiler is broken, or we cross compile.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
-$as_echo_n "checking whether we are cross compiling... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+printf %s "checking whether we are cross compiling... " >&6; }
if test "$cross_compiling" != yes; then
{ { ac_try="$ac_link"
case "(($ac_try" in
@@ -3448,10 +3899,10 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_link") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if { ac_try='./conftest$ac_cv_exeext'
{ { case "(($ac_try" in
@@ -3459,39 +3910,40 @@ $as_echo "$ac_try_echo"; } >&5
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_try") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; }; then
cross_compiling=no
else
if test "$cross_compiling" = maybe; then
cross_compiling=yes
else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "cannot run C compiled programs.
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot run C compiled programs.
If you meant to cross compile, use \`--host'.
See \`config.log' for more details" "$LINENO" 5; }
fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
-$as_echo "$cross_compiling" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+printf "%s\n" "$cross_compiling" >&6; }
rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
ac_clean_files=$ac_clean_files_save
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
-$as_echo_n "checking for suffix of object files... " >&6; }
-if ${ac_cv_objext+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+printf %s "checking for suffix of object files... " >&6; }
+if test ${ac_cv_objext+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3505,11 +3957,12 @@ case "(($ac_try" in
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$ac_compile") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then :
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+then :
for ac_file in conftest.o conftest.obj conftest.*; do
test -f "$ac_file" || continue;
case $ac_file in
@@ -3518,31 +3971,32 @@ $as_echo "$ac_try_echo"; } >&5
break;;
esac
done
-else
- $as_echo "$as_me: failed program was:" >&5
+else $as_nop
+ printf "%s\n" "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
-{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot compute suffix of object files: cannot compile
See \`config.log' for more details" "$LINENO" 5; }
fi
rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
-$as_echo "$ac_cv_objext" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+printf "%s\n" "$ac_cv_objext" >&6; }
OBJEXT=$ac_cv_objext
ac_objext=$OBJEXT
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
-$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
-if ${ac_cv_c_compiler_gnu+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5
+printf %s "checking whether the compiler supports GNU C... " >&6; }
+if test ${ac_cv_c_compiler_gnu+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __GNUC__
choke me
@@ -3552,29 +4006,33 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_compiler_gnu=yes
-else
+else $as_nop
ac_compiler_gnu=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_cv_c_compiler_gnu=$ac_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
-$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; }
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
if test $ac_compiler_gnu = yes; then
GCC=yes
else
GCC=
fi
-ac_test_CFLAGS=${CFLAGS+set}
+ac_test_CFLAGS=${CFLAGS+y}
ac_save_CFLAGS=$CFLAGS
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
-$as_echo_n "checking whether $CC accepts -g... " >&6; }
-if ${ac_cv_prog_cc_g+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+printf %s "checking whether $CC accepts -g... " >&6; }
+if test ${ac_cv_prog_cc_g+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_save_c_werror_flag=$ac_c_werror_flag
ac_c_werror_flag=yes
ac_cv_prog_cc_g=no
@@ -3583,159 +4041,212 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
-else
+else $as_nop
CFLAGS=""
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
-else
+else $as_nop
ac_c_werror_flag=$ac_save_c_werror_flag
CFLAGS="-g"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_g=yes
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
ac_c_werror_flag=$ac_save_c_werror_flag
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
-$as_echo "$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+printf "%s\n" "$ac_cv_prog_cc_g" >&6; }
+if test $ac_test_CFLAGS; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+ac_prog_cc_stdc=no
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5
+printf %s "checking for $CC option to enable C11 features... " >&6; }
+if test ${ac_cv_prog_cc_c11+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c11=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c11_program
+_ACEOF
+for ac_arg in '' -std=gnu11
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c11=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c11" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+fi
+
+if test "x$ac_cv_prog_cc_c11" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c11" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5
+printf "%s\n" "$ac_cv_prog_cc_c11" >&6; }
+ CC="$CC $ac_cv_prog_cc_c11"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11
+ ac_prog_cc_stdc=c11
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5
+printf %s "checking for $CC option to enable C99 features... " >&6; }
+if test ${ac_cv_prog_cc_c99+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_c_conftest_c99_program
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99=
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"
+then :
+ ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+ test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
-$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
-if ${ac_cv_prog_cc_c89+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+if test "x$ac_cv_prog_cc_c99" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c99" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+printf "%s\n" "$ac_cv_prog_cc_c99" >&6; }
+ CC="$CC $ac_cv_prog_cc_c99"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99
+ ac_prog_cc_stdc=c99
+fi
+fi
+if test x$ac_prog_cc_stdc = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5
+printf %s "checking for $CC option to enable C89 features... " >&6; }
+if test ${ac_cv_prog_cc_c89+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_cv_prog_cc_c89=no
ac_save_CC=$CC
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-struct stat;
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
+$ac_c_conftest_c89_program
_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
do
CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
+ if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_cc_c89=$ac_arg
fi
-rm -f core conftest.err conftest.$ac_objext
+rm -f core conftest.err conftest.$ac_objext conftest.beam
test "x$ac_cv_prog_cc_c89" != "xno" && break
done
rm -f conftest.$ac_ext
CC=$ac_save_CC
-
fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
-$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c89" != xno; then :
+if test "x$ac_cv_prog_cc_c89" = xno
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+printf "%s\n" "unsupported" >&6; }
+else $as_nop
+ if test "x$ac_cv_prog_cc_c89" = x
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+printf "%s\n" "none needed" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+printf "%s\n" "$ac_cv_prog_cc_c89" >&6; }
+ CC="$CC $ac_cv_prog_cc_c89"
+fi
+ ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89
+ ac_prog_cc_stdc=c89
+fi
fi
ac_ext=c
@@ -3744,21 +4255,23 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-ac_ext=c
+
+ ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
-$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
-if ${am_cv_prog_cc_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+printf %s "checking whether $CC understands -c and -o together... " >&6; }
+if test ${am_cv_prog_cc_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
@@ -3786,8 +4299,8 @@ _ACEOF
rm -f core conftest*
unset am_i
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
-$as_echo "$am_cv_prog_cc_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+printf "%s\n" "$am_cv_prog_cc_c_o" >&6; }
if test "$am_cv_prog_cc_c_o" != yes; then
# Losing compiler, so override with the script.
# FIXME: It is wrong to rewrite CC.
@@ -3805,11 +4318,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
depcc="$CC" am_compiler_list=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
-$as_echo_n "checking dependency style of $depcc... " >&6; }
-if ${am_cv_CC_dependencies_compiler_type+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+printf %s "checking dependency style of $depcc... " >&6; }
+if test ${am_cv_CC_dependencies_compiler_type+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
# We make a subdir and do the tests there. Otherwise we can end up
# making bogus files that we don't know about and never remove. For
@@ -3916,8 +4430,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
-$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; }
CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
if
@@ -3936,11 +4450,12 @@ for ac_prog in flex lex
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LEX+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LEX+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LEX"; then
ac_cv_prog_LEX="$LEX" # Let the user override the test.
else
@@ -3948,11 +4463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LEX="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -3963,11 +4482,11 @@ fi
fi
LEX=$ac_cv_prog_LEX
if test -n "$LEX"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
-$as_echo "$LEX" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5
+printf "%s\n" "$LEX" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -3975,15 +4494,26 @@ fi
done
test -n "$LEX" || LEX=":"
-if test "x$LEX" != "x:"; then
- cat >conftest.l <<_ACEOF
+ if test "x$LEX" != "x:"; then
+ cat >conftest.l <<_ACEOF
+%{
+#ifdef __cplusplus
+extern "C"
+#endif
+int yywrap(void);
+%}
%%
a { ECHO; }
b { REJECT; }
c { yymore (); }
d { yyless (1); }
e { /* IRIX 6.5 flex 2.5.4 underquotes its yyless argument. */
- yyless ((input () != 0)); }
+#ifdef __cplusplus
+ yyless ((yyinput () != 0));
+#else
+ yyless ((input () != 0));
+#endif
+ }
f { unput (yytext[0]); }
. { BEGIN INITIAL; }
%%
@@ -3991,101 +4521,205 @@ f { unput (yytext[0]); }
extern char *yytext;
#endif
int
+yywrap (void)
+{
+ return 1;
+}
+int
main (void)
{
- return ! yylex () + ! yywrap ();
+ return ! yylex ();
}
_ACEOF
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex output file root" >&5
+printf %s "checking for lex output file root... " >&6; }
+if test ${ac_cv_prog_lex_root+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ac_cv_prog_lex_root=unknown
{ { ac_try="$LEX conftest.l"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
-$as_echo "$ac_try_echo"; } >&5
+printf "%s\n" "$ac_try_echo"; } >&5
(eval "$LEX conftest.l") 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5
-$as_echo_n "checking lex output file root... " >&6; }
-if ${ac_cv_prog_lex_root+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } &&
if test -f lex.yy.c; then
ac_cv_prog_lex_root=lex.yy
elif test -f lexyy.c; then
ac_cv_prog_lex_root=lexyy
-else
- as_fn_error $? "cannot find output from $LEX; giving up" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
-$as_echo "$ac_cv_prog_lex_root" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5
+printf "%s\n" "$ac_cv_prog_lex_root" >&6; }
+if test "$ac_cv_prog_lex_root" = unknown
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cannot find output from $LEX; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: cannot find output from $LEX; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+fi
LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root
-if test -z "${LEXLIB+set}"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5
-$as_echo_n "checking lex library... " >&6; }
-if ${ac_cv_lib_lex+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${LEXLIB+y}
+then :
+
+else $as_nop
+
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for lex library" >&5
+printf %s "checking for lex library... " >&6; }
+if test ${ac_cv_lib_lex+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ ac_save_LIBS="$LIBS"
+ ac_found=false
+ for ac_cv_lib_lex in 'none needed' -lfl -ll 'not found'; do
+ case $ac_cv_lib_lex in #(
+ 'none needed') :
+ ;; #(
+ 'not found') :
+ break ;; #(
+ *) :
+ LIBS="$ac_cv_lib_lex $ac_save_LIBS" ;; #(
+ *) :
+ ;;
+esac
- ac_save_LIBS=$LIBS
- ac_cv_lib_lex='none needed'
- for ac_lib in '' -lfl -ll; do
- LIBS="$ac_lib $ac_save_LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_lex=$ac_lib
+if ac_fn_c_try_link "$LINENO"
+then :
+ ac_found=:
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- test "$ac_cv_lib_lex" != 'none needed' && break
+ if $ac_found; then
+ break
+ fi
done
- LIBS=$ac_save_LIBS
+ LIBS="$ac_save_LIBS"
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
+printf "%s\n" "$ac_cv_lib_lex" >&6; }
+ if test "$ac_cv_lib_lex" = 'not found'
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: required lex library not found; giving up on $LEX" >&5
+printf "%s\n" "$as_me: WARNING: required lex library not found; giving up on $LEX" >&2;}
+ LEX=: LEXLIB=
+elif test "$ac_cv_lib_lex" = 'none needed'
+then :
+ LEXLIB=''
+else $as_nop
+ LEXLIB=$ac_cv_lib_lex
+fi
+ ac_save_LIBS="$LIBS"
+ LIBS=
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yywrap" >&5
+printf %s "checking for library containing yywrap... " >&6; }
+if test ${ac_cv_search_yywrap+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+char yywrap ();
+int
+main (void)
+{
+return yywrap ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' fl l
+do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"
+then :
+ ac_cv_search_yywrap=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+ conftest$ac_exeext
+ if test ${ac_cv_search_yywrap+y}
+then :
+ break
+fi
+done
+if test ${ac_cv_search_yywrap+y}
+then :
+else $as_nop
+ ac_cv_search_yywrap=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yywrap" >&5
+printf "%s\n" "$ac_cv_search_yywrap" >&6; }
+ac_res=$ac_cv_search_yywrap
+if test "$ac_res" != no
+then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+ LEXLIB="$LIBS"
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5
-$as_echo "$ac_cv_lib_lex" >&6; }
- test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex
+
+ LIBS="$ac_save_LIBS"
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
-$as_echo_n "checking whether yytext is a pointer... " >&6; }
-if ${ac_cv_prog_lex_yytext_pointer+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test "$LEX" != :
+then :
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5
+printf %s "checking whether yytext is a pointer... " >&6; }
+if test ${ac_cv_prog_lex_yytext_pointer+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# POSIX says lex can declare yytext either as a pointer or an array; the
# default is implementation-dependent. Figure out which it is, since
# not all implementations provide the %pointer and %array declarations.
ac_cv_prog_lex_yytext_pointer=no
-ac_save_LIBS=$LIBS
-LIBS="$LEXLIB $ac_save_LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#define YYTEXT_POINTER 1
`cat $LEX_OUTPUT_ROOT.c`
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_prog_lex_yytext_pointer=yes
fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_save_LIBS
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
-$as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5
+printf "%s\n" "$ac_cv_prog_lex_yytext_pointer" >&6; }
if test $ac_cv_prog_lex_yytext_pointer = yes; then
-$as_echo "#define YYTEXT_POINTER 1" >>confdefs.h
+printf "%s\n" "#define YYTEXT_POINTER 1" >>confdefs.h
+
+fi
fi
rm -f conftest.l $LEX_OUTPUT_ROOT.c
@@ -4098,11 +4732,12 @@ for ac_prog in 'bison -y' byacc
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_YACC+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_YACC+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$YACC"; then
ac_cv_prog_YACC="$YACC" # Let the user override the test.
else
@@ -4110,11 +4745,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_YACC="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4125,11 +4764,11 @@ fi
fi
YACC=$ac_cv_prog_YACC
if test -n "$YACC"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
-$as_echo "$YACC" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5
+printf "%s\n" "$YACC" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4137,11 +4776,12 @@ fi
done
test -n "$YACC" || YACC="yacc"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -4155,10 +4795,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -4167,13 +4812,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -4201,8 +4846,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -4217,11 +4862,12 @@ if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
@@ -4231,11 +4877,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4247,11 +4897,11 @@ esac
fi
PKG_CONFIG=$ac_cv_path_PKG_CONFIG
if test -n "$PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+printf "%s\n" "$PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4260,11 +4910,12 @@ if test -z "$ac_cv_path_PKG_CONFIG"; then
ac_pt_PKG_CONFIG=$PKG_CONFIG
# Extract the first word of "pkg-config", so it can be a program name with args.
set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PKG_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $ac_pt_PKG_CONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
@@ -4274,11 +4925,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4290,11 +4945,11 @@ esac
fi
ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
if test -n "$ac_pt_PKG_CONFIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_pt_PKG_CONFIG" = x; then
@@ -4302,8 +4957,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
PKG_CONFIG=$ac_pt_PKG_CONFIG
@@ -4315,25 +4970,26 @@ fi
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=0.9.0
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
-$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+printf %s "checking pkg-config is at least version $_pkg_min_version... " >&6; }
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
PKG_CONFIG=""
fi
fi
# Extract the first word of "swig", so it can be a program name with args.
set dummy swig; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_SWIG+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_SWIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $SWIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_SWIG="$SWIG" # Let the user override the test with a path.
@@ -4343,11 +4999,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_SWIG="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_SWIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4359,43 +5019,46 @@ esac
fi
SWIG=$ac_cv_path_SWIG
if test -n "$SWIG"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
-$as_echo "$SWIG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $SWIG" >&5
+printf "%s\n" "$SWIG" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
-$as_echo_n "checking whether the libapparmor debug output should be enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor debug output should be enabled" >&5
+printf %s "checking whether the libapparmor debug output should be enabled... " >&6; }
# Check whether --enable-debug_output was given.
-if test "${enable_debug_output+set}" = set; then :
- enableval=$enable_debug_output; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_debug_output+y}
+then :
+ enableval=$enable_debug_output; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_debug_output=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
-$as_echo "$enable_debug_output" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_debug_output" >&5
+printf "%s\n" "$enable_debug_output" >&6; }
fi
-if test "$enable_debug_output" = "yes"; then :
+if test "$enable_debug_output" = "yes"
+then :
-$as_echo "#define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
+printf "%s\n" "#define ENABLE_DEBUG_OUTPUT 1" >>confdefs.h
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
-$as_echo_n "checking whether the libapparmor man pages should be generated... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the libapparmor man pages should be generated" >&5
+printf %s "checking whether the libapparmor man pages should be generated... " >&6; }
# Check whether --enable-man_pages was given.
-if test "${enable_man_pages+set}" = set; then :
- enableval=$enable_man_pages; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
-$as_echo "$enableval" >&6; }
-else
+if test ${enable_man_pages+y}
+then :
+ enableval=$enable_man_pages; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enableval" >&5
+printf "%s\n" "$enableval" >&6; }
+else $as_nop
enable_man_pages=yes
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
-$as_echo "$enable_man_pages" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_man_pages" >&5
+printf "%s\n" "$enable_man_pages" >&6; }
fi
if test "$enable_man_pages" = "yes"; then
@@ -4404,11 +5067,12 @@ if test "$enable_man_pages" = "yes"; then
# Extract the first word of "podchecker", so it can be a program name with args.
set dummy podchecker; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_PODCHECKER+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_PODCHECKER+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$PODCHECKER"; then
ac_cv_prog_PODCHECKER="$PODCHECKER" # Let the user override the test.
else
@@ -4416,11 +5080,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_PODCHECKER="podchecker"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4432,11 +5100,11 @@ fi
fi
PODCHECKER=$ac_cv_prog_PODCHECKER
if test -n "$PODCHECKER"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
-$as_echo "$PODCHECKER" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PODCHECKER" >&5
+printf "%s\n" "$PODCHECKER" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4455,11 +5123,12 @@ Perl, which can be retrieved from:
# Extract the first word of "pod2man", so it can be a program name with args.
set dummy pod2man; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_POD2MAN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_POD2MAN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$POD2MAN"; then
ac_cv_prog_POD2MAN="$POD2MAN" # Let the user override the test.
else
@@ -4467,11 +5136,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_POD2MAN="pod2man"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4483,11 +5156,11 @@ fi
fi
POD2MAN=$ac_cv_prog_POD2MAN
if test -n "$POD2MAN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
-$as_echo "$POD2MAN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5
+printf "%s\n" "$POD2MAN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4502,27 +5175,29 @@ Perl, which can be retrieved from:
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
-$as_echo_n "checking whether python bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether python bindings are enabled" >&5
+printf %s "checking whether python bindings are enabled... " >&6; }
# Check whether --with-python was given.
-if test "${with_python+set}" = set; then :
- withval=$with_python; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_python+y}
+then :
+ withval=$with_python; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_python" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling python bindings" "$LINENO" 5
- # Extract the first word of "python", so it can be a program name with args.
-set dummy python; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ # Extract the first word of "python3", so it can be a program name with args.
+set dummy python3; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4532,11 +5207,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4548,11 +5227,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4567,11 +5246,12 @@ fi
# Extract the first word of "python[$PYTHON_VERSION]", so it can be a program name with args.
set dummy python$PYTHON_VERSION; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4581,11 +5261,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4597,11 +5281,11 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -4610,20 +5294,132 @@ fi
PYTHON_VERSION=""
fi
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy ${ac_tool_prefix}`basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PYTHON_CONFIG="$PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PYTHON_CONFIG=$ac_cv_path_PYTHON_CONFIG
+if test -n "$PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CONFIG" >&5
+printf "%s\n" "$PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PYTHON_CONFIG"; then
+ ac_pt_PYTHON_CONFIG=$PYTHON_CONFIG
+ # Extract the first word of "`basename [$PYTHON]-config`", so it can be a program name with args.
+set dummy `basename $PYTHON-config`; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_ac_pt_PYTHON_CONFIG+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ case $ac_pt_PYTHON_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$ac_pt_PYTHON_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_ac_pt_PYTHON_CONFIG="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PYTHON_CONFIG=$ac_cv_path_ac_pt_PYTHON_CONFIG
+if test -n "$ac_pt_PYTHON_CONFIG"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PYTHON_CONFIG" >&5
+printf "%s\n" "$ac_pt_PYTHON_CONFIG" >&6; }
+else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+ if test "x$ac_pt_PYTHON_CONFIG" = x; then
+ PYTHON_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PYTHON_CONFIG=$ac_pt_PYTHON_CONFIG
+ fi
+else
+ PYTHON_CONFIG="$ac_cv_path_PYTHON_CONFIG"
+fi
+
+ if test -z "$PYTHON_CONFIG"; then
+ as_fn_error $? "Cannot find python$PYTHON_VERSION-config in your system path" "$LINENO" 5
+ fi
+
#
# Check for a version of Python >= 2.1.0
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
-$as_echo_n "checking for a version of Python >= '2.1.0'... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python >= '2.1.0'" >&5
+printf %s "checking for a version of Python >= '2.1.0'... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write(str(ver >= '2.1.0'))"`
if test "$ac_supports_python_ver" != "True"; then
if test -z "$PYTHON_NOVERSIONCHECK"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "
This version of the AC_PYTHON_DEVEL macro
doesn't work properly with versions of Python before
@@ -4635,29 +5431,29 @@ to something else than an empty string.
See \`config.log' for more details" "$LINENO" 5; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
-$as_echo "skip at user request" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: skip at user request" >&5
+printf "%s\n" "skip at user request" >&6; }
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
fi
#
# if the macro parameter ``version'' is set, honour it
#
if test -n ""; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
-$as_echo_n "checking for a version of Python ... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a version of Python " >&5
+printf %s "checking for a version of Python ... " >&6; }
ac_supports_python_ver=`$PYTHON -c "import sys; \
ver = sys.version.split()[0]; \
sys.stdout.write("%s\n" % (ver == ))"`
if test "$ac_supports_python_ver" = "True"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
as_fn_error $? "this package requires Python .
If you have it installed, but it isn't the default Python
interpreter in your system path, please pass the PYTHON_VERSION
@@ -4668,56 +5464,56 @@ variable to configure. See \`\`configure --help'' for reference.
fi
#
- # Check if you have distutils, else fail
+ # Check if you have setuptools, else fail
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the distutils Python package" >&5
-$as_echo_n "checking for the distutils Python package... " >&6; }
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the setuptools Python package" >&5
+printf %s "checking for the setuptools Python package... " >&6; }
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- as_fn_error $? "cannot import Python module \"distutils\".
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "cannot import Python module \"setuptools\".
Please check your Python installation. The error was:
-$ac_distutils_result" "$LINENO" 5
+$ac_setuptools_result" "$LINENO" 5
PYTHON_VERSION=""
fi
#
# Check for Python include path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
-$as_echo_n "checking for Python include path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python include path" >&5
+printf %s "checking for Python include path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
fi
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
PYTHON_CPPFLAGS=$python_path
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
-$as_echo "$PYTHON_CPPFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_CPPFLAGS" >&5
+printf "%s\n" "$PYTHON_CPPFLAGS" >&6; }
#
# Check for Python library path
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
-$as_echo_n "checking for Python library path... " >&6; }
- if type $PYTHON-config; then
- PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python library path" >&5
+printf %s "checking for Python library path... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
fi
if test -z "$PYTHON_LDFLAGS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
- py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
if test "$py_version" == "None"; then
if test -n "$PYTHON_VERSION"; then
py_version=$PYTHON_VERSION
@@ -4727,60 +5523,68 @@ sys.stdout.write("%s\n" % sys.version[:3])"`
fi
fi
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
-$as_echo "$PYTHON_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_LDFLAGS" >&6; }
#
# Check for site packages
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
-$as_echo_n "checking for Python site-packages path... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for Python site-packages path" >&5
+printf %s "checking for Python site-packages path... " >&6; }
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
-$as_echo "$PYTHON_SITE_PKG" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_SITE_PKG" >&5
+printf "%s\n" "$PYTHON_SITE_PKG" >&6; }
#
# libraries which must be linked in when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
-$as_echo_n "checking python extra libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra libraries" >&5
+printf %s "checking python extra libraries... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
-$as_echo "$PYTHON_EXTRA_LIBS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LIBS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LIBS" >&6; }
#
# linking flags needed when embedding
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
-$as_echo_n "checking python extra linking flags... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking python extra linking flags" >&5
+printf %s "checking python extra linking flags... " >&6; }
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
-$as_echo "$PYTHON_EXTRA_LDFLAGS" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON_EXTRA_LDFLAGS" >&5
+printf "%s\n" "$PYTHON_EXTRA_LDFLAGS" >&6; }
#
# final check to see if everything compiles alright
#
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
-$as_echo_n "checking consistency of all components of python development environment... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking consistency of all components of python development environment" >&5
+printf %s "checking consistency of all components of python development environment... " >&6; }
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -4790,7 +5594,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@@ -4798,7 +5602,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
#include <Python.h>
int
-main ()
+main (void)
{
Py_Initialize();
@@ -4807,16 +5611,17 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
pythonexists=yes
-else
+else $as_nop
pythonexists=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
-$as_echo "$pythonexists" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pythonexists" >&5
+printf "%s\n" "$pythonexists" >&6; }
if test ! "$pythonexists" = "yes"; then
as_fn_error $? "
@@ -4852,17 +5657,78 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
- # Find any Python interpreter.
- if test -z "$PYTHON"; then
- for ac_prog in python python2 python3 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PYTHON+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test -n "$PYTHON"; then
+ # If the user set $PYTHON, use it and don't search something else.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.0" >&5
+printf %s "checking whether $PYTHON version is >= 3.0... " >&6; }
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5
+ ($PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+ as_fn_error $? "Python interpreter is too old" "$LINENO" 5
+fi
+ am_display_PYTHON=$PYTHON
+ else
+ # Otherwise, try each interpreter until we find one that satisfies
+ # VERSION.
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.0" >&5
+printf %s "checking for a Python interpreter with version >= 3.0... " >&6; }
+if test ${am_cv_pathless_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+
+ for am_cv_pathless_PYTHON in python python2 python3 python3.11 python3.10 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do
+ test "$am_cv_pathless_PYTHON" = none && break
+ prog="import sys
+# split strings by '.' and convert to numeric. Append some zeros
+# because we need at least 4 digits for the hex conversion.
+# map returns an iterator in Python 3.0 and a list in 2.x
+minver = list(map(int, '3.0'.split('.'))) + [0, 0, 0]
+minverhex = 0
+# xrange is not present in Python 3.0 and range returns an iterator
+for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i]
+sys.exit(sys.hexversion < minverhex)"
+ if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5
+ ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+then :
+ break
+fi
+ done
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5
+printf "%s\n" "$am_cv_pathless_PYTHON" >&6; }
+ # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON.
+ if test "$am_cv_pathless_PYTHON" = none; then
+ PYTHON=:
+ else
+ # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args.
+set dummy $am_cv_pathless_PYTHON; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PYTHON+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PYTHON in
[\\/]* | ?:[\\/]*)
ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path.
@@ -4872,11 +5738,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PYTHON="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -4888,59 +5758,186 @@ esac
fi
PYTHON=$ac_cv_path_PYTHON
if test -n "$PYTHON"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
-$as_echo "$PYTHON" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5
+printf "%s\n" "$PYTHON" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
- test -n "$PYTHON" && break
-done
-test -n "$PYTHON" || PYTHON=":"
-
+ fi
+ am_display_PYTHON=$am_cv_pathless_PYTHON
fi
- am_display_PYTHON=python
if test "$PYTHON" = :; then
- as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
+ as_fn_error $? "no suitable Python interpreter found" "$LINENO" 5
else
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
-$as_echo_n "checking for $am_display_PYTHON version... " >&6; }
-if ${am_cv_python_version+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"`
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5
+printf %s "checking for $am_display_PYTHON version... " >&6; }
+if test ${am_cv_python_version+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_version=`$PYTHON -c "import sys; print ('%u.%u' % sys.version_info[:2])"`
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
-$as_echo "$am_cv_python_version" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5
+printf "%s\n" "$am_cv_python_version" >&6; }
PYTHON_VERSION=$am_cv_python_version
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
+printf %s "checking for $am_display_PYTHON platform... " >&6; }
+if test ${am_cv_python_platform+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
+printf "%s\n" "$am_cv_python_platform" >&6; }
+ PYTHON_PLATFORM=$am_cv_python_platform
- PYTHON_PREFIX='${prefix}'
-
- PYTHON_EXEC_PREFIX='${exec_prefix}'
+ if test "x$prefix" = xNONE; then
+ am__usable_prefix=$ac_default_prefix
+ else
+ am__usable_prefix=$prefix
+ fi
+ # Allow user to request using sys.* values from Python,
+ # instead of the GNU $prefix values.
+
+# Check whether --with-python-sys-prefix was given.
+if test ${with_python_sys_prefix+y}
+then :
+ withval=$with_python_sys_prefix; am_use_python_sys=:
+else $as_nop
+ am_use_python_sys=false
+fi
+
+
+ # Allow user to override whatever the default Python prefix is.
+
+# Check whether --with-python_prefix was given.
+if test ${with_python_prefix+y}
+then :
+ withval=$with_python_prefix; am_python_prefix_subst=$withval
+ am_cv_python_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+else $as_nop
+
+ if $am_use_python_sys; then
+ # using python sys.prefix value, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON prefix" >&5
+printf %s "checking for python default $am_display_PYTHON prefix... " >&6; }
+if test ${am_cv_python_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_prefix" >&5
+printf "%s\n" "$am_cv_python_prefix" >&6; }
+
+ case $am_cv_python_prefix in
+ $am__usable_prefix*)
+ am__strip_prefix=`echo "$am__usable_prefix" | sed 's|.|.|g'`
+ am_python_prefix_subst=`echo "$am_cv_python_prefix" | sed "s,^$am__strip_prefix,\\${prefix},"`
+ ;;
+ *)
+ am_python_prefix_subst=$am_cv_python_prefix
+ ;;
+ esac
+ else # using GNU prefix value, not python sys.prefix
+ am_python_prefix_subst='${prefix}'
+ am_python_prefix=$am_python_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_prefix" >&5
+printf "%s\n" "$am_python_prefix" >&6; }
+ fi
+fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5
-$as_echo_n "checking for $am_display_PYTHON platform... " >&6; }
-if ${am_cv_python_platform+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`
+ # Substituting python_prefix_subst value.
+ PYTHON_PREFIX=$am_python_prefix_subst
+
+
+ # emacs-page Now do it all over again for Python exec_prefix, but with yet
+ # another conditional: fall back to regular prefix if that was specified.
+
+# Check whether --with-python_exec_prefix was given.
+if test ${with_python_exec_prefix+y}
+then :
+ withval=$with_python_exec_prefix; am_python_exec_prefix_subst=$withval
+ am_cv_python_exec_prefix=$withval
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for explicit $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for explicit $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # no explicit --with-python_exec_prefix, but if
+ # --with-python_prefix was given, use its value for python_exec_prefix too.
+ if test -n "$with_python_prefix"
+then :
+ am_python_exec_prefix_subst=$with_python_prefix
+ am_cv_python_exec_prefix=$with_python_prefix
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python_prefix-given $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python_prefix-given $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+else $as_nop
+
+ # Set am__usable_exec_prefix whether using GNU or Python values,
+ # since we use that variable for pyexecdir.
+ if test "x$exec_prefix" = xNONE; then
+ am__usable_exec_prefix=$am__usable_prefix
+ else
+ am__usable_exec_prefix=$exec_prefix
+ fi
+ #
+ if $am_use_python_sys; then # using python sys.exec_prefix, not GNU
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for python default $am_display_PYTHON exec_prefix... " >&6; }
+if test ${am_cv_python_exec_prefix+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ am_cv_python_exec_prefix=`$PYTHON -c "import sys; sys.stdout.write(sys.exec_prefix)"`
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_exec_prefix" >&5
+printf "%s\n" "$am_cv_python_exec_prefix" >&6; }
+ case $am_cv_python_exec_prefix in
+ $am__usable_exec_prefix*)
+ am__strip_prefix=`echo "$am__usable_exec_prefix" | sed 's|.|.|g'`
+ am_python_exec_prefix_subst=`echo "$am_cv_python_exec_prefix" | sed "s,^$am__strip_prefix,\\${exec_prefix},"`
+ ;;
+ *)
+ am_python_exec_prefix_subst=$am_cv_python_exec_prefix
+ ;;
+ esac
+ else # using GNU $exec_prefix, not python sys.exec_prefix
+ am_python_exec_prefix_subst='${exec_prefix}'
+ am_python_exec_prefix=$am_python_exec_prefix_subst
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU default $am_display_PYTHON exec_prefix" >&5
+printf %s "checking for GNU default $am_display_PYTHON exec_prefix... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_python_exec_prefix" >&5
+printf "%s\n" "$am_python_exec_prefix" >&6; }
+ fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5
-$as_echo "$am_cv_python_platform" >&6; }
- PYTHON_PLATFORM=$am_cv_python_platform
+fi
+
+ # Substituting python_exec_prefix_subst.
+ PYTHON_EXEC_PREFIX=$am_python_exec_prefix_subst
- # Just factor out some code duplication.
+ # Factor out some code duplication into this shell variable.
am_python_setup_sysconfig="\
import sys
# Prefer sysconfig over distutils.sysconfig, for better compatibility
@@ -4961,121 +5958,134 @@ except ImportError:
pass"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5
-$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; }
-if ${am_cv_python_pythondir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$prefix" = xNONE
- then
- am_py_prefix=$ac_default_prefix
- else
- am_py_prefix=$prefix
- fi
- am_cv_python_pythondir=`$PYTHON -c "
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory (pythondir)" >&5
+printf %s "checking for $am_display_PYTHON script directory (pythondir)... " >&6; }
+if test ${am_cv_python_pythondir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_prefix" = x; then
+ am_py_prefix=$am__usable_prefix
+ else
+ am_py_prefix=$am_cv_python_prefix
+ fi
+ am_cv_python_pythondir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('purelib', scheme, vars={'base':'$am_py_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pythondir in
- $am_py_prefix*)
- am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
- am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"`
- ;;
- *)
- case $am_py_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pythondir in
+ $am_py_prefix*)
+ am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'`
+ am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,\\${PYTHON_PREFIX},"`
+ ;;
+ *)
+ case $am_py_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pythondir="\${PYTHON_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
+ ;;
+ esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
-$as_echo "$am_cv_python_pythondir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5
+printf "%s\n" "$am_cv_python_pythondir" >&6; }
pythondir=$am_cv_python_pythondir
+ pkgpythondir=\${pythondir}/$PACKAGE
- pkgpythondir=\${pythondir}/$PACKAGE
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5
-$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; }
-if ${am_cv_python_pyexecdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$exec_prefix" = xNONE
- then
- am_py_exec_prefix=$am_py_prefix
- else
- am_py_exec_prefix=$exec_prefix
- fi
- am_cv_python_pyexecdir=`$PYTHON -c "
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory (pyexecdir)" >&5
+printf %s "checking for $am_display_PYTHON extension module directory (pyexecdir)... " >&6; }
+if test ${am_cv_python_pyexecdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
+ if test "x$am_cv_python_exec_prefix" = x; then
+ am_py_exec_prefix=$am__usable_exec_prefix
+ else
+ am_py_exec_prefix=$am_cv_python_exec_prefix
+ fi
+ am_cv_python_pyexecdir=`$PYTHON -c "
$am_python_setup_sysconfig
if can_use_sysconfig:
- sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'})
+ if hasattr(sysconfig, 'get_default_scheme'):
+ scheme = sysconfig.get_default_scheme()
+ else:
+ scheme = sysconfig._get_default_scheme()
+ if scheme == 'posix_local':
+ # Debian's default scheme installs to /usr/local/ but we want to find headers in /usr/
+ scheme = 'posix_prefix'
+ sitedir = sysconfig.get_path('platlib', scheme, vars={'platbase':'$am_py_exec_prefix'})
else:
- from distutils import sysconfig
- sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix')
+ from distutils import sysconfig
+ sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_exec_prefix')
sys.stdout.write(sitedir)"`
- case $am_cv_python_pyexecdir in
- $am_py_exec_prefix*)
- am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
- am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"`
- ;;
- *)
- case $am_py_exec_prefix in
- /usr|/System*) ;;
- *)
- am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages
- ;;
- esac
- ;;
+ #
+ case $am_cv_python_pyexecdir in
+ $am_py_exec_prefix*)
+ am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'`
+ am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,\\${PYTHON_EXEC_PREFIX},"`
+ ;;
+ *)
+ case $am_py_exec_prefix in
+ /usr|/System*) ;;
+ *) am_cv_python_pyexecdir="\${PYTHON_EXEC_PREFIX}/lib/python$PYTHON_VERSION/site-packages"
+ ;;
esac
+ ;;
+ esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
-$as_echo "$am_cv_python_pyexecdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5
+printf "%s\n" "$am_cv_python_pyexecdir" >&6; }
pyexecdir=$am_cv_python_pyexecdir
-
- pkgpyexecdir=\${pyexecdir}/$PACKAGE
+ pkgpyexecdir=\${pyexecdir}/$PACKAGE
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
-$as_echo_n "checking whether perl bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether perl bindings are enabled" >&5
+printf %s "checking whether perl bindings are enabled... " >&6; }
# Check whether --with-perl was given.
-if test "${with_perl+set}" = set; then :
- withval=$with_perl; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_perl+y}
+then :
+ withval=$with_perl; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_perl" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling perl bindings" "$LINENO" 5
# Extract the first word of "perl", so it can be a program name with args.
set dummy perl; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PERL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_PERL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $PERL in
[\\/]* | ?:[\\/]*)
ac_cv_path_PERL="$PERL" # Let the user override the test with a path.
@@ -5085,11 +6095,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_PERL="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5101,63 +6115,48 @@ esac
fi
PERL=$ac_cv_path_PERL
if test -n "$PERL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
-$as_echo "$PERL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5
+printf "%s\n" "$PERL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$PERL" && as_fn_error $? "perl is required when enabling perl bindings" "$LINENO" 5
perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- as_ac_File=`$as_echo "ac_cv_file_$perl_includedir/perl.h" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $perl_includedir/perl.h" >&5
-$as_echo_n "checking for $perl_includedir/perl.h... " >&6; }
-if eval \${$as_ac_File+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- test "$cross_compiling" = yes &&
- as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5
-if test -r "$perl_includedir/perl.h"; then
- eval "$as_ac_File=yes"
-else
- eval "$as_ac_File=no"
-fi
-fi
-eval ac_res=\$$as_ac_File
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_File"\" = x"yes"; then :
+ if test -e "$perl_includedir/perl.h"
+then :
enable_perl=yes
-else
+else $as_nop
enable_perl=no
fi
-
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
-$as_echo_n "checking whether ruby bindings are enabled... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ruby bindings are enabled" >&5
+printf %s "checking whether ruby bindings are enabled... " >&6; }
# Check whether --with-ruby was given.
-if test "${with_ruby+set}" = set; then :
- withval=$with_ruby; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-$as_echo "$withval" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+if test ${with_ruby+y}
+then :
+ withval=$with_ruby; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+printf "%s\n" "$withval" >&6; }
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "$with_ruby" = "yes"; then
test -z "$SWIG" && as_fn_error $? "swig is required when enabling ruby bindings" "$LINENO" 5
# Extract the first word of "ruby", so it can be a program name with args.
set dummy ruby; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_RUBY+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_path_RUBY+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $RUBY in
[\\/]* | ?:[\\/]*)
ac_cv_path_RUBY="$RUBY" # Let the user override the test with a path.
@@ -5167,11 +6166,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_path_RUBY="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+ ac_cv_path_RUBY="$as_dir$ac_word$ac_exec_ext"
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -5183,11 +6186,11 @@ esac
fi
RUBY=$ac_cv_path_RUBY
if test -n "$RUBY"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-$as_echo "$RUBY" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
+printf "%s\n" "$RUBY" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -5228,149 +6231,41 @@ else
fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
-$as_echo_n "checking how to run the C preprocessor... " >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if ${ac_cv_prog_CPP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
+ac_header= ac_cache=
+for ac_item in $ac_header_c_list
do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-
+ if test $ac_cache; then
+ ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default"
+ if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then
+ printf "%s\n" "#define $ac_item 1" >> confdefs.h
+ fi
+ ac_header= ac_cache=
+ elif test $ac_header; then
+ ac_cache=$ac_item
+ else
+ ac_header=$ac_item
+ fi
done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
- break
-fi
- done
- ac_cv_prog_CPP=$CPP
-fi
- CPP=$ac_cv_prog_CPP
-else
- ac_cv_prog_CPP=$CPP
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
-$as_echo "$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
-else
- # Broken: fails on valid input.
-continue
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- # Broken: success on invalid input.
-continue
-else
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.i conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then :
-else
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details" "$LINENO" 5; }
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes
+then :
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
-$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
-if ${ac_cv_path_GREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+printf %s "checking for grep that handles long lines and -e... " >&6; }
+if test ${ac_cv_path_GREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$GREP"; then
ac_path_GREP_found=false
# Loop through the user's path and test for each of PROGNAME-LIST
@@ -5378,10 +6273,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in grep ggrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_GREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_GREP" || continue
# Check for GNU ac_path_GREP and select it if it is found.
# Check for GNU $ac_path_GREP
@@ -5390,13 +6290,13 @@ case `"$ac_path_GREP" --version 2>&1` in
ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'GREP' >> "conftest.nl"
+ printf "%s\n" 'GREP' >> "conftest.nl"
"$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5424,16 +6324,20 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
-$as_echo "$ac_cv_path_GREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+printf "%s\n" "$ac_cv_path_GREP" >&6; }
GREP="$ac_cv_path_GREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
-$as_echo_n "checking for egrep... " >&6; }
-if ${ac_cv_path_EGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+# Autoupdate added the next two lines to ensure that your configure
+# script's behavior did not change. They are probably safe to remove.
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+printf %s "checking for egrep... " >&6; }
+if test ${ac_cv_path_EGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
then ac_cv_path_EGREP="$GREP -E"
else
@@ -5444,10 +6348,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in egrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_EGREP" || continue
# Check for GNU ac_path_EGREP and select it if it is found.
# Check for GNU $ac_path_EGREP
@@ -5456,13 +6365,13 @@ case `"$ac_path_EGREP" --version 2>&1` in
ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'EGREP' >> "conftest.nl"
+ printf "%s\n" 'EGREP' >> "conftest.nl"
"$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5491,178 +6400,70 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
-$as_echo "$ac_cv_path_EGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+printf "%s\n" "$ac_cv_path_EGREP" >&6; }
EGREP="$ac_cv_path_EGREP"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
-$as_echo_n "checking for ANSI C header files... " >&6; }
-if ${ac_cv_header_stdc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_header_stdc=yes
-else
- ac_cv_header_stdc=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
-
-fi
-
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdlib.h>
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then :
+ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = xyes
+then :
+ printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h
-else
- ac_cv_header_stdc=no
fi
-rm -f conftest*
+ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdint_h" = xyes
+then :
+ printf "%s\n" "#define HAVE_STDINT_H 1" >>confdefs.h
fi
+ac_fn_c_check_header_compile "$LINENO" "syslog.h" "ac_cv_header_syslog_h" "$ac_includes_default"
+if test "x$ac_cv_header_syslog_h" = xyes
+then :
+ printf "%s\n" "#define HAVE_SYSLOG_H 1" >>confdefs.h
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then :
- :
-else
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-
-else
- ac_cv_header_stdc=no
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
- conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-fi
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
-$as_echo "$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+ac_fn_c_check_func "$LINENO" "asprintf" "ac_cv_func_asprintf"
+if test "x$ac_cv_func_asprintf" = xyes
+then :
+ printf "%s\n" "#define HAVE_ASPRINTF 1" >>confdefs.h
fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
-"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
+ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv"
+if test "x$ac_cv_func___secure_getenv" = xyes
+then :
+ printf "%s\n" "#define HAVE___SECURE_GETENV 1" >>confdefs.h
fi
-
-done
-
-
-for ac_header in unistd.h stdint.h syslog.h
-do :
- as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
-if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
+ac_fn_c_check_func "$LINENO" "secure_getenv" "ac_cv_func_secure_getenv"
+if test "x$ac_cv_func_secure_getenv" = xyes
+then :
+ printf "%s\n" "#define HAVE_SECURE_GETENV 1" >>confdefs.h
fi
-
-done
-
-
-for ac_func in asprintf __secure_getenv secure_getenv reallocarray
-do :
- as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
- cat >>confdefs.h <<_ACEOF
-#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
+ac_fn_c_check_func "$LINENO" "reallocarray" "ac_cv_func_reallocarray"
+if test "x$ac_cv_func_reallocarray" = xyes
+then :
+ printf "%s\n" "#define HAVE_REALLOCARRAY 1" >>confdefs.h
fi
-done
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
-$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
-if ${ac_cv_c_const+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+printf %s "checking for an ANSI C-conforming const... " >&6; }
+if test ${ac_cv_c_const+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
#ifndef __cplusplus
@@ -5675,7 +6476,7 @@ main ()
/* NEC SVR4.0.2 mips cc rejects this. */
struct point {int x, y;};
static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
+ /* IBM XL C 1.02.0.0 rejects this.
It does not let you subtract one const X* pointer from another in
an arm of an if-expression whose if-part is not a constant
expression */
@@ -5703,7 +6504,7 @@ main ()
iptr p = 0;
++p;
}
- { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+ { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying
"k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
struct s { int j; const int *ap[3]; } bx;
struct s *b = &bx; b->j = 5;
@@ -5719,25 +6520,26 @@ main ()
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
ac_cv_c_const=yes
-else
+else $as_nop
ac_cv_c_const=no
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
-$as_echo "$ac_cv_c_const" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+printf "%s\n" "$ac_cv_c_const" >&6; }
if test $ac_cv_c_const = no; then
-$as_echo "#define const /**/" >>confdefs.h
+printf "%s\n" "#define const /**/" >>confdefs.h
fi
case `pwd` in
*\ * | *\ *)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
-$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
esac
@@ -5757,28 +6559,32 @@ macro_revision='2.4.6'
+
ltmain=$ac_aux_dir/ltmain.sh
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if ${ac_cv_build+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+
+ # Make sure we can run config.sub.
+$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+printf %s "checking build system type... " >&6; }
+if test ${ac_cv_build+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+ ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"`
test "x$ac_build_alias" = x &&
as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+printf "%s\n" "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
@@ -5797,21 +6603,22 @@ IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if ${ac_cv_host+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+printf %s "checking host system type... " >&6; }
+if test ${ac_cv_host+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+ ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+printf "%s\n" "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
@@ -5851,8 +6658,8 @@ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
-$as_echo_n "checking how to print strings... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+printf %s "checking how to print strings... " >&6; }
# Test print first, because it will be a builtin if present.
if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
@@ -5878,12 +6685,12 @@ func_echo_all ()
}
case $ECHO in
- printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
-$as_echo "printf" >&6; } ;;
- print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
-$as_echo "print -r" >&6; } ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5
-$as_echo "cat" >&6; } ;;
+ printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+printf "%s\n" "printf" >&6; } ;;
+ print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+printf "%s\n" "print -r" >&6; } ;;
+ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+printf "%s\n" "cat" >&6; } ;;
esac
@@ -5899,11 +6706,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
-$as_echo_n "checking for a sed that does not truncate output... " >&6; }
-if ${ac_cv_path_SED+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+printf %s "checking for a sed that does not truncate output... " >&6; }
+if test ${ac_cv_path_SED+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
for ac_i in 1 2 3 4 5 6 7; do
ac_script="$ac_script$as_nl$ac_script"
@@ -5917,10 +6725,15 @@ else
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in sed gsed; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in sed gsed
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_SED="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_SED" || continue
# Check for GNU ac_path_SED and select it if it is found.
# Check for GNU $ac_path_SED
@@ -5929,13 +6742,13 @@ case `"$ac_path_SED" --version 2>&1` in
ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo '' >> "conftest.nl"
+ printf "%s\n" '' >> "conftest.nl"
"$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -5963,8 +6776,8 @@ else
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
-$as_echo "$ac_cv_path_SED" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+printf "%s\n" "$ac_cv_path_SED" >&6; }
SED="$ac_cv_path_SED"
rm -f conftest.sed
@@ -5981,11 +6794,12 @@ Xsed="$SED -e 1s/^X//"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
-$as_echo_n "checking for fgrep... " >&6; }
-if ${ac_cv_path_FGREP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+printf %s "checking for fgrep... " >&6; }
+if test ${ac_cv_path_FGREP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
then ac_cv_path_FGREP="$GREP -F"
else
@@ -5996,10 +6810,15 @@ else
for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in fgrep; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in fgrep
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_FGREP" || continue
# Check for GNU ac_path_FGREP and select it if it is found.
# Check for GNU $ac_path_FGREP
@@ -6008,13 +6827,13 @@ case `"$ac_path_FGREP" --version 2>&1` in
ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
*)
ac_count=0
- $as_echo_n 0123456789 >"conftest.in"
+ printf %s 0123456789 >"conftest.in"
while :
do
cat "conftest.in" "conftest.in" >"conftest.tmp"
mv "conftest.tmp" "conftest.in"
cp "conftest.in" "conftest.nl"
- $as_echo 'FGREP' >> "conftest.nl"
+ printf "%s\n" 'FGREP' >> "conftest.nl"
"$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
as_fn_arith $ac_count + 1 && ac_count=$as_val
@@ -6043,8 +6862,8 @@ fi
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
-$as_echo "$ac_cv_path_FGREP" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+printf "%s\n" "$ac_cv_path_FGREP" >&6; }
FGREP="$ac_cv_path_FGREP"
@@ -6069,17 +6888,18 @@ test -z "$GREP" && GREP=grep
# Check whether --with-gnu-ld was given.
-if test "${with_gnu_ld+set}" = set; then :
+if test ${with_gnu_ld+y}
+then :
withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
-else
+else $as_nop
with_gnu_ld=no
fi
ac_prog=ld
if test yes = "$GCC"; then
# Check if gcc -print-prog-name=ld gives a path.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
-$as_echo_n "checking for ld used by $CC... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+printf %s "checking for ld used by $CC... " >&6; }
case $host in
*-*-mingw*)
# gcc leaves a trailing carriage return, which upsets mingw
@@ -6108,15 +6928,16 @@ $as_echo_n "checking for ld used by $CC... " >&6; }
;;
esac
elif test yes = "$with_gnu_ld"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
-$as_echo_n "checking for GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+printf %s "checking for GNU ld... " >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
-$as_echo_n "checking for non-GNU ld... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+printf %s "checking for non-GNU ld... " >&6; }
fi
-if ${lt_cv_path_LD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+if test ${lt_cv_path_LD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -z "$LD"; then
lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
@@ -6145,18 +6966,19 @@ fi
LD=$lt_cv_path_LD
if test -n "$LD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
-$as_echo "$LD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+printf "%s\n" "$LD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
-$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
-if ${lt_cv_prog_gnu_ld+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+printf %s "checking if the linker ($LD) is GNU ld... " >&6; }
+if test ${lt_cv_prog_gnu_ld+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
@@ -6167,8 +6989,8 @@ case `$LD -v 2>&1 </dev/null` in
;;
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
-$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; }
with_gnu_ld=$lt_cv_prog_gnu_ld
@@ -6179,11 +7001,12 @@ with_gnu_ld=$lt_cv_prog_gnu_ld
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
-$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
-if ${lt_cv_path_NM+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test ${lt_cv_path_NM+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NM"; then
# Let the user override the test.
lt_cv_path_NM=$NM
@@ -6233,8 +7056,8 @@ else
: ${lt_cv_path_NM=no}
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
-$as_echo "$lt_cv_path_NM" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+printf "%s\n" "$lt_cv_path_NM" >&6; }
if test no != "$lt_cv_path_NM"; then
NM=$lt_cv_path_NM
else
@@ -6247,11 +7070,12 @@ else
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DUMPBIN"; then
ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
else
@@ -6259,11 +7083,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6274,11 +7102,11 @@ fi
fi
DUMPBIN=$ac_cv_prog_DUMPBIN
if test -n "$DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
-$as_echo "$DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+printf "%s\n" "$DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6291,11 +7119,12 @@ if test -z "$DUMPBIN"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DUMPBIN+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DUMPBIN"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
else
@@ -6303,11 +7132,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6318,11 +7151,11 @@ fi
fi
ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
if test -n "$ac_ct_DUMPBIN"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
-$as_echo "$ac_ct_DUMPBIN" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+printf "%s\n" "$ac_ct_DUMPBIN" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6334,8 +7167,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DUMPBIN=$ac_ct_DUMPBIN
@@ -6363,11 +7196,12 @@ test -z "$NM" && NM=nm
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
-$as_echo_n "checking the name lister ($NM) interface... " >&6; }
-if ${lt_cv_nm_interface+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+printf %s "checking the name lister ($NM) interface... " >&6; }
+if test ${lt_cv_nm_interface+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
(eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
@@ -6383,26 +7217,27 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
-$as_echo "$lt_cv_nm_interface" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+printf "%s\n" "$lt_cv_nm_interface" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
-$as_echo_n "checking whether ln -s works... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+printf %s "checking whether ln -s works... " >&6; }
LN_S=$as_ln_s
if test "$LN_S" = "ln -s"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
-$as_echo "no, using $LN_S" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+printf "%s\n" "no, using $LN_S" >&6; }
fi
# find the maximum length of command line arguments
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
-$as_echo_n "checking the maximum length of command line arguments... " >&6; }
-if ${lt_cv_sys_max_cmd_len+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+printf %s "checking the maximum length of command line arguments... " >&6; }
+if test ${lt_cv_sys_max_cmd_len+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
i=0
teststring=ABCD
@@ -6529,11 +7364,11 @@ else
fi
if test -n "$lt_cv_sys_max_cmd_len"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
-$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
-$as_echo "none" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5
+printf "%s\n" "none" >&6; }
fi
max_cmd_len=$lt_cv_sys_max_cmd_len
@@ -6577,11 +7412,12 @@ esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
-$as_echo_n "checking how to convert $build file names to $host format... " >&6; }
-if ${lt_cv_to_host_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+printf %s "checking how to convert $build file names to $host format... " >&6; }
+if test ${lt_cv_to_host_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $host in
*-*-mingw* )
case $build in
@@ -6617,18 +7453,19 @@ esac
fi
to_host_file_cmd=$lt_cv_to_host_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
-$as_echo "$lt_cv_to_host_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
-$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; }
-if ${lt_cv_to_tool_file_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+printf %s "checking how to convert $build file names to toolchain format... " >&6; }
+if test ${lt_cv_to_tool_file_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
#assume ordinary cross tools, or native build.
lt_cv_to_tool_file_cmd=func_convert_file_noop
case $host in
@@ -6644,22 +7481,23 @@ esac
fi
to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
-$as_echo "$lt_cv_to_tool_file_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
-$as_echo_n "checking for $LD option to reload object files... " >&6; }
-if ${lt_cv_ld_reload_flag+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+printf %s "checking for $LD option to reload object files... " >&6; }
+if test ${lt_cv_ld_reload_flag+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_reload_flag='-r'
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
-$as_echo "$lt_cv_ld_reload_flag" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+printf "%s\n" "$lt_cv_ld_reload_flag" >&6; }
reload_flag=$lt_cv_ld_reload_flag
case $reload_flag in
"" | " "*) ;;
@@ -6692,11 +7530,12 @@ esac
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OBJDUMP"; then
ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
else
@@ -6704,11 +7543,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6719,11 +7562,11 @@ fi
fi
OBJDUMP=$ac_cv_prog_OBJDUMP
if test -n "$OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
-$as_echo "$OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+printf "%s\n" "$OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -6732,11 +7575,12 @@ if test -z "$ac_cv_prog_OBJDUMP"; then
ac_ct_OBJDUMP=$OBJDUMP
# Extract the first word of "objdump", so it can be a program name with args.
set dummy objdump; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OBJDUMP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OBJDUMP"; then
ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
else
@@ -6744,11 +7588,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OBJDUMP="objdump"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -6759,11 +7607,11 @@ fi
fi
ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
if test -n "$ac_ct_OBJDUMP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
-$as_echo "$ac_ct_OBJDUMP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+printf "%s\n" "$ac_ct_OBJDUMP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OBJDUMP" = x; then
@@ -6771,8 +7619,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OBJDUMP=$ac_ct_OBJDUMP
@@ -6791,11 +7639,12 @@ test -z "$OBJDUMP" && OBJDUMP=objdump
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
-$as_echo_n "checking how to recognize dependent libraries... " >&6; }
-if ${lt_cv_deplibs_check_method+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+printf %s "checking how to recognize dependent libraries... " >&6; }
+if test ${lt_cv_deplibs_check_method+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_file_magic_cmd='$MAGIC_CMD'
lt_cv_file_magic_test_file=
lt_cv_deplibs_check_method='unknown'
@@ -6991,8 +7840,8 @@ os2*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
-$as_echo "$lt_cv_deplibs_check_method" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+printf "%s\n" "$lt_cv_deplibs_check_method" >&6; }
file_magic_glob=
want_nocaseglob=no
@@ -7036,11 +7885,12 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
set dummy ${ac_tool_prefix}dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DLLTOOL"; then
ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
else
@@ -7048,11 +7898,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7063,11 +7917,11 @@ fi
fi
DLLTOOL=$ac_cv_prog_DLLTOOL
if test -n "$DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
-$as_echo "$DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+printf "%s\n" "$DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7076,11 +7930,12 @@ if test -z "$ac_cv_prog_DLLTOOL"; then
ac_ct_DLLTOOL=$DLLTOOL
# Extract the first word of "dlltool", so it can be a program name with args.
set dummy dlltool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DLLTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DLLTOOL"; then
ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
else
@@ -7088,11 +7943,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DLLTOOL="dlltool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7103,11 +7962,11 @@ fi
fi
ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
if test -n "$ac_ct_DLLTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
-$as_echo "$ac_ct_DLLTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+printf "%s\n" "$ac_ct_DLLTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DLLTOOL" = x; then
@@ -7115,8 +7974,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DLLTOOL=$ac_ct_DLLTOOL
@@ -7136,11 +7995,12 @@ test -z "$DLLTOOL" && DLLTOOL=dlltool
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
-$as_echo_n "checking how to associate runtime and link libraries... " >&6; }
-if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+printf %s "checking how to associate runtime and link libraries... " >&6; }
+if test ${lt_cv_sharedlib_from_linklib_cmd+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_sharedlib_from_linklib_cmd='unknown'
case $host_os in
@@ -7163,8 +8023,8 @@ cygwin* | mingw* | pw32* | cegcc*)
esac
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
-$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
@@ -7179,11 +8039,12 @@ if test -n "$ac_tool_prefix"; then
do
# Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$AR"; then
ac_cv_prog_AR="$AR" # Let the user override the test.
else
@@ -7191,11 +8052,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7206,11 +8071,11 @@ fi
fi
AR=$ac_cv_prog_AR
if test -n "$AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
-$as_echo "$AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+printf "%s\n" "$AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7223,11 +8088,12 @@ if test -z "$AR"; then
do
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_AR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_AR+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_AR"; then
ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
else
@@ -7235,11 +8101,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_AR="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7250,11 +8120,11 @@ fi
fi
ac_ct_AR=$ac_cv_prog_ac_ct_AR
if test -n "$ac_ct_AR"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
-$as_echo "$ac_ct_AR" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+printf "%s\n" "$ac_ct_AR" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7266,8 +8136,8 @@ done
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
AR=$ac_ct_AR
@@ -7275,7 +8145,7 @@ esac
fi
: ${AR=ar}
-: ${AR_FLAGS=cru}
+: ${AR_FLAGS=cr}
@@ -7287,30 +8157,32 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
-$as_echo_n "checking for archiver @FILE support... " >&6; }
-if ${lt_cv_ar_at_file+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+printf %s "checking for archiver @FILE support... " >&6; }
+if test ${lt_cv_ar_at_file+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ar_at_file=no
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_compile "$LINENO"
+then :
echo conftest.$ac_objext > conftest.lst
lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -eq "$ac_status"; then
# Ensure the archiver fails upon bogus file names.
@@ -7318,7 +8190,7 @@ if ac_fn_c_try_compile "$LINENO"; then :
{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
(eval $lt_ar_try) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
if test 0 -ne "$ac_status"; then
lt_cv_ar_at_file=@
@@ -7327,11 +8199,11 @@ if ac_fn_c_try_compile "$LINENO"; then :
rm -f conftest.* libconftest.a
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
-$as_echo "$lt_cv_ar_at_file" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+printf "%s\n" "$lt_cv_ar_at_file" >&6; }
if test no = "$lt_cv_ar_at_file"; then
archiver_list_spec=
@@ -7348,11 +8220,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
set dummy ${ac_tool_prefix}strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$STRIP"; then
ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
else
@@ -7360,11 +8233,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_STRIP="${ac_tool_prefix}strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7375,11 +8252,11 @@ fi
fi
STRIP=$ac_cv_prog_STRIP
if test -n "$STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
-$as_echo "$STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+printf "%s\n" "$STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7388,11 +8265,12 @@ if test -z "$ac_cv_prog_STRIP"; then
ac_ct_STRIP=$STRIP
# Extract the first word of "strip", so it can be a program name with args.
set dummy strip; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_STRIP+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_STRIP"; then
ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
else
@@ -7400,11 +8278,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_STRIP="strip"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7415,11 +8297,11 @@ fi
fi
ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
if test -n "$ac_ct_STRIP"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
-$as_echo "$ac_ct_STRIP" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+printf "%s\n" "$ac_ct_STRIP" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_STRIP" = x; then
@@ -7427,8 +8309,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
STRIP=$ac_ct_STRIP
@@ -7447,11 +8329,12 @@ test -z "$STRIP" && STRIP=:
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$RANLIB"; then
ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
else
@@ -7459,11 +8342,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7474,11 +8361,11 @@ fi
fi
RANLIB=$ac_cv_prog_RANLIB
if test -n "$RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
-$as_echo "$RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+printf "%s\n" "$RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -7487,11 +8374,12 @@ if test -z "$ac_cv_prog_RANLIB"; then
ac_ct_RANLIB=$RANLIB
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_RANLIB+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_RANLIB"; then
ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
else
@@ -7499,11 +8387,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_RANLIB="ranlib"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -7514,11 +8406,11 @@ fi
fi
ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
if test -n "$ac_ct_RANLIB"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
-$as_echo "$ac_ct_RANLIB" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+printf "%s\n" "$ac_ct_RANLIB" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_RANLIB" = x; then
@@ -7526,8 +8418,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
RANLIB=$ac_ct_RANLIB
@@ -7616,11 +8508,12 @@ compiler=$CC
# Check for command to grab the raw symbol name followed by C symbol from nm.
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
-$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
-if ${lt_cv_sys_global_symbol_pipe+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+printf %s "checking command to parse $NM output from $compiler object... " >&6; }
+if test ${lt_cv_sys_global_symbol_pipe+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
# These are sane defaults that work on at least a few old systems.
# [They come from Ultrix. What could be older than Ultrix?!! ;)]
@@ -7772,15 +8665,12 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
# Now try to grab the symbols.
nlist=conftest.nm
- if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
- (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; } && test -s "$nlist"; then
+ $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5
+ if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then
# Try sorting and uniquifying the output.
if sort "$nlist" | uniq > "$nlist"T; then
mv -f "$nlist"T "$nlist"
@@ -7848,7 +8738,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s conftest$ac_exeext; then
pipe_works=yes
fi
@@ -7883,11 +8773,11 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then
lt_cv_sys_global_symbol_to_cdecl=
fi
if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
-$as_echo "failed" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+printf "%s\n" "failed" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
-$as_echo "ok" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+printf "%s\n" "ok" >&6; }
fi
# Response file support.
@@ -7933,13 +8823,14 @@ fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
-$as_echo_n "checking for sysroot... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+printf %s "checking for sysroot... " >&6; }
# Check whether --with-sysroot was given.
-if test "${with_sysroot+set}" = set; then :
+if test ${with_sysroot+y}
+then :
withval=$with_sysroot;
-else
+else $as_nop
with_sysroot=no
fi
@@ -7957,24 +8848,25 @@ case $with_sysroot in #(
no|'')
;; #(
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
-$as_echo "$with_sysroot" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+printf "%s\n" "$with_sysroot" >&6; }
as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
-$as_echo "${lt_sysroot:-no}" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+printf "%s\n" "${lt_sysroot:-no}" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
-$as_echo_n "checking for a working dd... " >&6; }
-if ${ac_cv_path_lt_DD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+printf %s "checking for a working dd... " >&6; }
+if test ${ac_cv_path_lt_DD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
: ${lt_DD:=$DD}
@@ -7985,10 +8877,15 @@ if test -z "$lt_DD"; then
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in dd; do
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ for ac_prog in dd
+ do
for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext"
+ ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext"
as_fn_executable_p "$ac_path_lt_DD" || continue
if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
cmp -s conftest.i conftest.out \
@@ -8008,15 +8905,16 @@ fi
rm -f conftest.i conftest2.i conftest.out
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
-$as_echo "$ac_cv_path_lt_DD" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+printf "%s\n" "$ac_cv_path_lt_DD" >&6; }
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
-$as_echo_n "checking how to truncate binary pipes... " >&6; }
-if ${lt_cv_truncate_bin+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+printf %s "checking how to truncate binary pipes... " >&6; }
+if test ${lt_cv_truncate_bin+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
printf 0123456789abcdef0123456789abcdef >conftest.i
cat conftest.i conftest.i >conftest2.i
lt_cv_truncate_bin=
@@ -8027,8 +8925,8 @@ fi
rm -f conftest.i conftest2.i conftest.out
test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
-$as_echo "$lt_cv_truncate_bin" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+printf "%s\n" "$lt_cv_truncate_bin" >&6; }
@@ -8051,7 +8949,8 @@ func_cc_basename ()
}
# Check whether --enable-libtool-lock was given.
-if test "${enable_libtool_lock+set}" = set; then :
+if test ${enable_libtool_lock+y}
+then :
enableval=$enable_libtool_lock;
fi
@@ -8067,7 +8966,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.$ac_objext` in
*ELF-32*)
@@ -8087,7 +8986,7 @@ ia64-*-hpux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
if test yes = "$lt_cv_prog_gnu_ld"; then
case `/usr/bin/file conftest.$ac_objext` in
@@ -8125,7 +9024,7 @@ mips64*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
emul=elf
case `/usr/bin/file conftest.$ac_objext` in
@@ -8166,7 +9065,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*32-bit*)
@@ -8229,11 +9128,12 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
# On SCO OpenServer 5, we need -belf to get full-featured binaries.
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS -belf"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
-$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
-if ${lt_cv_cc_needs_belf+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+printf %s "checking whether the C compiler needs -belf... " >&6; }
+if test ${lt_cv_cc_needs_belf+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
@@ -8244,19 +9144,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_cc_needs_belf=yes
-else
+else $as_nop
lt_cv_cc_needs_belf=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@@ -8265,8 +9166,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
ac_compiler_gnu=$ac_cv_c_compiler_gnu
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
-$as_echo "$lt_cv_cc_needs_belf" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+printf "%s\n" "$lt_cv_cc_needs_belf" >&6; }
if test yes != "$lt_cv_cc_needs_belf"; then
# this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
CFLAGS=$SAVE_CFLAGS
@@ -8279,7 +9180,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; }
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }; then
case `/usr/bin/file conftest.o` in
*64-bit*)
@@ -8316,11 +9217,12 @@ need_locks=$enable_libtool_lock
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
set dummy ${ac_tool_prefix}mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$MANIFEST_TOOL"; then
ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
else
@@ -8328,11 +9230,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8343,11 +9249,11 @@ fi
fi
MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
if test -n "$MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
-$as_echo "$MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+printf "%s\n" "$MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8356,11 +9262,12 @@ if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
# Extract the first word of "mt", so it can be a program name with args.
set dummy mt; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_MANIFEST_TOOL"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
else
@@ -8368,11 +9275,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8383,11 +9294,11 @@ fi
fi
ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
if test -n "$ac_ct_MANIFEST_TOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
-$as_echo "$ac_ct_MANIFEST_TOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_MANIFEST_TOOL" = x; then
@@ -8395,8 +9306,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
@@ -8406,11 +9317,12 @@ else
fi
test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
-$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
-if ${lt_cv_path_mainfest_tool+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if test ${lt_cv_path_mainfest_tool+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_path_mainfest_tool=no
echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
$MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
@@ -8420,8 +9332,8 @@ else
fi
rm -f conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
-$as_echo "$lt_cv_path_mainfest_tool" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; }
if test yes != "$lt_cv_path_mainfest_tool"; then
MANIFEST_TOOL=:
fi
@@ -8436,11 +9348,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$DSYMUTIL"; then
ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
else
@@ -8448,11 +9361,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8463,11 +9380,11 @@ fi
fi
DSYMUTIL=$ac_cv_prog_DSYMUTIL
if test -n "$DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
-$as_echo "$DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+printf "%s\n" "$DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8476,11 +9393,12 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then
ac_ct_DSYMUTIL=$DSYMUTIL
# Extract the first word of "dsymutil", so it can be a program name with args.
set dummy dsymutil; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_DSYMUTIL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_DSYMUTIL"; then
ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
else
@@ -8488,11 +9406,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8503,11 +9425,11 @@ fi
fi
ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
if test -n "$ac_ct_DSYMUTIL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
-$as_echo "$ac_ct_DSYMUTIL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+printf "%s\n" "$ac_ct_DSYMUTIL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_DSYMUTIL" = x; then
@@ -8515,8 +9437,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
DSYMUTIL=$ac_ct_DSYMUTIL
@@ -8528,11 +9450,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
set dummy ${ac_tool_prefix}nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$NMEDIT"; then
ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
else
@@ -8540,11 +9463,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8555,11 +9482,11 @@ fi
fi
NMEDIT=$ac_cv_prog_NMEDIT
if test -n "$NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
-$as_echo "$NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+printf "%s\n" "$NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8568,11 +9495,12 @@ if test -z "$ac_cv_prog_NMEDIT"; then
ac_ct_NMEDIT=$NMEDIT
# Extract the first word of "nmedit", so it can be a program name with args.
set dummy nmedit; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_NMEDIT+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_NMEDIT"; then
ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
else
@@ -8580,11 +9508,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_NMEDIT="nmedit"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8595,11 +9527,11 @@ fi
fi
ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
if test -n "$ac_ct_NMEDIT"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
-$as_echo "$ac_ct_NMEDIT" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+printf "%s\n" "$ac_ct_NMEDIT" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_NMEDIT" = x; then
@@ -8607,8 +9539,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
NMEDIT=$ac_ct_NMEDIT
@@ -8620,11 +9552,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
set dummy ${ac_tool_prefix}lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$LIPO"; then
ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
else
@@ -8632,11 +9565,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8647,11 +9584,11 @@ fi
fi
LIPO=$ac_cv_prog_LIPO
if test -n "$LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
-$as_echo "$LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+printf "%s\n" "$LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8660,11 +9597,12 @@ if test -z "$ac_cv_prog_LIPO"; then
ac_ct_LIPO=$LIPO
# Extract the first word of "lipo", so it can be a program name with args.
set dummy lipo; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_LIPO+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_LIPO+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_LIPO"; then
ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
else
@@ -8672,11 +9610,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_LIPO="lipo"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8687,11 +9629,11 @@ fi
fi
ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
if test -n "$ac_ct_LIPO"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
-$as_echo "$ac_ct_LIPO" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+printf "%s\n" "$ac_ct_LIPO" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_LIPO" = x; then
@@ -8699,8 +9641,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
LIPO=$ac_ct_LIPO
@@ -8712,11 +9654,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL"; then
ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
else
@@ -8724,11 +9667,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8739,11 +9686,11 @@ fi
fi
OTOOL=$ac_cv_prog_OTOOL
if test -n "$OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
-$as_echo "$OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+printf "%s\n" "$OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8752,11 +9699,12 @@ if test -z "$ac_cv_prog_OTOOL"; then
ac_ct_OTOOL=$OTOOL
# Extract the first word of "otool", so it can be a program name with args.
set dummy otool; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL"; then
ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
else
@@ -8764,11 +9712,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL="otool"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8779,11 +9731,11 @@ fi
fi
ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
if test -n "$ac_ct_OTOOL"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
-$as_echo "$ac_ct_OTOOL" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+printf "%s\n" "$ac_ct_OTOOL" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL" = x; then
@@ -8791,8 +9743,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL=$ac_ct_OTOOL
@@ -8804,11 +9756,12 @@ fi
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
set dummy ${ac_tool_prefix}otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$OTOOL64"; then
ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
else
@@ -8816,11 +9769,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8831,11 +9788,11 @@ fi
fi
OTOOL64=$ac_cv_prog_OTOOL64
if test -n "$OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
-$as_echo "$OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+printf "%s\n" "$OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -8844,11 +9801,12 @@ if test -z "$ac_cv_prog_OTOOL64"; then
ac_ct_OTOOL64=$OTOOL64
# Extract the first word of "otool64", so it can be a program name with args.
set dummy otool64; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_ac_ct_OTOOL64+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test -n "$ac_ct_OTOOL64"; then
ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
else
@@ -8856,11 +9814,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
ac_cv_prog_ac_ct_OTOOL64="otool64"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
break 2
fi
done
@@ -8871,11 +9833,11 @@ fi
fi
ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
if test -n "$ac_ct_OTOOL64"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
-$as_echo "$ac_ct_OTOOL64" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+printf "%s\n" "$ac_ct_OTOOL64" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
if test "x$ac_ct_OTOOL64" = x; then
@@ -8883,8 +9845,8 @@ fi
else
case $cross_compiling:$ac_tool_warned in
yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
ac_tool_warned=yes ;;
esac
OTOOL64=$ac_ct_OTOOL64
@@ -8919,11 +9881,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
-$as_echo_n "checking for -single_module linker flag... " >&6; }
-if ${lt_cv_apple_cc_single_mod+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+printf %s "checking for -single_module linker flag... " >&6; }
+if test ${lt_cv_apple_cc_single_mod+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_apple_cc_single_mod=no
if test -z "$LT_MULTI_MODULE"; then
# By default we will add the -single_module flag. You can override
@@ -8952,14 +9915,15 @@ else
rm -f conftest.*
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
-$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
-$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
-if ${lt_cv_ld_exported_symbols_list+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+printf %s "checking for -exported_symbols_list linker flag... " >&6; }
+if test ${lt_cv_ld_exported_symbols_list+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_exported_symbols_list=no
save_LDFLAGS=$LDFLAGS
echo "_main" > conftest.sym
@@ -8968,39 +9932,41 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_ld_exported_symbols_list=yes
-else
+else $as_nop
lt_cv_ld_exported_symbols_list=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
-$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
-$as_echo_n "checking for -force_load linker flag... " >&6; }
-if ${lt_cv_ld_force_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+printf %s "checking for -force_load linker flag... " >&6; }
+if test ${lt_cv_ld_force_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_ld_force_load=no
cat > conftest.c << _LT_EOF
int forced_loaded() { return 2;}
_LT_EOF
echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
$LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
- echo "$AR cru libconftest.a conftest.o" >&5
- $AR cru libconftest.a conftest.o 2>&5
+ echo "$AR cr libconftest.a conftest.o" >&5
+ $AR cr libconftest.a conftest.o 2>&5
echo "$RANLIB libconftest.a" >&5
$RANLIB libconftest.a 2>&5
cat > conftest.c << _LT_EOF
@@ -9020,8 +9986,8 @@ _LT_EOF
rm -rf conftest.dSYM
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
-$as_echo "$lt_cv_ld_force_load" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+printf "%s\n" "$lt_cv_ld_force_load" >&6; }
case $host_os in
rhapsody* | darwin1.[012])
_lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
@@ -9032,11 +9998,11 @@ $as_echo "$lt_cv_ld_force_load" >&6; }
# to the OS version, if on x86, and 10.4, the deployment
# target defaults to 10.4. Don't you love it?
case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
- 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ 10.0,*86*-darwin8*|10.0,*-darwin[912]*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
10.[012][,.]*)
_lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
- 10.*)
+ 10.*|11.*)
_lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
esac
;;
@@ -9092,19 +10058,14 @@ func_munge_path_list ()
esac
}
-for ac_header in dlfcn.h
-do :
- ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
"
-if test "x$ac_cv_header_dlfcn_h" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_DLFCN_H 1
-_ACEOF
+if test "x$ac_cv_header_dlfcn_h" = xyes
+then :
+ printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h
fi
-done
-
@@ -9120,7 +10081,8 @@ done
# Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then :
+if test ${enable_shared+y}
+then :
enableval=$enable_shared; p=${PACKAGE-default}
case $enableval in
yes) enable_shared=yes ;;
@@ -9138,7 +10100,7 @@ if test "${enable_shared+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_shared=yes
fi
@@ -9151,7 +10113,8 @@ fi
# Check whether --enable-static was given.
-if test "${enable_static+set}" = set; then :
+if test ${enable_static+y}
+then :
enableval=$enable_static; p=${PACKAGE-default}
case $enableval in
yes) enable_static=yes ;;
@@ -9169,7 +10132,7 @@ if test "${enable_static+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_static=yes
fi
@@ -9183,7 +10146,8 @@ fi
# Check whether --with-pic was given.
-if test "${with_pic+set}" = set; then :
+if test ${with_pic+y}
+then :
withval=$with_pic; lt_p=${PACKAGE-default}
case $withval in
yes|no) pic_mode=$withval ;;
@@ -9200,7 +10164,7 @@ if test "${with_pic+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
pic_mode=default
fi
@@ -9212,7 +10176,8 @@ fi
# Check whether --enable-fast-install was given.
-if test "${enable_fast_install+set}" = set; then :
+if test ${enable_fast_install+y}
+then :
enableval=$enable_fast_install; p=${PACKAGE-default}
case $enableval in
yes) enable_fast_install=yes ;;
@@ -9230,7 +10195,7 @@ if test "${enable_fast_install+set}" = set; then :
IFS=$lt_save_ifs
;;
esac
-else
+else $as_nop
enable_fast_install=yes
fi
@@ -9244,11 +10209,12 @@ fi
shared_archive_member_spec=
case $host,$enable_shared in
power*-*-aix[5-9]*,yes)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
-$as_echo_n "checking which variant of shared library versioning to provide... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+printf %s "checking which variant of shared library versioning to provide... " >&6; }
# Check whether --with-aix-soname was given.
-if test "${with_aix_soname+set}" = set; then :
+if test ${with_aix_soname+y}
+then :
withval=$with_aix_soname; case $withval in
aix|svr4|both)
;;
@@ -9257,18 +10223,19 @@ if test "${with_aix_soname+set}" = set; then :
;;
esac
lt_cv_with_aix_soname=$with_aix_soname
-else
- if ${lt_cv_with_aix_soname+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ if test ${lt_cv_with_aix_soname+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_with_aix_soname=aix
fi
with_aix_soname=$lt_cv_with_aix_soname
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
-$as_echo "$with_aix_soname" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+printf "%s\n" "$with_aix_soname" >&6; }
if test aix != "$with_aix_soname"; then
# For the AIX way of multilib, we name the shared archive member
# based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
@@ -9350,11 +10317,12 @@ if test -n "${ZSH_VERSION+set}"; then
setopt NO_GLOB_SUBST
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
-$as_echo_n "checking for objdir... " >&6; }
-if ${lt_cv_objdir+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+printf %s "checking for objdir... " >&6; }
+if test ${lt_cv_objdir+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
rm -f .libs 2>/dev/null
mkdir .libs 2>/dev/null
if test -d .libs; then
@@ -9365,17 +10333,15 @@ else
fi
rmdir .libs 2>/dev/null
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
-$as_echo "$lt_cv_objdir" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+printf "%s\n" "$lt_cv_objdir" >&6; }
objdir=$lt_cv_objdir
-cat >>confdefs.h <<_ACEOF
-#define LT_OBJDIR "$lt_cv_objdir/"
-_ACEOF
+printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h
@@ -9421,11 +10387,12 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file
case $deplibs_check_method in
file_magic*)
if test "$file_magic_cmd" = '$MAGIC_CMD'; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
-$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+printf %s "checking for ${ac_tool_prefix}file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9474,11 +10441,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9487,11 +10454,12 @@ fi
if test -z "$lt_cv_path_MAGIC_CMD"; then
if test -n "$ac_tool_prefix"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
-$as_echo_n "checking for file... " >&6; }
-if ${lt_cv_path_MAGIC_CMD+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+printf %s "checking for file... " >&6; }
+if test ${lt_cv_path_MAGIC_CMD+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
case $MAGIC_CMD in
[\\/*] | ?:[\\/]*)
lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
@@ -9540,11 +10508,11 @@ fi
MAGIC_CMD=$lt_cv_path_MAGIC_CMD
if test -n "$MAGIC_CMD"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
-$as_echo "$MAGIC_CMD" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+printf "%s\n" "$MAGIC_CMD" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
@@ -9625,11 +10593,12 @@ if test yes = "$GCC"; then
lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
-$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
-if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test ${lt_cv_prog_compiler_rtti_exceptions+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_rtti_exceptions=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -9660,8 +10629,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
-$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
@@ -9858,6 +10827,12 @@ lt_prog_compiler_static=
lt_prog_compiler_pic='-KPIC'
lt_prog_compiler_static='-static'
;;
+ # flang / f18. f95 an alias for gfortran or flang on Debian
+ flang* | f18* | f95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
# icc used to be incompatible with GCC.
# ICC 10 doesn't accept -KPIC any more.
icc* | ifort*)
@@ -10018,26 +10993,28 @@ case $host_os in
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
-$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
-if ${lt_cv_prog_compiler_pic+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+printf %s "checking for $compiler option to produce PIC... " >&6; }
+if test ${lt_cv_prog_compiler_pic+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
-$as_echo "$lt_cv_prog_compiler_pic" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; }
lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
#
# Check to make sure the PIC flag actually works.
#
if test -n "$lt_prog_compiler_pic"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
-$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
-if ${lt_cv_prog_compiler_pic_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test ${lt_cv_prog_compiler_pic_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_pic_works=no
ac_outfile=conftest.$ac_objext
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
@@ -10068,8 +11045,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
-$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; }
if test yes = "$lt_cv_prog_compiler_pic_works"; then
case $lt_prog_compiler_pic in
@@ -10097,11 +11074,12 @@ fi
# Check to make sure the static flag actually works.
#
wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
-$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
-if ${lt_cv_prog_compiler_static_works+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test ${lt_cv_prog_compiler_static_works+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_static_works=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
@@ -10125,8 +11103,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
-$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; }
if test yes = "$lt_cv_prog_compiler_static_works"; then
:
@@ -10140,11 +11118,12 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10187,19 +11166,20 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
-$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
-if ${lt_cv_prog_compiler_c_o+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test ${lt_cv_prog_compiler_c_o+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler_c_o=no
$RM -r conftest 2>/dev/null
mkdir conftest
@@ -10242,8 +11222,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
-$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; }
@@ -10251,19 +11231,19 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; }
hard_links=nottested
if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
# do not overwrite the value of need_locks provided by the user
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
-$as_echo_n "checking if we can lock with hard links... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+printf %s "checking if we can lock with hard links... " >&6; }
hard_links=yes
$RM conftest*
ln conftest.a conftest.b 2>/dev/null && hard_links=no
touch conftest.a
ln conftest.a conftest.b 2>&5 || hard_links=no
ln conftest.a conftest.b 2>/dev/null && hard_links=no
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
-$as_echo "$hard_links" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+printf "%s\n" "$hard_links" >&6; }
if test no = "$hard_links"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
-$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
need_locks=warn
fi
else
@@ -10275,8 +11255,8 @@ fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
-$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
runpath_var=
allow_undefined_flag=
@@ -10834,21 +11814,23 @@ _LT_EOF
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10863,7 +11845,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -10887,21 +11869,23 @@ fi
if test set = "${lt_cv_aix_libpath+set}"; then
aix_libpath=$lt_cv_aix_libpath
else
- if ${lt_cv_aix_libpath_+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_aix_libpath_+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_aix_libpath_sed='
/Import File Strings/,/^$/ {
@@ -10916,7 +11900,7 @@ if ac_fn_c_try_link "$LINENO"; then :
lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
if test -z "$lt_cv_aix_libpath_"; then
lt_cv_aix_libpath_=/usr/lib:/lib
@@ -11167,11 +12151,12 @@ fi
# Older versions of the 11.00 compiler do not understand -b yet
# (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
-$as_echo_n "checking if $CC understands -b... " >&6; }
-if ${lt_cv_prog_compiler__b+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+printf %s "checking if $CC understands -b... " >&6; }
+if test ${lt_cv_prog_compiler__b+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_prog_compiler__b=no
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -b"
@@ -11195,8 +12180,8 @@ else
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
-$as_echo "$lt_cv_prog_compiler__b" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+printf "%s\n" "$lt_cv_prog_compiler__b" >&6; }
if test yes = "$lt_cv_prog_compiler__b"; then
archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
@@ -11236,28 +12221,30 @@ fi
# work, assume that -exports_file does not work either and
# implicitly export all symbols.
# This should be the same for all languages, so no per-tag cache variable.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
-$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
-if ${lt_cv_irix_exported_symbol+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if test ${lt_cv_irix_exported_symbol+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
save_LDFLAGS=$LDFLAGS
LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int foo (void) { return 0; }
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
lt_cv_irix_exported_symbol=yes
-else
+else $as_nop
lt_cv_irix_exported_symbol=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
-$as_echo "$lt_cv_irix_exported_symbol" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; }
if test yes = "$lt_cv_irix_exported_symbol"; then
archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
@@ -11538,8 +12525,8 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
-$as_echo "$ld_shlibs" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+printf "%s\n" "$ld_shlibs" >&6; }
test no = "$ld_shlibs" && can_build_shared=no
with_gnu_ld=$with_gnu_ld
@@ -11575,18 +12562,19 @@ x|xyes)
# Test whether the compiler implicitly links with -lc since on some
# systems, -lgcc has to come before -lc. If gcc already passes -lc
# to ld, don't add -lc before -lgcc.
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
-$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
-if ${lt_cv_archive_cmds_need_lc+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+printf %s "checking whether -lc should be explicitly linked in... " >&6; }
+if test ${lt_cv_archive_cmds_need_lc+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
$RM conftest*
echo "$lt_simple_compile_test_code" > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } 2>conftest.err; then
soname=conftest
lib=conftest
@@ -11604,7 +12592,7 @@ else
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
(eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; }
then
lt_cv_archive_cmds_need_lc=no
@@ -11618,8 +12606,8 @@ else
$RM conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
-$as_echo "$lt_cv_archive_cmds_need_lc" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; }
archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
;;
esac
@@ -11778,8 +12766,8 @@ esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
-$as_echo_n "checking dynamic linker characteristics... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+printf %s "checking dynamic linker characteristics... " >&6; }
if test yes = "$GCC"; then
case $host_os in
@@ -12340,9 +13328,10 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
shlibpath_overrides_runpath=no
# Some binutils ld are patched to set DT_RUNPATH
- if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ if test ${lt_cv_shlibpath_overrides_runpath+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
lt_cv_shlibpath_overrides_runpath=no
save_LDFLAGS=$LDFLAGS
save_libdir=$libdir
@@ -12352,19 +13341,21 @@ else
/* end confdefs.h. */
int
-main ()
+main (void)
{
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+if ac_fn_c_try_link "$LINENO"
+then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null
+then :
lt_cv_shlibpath_overrides_runpath=yes
fi
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LDFLAGS=$save_LDFLAGS
libdir=$save_libdir
@@ -12608,8 +13599,8 @@ uts4*)
dynamic_linker=no
;;
esac
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
-$as_echo "$dynamic_linker" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+printf "%s\n" "$dynamic_linker" >&6; }
test no = "$dynamic_linker" && can_build_shared=no
variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
@@ -12730,8 +13721,8 @@ configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
-$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+printf %s "checking how to hardcode library paths into programs... " >&6; }
hardcode_action=
if test -n "$hardcode_libdir_flag_spec" ||
test -n "$runpath_var" ||
@@ -12755,8 +13746,8 @@ else
# directories.
hardcode_action=unsupported
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
-$as_echo "$hardcode_action" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+printf "%s\n" "$hardcode_action" >&6; }
if test relink = "$hardcode_action" ||
test yes = "$inherit_rpath"; then
@@ -12800,11 +13791,12 @@ else
darwin*)
# if libdl is installed we need to link against it
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12813,32 +13805,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
+else $as_nop
lt_cv_dlopen=dyld
lt_cv_dlopen_libs=
@@ -12858,14 +13849,16 @@ fi
*)
ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
-if test "x$ac_cv_func_shl_load" = xyes; then :
+if test "x$ac_cv_func_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
-$as_echo_n "checking for shl_load in -ldld... " >&6; }
-if ${ac_cv_lib_dld_shl_load+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+printf %s "checking for shl_load in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_shl_load+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12874,41 +13867,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char shl_load ();
int
-main ()
+main (void)
{
return shl_load ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_shl_load=yes
-else
+else $as_nop
ac_cv_lib_dld_shl_load=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
-$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
-if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes
+then :
lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
-else
+else $as_nop
ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
-if test "x$ac_cv_func_dlopen" = xyes; then :
+if test "x$ac_cv_func_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
-$as_echo_n "checking for dlopen in -ldl... " >&6; }
-if ${ac_cv_lib_dl_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+printf %s "checking for dlopen in -ldl... " >&6; }
+if test ${ac_cv_lib_dl_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12917,37 +13911,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dl_dlopen=yes
-else
+else $as_nop
ac_cv_lib_dl_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
-$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
-if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
-$as_echo_n "checking for dlopen in -lsvld... " >&6; }
-if ${ac_cv_lib_svld_dlopen+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+printf %s "checking for dlopen in -lsvld... " >&6; }
+if test ${ac_cv_lib_svld_dlopen+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-lsvld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12956,37 +13950,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dlopen ();
int
-main ()
+main (void)
{
return dlopen ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_svld_dlopen=yes
-else
+else $as_nop
ac_cv_lib_svld_dlopen=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
-$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
-if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes
+then :
lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
-$as_echo_n "checking for dld_link in -ldld... " >&6; }
-if ${ac_cv_lib_dld_dld_link+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+else $as_nop
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+printf %s "checking for dld_link in -ldld... " >&6; }
+if test ${ac_cv_lib_dld_dld_link+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
ac_check_lib_save_LIBS=$LIBS
LIBS="-ldld $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -12995,30 +13989,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
char dld_link ();
int
-main ()
+main (void)
{
return dld_link ();
;
return 0;
}
_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"
+then :
ac_cv_lib_dld_dld_link=yes
-else
+else $as_nop
ac_cv_lib_dld_dld_link=no
fi
-rm -f core conftest.err conftest.$ac_objext \
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
-$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
-if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes
+then :
lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
fi
@@ -13057,11 +14050,12 @@ fi
save_LIBS=$LIBS
LIBS="$lt_cv_dlopen_libs $LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
-$as_echo_n "checking whether a program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+printf %s "checking whether a program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self=cross
else
@@ -13140,7 +14134,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13158,16 +14152,17 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
-$as_echo "$lt_cv_dlopen_self" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+printf "%s\n" "$lt_cv_dlopen_self" >&6; }
if test yes = "$lt_cv_dlopen_self"; then
wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
-$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
-if ${lt_cv_dlopen_self_static+:} false; then :
- $as_echo_n "(cached) " >&6
-else
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+printf %s "checking whether a statically linked program can dlopen itself... " >&6; }
+if test ${lt_cv_dlopen_self_static+y}
+then :
+ printf %s "(cached) " >&6
+else $as_nop
if test yes = "$cross_compiling"; then :
lt_cv_dlopen_self_static=cross
else
@@ -13246,7 +14241,7 @@ _LT_EOF
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
(eval $ac_link) 2>&5
ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
(./conftest; exit; ) >&5 2>/dev/null
lt_status=$?
@@ -13264,8 +14259,8 @@ rm -fr conftest*
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
-$as_echo "$lt_cv_dlopen_self_static" >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+printf "%s\n" "$lt_cv_dlopen_self_static" >&6; }
fi
CPPFLAGS=$save_CPPFLAGS
@@ -13303,13 +14298,13 @@ fi
striplib=
old_striplib=
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
-$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+printf %s "checking whether stripping libraries is possible... " >&6; }
if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
test -z "$striplib" && striplib="$STRIP --strip-unneeded"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
# FIXME - insert some real tests, host_os isn't really good enough
case $host_os in
@@ -13317,16 +14312,16 @@ else
if test -n "$STRIP"; then
striplib="$STRIP -x"
old_striplib="$STRIP -S"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+printf "%s\n" "yes" >&6; }
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
fi
;;
*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
;;
esac
fi
@@ -13343,13 +14338,13 @@ fi
# Report what library types will actually be built
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
-$as_echo_n "checking if libtool supports shared libraries... " >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
-$as_echo "$can_build_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+printf %s "checking if libtool supports shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+printf "%s\n" "$can_build_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
-$as_echo_n "checking whether to build shared libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+printf %s "checking whether to build shared libraries... " >&6; }
test no = "$can_build_shared" && enable_shared=no
# On AIX, shared libraries and static libraries use the same namespace, and
@@ -13373,15 +14368,15 @@ $as_echo_n "checking whether to build shared libraries... " >&6; }
fi
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
-$as_echo "$enable_shared" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+printf "%s\n" "$enable_shared" >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
-$as_echo_n "checking whether to build static libraries... " >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+printf %s "checking whether to build static libraries... " >&6; }
# Make sure either enable_shared or enable_static is yes.
test yes = "$enable_shared" || enable_static=yes
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
-$as_echo "$enable_static" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+printf "%s\n" "$enable_static" >&6; }
@@ -13418,182 +14413,6 @@ CC=$lt_save_CC
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5
-$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
-if ${ac_cv_prog_cc_c99+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_cv_prog_cc_c99=no
-ac_save_CC=$CC
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <wchar.h>
-#include <stdio.h>
-
-// Check varargs macros. These examples are taken from C99 6.10.3.5.
-#define debug(...) fprintf (stderr, __VA_ARGS__)
-#define showlist(...) puts (#__VA_ARGS__)
-#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
-static void
-test_varargs_macros (void)
-{
- int x = 1234;
- int y = 5678;
- debug ("Flag");
- debug ("X = %d\n", x);
- showlist (The first, second, and third items.);
- report (x>y, "x is %d but y is %d", x, y);
-}
-
-// Check long long types.
-#define BIG64 18446744073709551615ull
-#define BIG32 4294967295ul
-#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
-#if !BIG_OK
- your preprocessor is broken;
-#endif
-#if BIG_OK
-#else
- your preprocessor is broken;
-#endif
-static long long int bignum = -9223372036854775807LL;
-static unsigned long long int ubignum = BIG64;
-
-struct incomplete_array
-{
- int datasize;
- double data[];
-};
-
-struct named_init {
- int number;
- const wchar_t *name;
- double average;
-};
-
-typedef const char *ccp;
-
-static inline int
-test_restrict (ccp restrict text)
-{
- // See if C++-style comments work.
- // Iterate through items via the restricted pointer.
- // Also check for declarations in for loops.
- for (unsigned int i = 0; *(text+i) != '\0'; ++i)
- continue;
- return 0;
-}
-
-// Check varargs and va_copy.
-static void
-test_varargs (const char *format, ...)
-{
- va_list args;
- va_start (args, format);
- va_list args_copy;
- va_copy (args_copy, args);
-
- const char *str;
- int number;
- float fnumber;
-
- while (*format)
- {
- switch (*format++)
- {
- case 's': // string
- str = va_arg (args_copy, const char *);
- break;
- case 'd': // int
- number = va_arg (args_copy, int);
- break;
- case 'f': // float
- fnumber = va_arg (args_copy, double);
- break;
- default:
- break;
- }
- }
- va_end (args_copy);
- va_end (args);
-}
-
-int
-main ()
-{
-
- // Check bool.
- _Bool success = false;
-
- // Check restrict.
- if (test_restrict ("String literal") == 0)
- success = true;
- char *restrict newvar = "Another string";
-
- // Check varargs.
- test_varargs ("s, d' f .", "string", 65, 34.234);
- test_varargs_macros ();
-
- // Check flexible array members.
- struct incomplete_array *ia =
- malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
- ia->datasize = 10;
- for (int i = 0; i < ia->datasize; ++i)
- ia->data[i] = i * 1.234;
-
- // Check named initializers.
- struct named_init ni = {
- .number = 34,
- .name = L"Test wide string",
- .average = 543.34343,
- };
-
- ni.number = 58;
-
- int dynamic_array[ni.number];
- dynamic_array[ni.number - 1] = 543;
-
- // work around unused variable warnings
- return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
- || dynamic_array[ni.number - 1] != 543);
-
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99
-do
- CC="$ac_save_CC $ac_arg"
- if ac_fn_c_try_compile "$LINENO"; then :
- ac_cv_prog_cc_c99=$ac_arg
-fi
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c99" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c99" in
- x)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
-$as_echo "none needed" >&6; } ;;
- xno)
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
-$as_echo "unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c99"
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
-$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
-esac
-if test "x$ac_cv_prog_cc_c99" != xno; then :
-
-fi
-
if test "$ac_cv_prog_cc_c99" = "no"; then
as_fn_error $? "C99 mode is required to build libapparmor" "$LINENO" 5
@@ -13628,8 +14447,8 @@ _ACEOF
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
-$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
@@ -13659,15 +14478,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
/^ac_cv_env_/b end
t clear
:clear
- s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/
t end
s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
if test "x$cache_file" != "x/dev/null"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
-$as_echo "$as_me: updating cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+printf "%s\n" "$as_me: updating cache $cache_file" >&6;}
if test ! -f "$cache_file" || test -h "$cache_file"; then
cat confcache >"$cache_file"
else
@@ -13681,8 +14500,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;}
fi
fi
else
- { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
-$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
@@ -13735,7 +14554,7 @@ U=
for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"`
# 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
# will be set to the directory where LIBOBJS objects are built.
as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
@@ -13746,14 +14565,14 @@ LIBOBJS=$ac_libobjs
LTLIBOBJS=$ac_ltlibobjs
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
-$as_echo_n "checking that generated files are newer than configure... " >&6; }
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+printf %s "checking that generated files are newer than configure... " >&6; }
if test -n "$am_sleep_pid"; then
# Hide warnings about reused PIDs.
wait $am_sleep_pid 2>/dev/null
fi
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5
-$as_echo "done" >&6; }
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5
+printf "%s\n" "done" >&6; }
if test -n "$EXEEXT"; then
am__EXEEXT_TRUE=
am__EXEEXT_FALSE='#'
@@ -13791,8 +14610,8 @@ fi
ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
-$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;}
as_write_fail=0
cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
@@ -13815,14 +14634,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+as_nop=:
+if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1
+then :
emulate sh
NULLCMD=:
# Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
-else
+else $as_nop
case `(set -o) 2>/dev/null` in #(
*posix*) :
set -o posix ;; #(
@@ -13832,46 +14653,46 @@ esac
fi
+
+# Reset variables that may have inherited troublesome values from
+# the environment.
+
+# IFS needs to be set, to space, tab, and newline, in precisely that order.
+# (If _AS_PATH_WALK were called with IFS unset, it would have the
+# side effect of setting IFS to empty, thus disabling word splitting.)
+# Quoting is to prevent editors from complaining about space-tab.
as_nl='
'
export as_nl
-# Printing a long string crashes Solaris 7 /usr/bin/printf.
-as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
-as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
-# Prefer a ksh shell builtin over an external printf program on Solaris,
-# but without wasting forks for bash or zsh.
-if test -z "$BASH_VERSION$ZSH_VERSION" \
- && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='print -r --'
- as_echo_n='print -rn --'
-elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
- as_echo='printf %s\n'
- as_echo_n='printf %s'
-else
- if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
- as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
- as_echo_n='/usr/ucb/echo -n'
- else
- as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
- as_echo_n_body='eval
- arg=$1;
- case $arg in #(
- *"$as_nl"*)
- expr "X$arg" : "X\\(.*\\)$as_nl";
- arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
- esac;
- expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
- '
- export as_echo_n_body
- as_echo_n='sh -c $as_echo_n_body as_echo'
- fi
- export as_echo_body
- as_echo='sh -c $as_echo_body as_echo'
-fi
+IFS=" "" $as_nl"
+
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# Ensure predictable behavior from utilities with locale-dependent output.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# We cannot yet rely on "unset" to work, but we need these variables
+# to be unset--not just set to an empty or harmless value--now, to
+# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct
+# also avoids known problems related to "unset" and subshell syntax
+# in other old shells (e.g. bash 2.01 and pdksh 5.2.14).
+for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH
+do eval test \${$as_var+y} \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+
+# Ensure that fds 0, 1, and 2 are open.
+if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi
+if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi
+if (exec 3>&2) ; then :; else exec 2>/dev/null; fi
# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
+if ${PATH_SEPARATOR+false} :; then
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
(PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
@@ -13880,13 +14701,6 @@ if test "${PATH_SEPARATOR+set}" != set; then
fi
-# IFS
-# We need space, tab and new line, in precisely that order. Quoting is
-# there to prevent editors from complaining about space-tab.
-# (If _AS_PATH_WALK were called with IFS unset, it would disable word
-# splitting by setting IFS to empty value.)
-IFS=" "" $as_nl"
-
# Find who we are. Look in the path if we contain no directory separator.
as_myself=
case $0 in #((
@@ -13895,8 +14709,12 @@ case $0 in #((
for as_dir in $PATH
do
IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ case $as_dir in #(((
+ '') as_dir=./ ;;
+ */) ;;
+ *) as_dir=$as_dir/ ;;
+ esac
+ test -r "$as_dir$0" && as_myself=$as_dir$0 && break
done
IFS=$as_save_IFS
@@ -13908,30 +14726,10 @@ if test "x$as_myself" = x; then
as_myself=$0
fi
if test ! -f "$as_myself"; then
- $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
exit 1
fi
-# Unset variables that we do not need and which cause bugs (e.g. in
-# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
-# suppresses any "Segmentation fault" message there. '((' could
-# trigger a bug in pdksh 5.2.14.
-for as_var in BASH_ENV ENV MAIL MAILPATH
-do eval test x\${$as_var+set} = xset \
- && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
-done
-PS1='$ '
-PS2='> '
-PS4='+ '
-
-# NLS nuisances.
-LC_ALL=C
-export LC_ALL
-LANGUAGE=C
-export LANGUAGE
-
-# CDPATH.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
# as_fn_error STATUS ERROR [LINENO LOG_FD]
@@ -13944,13 +14742,14 @@ as_fn_error ()
as_status=$1; test $as_status -eq 0 && as_status=1
if test "$4"; then
as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
- $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
fi
- $as_echo "$as_me: error: $2" >&2
+ printf "%s\n" "$as_me: error: $2" >&2
as_fn_exit $as_status
} # as_fn_error
+
# as_fn_set_status STATUS
# -----------------------
# Set $? to STATUS, without forking.
@@ -13977,18 +14776,20 @@ as_fn_unset ()
{ eval $1=; unset $1;}
}
as_unset=as_fn_unset
+
# as_fn_append VAR VALUE
# ----------------------
# Append the text in VALUE to the end of the definition contained in VAR. Take
# advantage of any shell optimizations that allow amortized linear growth over
# repeated appends, instead of the typical quadratic growth present in naive
# implementations.
-if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null
+then :
eval 'as_fn_append ()
{
eval $1+=\$2
}'
-else
+else $as_nop
as_fn_append ()
{
eval $1=\$$1\$2
@@ -14000,12 +14801,13 @@ fi # as_fn_append
# Perform arithmetic evaluation on the ARGs, and store the result in the
# global $as_val. Take advantage of shells that can avoid forks. The arguments
# must be portable across $(()) and expr.
-if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null
+then :
eval 'as_fn_arith ()
{
as_val=$(( $* ))
}'
-else
+else $as_nop
as_fn_arith ()
{
as_val=`expr "$@" || test $? -eq 1`
@@ -14036,7 +14838,7 @@ as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X/"$0" |
+printf "%s\n" X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
@@ -14058,6 +14860,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS
as_cr_digits='0123456789'
as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# Determine whether it's possible to make 'echo' print without a newline.
+# These variables are no longer used directly by Autoconf, but are AC_SUBSTed
+# for compatibility with existing Makefiles.
ECHO_C= ECHO_N= ECHO_T=
case `echo -n x` in #(((((
-n*)
@@ -14071,6 +14877,12 @@ case `echo -n x` in #(((((
ECHO_N='-n';;
esac
+# For backward compatibility with old third-party macros, we provide
+# the shell variables $as_echo and $as_echo_n. New code should use
+# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively.
+as_echo='printf %s\n'
+as_echo_n='printf %s'
+
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
@@ -14112,7 +14924,7 @@ as_fn_mkdir_p ()
as_dirs=
while :; do
case $as_dir in #(
- *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
*) as_qdir=$as_dir;;
esac
as_dirs="'$as_qdir' $as_dirs"
@@ -14121,7 +14933,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$as_dir" : 'X\(//\)[^/]' \| \
X"$as_dir" : 'X\(//\)$' \| \
X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$as_dir" |
+printf "%s\n" X"$as_dir" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14184,7 +14996,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# values after options handling.
ac_log="
This file was extended by $as_me, which was
-generated by GNU Autoconf 2.69. Invocation command line was
+generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
@@ -14237,14 +15049,16 @@ $config_commands
Report bugs to the package provider."
_ACEOF
+ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"`
+ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"`
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
-ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
config.status
-configured by $0, generated by GNU Autoconf 2.69,
+configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
-Copyright (C) 2012 Free Software Foundation, Inc.
+Copyright (C) 2021 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
@@ -14284,21 +15098,21 @@ do
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- $as_echo "$ac_cs_version"; exit ;;
+ printf "%s\n" "$ac_cs_version"; exit ;;
--config | --confi | --conf | --con | --co | --c )
- $as_echo "$ac_cs_config"; exit ;;
+ printf "%s\n" "$ac_cs_config"; exit ;;
--debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
case $ac_optarg in
- *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
'') as_fn_error $? "missing file argument" ;;
esac
as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--he | --h | --help | --hel | -h )
- $as_echo "$ac_cs_usage"; exit ;;
+ printf "%s\n" "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
@@ -14326,7 +15140,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
shift
- \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6
CONFIG_SHELL='$SHELL'
export CONFIG_SHELL
exec "\$@"
@@ -14340,7 +15154,7 @@ exec 5>>config.log
sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## Running $as_me. ##
_ASBOX
- $as_echo "$ac_log"
+ printf "%s\n" "$ac_log"
} >&5
_ACEOF
@@ -14348,7 +15162,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
#
# INIT-COMMANDS
#
-AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"
# The HP-UX ksh and POSIX shell print the target directory to stdout
@@ -14670,8 +15484,8 @@ done
# We use the long form for the default assignment because of an extremely
# bizarre bug on SunOS 4.1.3.
if $ac_need_defaults; then
- test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
- test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+ test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files
+ test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands
fi
# Have a temporary directory for convenience. Make it in the build tree
@@ -14899,7 +15713,7 @@ do
esac ||
as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
- case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
as_fn_append ac_file_inputs " '$ac_f'"
done
@@ -14907,17 +15721,17 @@ do
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
configure_input='Generated from '`
- $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
`' by configure.'
if test x"$ac_file" != x-; then
configure_input="$ac_file. $configure_input"
- { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
-$as_echo "$as_me: creating $ac_file" >&6;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+printf "%s\n" "$as_me: creating $ac_file" >&6;}
fi
# Neutralize special characters interpreted by sed in replacement strings.
case $configure_input in #(
*\&* | *\|* | *\\* )
- ac_sed_conf_input=`$as_echo "$configure_input" |
+ ac_sed_conf_input=`printf "%s\n" "$configure_input" |
sed 's/[\\\\&|]/\\\\&/g'`;; #(
*) ac_sed_conf_input=$configure_input;;
esac
@@ -14934,7 +15748,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$ac_file" |
+printf "%s\n" X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -14958,9 +15772,9 @@ $as_echo X"$ac_file" |
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
@@ -15022,8 +15836,8 @@ ac_sed_dataroot='
case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
*datarootdir*) ac_datarootdir_seen=yes;;
*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_datarootdir_hack='
@@ -15067,9 +15881,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
{ ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
{ ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
"$ac_tmp/out"`; test -z "$ac_out"; } &&
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&5
-$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
which seems to be undefined. Please make sure it is defined" >&2;}
rm -f "$ac_tmp/stdin"
@@ -15081,8 +15895,8 @@ which seems to be undefined. Please make sure it is defined" >&2;}
;;
- :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
-$as_echo "$as_me: executing $ac_file commands" >&6;}
+ :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+printf "%s\n" "$as_me: executing $ac_file commands" >&6;}
;;
esac
@@ -15092,29 +15906,35 @@ $as_echo "$as_me: executing $ac_file commands" >&6;}
# Older Autoconf quotes --file arguments for eval, but not when files
# are listed without --file. Let's play safe and only enable the eval
# if we detect the quoting.
- case $CONFIG_FILES in
- *\'*) eval set x "$CONFIG_FILES" ;;
- *) set x $CONFIG_FILES ;;
- esac
+ # TODO: see whether this extra hack can be removed once we start
+ # requiring Autoconf 2.70 or later.
+ case $CONFIG_FILES in #(
+ *\'*) :
+ eval set x "$CONFIG_FILES" ;; #(
+ *) :
+ set x $CONFIG_FILES ;; #(
+ *) :
+ ;;
+esac
shift
- for mf
+ # Used to flag and report bootstrapping failures.
+ am_rc=0
+ for am_mf
do
# Strip MF so we end up with the name of the file.
- mf=`echo "$mf" | sed -e 's/:.*$//'`
- # Check whether this is an Automake generated Makefile or not.
- # We used to match only the files named 'Makefile.in', but
- # some people rename them; so instead we look at the file content.
- # Grep'ing the first line is not enough: some people post-process
- # each Makefile.in and add a new line on top of each file to say so.
- # Grep'ing the whole file is not good either: AIX grep has a line
+ am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile which includes
+ # dependency-tracking related rules and includes.
+ # Grep'ing the whole file directly is not great: AIX grep has a line
# limit of 2048, but all sed's we know have understand at least 4000.
- if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
- dirpart=`$as_dirname -- "$mf" ||
-$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$mf" : 'X\(//\)[^/]' \| \
- X"$mf" : 'X\(//\)$' \| \
- X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$mf" |
+ sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+ || continue
+ am_dirpart=`$as_dirname -- "$am_mf" ||
+$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$am_mf" : 'X\(//\)[^/]' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X"$am_mf" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
@@ -15132,53 +15952,50 @@ $as_echo X"$mf" |
q
}
s/.*/./; q'`
- else
- continue
- fi
- # Extract the definition of DEPDIR, am__include, and am__quote
- # from the Makefile without running 'make'.
- DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
- test -z "$DEPDIR" && continue
- am__include=`sed -n 's/^am__include = //p' < "$mf"`
- test -z "$am__include" && continue
- am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
- # Find all dependency output files, they are included files with
- # $(DEPDIR) in their names. We invoke sed twice because it is the
- # simplest approach to changing $(DEPDIR) to its actual value in the
- # expansion.
- for file in `sed -n "
- s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
- sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
- # Make sure the directory exists.
- test -f "$dirpart/$file" && continue
- fdir=`$as_dirname -- "$file" ||
-$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$file" : 'X\(//\)[^/]' \| \
- X"$file" : 'X\(//\)$' \| \
- X"$file" : 'X\(/\)' \| . 2>/dev/null ||
-$as_echo X"$file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
+ am_filepart=`$as_basename -- "$am_mf" ||
+$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$am_mf" : 'X\(//\)$' \| \
+ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null ||
+printf "%s\n" X/"$am_mf" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
}
- /^X\(\/\/\)$/{
+ /^X\/\(\/\/\)$/{
s//\1/
q
}
- /^X\(\/\).*/{
+ /^X\/\(\/\).*/{
s//\1/
q
}
s/.*/./; q'`
- as_dir=$dirpart/$fdir; as_fn_mkdir_p
- # echo "creating $dirpart/$file"
- echo '# dummy' > "$dirpart/$file"
- done
+ { echo "$as_me:$LINENO: cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles" >&5
+ (cd "$am_dirpart" \
+ && sed -e '/# am--include-marker/d' "$am_filepart" \
+ | $MAKE -f - am--depfiles) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } || am_rc=$?
done
+ if test $am_rc -ne 0; then
+ { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "Something went wrong bootstrapping makefile fragments
+ for automatic dependency tracking. If GNU make was not used, consider
+ re-running the configure script with MAKE=\"gmake\" (or whatever is
+ necessary). You can also try re-running configure with the
+ '--disable-dependency-tracking' option to at least be able to build
+ the package (albeit without support for automatic dependency tracking).
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ { am_dirpart=; unset am_dirpart;}
+ { am_filepart=; unset am_filepart;}
+ { am_mf=; unset am_mf;}
+ { am_rc=; unset am_rc;}
+ rm -f conftest-deps.mk
}
;;
"libtool":C)
@@ -15708,6 +16525,7 @@ _LT_EOF
esac
+
ltmain=$ac_aux_dir/ltmain.sh
@@ -15757,7 +16575,8 @@ if test "$no_create" != yes; then
$ac_cs_success || as_fn_exit 1
fi
if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
-$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
fi
+
diff --git a/libraries/libapparmor/configure.ac b/libraries/libapparmor/configure.ac
index 73d99398b47173bbc62630e4e8dc63ffcf15ef8f..0852aebaba0760a4d7f8f6804c2a8c66a4d0859c 100644
--- a/libraries/libapparmor/configure.ac
+++ b/libraries/libapparmor/configure.ac
@@ -42,11 +42,11 @@ AC_ARG_WITH(python,
[AC_MSG_RESULT($withval)], [AC_MSG_RESULT(no)])
if test "$with_python" = "yes"; then
test -z "$SWIG" && AC_MSG_ERROR([swig is required when enabling python bindings])
- AC_PATH_PROG(PYTHON, python)
+ AC_PATH_PROG(PYTHON, python3)
test -z "$PYTHON" && AC_MSG_ERROR([python is required when enabling python bindings])
sinclude(m4/ac_python_devel.m4)
AC_PYTHON_DEVEL
- AM_PATH_PYTHON
+ AM_PATH_PYTHON([3.0])
fi
AC_MSG_CHECKING([whether perl bindings are enabled])
@@ -58,7 +58,7 @@ if test "$with_perl" = "yes"; then
AC_PATH_PROG(PERL, perl)
test -z "$PERL" && AC_MSG_ERROR([perl is required when enabling perl bindings])
perl_includedir="`$PERL -e 'use Config; print $Config{archlib}'`/CORE"
- AC_CHECK_FILE($perl_includedir/perl.h, enable_perl=yes, enable_perl=no)
+ AS_IF([test -e "$perl_includedir/perl.h"], enable_perl=yes, enable_perl=no)
fi
diff --git a/libraries/libapparmor/depcomp b/libraries/libapparmor/depcomp
index b39f98f9ae9f950391abb09f4fa03ee113a07ac6..715e34311ed2d2dbff881aedc7e25b81db54614c 100755
--- a/libraries/libapparmor/depcomp
+++ b/libraries/libapparmor/depcomp
@@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
-scriptversion=2016-01-11.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2021 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@ scriptversion=2016-01-11.22; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -783,7 +783,7 @@ exit 0
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
diff --git a/libraries/libapparmor/doc/Makefile.in b/libraries/libapparmor/doc/Makefile.in
index aec9786bc24b0778125ac4495f32796886f0ac7e..f5d9d850ae3cb1cc3641f2d4275fb388f01085e4 100644
--- a/libraries/libapparmor/doc/Makefile.in
+++ b/libraries/libapparmor/doc/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -164,8 +164,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -176,6 +177,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -220,6 +222,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = pod2man
PODCHECKER = podchecker
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -320,8 +323,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -430,8 +433,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/doc/aa_change_hat.pod b/libraries/libapparmor/doc/aa_change_hat.pod
index 3583301c7d204e0931f028ef66748d61371ab970..3a285e0dce95ff3fda694842ce99618156974aaa 100644
--- a/libraries/libapparmor/doc/aa_change_hat.pod
+++ b/libraries/libapparmor/doc/aa_change_hat.pod
@@ -137,11 +137,11 @@ First, a simple high-level overview of aa_change_hat() use:
void foo (void) {
unsigned long magic_token;
-
+
/* get a random magic token value
from our huge entropy pool */
magic_token = random_function();
-
+
/* change into the subprofile while
* we do stuff we don't trust */
aa_change_hat("stuff_we_dont_trust", magic_token);
@@ -166,20 +166,20 @@ aren't accessible after an aa_change_hat() call:
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
-
-
+
+
int main(int argc, char *argv[]) {
int fd;
unsigned long tok;
char buf[10];
-
+
/* random() is a poor choice */
tok = random();
-
+
/* open /etc/passwd outside of any hat */
if ((fd=open("/etc/passwd", O_RDONLY)) < 0)
perror("Failure opening /etc/passwd");
-
+
/* confirm for ourselves that we can really read /etc/passwd */
memset(&buf, 0, 10);
if (read(fd, &buf, 10) == -1) {
@@ -188,7 +188,7 @@ aren't accessible after an aa_change_hat() call:
}
buf[9] = '\0';
printf("/etc/passwd: %s\n", buf);
-
+
/* change hat to the "hat" subprofile, which should not have
* read access to /etc/passwd -- even though we have a valid
* file descriptor at the time of the aa_change_hat() call. */
@@ -196,7 +196,7 @@ aren't accessible after an aa_change_hat() call:
perror("Failure changing hat -- aborting");
_exit(1);
}
-
+
/* confirm that we cannot read /etc/passwd */
lseek(fd,0,SEEK_SET);
memset(&buf, 0, 10);
@@ -204,7 +204,7 @@ aren't accessible after an aa_change_hat() call:
perror("Failure reading /etc/passwd post-hat");
buf[9] = '\0';
printf("/etc/passwd: %s\n", buf);
-
+
return 0;
}
@@ -248,7 +248,7 @@ The output when run:
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>. Note that
+L<https://gitlab.com/apparmor/apparmor/-/issues>. Note that
aa_change_hat(2) provides no memory barriers between different areas of a
program; if address space separation is required, then separate processes
should be used.
diff --git a/libraries/libapparmor/doc/aa_change_profile.pod b/libraries/libapparmor/doc/aa_change_profile.pod
index ce3b348688c33b69371077f1555e5fbf2d00a6db..b04e9c5c25099117e3c706e37b64d73163260584 100644
--- a/libraries/libapparmor/doc/aa_change_profile.pod
+++ b/libraries/libapparmor/doc/aa_change_profile.pod
@@ -196,7 +196,7 @@ used (in addition to the one for 'i_cant_be_trusted_anymore', above):
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>. Note that using
+L<https://gitlab.com/apparmor/apparmor/-/issues>. Note that using
aa_change_profile(2) without execve(2) provides no memory barriers between
different areas of a program; if address space separation is required, then
separate processes should be used.
diff --git a/libraries/libapparmor/doc/aa_features.pod b/libraries/libapparmor/doc/aa_features.pod
index 4cae146898b2a50f0ef1bb0e1bc5a5b468dda63a..c0edd0f1b8e5d103b406bb76f9cb66fc1f31036f 100644
--- a/libraries/libapparmor/doc/aa_features.pod
+++ b/libraries/libapparmor/doc/aa_features.pod
@@ -34,6 +34,8 @@ aa_features_ref - increments the ref count of an aa_features object
aa_features_unref - decrements the ref count and frees the aa_features object when 0
+aa_features_write_to_fd - write a string representation of an aa_features object to a file descriptor
+
aa_features_write_to_file - write a string representation of an aa_features object to a file
aa_features_is_equal - equality test for two aa_features objects
@@ -42,6 +44,8 @@ aa_features_supports - provides aa_features object support status
aa_features_id - provides unique identifier for an aa_features object
+aa_features_value - the value associated with a given feature.
+
=head1 SYNOPSIS
B<#include E<lt>sys/apparmor.hE<gt>>
@@ -50,6 +54,8 @@ B<typedef struct aa_features aa_features;>
B<int aa_features_new(aa_features **features, int dirfd, const char *path);>
+B<int aa_features_new_from_file(aa_features **features, int fd);>
+
B<int aa_features_new_from_string(aa_features **features, const char *string, size_t size);>
B<int aa_features_new_from_kernel(aa_features **features);>
@@ -58,6 +64,8 @@ B<aa_features *aa_features_ref(aa_features *features);>
B<void aa_features_unref(aa_features *features);>
+B<int aa_features_write_to_fd(aa_features *features, int fd);>
+
B<int aa_features_write_to_file(aa_features *features, int dirfd, const char *path);>
B<bool aa_features_is_equal(aa_features *features1, aa_features *features2);>
@@ -66,6 +74,8 @@ B<bool aa_features_supports(aa_features *features, const char *str);>
B<char *aa_features_id(aa_features *features);>
+B<char *aa_features_value(aa_features *features, const char *str, size_t *len);>
+
Link with B<-lapparmor> when compiling.
=head1 DESCRIPTION
@@ -82,6 +92,10 @@ directory file descriptor and path. The I<path> can point to a file or
directory. See the openat(2) man page for examples of I<dirfd> and I<path>. The
allocated I<features> object must be freed using aa_features_unref().
+The aa_features_new_from_file() function is similar except that it
+accepts an open file as the argument. The allocated I<features> object
+must be freed using aa_features_unref().
+
The aa_features_new_from_string() function is similar except that it accepts a
NUL-terminated string representation of the AppArmor features as the I<string>
argument. The length of the features string, not counting the NUL-terminator,
@@ -97,6 +111,9 @@ aa_features_ref() increments the reference count on the I<features> object.
aa_features_unref() decrements the reference count on the I<features> object
and releases all corresponding resources when the reference count reaches zero.
+The aa_features_write_to_fd() function writes a string representation of the
+I<features> object to the file descriptor specified by the I<fd>.
+
The aa_features_write_to_file() function writes a string representation of the
I<features> object to the file specified by the I<dirfd> and I<path>
combination.
@@ -140,6 +157,11 @@ aa_features_id() returns a string identifying I<features> which must be
freed by the caller. NULL is returned on error, with errno set
appropriately.
+aa_features_value() returns a null terminated string with is
+associated length which must be freed by the caller. NULL is returned
+on error, with errno set to ENOENT if the feature was not found,
+ENODIR if the specified feature does not resolve to a leaf feature.
+
=head1 ERRORS
The errno value will be set according to the underlying error in the
@@ -157,10 +179,10 @@ before exiting in libapparmor version 2.12 and newer.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
-openat(2) and L<https://wiki.apparmor.net>.
+openat(2), aa-features-abi(1) and L<https://wiki.apparmor.net>.
=cut
diff --git a/libraries/libapparmor/doc/aa_find_mountpoint.pod b/libraries/libapparmor/doc/aa_find_mountpoint.pod
index 34f2ed79be4d0250a0430c81ee321f8c1210545d..0a86e971e9dbc54a1746800479f9df3982817107 100644
--- a/libraries/libapparmor/doc/aa_find_mountpoint.pod
+++ b/libraries/libapparmor/doc/aa_find_mountpoint.pod
@@ -70,6 +70,10 @@ AppArmor extensions to the system are not available.
AppArmor is available on the system but has been disabled at boot.
+=item B<EBUSY>
+
+AppArmor is available but only via private interfaces.
+
=item B<ENOENT>
AppArmor is available (and maybe even enforcing policy) but the interface is
@@ -87,6 +91,11 @@ Did not have sufficient permissions to determine if AppArmor is enabled.
Did not have sufficient permissions to determine if AppArmor is enabled.
+=item B<EBUSY>
+
+AppArmor is enabled but does not have access to shared interfaces, and
+only private interfaces are available.
+
=back
B<aa_find_mountpoint>
@@ -110,7 +119,7 @@ The apparmor filesystem mount could not be found
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_getcon.pod b/libraries/libapparmor/doc/aa_getcon.pod
index 326b44124f42c9361b524f1b6118f238e958199c..008f199e5898fc68ef71015bebddd85a15ccfa34 100644
--- a/libraries/libapparmor/doc/aa_getcon.pod
+++ b/libraries/libapparmor/doc/aa_getcon.pod
@@ -127,7 +127,7 @@ confinement data.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_kernel_interface.pod b/libraries/libapparmor/doc/aa_kernel_interface.pod
index 21050f8858a36b81c6e6598d2afc3f381cdcc165..d86cc91007a04aa076c3b14bc95079ee47d40368 100644
--- a/libraries/libapparmor/doc/aa_kernel_interface.pod
+++ b/libraries/libapparmor/doc/aa_kernel_interface.pod
@@ -156,7 +156,7 @@ errno before exiting in libapparmor version 2.12 and newer.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_policy_cache.pod b/libraries/libapparmor/doc/aa_policy_cache.pod
index 57a0b432d47e2590bc42de0f540bf1a1ec642ab4..592dcd2daafc77da2fecda65f6f796448b00ef12 100644
--- a/libraries/libapparmor/doc/aa_policy_cache.pod
+++ b/libraries/libapparmor/doc/aa_policy_cache.pod
@@ -170,7 +170,7 @@ before exiting in libapparmor version 2.12 and newer.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_query_label.pod b/libraries/libapparmor/doc/aa_query_label.pod
index b95f21714c874433b8d823be60ffaa450d6bdbc8..52fc366bc5078cc64a53acd901de386e674a08dc 100644
--- a/libraries/libapparmor/doc/aa_query_label.pod
+++ b/libraries/libapparmor/doc/aa_query_label.pod
@@ -123,7 +123,7 @@ query and can change at any point in the future.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_splitcon.pod b/libraries/libapparmor/doc/aa_splitcon.pod
index e3b37633436842b82bce2a089f36cef6b45350db..a56d021413068e419aa62667b05aebdea2db1233 100644
--- a/libraries/libapparmor/doc/aa_splitcon.pod
+++ b/libraries/libapparmor/doc/aa_splitcon.pod
@@ -63,7 +63,7 @@ on error.
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/libraries/libapparmor/doc/aa_stack_profile.pod b/libraries/libapparmor/doc/aa_stack_profile.pod
index c3b6c33e3cc3f51be4a737fa12210ba09240ed20..afef0be454af4bdfa2d5ab793a9adfe03a702cc9 100644
--- a/libraries/libapparmor/doc/aa_stack_profile.pod
+++ b/libraries/libapparmor/doc/aa_stack_profile.pod
@@ -137,12 +137,12 @@ aa_stack_profile().
{
int fd;
char buf[10];
-
+
if ((fd=open("/etc/passwd", O_RDONLY)) < 0) {
perror("Failure opening /etc/passwd");
_exit(1);
}
-
+
/* Verify that we can read /etc/passwd */
memset(&buf, 0, 10);
if (read(fd, &buf, 10) == -1) {
@@ -153,19 +153,19 @@ aa_stack_profile().
printf("/etc/passwd: %s\n", buf);
close(fd);
}
-
+
int main(int argc, char * argv[])
{
printf("Before aa_stack_profile():\n");
read_passwd();
-
+
/* stack the "i_cant_be_trusted_anymore" profile, which
* should not have read access to /etc/passwd. */
if (aa_stack_profile("i_cant_be_trusted_anymore") < 0) {
perror("Failure changing profile -- aborting");
_exit(1);
}
-
+
printf("After aa_stack_profile():\n");
read_passwd();
_exit(0);
@@ -208,7 +208,7 @@ The output when run:
=head1 BUGS
None known. If you find any, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>. Note that using
+L<https://gitlab.com/apparmor/apparmor/-/issues>. Note that using
aa_stack_profile(2) without execve(2) provides no memory barriers between
different areas of a program; if address space separation is required, then
separate processes should be used.
diff --git a/libraries/libapparmor/include/Makefile.in b/libraries/libapparmor/include/Makefile.in
index cf46125b92f2ae195f58231d7a57ef38377e4dfa..f02759a3b38460faaabd8bf7c97008c57ac2507f 100644
--- a/libraries/libapparmor/include/Makefile.in
+++ b/libraries/libapparmor/include/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -164,7 +164,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
+ distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -182,8 +182,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -223,8 +221,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -235,6 +234,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -279,6 +279,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -378,8 +379,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -516,8 +517,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/include/sys/Makefile.in b/libraries/libapparmor/include/sys/Makefile.in
index 5be75f53e304dd43d5d3206555169ef1d5d2c8b1..8120ba87273bf50da3787db7d5f4819b0496949c 100644
--- a/libraries/libapparmor/include/sys/Makefile.in
+++ b/libraries/libapparmor/include/sys/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -166,8 +166,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
@@ -181,8 +179,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -193,6 +192,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -237,6 +237,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -335,8 +336,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -426,8 +427,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/include/sys/apparmor.h b/libraries/libapparmor/include/sys/apparmor.h
index 64124268abb2fb25c1436b13451d3e44638eb0c6..d70eff947c7c9bab3552a6c9f62f64722f98b657 100644
--- a/libraries/libapparmor/include/sys/apparmor.h
+++ b/libraries/libapparmor/include/sys/apparmor.h
@@ -20,6 +20,7 @@
#include <stdbool.h>
#include <stdint.h>
+#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
@@ -94,7 +95,7 @@ extern int aa_getprocattr(pid_t tid, const char *attr, char **label,
char **mode);
extern int aa_gettaskcon(pid_t target, char **label, char **mode);
extern int aa_getcon(char **label, char **mode);
-extern int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode);
+extern int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode);
extern int aa_getpeercon(int fd, char **label, char **mode);
/* A NUL character is used to separate the query command prefix string from the
@@ -144,18 +145,21 @@ extern int aa_query_link_path(const char *label, const char *target,
typedef struct aa_features aa_features;
extern int aa_features_new(aa_features **features, int dirfd, const char *path);
+extern int aa_features_new_from_file(aa_features **features, int file);
extern int aa_features_new_from_string(aa_features **features,
const char *string, size_t size);
extern int aa_features_new_from_kernel(aa_features **features);
extern aa_features *aa_features_ref(aa_features *features);
extern void aa_features_unref(aa_features *features);
+extern int aa_features_write_to_fd(aa_features *features, int fd);
extern int aa_features_write_to_file(aa_features *features,
int dirfd, const char *path);
extern bool aa_features_is_equal(aa_features *features1,
aa_features *features2);
extern bool aa_features_supports(aa_features *features, const char *str);
extern char *aa_features_id(aa_features *features);
+extern char *aa_features_value(aa_features *features, const char *str, size_t *len);
typedef struct aa_kernel_interface aa_kernel_interface;
extern int aa_kernel_interface_new(aa_kernel_interface **kernel_interface,
diff --git a/libraries/libapparmor/install-sh b/libraries/libapparmor/install-sh
index 59990a10492675f2e87d5e5df17b566d145d9aee..ec298b53740270ce82b326c4c2deaa5dcdec4596 100755
--- a/libraries/libapparmor/install-sh
+++ b/libraries/libapparmor/install-sh
@@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
-scriptversion=2014-09-12.12; # UTC
+scriptversion=2020-11-14.01; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@@ -69,6 +69,11 @@ posix_mkdir=
# Desired mode of installed file.
mode=0755
+# Create dirs (including intermediate dirs) using mode 755.
+# This is like GNU 'install' as of coreutils 8.32 (2020).
+mkdir_umask=22
+
+backupsuffix=
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
@@ -99,18 +104,28 @@ Options:
--version display version info and exit.
-c (ignored)
- -C install only if different (preserve the last data modification time)
+ -C install only if different (preserve data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
+ -p pass -p to $cpprog.
-s $stripprog installed files.
+ -S SUFFIX attempt to back up existing files, with suffix SUFFIX.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
+
+By default, rm is invoked with -f; when overridden with RMPROG,
+it's up to you to specify -f if you want it.
+
+If -S is not specified, no backups are attempted.
+
+Email bug reports to bug-automake@gnu.org.
+Automake home page: https://www.gnu.org/software/automake/
"
while test $# -ne 0; do
@@ -137,8 +152,13 @@ while test $# -ne 0; do
-o) chowncmd="$chownprog $2"
shift;;
+ -p) cpprog="$cpprog -p";;
+
-s) stripcmd=$stripprog;;
+ -S) backupsuffix="$2"
+ shift;;
+
-t)
is_target_a_directory=always
dst_arg=$2
@@ -255,6 +275,10 @@ do
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
+ # Don't chown directories that already exist.
+ if test $dstdir_status = 0; then
+ chowncmd=""
+ fi
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
@@ -271,15 +295,18 @@ do
fi
dst=$dst_arg
- # If destination is a directory, append the input filename; won't work
- # if double slashes aren't ignored.
+ # If destination is a directory, append the input filename.
if test -d "$dst"; then
if test "$is_target_a_directory" = never; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
- dst=$dstdir/`basename "$src"`
+ dstbase=`basename "$src"`
+ case $dst in
+ */) dst=$dst$dstbase;;
+ *) dst=$dst/$dstbase;;
+ esac
dstdir_status=0
else
dstdir=`dirname "$dst"`
@@ -288,27 +315,16 @@ do
fi
fi
+ case $dstdir in
+ */) dstdirslash=$dstdir;;
+ *) dstdirslash=$dstdir/;;
+ esac
+
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
- # Create intermediate dirs using mode 755 as modified by the umask.
- # This is like FreeBSD 'install' as of 1997-10-28.
- umask=`umask`
- case $stripcmd.$umask in
- # Optimize common cases.
- *[2367][2367]) mkdir_umask=$umask;;
- .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
-
- *[0-7])
- mkdir_umask=`expr $umask + 22 \
- - $umask % 100 % 40 + $umask % 20 \
- - $umask % 10 % 4 + $umask % 2
- `;;
- *) mkdir_umask=$umask,go-w;;
- esac
-
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
@@ -318,50 +334,49 @@ do
fi
posix_mkdir=false
- case $umask in
- *[123567][0-7][0-7])
- # POSIX mkdir -p sets u+wx bits regardless of umask, which
- # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
- ;;
- *)
- # $RANDOM is not portable (e.g. dash); use it when possible to
- # lower collision chance
- tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
- trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
-
- # As "mkdir -p" follows symlinks and we work in /tmp possibly; so
- # create the $tmpdir first (and fail if unsuccessful) to make sure
- # that nobody tries to guess the $tmpdir name.
- if (umask $mkdir_umask &&
- $mkdirprog $mkdir_mode "$tmpdir" &&
- exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
- then
- if test -z "$dir_arg" || {
- # Check for POSIX incompatibilities with -m.
- # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
- # other-writable bit of parent directory when it shouldn't.
- # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
- test_tmpdir="$tmpdir/a"
- ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
- case $ls_ld_tmpdir in
- d????-?r-*) different_mode=700;;
- d????-?--*) different_mode=755;;
- *) false;;
- esac &&
- $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
- ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
- test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
- }
- }
- then posix_mkdir=:
- fi
- rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
- else
- # Remove any dirs left behind by ancient mkdir implementations.
- rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
- fi
- trap '' 0;;
- esac;;
+ # The $RANDOM variable is not portable (e.g., dash). Use it
+ # here however when possible just to lower collision chance.
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+
+ trap '
+ ret=$?
+ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null
+ exit $ret
+ ' 0
+
+ # Because "mkdir -p" follows existing symlinks and we likely work
+ # directly in world-writeable /tmp, make sure that the '$tmpdir'
+ # directory is successfully created first before we actually test
+ # 'mkdir -p'.
+ if (umask $mkdir_umask &&
+ $mkdirprog $mkdir_mode "$tmpdir" &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ test_tmpdir="$tmpdir/a"
+ ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
+ fi
+ trap '' 0;;
esac
if
@@ -372,7 +387,7 @@ do
then :
else
- # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
@@ -401,7 +416,7 @@ do
prefixes=
else
if $posix_mkdir; then
- (umask=$mkdir_umask &&
+ (umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
@@ -434,14 +449,25 @@ do
else
# Make a couple of temp file names in the proper directory.
- dsttmp=$dstdir/_inst.$$_
- rmtmp=$dstdir/_rm.$$_
+ dsttmp=${dstdirslash}_inst.$$_
+ rmtmp=${dstdirslash}_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
- (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+ (umask $cp_umask &&
+ { test -z "$stripcmd" || {
+ # Create $dsttmp read-write so that cp doesn't create it read-only,
+ # which would cause strip to fail.
+ if test -z "$doit"; then
+ : >"$dsttmp" # No need to fork-exec 'touch'.
+ else
+ $doit touch "$dsttmp"
+ fi
+ }
+ } &&
+ $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
@@ -467,6 +493,13 @@ do
then
rm -f "$dsttmp"
else
+ # If $backupsuffix is set, and the file being installed
+ # already exists, attempt a backup. Don't worry if it fails,
+ # e.g., if mv doesn't support -f.
+ if test -n "$backupsuffix" && test -f "$dst"; then
+ $doit $mvcmd -f "$dst" "$dst$backupsuffix" 2>/dev/null
+ fi
+
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
@@ -481,9 +514,9 @@ do
# file should still install successfully.
{
test ! -f "$dst" ||
- $doit $rmcmd -f "$dst" 2>/dev/null ||
+ $doit $rmcmd "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
- { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+ { $doit $rmcmd "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
@@ -500,9 +533,9 @@ do
done
# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff --git a/libraries/libapparmor/ltmain.sh b/libraries/libapparmor/ltmain.sh
old mode 100644
new mode 100755
index a736cf994256132aefd49c1f11118ad7ba31d924..540a92ab54765696c6f096b7b9fa4b0818ef3ff6
--- a/libraries/libapparmor/ltmain.sh
+++ b/libraries/libapparmor/ltmain.sh
@@ -31,7 +31,7 @@
PROGRAM=libtool
PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.6-2"
+VERSION="2.4.6 Debian-2.4.6-15build2"
package_revision=2.4.6
@@ -387,7 +387,7 @@ EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
# putting '$debug_cmd' at the start of all your functions, you can get
# bash to show function call trace with:
#
-# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
+# debug_cmd='echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
debug_cmd=${debug_cmd-":"}
exit_cmd=:
@@ -1370,7 +1370,7 @@ func_lt_ver ()
#! /bin/sh
# Set a version string for this script.
-scriptversion=2014-01-07.03; # UTC
+scriptversion=2015-10-07.11; # UTC
# A portable, pluggable option parser for Bourne shell.
# Written by Gary V. Vaughan, 2010
@@ -1530,6 +1530,8 @@ func_run_hooks ()
{
$debug_cmd
+ _G_rc_run_hooks=false
+
case " $hookable_fns " in
*" $1 "*) ;;
*) func_fatal_error "'$1' does not support hook funcions.n" ;;
@@ -1538,16 +1540,16 @@ func_run_hooks ()
eval _G_hook_fns=\$$1_hooks; shift
for _G_hook in $_G_hook_fns; do
- eval $_G_hook '"$@"'
-
- # store returned options list back into positional
- # parameters for next 'cmd' execution.
- eval _G_hook_result=\$${_G_hook}_result
- eval set dummy "$_G_hook_result"; shift
+ if eval $_G_hook '"$@"'; then
+ # store returned options list back into positional
+ # parameters for next 'cmd' execution.
+ eval _G_hook_result=\$${_G_hook}_result
+ eval set dummy "$_G_hook_result"; shift
+ _G_rc_run_hooks=:
+ fi
done
- func_quote_for_eval ${1+"$@"}
- func_run_hooks_result=$func_quote_for_eval_result
+ $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result
}
@@ -1557,10 +1559,16 @@ func_run_hooks ()
## --------------- ##
# In order to add your own option parsing hooks, you must accept the
-# full positional parameter list in your hook function, remove any
-# options that you action, and then pass back the remaining unprocessed
+# full positional parameter list in your hook function, you may remove/edit
+# any options that you action, and then pass back the remaining unprocessed
# options in '<hooked_function_name>_result', escaped suitably for
-# 'eval'. Like this:
+# 'eval'. In this case you also must return $EXIT_SUCCESS to let the
+# hook's caller know that it should pay attention to
+# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that
+# arguments are left untouched by the hook and therefore caller will ignore the
+# result variable.
+#
+# Like this:
#
# my_options_prep ()
# {
@@ -1570,9 +1578,11 @@ func_run_hooks ()
# usage_message=$usage_message'
# -s, --silent don'\''t print informational messages
# '
-#
-# func_quote_for_eval ${1+"$@"}
-# my_options_prep_result=$func_quote_for_eval_result
+# # No change in '$@' (ignored completely by this hook). There is
+# # no need to do the equivalent (but slower) action:
+# # func_quote_for_eval ${1+"$@"}
+# # my_options_prep_result=$func_quote_for_eval_result
+# false
# }
# func_add_hook func_options_prep my_options_prep
#
@@ -1581,25 +1591,37 @@ func_run_hooks ()
# {
# $debug_cmd
#
+# args_changed=false
+#
# # Note that for efficiency, we parse as many options as we can
# # recognise in a loop before passing the remainder back to the
# # caller on the first unrecognised argument we encounter.
# while test $# -gt 0; do
# opt=$1; shift
# case $opt in
-# --silent|-s) opt_silent=: ;;
+# --silent|-s) opt_silent=:
+# args_changed=:
+# ;;
# # Separate non-argument short options:
# -s*) func_split_short_opt "$_G_opt"
# set dummy "$func_split_short_opt_name" \
# "-$func_split_short_opt_arg" ${1+"$@"}
# shift
+# args_changed=:
# ;;
-# *) set dummy "$_G_opt" "$*"; shift; break ;;
+# *) # Make sure the first unrecognised option "$_G_opt"
+# # is added back to "$@", we could need that later
+# # if $args_changed is true.
+# set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
# esac
# done
#
-# func_quote_for_eval ${1+"$@"}
-# my_silent_option_result=$func_quote_for_eval_result
+# if $args_changed; then
+# func_quote_for_eval ${1+"$@"}
+# my_silent_option_result=$func_quote_for_eval_result
+# fi
+#
+# $args_changed
# }
# func_add_hook func_parse_options my_silent_option
#
@@ -1611,16 +1633,32 @@ func_run_hooks ()
# $opt_silent && $opt_verbose && func_fatal_help "\
# '--silent' and '--verbose' options are mutually exclusive."
#
-# func_quote_for_eval ${1+"$@"}
-# my_option_validation_result=$func_quote_for_eval_result
+# false
# }
# func_add_hook func_validate_options my_option_validation
#
-# You'll alse need to manually amend $usage_message to reflect the extra
+# You'll also need to manually amend $usage_message to reflect the extra
# options you parse. It's preferable to append if you can, so that
# multiple option parsing hooks can be added safely.
+# func_options_finish [ARG]...
+# ----------------------------
+# Finishing the option parse loop (call 'func_options' hooks ATM).
+func_options_finish ()
+{
+ $debug_cmd
+
+ _G_func_options_finish_exit=false
+ if func_run_hooks func_options ${1+"$@"}; then
+ func_options_finish_result=$func_run_hooks_result
+ _G_func_options_finish_exit=:
+ fi
+
+ $_G_func_options_finish_exit
+}
+
+
# func_options [ARG]...
# ---------------------
# All the functions called inside func_options are hookable. See the
@@ -1630,17 +1668,28 @@ func_options ()
{
$debug_cmd
- func_options_prep ${1+"$@"}
- eval func_parse_options \
- ${func_options_prep_result+"$func_options_prep_result"}
- eval func_validate_options \
- ${func_parse_options_result+"$func_parse_options_result"}
+ _G_rc_options=false
- eval func_run_hooks func_options \
- ${func_validate_options_result+"$func_validate_options_result"}
+ for my_func in options_prep parse_options validate_options options_finish
+ do
+ if eval func_$my_func '${1+"$@"}'; then
+ eval _G_res_var='$'"func_${my_func}_result"
+ eval set dummy "$_G_res_var" ; shift
+ _G_rc_options=:
+ fi
+ done
+
+ # Save modified positional parameters for caller. As a top-level
+ # options-parser function we always need to set the 'func_options_result'
+ # variable (regardless the $_G_rc_options value).
+ if $_G_rc_options; then
+ func_options_result=$_G_res_var
+ else
+ func_quote_for_eval ${1+"$@"}
+ func_options_result=$func_quote_for_eval_result
+ fi
- # save modified positional parameters for caller
- func_options_result=$func_run_hooks_result
+ $_G_rc_options
}
@@ -1649,9 +1698,9 @@ func_options ()
# All initialisations required before starting the option parse loop.
# Note that when calling hook functions, we pass through the list of
# positional parameters. If a hook function modifies that list, and
-# needs to propogate that back to rest of this script, then the complete
+# needs to propagate that back to rest of this script, then the complete
# modified list must be put in 'func_run_hooks_result' before
-# returning.
+# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned).
func_hookable func_options_prep
func_options_prep ()
{
@@ -1661,10 +1710,14 @@ func_options_prep ()
opt_verbose=false
opt_warning_types=
- func_run_hooks func_options_prep ${1+"$@"}
+ _G_rc_options_prep=false
+ if func_run_hooks func_options_prep ${1+"$@"}; then
+ _G_rc_options_prep=:
+ # save modified positional parameters for caller
+ func_options_prep_result=$func_run_hooks_result
+ fi
- # save modified positional parameters for caller
- func_options_prep_result=$func_run_hooks_result
+ $_G_rc_options_prep
}
@@ -1678,18 +1731,20 @@ func_parse_options ()
func_parse_options_result=
+ _G_rc_parse_options=false
# this just eases exit handling
while test $# -gt 0; do
# Defer to hook functions for initial option parsing, so they
# get priority in the event of reusing an option name.
- func_run_hooks func_parse_options ${1+"$@"}
-
- # Adjust func_parse_options positional parameters to match
- eval set dummy "$func_run_hooks_result"; shift
+ if func_run_hooks func_parse_options ${1+"$@"}; then
+ eval set dummy "$func_run_hooks_result"; shift
+ _G_rc_parse_options=:
+ fi
# Break out of the loop if we already parsed every option.
test $# -gt 0 || break
+ _G_match_parse_options=:
_G_opt=$1
shift
case $_G_opt in
@@ -1704,7 +1759,10 @@ func_parse_options ()
;;
--warnings|--warning|-W)
- test $# = 0 && func_missing_arg $_G_opt && break
+ if test $# = 0 && func_missing_arg $_G_opt; then
+ _G_rc_parse_options=:
+ break
+ fi
case " $warning_categories $1" in
*" $1 "*)
# trailing space prevents matching last $1 above
@@ -1757,15 +1815,25 @@ func_parse_options ()
shift
;;
- --) break ;;
+ --) _G_rc_parse_options=: ; break ;;
-*) func_fatal_help "unrecognised option: '$_G_opt'" ;;
- *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+ *) set dummy "$_G_opt" ${1+"$@"}; shift
+ _G_match_parse_options=false
+ break
+ ;;
esac
+
+ $_G_match_parse_options && _G_rc_parse_options=:
done
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- func_parse_options_result=$func_quote_for_eval_result
+
+ if $_G_rc_parse_options; then
+ # save modified positional parameters for caller
+ func_quote_for_eval ${1+"$@"}
+ func_parse_options_result=$func_quote_for_eval_result
+ fi
+
+ $_G_rc_parse_options
}
@@ -1778,16 +1846,21 @@ func_validate_options ()
{
$debug_cmd
+ _G_rc_validate_options=false
+
# Display all warnings if -W was not given.
test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
- func_run_hooks func_validate_options ${1+"$@"}
+ if func_run_hooks func_validate_options ${1+"$@"}; then
+ # save modified positional parameters for caller
+ func_validate_options_result=$func_run_hooks_result
+ _G_rc_validate_options=:
+ fi
# Bail if the options were screwed!
$exit_cmd $EXIT_FAILURE
- # save modified positional parameters for caller
- func_validate_options_result=$func_run_hooks_result
+ $_G_rc_validate_options
}
@@ -2068,7 +2141,7 @@ include the following information:
compiler: $LTCC
compiler flags: $LTCFLAGS
linker: $LD (gnu? $with_gnu_ld)
- version: $progname $scriptversion Debian-2.4.6-2
+ version: $progname $scriptversion Debian-2.4.6-15build2
automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
@@ -2270,6 +2343,8 @@ libtool_options_prep ()
nonopt=
preserve_args=
+ _G_rc_lt_options_prep=:
+
# Shorthand for --mode=foo, only valid as the first argument
case $1 in
clean|clea|cle|cl)
@@ -2293,11 +2368,18 @@ libtool_options_prep ()
uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
shift; set dummy --mode uninstall ${1+"$@"}; shift
;;
+ *)
+ _G_rc_lt_options_prep=false
+ ;;
esac
- # Pass back the list of options.
- func_quote_for_eval ${1+"$@"}
- libtool_options_prep_result=$func_quote_for_eval_result
+ if $_G_rc_lt_options_prep; then
+ # Pass back the list of options.
+ func_quote_for_eval ${1+"$@"}
+ libtool_options_prep_result=$func_quote_for_eval_result
+ fi
+
+ $_G_rc_lt_options_prep
}
func_add_hook func_options_prep libtool_options_prep
@@ -2309,9 +2391,12 @@ libtool_parse_options ()
{
$debug_cmd
+ _G_rc_lt_parse_options=false
+
# Perform our own loop to consume as many options as possible in
# each iteration.
while test $# -gt 0; do
+ _G_match_lt_parse_options=:
_G_opt=$1
shift
case $_G_opt in
@@ -2386,15 +2471,22 @@ libtool_parse_options ()
func_append preserve_args " $_G_opt"
;;
- # An option not handled by this hook function:
- *) set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+ # An option not handled by this hook function:
+ *) set dummy "$_G_opt" ${1+"$@"} ; shift
+ _G_match_lt_parse_options=false
+ break
+ ;;
esac
+ $_G_match_lt_parse_options && _G_rc_lt_parse_options=:
done
+ if $_G_rc_lt_parse_options; then
+ # save modified positional parameters for caller
+ func_quote_for_eval ${1+"$@"}
+ libtool_parse_options_result=$func_quote_for_eval_result
+ fi
- # save modified positional parameters for caller
- func_quote_for_eval ${1+"$@"}
- libtool_parse_options_result=$func_quote_for_eval_result
+ $_G_rc_lt_parse_options
}
func_add_hook func_parse_options libtool_parse_options
@@ -7275,10 +7367,13 @@ func_mode_link ()
# -specs=* GCC specs files
# -stdlib=* select c++ std lib with clang
# -fsanitize=* Clang/GCC memory and address sanitizer
+ # -fuse-ld=* Linker select flags for GCC
+ # -static-* direct GCC to link specific libraries statically
+ # -fcilkplus Cilk Plus language extension features for C/C++
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
- -specs=*|-fsanitize=*)
+ -specs=*|-fsanitize=*|-fuse-ld=*|-static-*|-fcilkplus)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_append compile_command " $arg"
diff --git a/libraries/libapparmor/m4/ac_python_devel.m4 b/libraries/libapparmor/m4/ac_python_devel.m4
index 29cf090d4dae2bed12bd1500fb980e1257630234..f21f70ce7c3da1e42174f420fbbe415a28088961 100644
--- a/libraries/libapparmor/m4/ac_python_devel.m4
+++ b/libraries/libapparmor/m4/ac_python_devel.m4
@@ -13,6 +13,11 @@ AC_DEFUN([AC_PYTHON_DEVEL],[
PYTHON_VERSION=""
fi
+ AC_PATH_TOOL([PYTHON_CONFIG],[`basename [$PYTHON]-config`])
+ if test -z "$PYTHON_CONFIG"; then
+ AC_MSG_ERROR([Cannot find python$PYTHON_VERSION-config in your system path])
+ fi
+
#
# Check for a version of Python >= 2.1.0
#
@@ -61,17 +66,17 @@ variable to configure. See ``configure --help'' for reference.
fi
#
- # Check if you have distutils, else fail
+ # Check if you have setuptools, else fail
#
- AC_MSG_CHECKING([for the distutils Python package])
- ac_distutils_result=`$PYTHON -c "import distutils" 2>&1`
- if test -z "$ac_distutils_result"; then
+ AC_MSG_CHECKING([for the setuptools Python package])
+ ac_setuptools_result=`$PYTHON -c "import setuptools" 2>&1`
+ if test -z "$ac_setuptools_result"; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python module "distutils".
+ AC_MSG_ERROR([cannot import Python module "setuptools".
Please check your Python installation. The error was:
-$ac_distutils_result])
+$ac_setuptools_result])
PYTHON_VERSION=""
fi
@@ -79,12 +84,12 @@ $ac_distutils_result])
# Check for Python include path
#
AC_MSG_CHECKING([for Python include path])
- if type $PYTHON-config; then
- PYTHON_CPPFLAGS=`$PYTHON-config --includes`
+ if type $PYTHON_CONFIG; then
+ PYTHON_CPPFLAGS=`$PYTHON_CONFIG --includes`
fi
if test -z "$PYTHON_CPPFLAGS"; then
- python_path=`$PYTHON -c "import sys; import distutils.sysconfig;\
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
+ python_path=`$PYTHON -c "import sys; import sysconfig;\
+sys.stdout.write('%s\n' % sysconfig.get_path('include'));"`
if test -n "${python_path}"; then
python_path="-I$python_path"
fi
@@ -97,14 +102,14 @@ sys.stdout.write('%s\n' % distutils.sysconfig.get_python_inc());"`
# Check for Python library path
#
AC_MSG_CHECKING([for Python library path])
- if type $PYTHON-config; then
- PYTHON_LDFLAGS=`$PYTHON-config --ldflags`
+ if type $PYTHON_CONFIG; then
+ PYTHON_LDFLAGS=`$PYTHON_CONFIG --ldflags`
fi
if test -z "$PYTHON_LDFLAGS"; then
# (makes two attempts to ensure we've got a version number
# from the interpreter)
- py_version=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('%s\n' % ''.join(get_config_vars('VERSION')))"`
+ py_version=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % ''.join(sysconfig.get_config_vars('VERSION')))"`
if test "$py_version" == "[None]"; then
if test -n "$PYTHON_VERSION"; then
py_version=$PYTHON_VERSION
@@ -114,8 +119,8 @@ sys.stdout.write("%s\n" % sys.version[[:3]])"`
fi
fi
- PYTHON_LDFLAGS=`$PYTHON -c "import sys; from distutils.sysconfig import *; \
-sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHON -c \
+ PYTHON_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('-L' + sysconfig.get_path('stdlib') + ' -lpython\n')"`$py_version`$PYTHON -c \
"import sys; sys.stdout.write('%s' % getattr(sys,'abiflags',''))"`
fi
AC_MSG_RESULT([$PYTHON_LDFLAGS])
@@ -126,8 +131,8 @@ sys.stdout.write('-L' + get_python_lib(0,1) + ' -lpython\n')"`$py_version`$PYTHO
#
AC_MSG_CHECKING([for Python site-packages path])
if test -z "$PYTHON_SITE_PKG"; then
- PYTHON_SITE_PKG=`$PYTHON -c "import sys; import distutils.sysconfig; \
-sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
+ PYTHON_SITE_PKG=`$PYTHON -c "import sys; import sysconfig; \
+sys.stdout.write('%s\n' % sysconfig.get_path('purelib'));"`
fi
AC_MSG_RESULT([$PYTHON_SITE_PKG])
AC_SUBST([PYTHON_SITE_PKG])
@@ -136,9 +141,13 @@ sys.stdout.write('%s\n' % distutils.sysconfig.get_python_lib(0,0));"`
# libraries which must be linked in when embedding
#
AC_MSG_CHECKING(python extra libraries)
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LIBS=`$PYTHON_CONFIG --libs --embed` || \
+ PYTHON_EXTRA_LIBS=''
+ fi
if test -z "$PYTHON_EXTRA_LIBS"; then
- PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LIBS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf('LIBS')))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LIBS])
@@ -148,9 +157,13 @@ sys.stdout.write('%s %s %s\n' % (conf('BLDLIBRARY'), conf('LOCALMODLIBS'), conf(
# linking flags needed when embedding
#
AC_MSG_CHECKING(python extra linking flags)
+ if type $PYTHON_CONFIG; then
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON_CONFIG --ldflags --embed` || \
+ PYTHON_EXTRA_LDFLAGS=''
+ fi
if test -z "$PYTHON_EXTRA_LDFLAGS"; then
- PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import distutils.sysconfig; \
-conf = distutils.sysconfig.get_config_var; \
+ PYTHON_EXTRA_LDFLAGS=`$PYTHON -c "import sys; import sysconfig; \
+conf = sysconfig.get_config_var; \
sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
fi
AC_MSG_RESULT([$PYTHON_EXTRA_LDFLAGS])
@@ -164,7 +177,7 @@ sys.stdout.write('%s\n' % conf('LINKFORSHARED'))"`
# save current global flags
ac_save_LIBS="$LIBS"
ac_save_CPPFLAGS="$CPPFLAGS"
- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS $PYTHON_EXTRA_LIBS"
+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
AC_TRY_LINK([
#include <Python.h>
diff --git a/libraries/libapparmor/missing b/libraries/libapparmor/missing
index f62bbae306c7e1bc28896aab8fe7bfb700a9a33e..1fe1611f18514b7174f3529145b56cdc51d48c7c 100755
--- a/libraries/libapparmor/missing
+++ b/libraries/libapparmor/missing
@@ -1,9 +1,9 @@
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
-scriptversion=2013-10-28.13; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@ scriptversion=2013-10-28.13; # UTC
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -101,9 +101,9 @@ else
exit $st
fi
-perl_URL=http://www.perl.org/
-flex_URL=http://flex.sourceforge.net/
-gnu_software_URL=http://www.gnu.org/software
+perl_URL=https://www.perl.org/
+flex_URL=https://github.com/westes/flex
+gnu_software_URL=https://www.gnu.org/software
program_details ()
{
@@ -207,9 +207,9 @@ give_advice "$1" | sed -e '1s/^/WARNING: /' \
exit $st
# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff --git a/libraries/libapparmor/src/Makefile.am b/libraries/libapparmor/src/Makefile.am
index 6d9c62962d13939b1054755368a1ee4e2762fb62..4511bba820223fde1f038e9631679403bec57374 100644
--- a/libraries/libapparmor/src/Makefile.am
+++ b/libraries/libapparmor/src/Makefile.am
@@ -26,16 +26,20 @@ INCLUDES = $(all_includes)
# For more information, see:
# http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
#
-AA_LIB_CURRENT = 7
-AA_LIB_REVISION = 3
-AA_LIB_AGE = 6
+AA_LIB_CURRENT = 9
+AA_LIB_REVISION = 4
+AA_LIB_AGE = 8
+EXPECTED_SO_NAME = libapparmor.so.1.8.3
SUFFIXES = .pc.in .pc
+COMMONDIR=$(top_srcdir)/../../common/
+include $(COMMONDIR)/Make.rules
+
BUILT_SOURCES = grammar.h scanner.h af_protos.h
AM_LFLAGS = -v
AM_YFLAGS = -d -p aalogparse_
-AM_CFLAGS = -Wall
+AM_CFLAGS = -Wall $(EXTRA_WARNINGS) -fPIC -flto-partition=none
AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
scanner.h: scanner.l
$(LEX) -v $<
@@ -43,7 +47,7 @@ scanner.h: scanner.l
scanner.c: scanner.l
af_protos.h:
- echo '#include <netinet/in.h>' | $(CC) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
+ echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
@@ -74,4 +78,8 @@ tst_kernel_LDFLAGS = -pthread
check_PROGRAMS = tst_aalogmisc tst_features tst_kernel
TESTS = $(check_PROGRAMS)
+.PHONY: check-local
+check-local:
+ test -f ./.libs/$(EXPECTED_SO_NAME) || { echo '*** unexpected .so name/number for libapparmor (expected $(EXPECTED_SO_NAME), the actual filename is shown below) ***' ; ls -l ./.libs/libapparmor.so.*.* ; exit 1; }
+
EXTRA_DIST = grammar.y scanner.l libapparmor.map libapparmor.pc
diff --git a/libraries/libapparmor/src/Makefile.in b/libraries/libapparmor/src/Makefile.in
index ab47afe48e778e661482b268ad7151164f86b832..84fc1aff50462daf43b6924bf06acf814f8fb419 100644
--- a/libraries/libapparmor/src/Makefile.in
+++ b/libraries/libapparmor/src/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -173,7 +173,14 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/PMurHash.Plo \
+ ./$(DEPDIR)/features.Plo ./$(DEPDIR)/grammar.Plo \
+ ./$(DEPDIR)/kernel.Plo ./$(DEPDIR)/kernel_interface.Plo \
+ ./$(DEPDIR)/libaalogparse.Plo ./$(DEPDIR)/policy_cache.Plo \
+ ./$(DEPDIR)/private.Plo ./$(DEPDIR)/scanner.Plo \
+ ./$(DEPDIR)/tst_aalogmisc.Po ./$(DEPDIR)/tst_features.Po \
+ ./$(DEPDIR)/tst_kernel.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -231,8 +238,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
am__tty_colors_dummy = \
mgn= red= grn= lgn= blu= brg= std=; \
am__color_tests=no
@@ -388,6 +393,7 @@ am__set_TESTS_bases = \
bases='$(TEST_LOGS)'; \
bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
RECHECK_LOGS = $(TEST_LOGS)
AM_RECURSIVE_TARGETS = check recheck
TEST_SUITE_LOG = test-suite.log
@@ -425,8 +431,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -437,6 +444,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -481,6 +489,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -585,14 +594,16 @@ INCLUDES = $(all_includes)
# For more information, see:
# http://www.gnu.org/software/libtool/manual/html_node/Libtool-versioning.html
#
-AA_LIB_CURRENT = 7
-AA_LIB_REVISION = 3
-AA_LIB_AGE = 6
+AA_LIB_CURRENT = 9
+AA_LIB_REVISION = 4
+AA_LIB_AGE = 8
+EXPECTED_SO_NAME = libapparmor.so.1.8.3
SUFFIXES = .pc.in .pc
+COMMONDIR = $(top_srcdir)/../../common/
BUILT_SOURCES = grammar.h scanner.h af_protos.h
AM_LFLAGS = -v
AM_YFLAGS = -d -p aalogparse_
-AM_CFLAGS = -Wall
+AM_CFLAGS = -Wall $(EXTRA_WARNINGS) -fPIC -flto-partition=none
AM_CPPFLAGS = -D_GNU_SOURCE -I$(top_srcdir)/include/
lib_LTLIBRARIES = libapparmor.la
noinst_HEADERS = grammar.h parser.h scanner.h af_protos.h private.h PMurHash.h
@@ -634,8 +645,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -647,6 +658,15 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
@@ -688,15 +708,6 @@ grammar.h: grammar.c
libapparmor.la: $(libapparmor_la_OBJECTS) $(libapparmor_la_DEPENDENCIES) $(EXTRA_libapparmor_la_DEPENDENCIES)
$(AM_V_CCLD)$(libapparmor_la_LINK) -rpath $(libdir) $(libapparmor_la_OBJECTS) $(libapparmor_la_LIBADD) $(LIBS)
-clean-checkPROGRAMS:
- @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
tst_aalogmisc$(EXEEXT): $(tst_aalogmisc_OBJECTS) $(tst_aalogmisc_DEPENDENCIES) $(EXTRA_tst_aalogmisc_DEPENDENCIES)
@rm -f tst_aalogmisc$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(tst_aalogmisc_OBJECTS) $(tst_aalogmisc_LDADD) $(LIBS)
@@ -715,18 +726,24 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/PMurHash.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/features.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grammar.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libaalogparse.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/policy_cache.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/private.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scanner.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_aalogmisc.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_features.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_kernel.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/PMurHash.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/features.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grammar.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kernel_interface.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libaalogparse.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/policy_cache.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/private.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scanner.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_aalogmisc.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_features.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst_kernel.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -938,7 +955,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
fi; \
echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
echo "$${col}$$br$${std}"; \
create_testsuite_report --maybe-color; \
echo "$$col$$br$$std"; \
@@ -951,7 +968,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1007,8 +1024,10 @@ tst_kernel.log: tst_kernel$(EXEEXT)
@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1040,17 +1059,20 @@ distdir: $(DISTFILES)
done
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS)
+install-checkPROGRAMS: install-libLTLIBRARIES
+
installdirs:
for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) install-am
-install-exec: install-exec-am
+install-exec: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am
install-data: install-data-am
uninstall: uninstall-am
@@ -1092,7 +1114,18 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
clean-libtool mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/PMurHash.Plo
+ -rm -f ./$(DEPDIR)/features.Plo
+ -rm -f ./$(DEPDIR)/grammar.Plo
+ -rm -f ./$(DEPDIR)/kernel.Plo
+ -rm -f ./$(DEPDIR)/kernel_interface.Plo
+ -rm -f ./$(DEPDIR)/libaalogparse.Plo
+ -rm -f ./$(DEPDIR)/policy_cache.Plo
+ -rm -f ./$(DEPDIR)/private.Plo
+ -rm -f ./$(DEPDIR)/scanner.Plo
+ -rm -f ./$(DEPDIR)/tst_aalogmisc.Po
+ -rm -f ./$(DEPDIR)/tst_features.Po
+ -rm -f ./$(DEPDIR)/tst_kernel.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1138,7 +1171,18 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/PMurHash.Plo
+ -rm -f ./$(DEPDIR)/features.Plo
+ -rm -f ./$(DEPDIR)/grammar.Plo
+ -rm -f ./$(DEPDIR)/kernel.Plo
+ -rm -f ./$(DEPDIR)/kernel_interface.Plo
+ -rm -f ./$(DEPDIR)/libaalogparse.Plo
+ -rm -f ./$(DEPDIR)/policy_cache.Plo
+ -rm -f ./$(DEPDIR)/private.Plo
+ -rm -f ./$(DEPDIR)/scanner.Plo
+ -rm -f ./$(DEPDIR)/tst_aalogmisc.Po
+ -rm -f ./$(DEPDIR)/tst_features.Po
+ -rm -f ./$(DEPDIR)/tst_kernel.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1157,38 +1201,44 @@ ps-am:
uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
-.MAKE: all check check-am install install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-checkPROGRAMS clean-generic clean-libLTLIBRARIES \
- clean-libtool cscopelist-am ctags ctags-am distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am \
- install-libLTLIBRARIES install-man install-pdf install-pdf-am \
- install-pkgconfigDATA install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am \
- uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
+.MAKE: all check check-am install install-am install-exec \
+ install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am check-local clean clean-checkPROGRAMS clean-generic \
+ clean-libLTLIBRARIES clean-libtool cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-pkgconfigDATA install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+ uninstall-am uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
.PRECIOUS: Makefile
+include $(COMMONDIR)/Make.rules
scanner.h: scanner.l
$(LEX) -v $<
scanner.c: scanner.l
af_protos.h:
- echo '#include <netinet/in.h>' | $(CC) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
+ echo '#include <netinet/in.h>' | $(CC) $(CPPFLAGS) -E -dM - | LC_ALL=C sed -n -e "/IPPROTO_MAX/d" -e "s/^\#define[ \\t]\\+IPPROTO_\\([A-Z0-9_]\\+\\)\\(.*\\)$$/AA_GEN_PROTO_ENT(\\UIPPROTO_\\1, \"\\L\\1\")/p" > $@
%.pc: %.pc.in $(top_builddir)/config.status
$(AM_V_GEN)cd "$(top_builddir)" && \
$(SHELL) ./config.status --file="src/$@"
+.PHONY: check-local
+check-local:
+ test -f ./.libs/$(EXPECTED_SO_NAME) || { echo '*** unexpected .so name/number for libapparmor (expected $(EXPECTED_SO_NAME), the actual filename is shown below) ***' ; ls -l ./.libs/libapparmor.so.*.* ; exit 1; }
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/libraries/libapparmor/src/features.c b/libraries/libapparmor/src/features.c
index 7926750faddb237300708b82eb6a9b9b74c2da7c..86a0c39a8c4476725189cb962eeb72d73cfe4286 100644
--- a/libraries/libapparmor/src/features.c
+++ b/libraries/libapparmor/src/features.c
@@ -98,9 +98,8 @@ static int features_snprintf(struct features_struct *fst, const char *fmt, ...)
return 0;
}
-/* load_features_file - opens and reads a file into @buffer and then NUL-terminates @buffer
- * @dirfd: a directory file descriptory or AT_FDCWD (see openat(2))
- * @path: name of the file
+/* load_features_file - reads a file into @buffer and then NUL-terminates @buffer
+ * @file: file to read the features from
* @buffer: the buffer to read the features file into (will be NUL-terminated on success)
* @size: the size of @buffer
*
@@ -110,25 +109,11 @@ static int features_snprintf(struct features_struct *fst, const char *fmt, ...)
* ENOBUFS indicating that @buffer was not large enough to contain all of the
* file contents.
*/
-static ssize_t load_features_file(int dirfd, const char *path,
- char *buffer, size_t size)
+static ssize_t load_features_file(int file, char *buffer, size_t size)
{
- autoclose int file = -1;
char *pos = buffer;
ssize_t len;
- file = openat(dirfd, path, O_RDONLY);
- if (file < 0) {
- PDEBUG("Could not open '%s'\n", path);
- return -1;
- }
- PDEBUG("Opened features \"%s\"\n", path);
-
- if (!size) {
- errno = ENOBUFS;
- return -1;
- }
-
/* Save room for a NUL-terminator at the end of @buffer */
size--;
@@ -151,7 +136,7 @@ static ssize_t load_features_file(int dirfd, const char *path,
if (len > 0)
errno = ENOBUFS;
- PDEBUG("Error reading features file '%s': %m\n", path);
+ PDEBUG("Error reading features file: %m\n");
return -1;
}
@@ -161,6 +146,42 @@ static ssize_t load_features_file(int dirfd, const char *path,
return pos - buffer;
}
+/* open_and_load_features_file - opens and reads a file into @buffer and then NUL-terminates @buffer
+ * @dirfd: a directory file descriptory or AT_FDCWD (see openat(2))
+ * @path: name of the file
+ * @buffer: the buffer to read the features file into (will be NUL-terminated on success)
+ * @size: the size of @buffer
+ *
+ * Returns: The number of bytes copied into @buffer on success (not counting
+ * the NUL-terminator), else -1 and errno is set. Note that @size must be
+ * larger than the size of the file or -1 will be returned with errno set to
+ * ENOBUFS indicating that @buffer was not large enough to contain all of the
+ * file contents.
+ */
+static ssize_t open_and_load_features_file(int dirfd, const char *path,
+ char *buffer, size_t size)
+{
+ autoclose int file = -1;
+ ssize_t rc;
+
+ file = openat(dirfd, path, O_RDONLY);
+ if (file < 0) {
+ PDEBUG("Could not open '%s': %m\n", path);
+ return -1;
+ }
+ PDEBUG("Opened features '%s': %m\n", path);
+
+ if (!size) {
+ errno = ENOBUFS;
+ return -1;
+ }
+
+ rc = load_features_file(file, buffer, size);
+ if (rc == -1)
+ PDEBUG("Error failed to load features file '%s': %m\n", path);
+ return rc;
+}
+
static int features_dir_cb(int dirfd, const char *name, struct stat *st,
void *data)
{
@@ -173,6 +194,8 @@ static int features_dir_cb(int dirfd, const char *name, struct stat *st,
if (features_snprintf(fst, "%s {", name) == -1)
return -1;
+ /* Handle symlink here. See _aa_dirat_for_each in private.c */
+
if (S_ISREG(st->st_mode)) {
ssize_t len;
size_t remaining;
@@ -180,7 +203,7 @@ static int features_dir_cb(int dirfd, const char *name, struct stat *st,
if (features_buffer_remaining(fst, &remaining) == -1)
return -1;
- len = load_features_file(dirfd, name, fst->pos, remaining);
+ len = open_and_load_features_file(dirfd, name, fst->pos, remaining);
if (len < 0)
return -1;
@@ -429,7 +452,7 @@ int aa_features_new(aa_features **features, int dirfd, const char *path)
retval = S_ISDIR(stat_file.st_mode) ?
load_features_dir(dirfd, path, f->string, STRING_SIZE) :
- load_features_file(dirfd, path, f->string, STRING_SIZE);
+ open_and_load_features_file(dirfd, path, f->string, STRING_SIZE);
if (retval == -1) {
aa_features_unref(f);
return -1;
@@ -492,6 +515,48 @@ int aa_features_new_from_string(aa_features **features,
return 0;
}
+/**
+ * aa_features_new_from_file - create a new aa_features object based on an open file
+ * @features: will point to the address of an allocated and initialized
+ * aa_features object upon success
+ * @file: file to load features from
+ *
+ * Returns: 0 on success, -1 on error with errno set and *@features pointing to
+ * NULL
+ */
+int aa_features_new_from_file(aa_features **features, int file)
+{
+ aa_features *f;
+ ssize_t retval;
+
+ *features = NULL;
+
+ f = calloc(1, sizeof(*f));
+ if (!f) {
+ errno = ENOMEM;
+ return -1;
+ }
+ aa_features_ref(f);
+
+ retval = load_features_file(file, f->string, STRING_SIZE);
+ if (retval == -1) {
+ aa_features_unref(f);
+ return -1;
+ }
+
+ if (init_features_hash(f) == -1) {
+ int save = errno;
+
+ aa_features_unref(f);
+ errno = save;
+ return -1;
+ }
+
+ *features = f;
+
+ return 0;
+}
+
/**
* aa_features_new_from_kernel - create a new aa_features object based on the current kernel
* @features: will point to the address of an allocated and initialized
@@ -532,27 +597,18 @@ void aa_features_unref(aa_features *features)
}
/**
- * aa_features_write_to_file - write a string representation of an aa_features object to a file
+ * aa_features_write_to_fd - write a string representation of an aa_features object to an @fd
* @features: the features
- * @dirfd: directory file descriptor or AT_FDCWD (see openat(2))
- * @path: the path to write to
+ * @fd: the file descriptor to write to
*
* Returns: 0 on success, -1 on error with errno set
*/
-int aa_features_write_to_file(aa_features *features,
- int dirfd, const char *path)
+int aa_features_write_to_fd(aa_features *features, int fd)
{
- autoclose int fd = -1;
size_t size;
ssize_t retval;
char *string;
- fd = openat(dirfd, path,
- O_WRONLY | O_CREAT | O_TRUNC | O_SYNC | O_CLOEXEC,
- S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
- if (fd == -1)
- return -1;
-
string = features->string;
size = strlen(string);
do {
@@ -567,6 +623,28 @@ int aa_features_write_to_file(aa_features *features,
return 0;
}
+/**
+ * aa_features_write_to_file - write a string representation of an aa_features object to a file
+ * @features: the features
+ * @dirfd: directory file descriptor or AT_FDCWD (see openat(2))
+ * @path: the path to write to
+ *
+ * Returns: 0 on success, -1 on error with errno set
+ */
+int aa_features_write_to_file(aa_features *features,
+ int dirfd, const char *path)
+{
+ autoclose int fd = -1;
+
+ fd = openat(dirfd, path,
+ O_WRONLY | O_CREAT | O_TRUNC | O_SYNC | O_CLOEXEC,
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+ if (fd == -1)
+ return -1;
+
+ return aa_features_write_to_fd(features, fd);
+}
+
/**
* aa_features_is_equal - equality test for two aa_features objects
* @features1: the first features (can be NULL)
@@ -580,17 +658,7 @@ bool aa_features_is_equal(aa_features *features1, aa_features *features2)
strcmp(features1->string, features2->string) == 0;
}
-/**
- * aa_features_supports - provides aa_features object support status
- * @features: the features
- * @str: the string representation of a feature to check
- *
- * Example @str values are "dbus/mask/send", "caps/mask/audit_read", and
- * "policy/versions/v7".
- *
- * Returns: a bool specifying the support status of @str feature
- */
-bool aa_features_supports(aa_features *features, const char *str)
+static const char *features_lookup(aa_features *features, const char *str)
{
const char *features_string = features->string;
struct component components[32];
@@ -616,12 +684,73 @@ bool aa_features_supports(aa_features *features, const char *str)
/* Ensure that all components are valid and found */
for (i = 0; i < num_components; i++) {
if (!walk_one(&features_string, &components[i], i == 0))
- return false;
+ return NULL;
}
+ return features_string;
+}
+
+/**
+ * aa_features_supports - provides aa_features object support status
+ * @features: the features
+ * @str: the string representation of a feature to check
+ *
+ * Example @str values are "dbus/mask/send", "caps/mask/audit_read", and
+ * "policy/versions/v7".
+ *
+ * Returns: a bool specifying the support status of @str feature
+ */
+bool aa_features_supports(aa_features *features, const char *str)
+{
+ const char *value = features_lookup(features, str);
+
+ if (!value)
+ return false;
+
return true;
}
+/**
+ * aa_features_value - lookup the value for a give feature
+ * @features: the features
+ * @str: the feature to look up the value for
+ * @len: return: if set length of returned str on success
+ *
+ * Returns: null terminated string or NULL on error with errno set to
+ * ENOENT - @str not found
+ * EISDIR - @str is not a leaf node in the feature tree
+ */
+
+char *aa_features_value(aa_features *features, const char *str, size_t *len)
+{
+ const char *start, *cur = features_lookup(features, str);
+
+ errno = ENOENT;
+ if (!cur)
+ return NULL;
+
+ if (!islbrace(*cur))
+ return NULL;
+ cur++;
+ start = cur;
+
+ while (!isbrace_or_nul(*cur)) {
+ if (!isascii(*cur))
+ return NULL;
+ if (islbrace(*cur)) {
+ /* component is not leaf */
+ errno = EISDIR;
+ return NULL;
+ }
+ cur++;
+ }
+
+ errno = 0;
+ if (len)
+ *len = cur - start;
+ return strndup(start, cur - start);
+}
+
/**
* aa_features_id - provides unique identifier for an aa_features object
* @features: the features
diff --git a/libraries/libapparmor/src/grammar.y b/libraries/libapparmor/src/grammar.y
index d0012fa83b2f2b07a86d63e2c2980aed2f3865cc..d986cf026a4bca43155d25bfd1a69fdf61aaf78c 100644
--- a/libraries/libapparmor/src/grammar.y
+++ b/libraries/libapparmor/src/grammar.y
@@ -32,12 +32,21 @@
#include "grammar.h"
#include "scanner.h"
+#ifndef unused_
+#define unused_ __attribute__ ((unused))
+#endif
+#if (YYDEBUG != 0)
+#define debug_unused_ /* nothing */
+#else
+#define debug_unused_ unused_
+#endif
+
aa_log_record *ret_record;
/* Since we're a library, on any errors we don't want to print out any
* error messages. We should probably add a debug interface that does
* emit messages when asked for. */
-void aalogparse_error(void *scanner, char const *s)
+void aalogparse_error(unused_ void *scanner, debug_unused_ char const *s)
{
#if (YYDEBUG != 0)
printf("ERROR: %s\n", s);
@@ -150,7 +159,9 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_NAMESPACE
%token TOK_KEY_ERROR
%token TOK_KEY_FSUID
+%token TOK_KEY_FSUID_UPPER
%token TOK_KEY_OUID
+%token TOK_KEY_OUID_UPPER
%token TOK_KEY_UID
%token TOK_KEY_AUID
%token TOK_KEY_SAUID
@@ -177,6 +188,7 @@ aa_record_event_type lookup_aa_event(unsigned int type)
%token TOK_KEY_FLAGS
%token TOK_KEY_SRCNAME
+%token TOK_SOCKLOGD_KERNEL
%token TOK_SYSLOG_KERNEL
%token TOK_SYSLOG_USER
@@ -223,24 +235,28 @@ dmesg_type: TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($1); }
;
+syslog_id: TOK_ID TOK_SYSLOG_KERNEL { free($1); }
+ | TOK_SOCKLOGD_KERNEL { }
+ ;
+
syslog_type:
- syslog_date TOK_ID TOK_SYSLOG_KERNEL audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL key_type audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP key_type audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
+ syslog_date syslog_id audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; }
+ | syslog_date syslog_id key_type audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; }
+ | syslog_date syslog_id TOK_DMESG_STAMP audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
+ | syslog_date syslog_id TOK_DMESG_STAMP key_type audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
/* needs update: hard newline in handling mutiline log messages */
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_partial_tail
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_tail
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); free($4); }
- | syslog_date TOK_ID TOK_SYSLOG_KERNEL TOK_AUDIT TOK_COLON key_type audit_id key_list
- { ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
+ | syslog_date syslog_id TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_partial_tail
+ { ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
+ | syslog_date syslog_id TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id audit_user_msg_tail
+ { ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
+ | syslog_date syslog_id TOK_DMESG_STAMP TOK_AUDIT TOK_COLON key_type audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; free($3); }
+ | syslog_date syslog_id TOK_AUDIT TOK_COLON key_type audit_id key_list
+ { ret_record->version = AA_RECORD_SYNTAX_V2; }
| syslog_date TOK_ID TOK_SYSLOG_USER key_list
{ ret_record->version = AA_RECORD_SYNTAX_V2; free($2); }
;
@@ -337,6 +353,10 @@ key: TOK_KEY_OPERATION TOK_EQUALS TOK_QUOTED_STRING
{ ret_record->fsuid = $3;}
| TOK_KEY_OUID TOK_EQUALS TOK_DIGITS
{ ret_record->ouid = $3;}
+ | TOK_KEY_FSUID_UPPER TOK_EQUALS TOK_QUOTED_STRING
+ { free($3);} /* Ignore - fsuid username */
+ | TOK_KEY_OUID_UPPER TOK_EQUALS TOK_QUOTED_STRING
+ { free($3);} /* Ignore - ouid username */
| TOK_KEY_SAUID TOK_EQUALS TOK_DIGITS
{ /* Ignore - Source audit ID from user AVC messages */ }
| TOK_KEY_HOSTNAME TOK_EQUALS safe_string
diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
index 49c74e15aa3b5e31fd6a4512570cc88dac490c79..67f40d4e858a1f5fdbe04b1bfa23ebecf4e6230b 100644
--- a/libraries/libapparmor/src/kernel.c
+++ b/libraries/libapparmor/src/kernel.c
@@ -43,10 +43,137 @@
__asm__ (".symver " #real "," #name "@" #version)
#define default_symbol_version(real, name, version) \
__asm__ (".symver " #real "," #name "@@" #version)
+#define DLLEXPORT __attribute__((visibility("default"),externally_visible))
#define UNCONFINED "unconfined"
#define UNCONFINED_SIZE strlen(UNCONFINED)
+/*
+ * AppArmor kernel interfaces. Potentially used by this code to
+ * implement the various library functions.
+ *
+ *
+ * /sys/module/apparmor/parameters/ *
+ *
+ * Available on all kernels, some options may not be available and policy
+ * may block access.
+ * audit - normal,quiet_denied,quiet,noquiet,all
+ * debug (bool) - turn on debug messages if enabled during compile
+ * hash_policy (bool) - provide a hash of loaded policy
+ * logsyscall (bool) - ignored
+ * paranoid_load (bool) - whether full policy checks are done. Should only
+ * be disabled for embedded device kernels
+ * audit_header (bool) - include "apparmor=<mode> in messages"
+ * enabled (bool) - whether apparmor is enabled. This can be
+ * different than whether apparmor is available.
+ * See virtualization and LSM stacking.
+ * lock_policy (bool) - one way trigger. Once set policy can not be
+ * loaded, replace, removed.
+ * mode - global policy namespace control of whether
+ * apparmor is in "enforce", "complain"
+ * path_max - maximum path size. Can always be read but
+ * can only be set on some kernels.
+ *
+ * securityfs/apparmor - usually mounted at /sys/kernel/security/apparmor/ *
+ * .access - transactional interface used to query kernel
+ * .ns_level - RO policy namespace level of current task
+ * .ns_name - RO current policy namespace of current task
+ * .ns_stacked - RO boolean if stacking is in use with the namespace
+ * .null - special device file used to redirect closed fds to
+ * profiles - RO virtualized text list of visible loaded profiles
+ * .remove - WO names of profiles to remove
+ * .replace - WO binary policy to replace (will load if not present)
+ * .load - WO binary policy to load (will fail if already present)
+ * revision - RO unique incrementing revision number for policy
+ * .stacked - RO boolean if label is currently stacked
+ * features/ - RO feature set supported by kernel
+ * policy/ - RO policy loaded into kernel
+ *
+ *
+ * /proc/<tid>/attr/apparmor/ *
+ * New proc attr interface compatible with LSM stacking. Available even
+ * when LSM stacking is not in use.
+ * current - see /proc/<tid>/attr/current
+ * exec - see /proc/<tid>/attr/exec
+ * prev - see /proc/<tid>/attr/prev
+ *
+ * /proc/<tid>/attr/ * Old proc attr interface shared between LSMs goes
+ * to first registered LSM that wants the proc interface, but can be
+ * virtualized by setting the display LSM. So if LSM stacking is in
+ * use this interface may belong to another LSM. Use
+ * /proc/<tid>/attr/apparmor/ *
+ * first if possible, and do NOT use if
+ * /sys/module/apparmor/parameters/enabled=N.
+ * Note: older version of the library only used this interface and did not
+ * check if it was available. Which could lead to weird failures if
+ * another LSM has claimed it. This version of the library tries to
+ * fix this problem, but unfortunately it is impossible to completely
+ * address, because access to interfaces required to determine
+ * whether apparmor owns the interface may be restricted, either
+ * by existing apparmor policy that has not been updated to use the
+ * new interface or by another LSM.
+ * current - current confinement
+ * display - LSM stacking. Which LSM currently owns the interface.
+ * exec - label to switch to at exec
+ * fscreate - unused by apparmor
+ * keycreate - unused by apparmor
+ * prev - when in HAT set to parent label
+ * sockcreate - unused by apparmor
+ *
+ *
+ * Below /proc/ interface combinations are documented on how the library
+ * currently behaves and how it used to behave. This serves to document
+ * known failure points as we can not entirely fix this mess.
+ * Note: userspace applications using the interface directly have all
+ * the issues/failures of AppArmor 2.x unless they have specifically
+ * been updated to deal with this mess.
+ *
+ *
+ * AppArmor 2.x Lib
+ *
+ * LSM AA sys sys proc/ proc/ user
+ * Stk | Blt | LSM | enabl | avail | aa/ | * | space |
+ * ----+-----+-------+-------+-------+-------+-------+-------+--------+
+ * N | N | - | - | - | - | N | AA2.x | - |
+ * N | N | other | - | - | - | N | AA2.x | FAIL |
+ * N | N | other |denied | - | - | N | AA2.x | FAIL |
+ * N | Y | - | N | - | - | N | AA2.x | - |
+ * N | Y | other | - | - | - | N | AA2.x | FAIL |
+ * N | Y | AA | - | - | - | Y | AA2.x | PASS |
+ * Y | N | - | - | - | - | N | AA2.x | - |
+ * Y | N | other | - | - | - | N | AA2.x | FAIL |
+ * Y | Y | - | N | - | - | N | AA2.x | - |
+ * Y | Y | other | - | - | - | N | AA2.x | FAIL |
+ * Y | Y | AA | - | - | - | Y | AA2.x | PASS |
+ * Y | Y | major | - | - | - | Y | AA2.x | PASS |
+ * Y | Y | minor | - | - | - | N | AA2.x | FAIL |
+ *
+ *
+ * AppArmor 3.x Lib - adds stacking support.
+ *
+ * Will FAIL in a few cases because it can not determine if apparmor
+ * is enabled and has control of the old interface. Not failing in these
+ * cases where AppArmor is available will result in regressions where
+ * the library will not work correctly with old kernels. In these
+ * cases its better that apparmor userspace is not used.
+ *
+ * AppArmor 3.x will avoid the failure cases if any of enabled, avail
+ * or the new proc interfaces are available to the task. AppArmor 3.x
+ * will also automatically add permissions to access the new proc
+ * interfaces so change_hat and change_profile won't experience these
+ * failures, it will only happen for confined applications hitting the
+ * interfaces and not using change_hat or change_profile.
+ *
+ * LSM AA sys sys proc/ proc/
+ * Stk | Blt | LSM | enabl | avail | aa/ | * |
+ * ----+-----+-------+-------+-------+-------+-------+-----------------
+ * Y/N | N | other | denied| NA | NA | Y | old interface avail
+ * Y/N | Y | other | denied| NA | NA | Y | old interface avail
+ * Y | Y | minor | denied| NA | NA | Y | old interface avail
+ * Y | Y | minor | denied| NA | denied| Y | old interface avail
+ * Y/N | Y | minor | denied| denied| denied| Y | old interface avail
+ */
+
/**
* aa_find_mountpoint - find where the apparmor interface filesystem is mounted
* @mnt: returns buffer with the mountpoint string
@@ -93,6 +220,85 @@ int aa_find_mountpoint(char **mnt)
return rc;
}
+/**
+ * pararm_check_base - return boolean value for PARAM
+ * PARAM: parameter to check
+ *
+ * Returns: 1 == Y
+ * 0 == N
+ * <0 == error
+ *
+ * done as a macro so we can paste the param
+ */
+
+#define param_check_base(PARAM) \
+({ \
+ int rc, fd; \
+ fd = open("/sys/module/apparmor/parameters/" PARAM, O_RDONLY); \
+ if (fd == -1) { \
+ rc = -errno; \
+ } else { \
+ char buffer[2]; \
+ int size = read(fd, &buffer, 2); \
+ rc = -errno; \
+ close(fd); \
+ errno = -rc; \
+ if (size > 0) { \
+ if (buffer[0] == 'Y') \
+ rc = 1; \
+ else \
+ rc = 0; \
+ } \
+ } \
+ (rc); \
+})
+
+static pthread_once_t param_enabled_ctl = PTHREAD_ONCE_INIT;
+static int param_enabled = 0;
+
+static pthread_once_t param_private_enabled_ctl = PTHREAD_ONCE_INIT;
+static int param_private_enabled = 0;
+
+static void param_check_enabled_init_once(void)
+{
+ param_enabled = param_check_base("enabled");
+}
+
+static int param_check_enabled()
+{
+ if (pthread_once(¶m_enabled_ctl, param_check_enabled_init_once) == 0 && param_enabled >= 0)
+ return param_enabled;
+ /* fallback if not initialized OR we recorded an error when
+ * initializing.
+ */
+ return param_check_base("enabled");
+}
+
+static int is_enabled(void)
+{
+ return param_check_enabled() == 1;
+}
+
+static void param_check_private_enabled_init_once(void)
+{
+ param_private_enabled = param_check_base("available");
+}
+
+static int param_check_private_enabled()
+{
+ if (pthread_once(¶m_private_enabled_ctl, param_check_private_enabled_init_once) == 0 && param_private_enabled >= 0)
+ return param_private_enabled;
+ /* fallback if not initialized OR we recorded an error when
+ * initializing.
+ */
+ return param_check_base("available");
+}
+
+static int is_private_enabled(void)
+{
+ return param_check_private_enabled() == 1;
+}
+
/**
* aa_is_enabled - determine if apparmor is enabled
*
@@ -105,36 +311,47 @@ int aa_find_mountpoint(char **mnt)
*/
int aa_is_enabled(void)
{
- int serrno, fd, rc, size;
- char buffer[2];
+ int rc;
char *mnt;
+ bool private = false;
+
+ rc = param_check_enabled();
+ if (rc < 1) {
+ if (!is_private_enabled()) {
+ if (rc == 0)
+ errno = ECANCELED;
+ else if (rc == -ENOENT)
+ errno = ENOSYS;
+ else
+ errno = -rc;
+
+ return 0;
+ }
+ /* actually available but only on private interfaces */
+ private = true;
+ }
- /* if the interface mountpoint is available apparmor is enabled */
+ /* if the interface mountpoint is available apparmor may not
+ * be locally enabled for older interfaces but still present
+ * so make sure to check after, checking available status
+ * also we don't cache the enabled status like available
+ * because the mount status can change.
+ */
rc = aa_find_mountpoint(&mnt);
if (rc == 0) {
free(mnt);
- return 1;
- }
-
- /* determine why the interface mountpoint isn't available */
- fd = open("/sys/module/apparmor/parameters/enabled", O_RDONLY);
- if (fd == -1) {
- if (errno == ENOENT)
- errno = ENOSYS;
- return 0;
+ if (!private)
+ return 1;
+ /* provide an error code to indicate apparmor is available
+ * on private interfaces, but we can note that apparmor
+ * is enabled because some applications hit the low level
+ * interfaces directly and don't know about the new
+ * private interfaces
+ */
+ errno = EBUSY;
+ /* fall through to return 0 */
}
- size = read(fd, &buffer, 2);
- serrno = errno;
- close(fd);
- errno = serrno;
-
- if (size > 0) {
- if (buffer[0] == 'Y')
- errno = ENOENT;
- else
- errno = ECANCELED;
- }
return 0;
}
@@ -147,14 +364,135 @@ static inline pid_t aa_gettid(void)
#endif
}
+/*
+ * Check for the new apparmor proc interface once on the first api call
+ * and then reuse the result on all subsequent api calls. This avoids
+ * a double syscall overhead on each api call if the interface is not
+ * present.
+ */
+static pthread_once_t proc_attr_base_ctl = PTHREAD_ONCE_INIT;
+static const char *proc_attr_base_old = "/proc/%d/attr/%s";
+static const char *proc_attr_new_dir = "/proc/%d/attr/apparmor/";
+static const char *proc_attr_base_stacking = "/proc/%d/attr/apparmor/%s";
+static const char *proc_attr_base_unavailable = "/proc/%d/attr/apparmor/unavailable/%s";
+static const char *proc_attr_base = NULL;
+static int proc_stacking_present = -1; /* unknown */
+
+static void proc_attr_base_init_once(void)
+{
+ autofree char *tmp;
+
+ /* if we fail we just fall back to the default value */
+ if (asprintf(&tmp, proc_attr_new_dir, aa_gettid()) > 0) {
+ struct stat sb;
+ if (stat(tmp, &sb) == 0) {
+ proc_attr_base = proc_attr_base_stacking;
+ proc_stacking_present = 1;
+ return;
+ } else if (errno == ENOENT) {
+ /* no stacking - try falling back */
+ proc_stacking_present = 0;
+ } else if (errno == EACCES) {
+ /* the dir exists, but access is denied */
+ proc_stacking_present = 1;
+ proc_attr_base = proc_attr_base_stacking;
+ } /* else
+ denied by policy, or other error try falling back */
+ } else {
+ /* failed allocation - proc_attr_base stays NULL */
+ return;
+ }
+ /* check for new interface failed, see if we can fallback */
+ if (param_check_enabled() == 0) {
+ /* definate NO (not just an error) on enabled. Do not fall
+ * back to old shared proc interface
+ *
+ * First try an alternate check for private proc interface
+ */
+ int enabled = param_check_private_enabled();
+ if (enabled == 1) {
+ /* the private interface exists and we can't
+ * fallback so just keep trying on the new
+ * interface.
+ */
+ proc_attr_base = proc_attr_base_stacking;
+ } else if (enabled == 0) {
+ /* definite NO - no interface available */
+ proc_attr_base = proc_attr_base_unavailable;
+ } else {
+ /* error can't determine, proc_attr_base stays NULL */
+ }
+ } else if (param_check_enabled() == 1) {
+ /* apparmor is enabled, we can use the old interface */
+ proc_attr_base = proc_attr_base_old;
+ } else if (errno != EACCES) {
+ /* this shouldn't happen unless apparmor is not builtin
+ * or proc isn't mounted
+ */
+ proc_attr_base = proc_attr_base_unavailable;
+ } /* else
+ denied by policy - proc_attr_base stays NULL */
+
+ return;
+}
+
static char *procattr_path(pid_t pid, const char *attr)
{
char *path = NULL;
- if (asprintf(&path, "/proc/%d/attr/%s", pid, attr) > 0)
+ const char *tmp;
+
+ /* TODO: rework this with futex or userspace RCU so we can update
+ * the base value instead of continually using the same base
+ * after we have hit an error
+ */
+ /* ignore failure, we just fallback to the default value */
+ (void) pthread_once(&proc_attr_base_ctl, proc_attr_base_init_once);
+
+ if (proc_attr_base)
+ tmp = proc_attr_base;
+ else if (proc_stacking_present)
+ /* couldn't determine during init */
+ tmp = proc_attr_base_stacking;
+ else
+ /* couldn't determine during init and no stacking */
+ tmp = proc_attr_base_old;
+ if (asprintf(&path, tmp, pid, attr) > 0)
return path;
return NULL;
}
+static int procattr_open(pid_t tid, const char *attr, int flags)
+{
+ char *tmp;
+ int fd;
+
+ tmp = procattr_path(tid, attr);
+ if (!tmp) {
+ return -1;
+ }
+ fd = open(tmp, flags);
+ free(tmp);
+ /* Test is we can fallback to the old interface (this is ugly).
+ * If we haven't tried the old interface already
+ * proc_attr_base == proc_attr_base_old - no fallback
+ * else if is_enabled()
+ * apparmor is available on the old interface
+ * we do NOT use is_private_enabled() as
+ * 1. the new private interface would have been tried first above
+ * 2. that can be true even when another LSM is using the
+ * old interface where is_enabled() is only successful if
+ * the old interface is available to apparmor.
+ */
+ if (fd == -1 && tmp != proc_attr_base_old && param_check_enabled() != 0) {
+ if (asprintf(&tmp, proc_attr_base_old, tid, attr) < 0)
+ return -1;
+ fd = open(tmp, flags);
+ free(tmp);
+ }
+
+ return fd;
+}
+
/**
* parse_unconfined - check for the unconfined label
* @con: the confinement context
@@ -264,12 +602,7 @@ int aa_getprocattr_raw(pid_t tid, const char *attr, char *buf, int len,
goto out;
}
- tmp = procattr_path(tid, attr);
- if (!tmp)
- goto out;
-
- fd = open(tmp, O_RDONLY);
- free(tmp);
+ fd = procattr_open(tid, attr, O_RDONLY);
if (fd == -1) {
goto out;
}
@@ -380,18 +713,13 @@ static int setprocattr(pid_t tid, const char *attr, const char *buf, int len)
{
int rc = -1;
int fd, ret;
- char *ctl = NULL;
if (!buf) {
errno = EINVAL;
goto out;
}
- ctl = procattr_path(tid, attr);
- if (!ctl)
- goto out;
-
- fd = open(ctl, O_WRONLY);
+ fd = procattr_open(tid, attr, O_WRONLY);
if (fd == -1) {
goto out;
}
@@ -412,9 +740,6 @@ static int setprocattr(pid_t tid, const char *attr, const char *buf, int len)
(void)close(fd);
out:
- if (ctl) {
- free(ctl);
- }
return rc;
}
@@ -500,7 +825,7 @@ int aa_change_onexec(const char *profile)
}
/* create an alias for the old change_hat@IMMUNIX_1.0 symbol */
-extern typeof((__change_hat)) __old_change_hat __attribute__((alias ("__change_hat")));
+DLLEXPORT extern typeof((__change_hat)) __old_change_hat __attribute__((alias ("__change_hat")));
symbol_version(__old_change_hat, change_hat, IMMUNIX_1.0);
default_symbol_version(__change_hat, change_hat, APPARMOR_1.0);
@@ -690,16 +1015,24 @@ int aa_getcon(char **label, char **mode)
* Returns: length of confinement context including null termination or -1 on
* error if errno == ERANGE then @len will hold the size needed
*/
-int aa_getpeercon_raw(int fd, char *buf, int *len, char **mode)
+int aa_getpeercon_raw(int fd, char *buf, socklen_t *len, char **mode)
{
- socklen_t optlen = *len;
+ socklen_t optlen;
int rc;
- if (optlen <= 0 || buf == NULL) {
+ if (*len <= 0 || buf == NULL) {
errno = EINVAL;
return -1;
}
+ optlen = *len;
+ if (!is_enabled()) {
+ errno = EINVAL;
+ return -1;
+ }
+ /* TODO: add check for private_enabled when alternate interface
+ * is approved
+ */
rc = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &optlen);
if (rc == -1 || optlen <= 0)
goto out;
@@ -747,7 +1080,8 @@ out:
*/
int aa_getpeercon(int fd, char **label, char **mode)
{
- int rc, last_size, size = INITIAL_GUESS_SIZE;
+ socklen_t last_size, size = INITIAL_GUESS_SIZE;
+ int rc;
char *buffer = NULL;
if (!label) {
@@ -849,7 +1183,7 @@ int query_label(uint32_t mask, char *query, size_t size, int *allowed,
memcpy(query, AA_QUERY_CMD_LABEL, AA_QUERY_CMD_LABEL_SIZE);
errno = 0;
ret = write(fd, query, size);
- if (ret != size) {
+ if (ret < 0 || ((size_t) ret != size)) {
if (ret >= 0)
errno = EPROTO;
/* IMPORTANT: This is the only valid error path that can have
@@ -889,7 +1223,7 @@ int query_label(uint32_t mask, char *query, size_t size, int *allowed,
/* export multiple aa_query_label symbols to compensate for downstream
* releases with differing symbol versions. */
-extern typeof((query_label)) __aa_query_label __attribute__((alias ("query_label")));
+DLLEXPORT extern typeof((query_label)) __aa_query_label __attribute__((alias ("query_label")));
symbol_version(__aa_query_label, aa_query_label, APPARMOR_1.1);
default_symbol_version(query_label, aa_query_label, APPARMOR_2.9);
diff --git a/libraries/libapparmor/src/libaalogparse.c b/libraries/libapparmor/src/libaalogparse.c
index dcba4caf0f12e3c52daa3ddb589bd551e0dc7dc5..6e7c4b79747fd3173cb7f8db933450798f876daa 100644
--- a/libraries/libapparmor/src/libaalogparse.c
+++ b/libraries/libapparmor/src/libaalogparse.c
@@ -131,7 +131,7 @@ char *hex_to_string(char *hexstring)
char *ret = NULL;
char buf[3], *endptr;
size_t len;
- int i;
+ size_t i;
if (!hexstring)
goto out;
diff --git a/libraries/libapparmor/src/libapparmor.map b/libraries/libapparmor/src/libapparmor.map
index 75469f332a6ada4ab4bd6f08c924154b3d9b6c76..7ca7caea3b3f811db09f37973be80a133b3c4bf1 100644
--- a/libraries/libapparmor/src/libapparmor.map
+++ b/libraries/libapparmor/src/libapparmor.map
@@ -6,14 +6,14 @@
IMMUNIX_1.0 {
global:
- change_hat;
+ change_hat; __old_change_hat;
local:
*;
};
APPARMOR_1.0 {
global:
- change_hat;
+ change_hat; __change_hat;
parse_record;
free_record;
local:
@@ -24,7 +24,7 @@ APPARMOR_1.1 {
global:
aa_is_enabled;
aa_find_mountpoint;
- aa_change_hat;
+ aa_change_hat; __old_change_hat;
aa_change_hatv;
aa_change_hat_vargs;
aa_change_profile;
@@ -37,7 +37,7 @@ APPARMOR_1.1 {
free_record;
aa_getprocattr_raw;
aa_getprocattr;
- aa_query_label;
+ aa_query_label; __aa_query_label;
# no more symbols here, please
@@ -47,7 +47,7 @@ APPARMOR_1.1 {
APPARMOR_2.9 {
global:
- aa_query_label;
+ aa_query_label; query_label;
local:
*;
} APPARMOR_1.1;
@@ -115,6 +115,15 @@ APPARMOR_2.13.1 {
*;
} APPARMOR_2.13;
+APPARMOR_3.0 {
+ global:
+ aa_features_new_from_file;
+ aa_features_write_to_fd;
+ aa_features_value;
+ local:
+ *;
+} APPARMOR_2.13.1;
+
PRIVATE {
global:
_aa_is_blacklisted;
diff --git a/libraries/libapparmor/src/policy_cache.c b/libraries/libapparmor/src/policy_cache.c
index 53379e62a1ae009209023359c38f927ffa43ca55..7e840dc6663dcca23eaf8a70e5758b2b82625a6f 100644
--- a/libraries/libapparmor/src/policy_cache.c
+++ b/libraries/libapparmor/src/policy_cache.c
@@ -45,6 +45,8 @@ struct aa_policy_cache {
static int clear_cache_cb(int dirfd, const char *path, struct stat *st,
void *data unused)
{
+ /* Handle symlink here. See _aa_dirat_for_each in private.c */
+
if (S_ISREG(st->st_mode)) {
/* remove regular files */
return unlinkat(dirfd, path, 0);
@@ -260,7 +262,7 @@ static int cache_dir_from_path_and_features(char **cache_path,
{
autofree const char *features_id = NULL;
char *cache_dir;
- size_t len;
+ ssize_t len;
int rc;
features_id = aa_features_id(features);
@@ -688,8 +690,8 @@ char *aa_policy_cache_dir_path_preview(aa_features *kernel_features,
aa_features_unref(kernel_features);
- if (asprintf(&dir_path, "%s%s%s",
- cache_loc ? : "", cache_loc ? "/" : "", cache_dir) == -1) {
+ if (asprintf(&dir_path, "%s%s%s", cache_loc ? cache_loc : "",
+ cache_loc ? "/" : "", cache_dir) == -1) {
errno = ENOMEM;
return NULL;
}
diff --git a/libraries/libapparmor/src/private.c b/libraries/libapparmor/src/private.c
index 030f1be56408a5351ca3451c524e1524cd5649bf..52c97910b5a0f6945e598009253e05cb7c04294a 100644
--- a/libraries/libapparmor/src/private.c
+++ b/libraries/libapparmor/src/private.c
@@ -49,7 +49,7 @@
* Allow libapparmor to build on older glibcs and other libcs that do
* not support reallocarray.
*/
-#ifndef HAVE_REALLOCARRY
+#ifndef HAVE_REALLOCARRAY
void *reallocarray(void *ptr, size_t nmemb, size_t size)
{
return realloc(ptr, nmemb * size);
@@ -126,7 +126,7 @@ bool atomic_dec_and_test(unsigned int *v)
int _aa_is_blacklisted(const char *name)
{
- size_t name_len = strlen(name);
+ ssize_t name_len = strlen(name);
struct ignored_suffix_t *suffix;
/* skip dot files and files with no name */
@@ -315,8 +315,7 @@ static ssize_t readdirfd(int dirfd, struct dirent ***out,
int (*dircmp)(const struct dirent **, const struct dirent **))
{
struct dirent **dents = NULL, *dent;
- ssize_t n = 0;
- size_t i;
+ ssize_t n = 0, i;
int save;
DIR *dir;
@@ -389,7 +388,7 @@ int _aa_overlaydirat_for_each(int dirfd[], int n, void *data,
{
autofree struct dirent **list = NULL;
autofree struct overlaydir *overlay = NULL;
- int i, k;
+ int i;
int n_list, size = 0, max_size = 0;
int rc = 0;
@@ -400,10 +399,10 @@ int _aa_overlaydirat_for_each(int dirfd[], int n, void *data,
return -1;
}
if (merge(overlay, size, max_size, list, n_list, dirfd[i])) {
- for (k = 0; k < n_list; k++)
- free(list[k]);
- for (k = 0; k < size; k++)
- free(overlay[k].dent);
+ for (i = 0; i < n_list; i++)
+ free(list[i]);
+ for (i = 0; i < size; i++)
+ free(overlay[i].dent);
return -1;
}
}
@@ -453,7 +452,8 @@ int _aa_overlaydirat_for_each(int dirfd[], int n, void *data,
*
* The cb function is called with the DIR in use and the name of the
* file in that directory. If the file is to be opened it should
- * use the openat, fstatat, and related fns.
+ * use the openat, fstatat, and related fns. If the file is a symlink
+ * _aa_dirat_for_each currently tries to traverse it for the caller
*
* Returns: 0 on success, else -1 and errno is set to the error code
*/
@@ -475,7 +475,7 @@ int _aa_dirat_for_each(int dirfd, const char *name, void *data,
return -1;
}
- num_dirs = readdirfd(cb_dirfd, &namelist, NULL);
+ num_dirs = readdirfd(cb_dirfd, &namelist, alphasort);
if (num_dirs == -1) {
PDEBUG("scandirat of directory '%s' failed: %m\n", name);
return -1;
@@ -486,14 +486,34 @@ int _aa_dirat_for_each(int dirfd, const char *name, void *data,
autofree struct dirent *dir = namelist[i];
struct stat my_stat;
- if (rc)
- continue;
-
- if (fstatat(cb_dirfd, dir->d_name, &my_stat, 0)) {
+ if (fstatat(cb_dirfd, dir->d_name, &my_stat, AT_SYMLINK_NOFOLLOW)) {
PDEBUG("stat failed for '%s': %m\n", dir->d_name);
rc = -1;
continue;
}
+ /* currently none of the callers handle symlinks, and this
+ * same basic code was applied to each. So for this patch
+ * just drop it here.
+ *
+ * Going forward we need to start handling symlinks as
+ * they have meaning.
+ * In the case of
+ * cache: they act as a place holder for files that have been
+ * combined into a single binary. This enables the
+ * file based cache lookup time find that relation
+ * and dedup, so multiple loads aren't done.
+ * profiles: just a profile in an alternate location, but
+ * should do dedup detection when doing dir reads
+ * so we don't double process.
+ */
+ if (S_ISLNK(my_stat.st_mode)) {
+ /* just traverse the symlink */
+ if (fstatat(cb_dirfd, dir->d_name, &my_stat, 0)) {
+ PDEBUG("symlink target stat failed for '%s': %m\n", dir->d_name);
+ rc = -1;
+ continue;
+ }
+ }
if (cb(cb_dirfd, dir->d_name, &my_stat, data)) {
PDEBUG("dir_for_each callback failed for '%s'\n",
diff --git a/libraries/libapparmor/src/scanner.l b/libraries/libapparmor/src/scanner.l
index 6405ef5ce49692ae9c5f748492b9af74b35be30b..3c93f5d90b1de5d46e22184b4c271a931be447d3 100644
--- a/libraries/libapparmor/src/scanner.l
+++ b/libraries/libapparmor/src/scanner.l
@@ -72,7 +72,7 @@ void string_buf_append(unsigned int length, char *text)
%}
-ws [ \t\r\n]
+ws [ \t\r\n\x1d]
equals "="
digit [[:digit:]]
@@ -138,7 +138,9 @@ key_sock_type "sock_type"
key_protocol "protocol"
key_error "error"
key_fsuid "fsuid"
+key_fsuid_upper "FSUID"
key_ouid "ouid"
+key_ouid_upper "OUID"
key_uid "uid"
key_auid "auid"
key_sauid "sauid"
@@ -172,6 +174,7 @@ audit "audit"
ip_addr [a-f[:digit:].:]{3,}
/* syslog tokens */
+socklogd_kernel kern.notice{colon}
syslog_kernel kernel{colon}
syslog_user [[:alnum:]_-]+\[[[:digit:]]+\]{colon}
syslog_yyyymmdd {digit}{4}{minus}{digit}{2}{minus}{digit}{2}
@@ -323,7 +326,9 @@ yy_flex_debug = 0;
{key_protocol} { return(TOK_KEY_PROTOCOL); }
{key_error} { return(TOK_KEY_ERROR); }
{key_fsuid} { return(TOK_KEY_FSUID); }
+{key_fsuid_upper} { return(TOK_KEY_FSUID_UPPER); }
{key_ouid} { return(TOK_KEY_OUID); }
+{key_ouid_upper} { return(TOK_KEY_OUID_UPPER); }
{key_uid} { return(TOK_KEY_UID); }
{key_auid} { return(TOK_KEY_AUID); }
{key_sauid} { return(TOK_KEY_SAUID); }
@@ -351,6 +356,7 @@ yy_flex_debug = 0;
{key_flags} { BEGIN(safe_string); return(TOK_KEY_FLAGS); }
{key_srcname} { BEGIN(safe_string); return(TOK_KEY_SRCNAME); }
+{socklogd_kernel} { BEGIN(dmesg_timestamp); return(TOK_SOCKLOGD_KERNEL); }
{syslog_kernel} { BEGIN(dmesg_timestamp); return(TOK_SYSLOG_KERNEL); }
{syslog_user} { return(TOK_SYSLOG_USER); }
{syslog_month} { yylval->t_str = strdup(yytext); return(TOK_DATE_MONTH); }
@@ -365,6 +371,7 @@ yy_flex_debug = 0;
<hostname>{
{ws}+ { /* eat whitespace */ }
+ {socklogd_kernel} { BEGIN(dmesg_timestamp); return(TOK_SOCKLOGD_KERNEL); }
{syslog_hostname} { yylval->t_str = strdup(yytext); BEGIN(INITIAL); return(TOK_ID); }
}
diff --git a/libraries/libapparmor/swig/Makefile.in b/libraries/libapparmor/swig/Makefile.in
index df253303f44a5de346314edd5abf4ff5e3eb7513..0ee85c9a532a9ec0bd5f2e2d96eec5efc19fb3d0 100644
--- a/libraries/libapparmor/swig/Makefile.in
+++ b/libraries/libapparmor/swig/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -133,7 +133,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
+ distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -151,8 +151,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -192,8 +190,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -204,6 +203,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -248,6 +248,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -346,8 +347,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -463,8 +464,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/swig/perl/Makefile.in b/libraries/libapparmor/swig/perl/Makefile.in
index 07f61846df8763553f4b651cc7535f34fe212530..d2daf7a5f915dfabb6527408c032a19e5d55fc39 100644
--- a/libraries/libapparmor/swig/perl/Makefile.in
+++ b/libraries/libapparmor/swig/perl/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -134,8 +134,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -146,6 +147,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -190,6 +192,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -289,8 +292,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -315,8 +318,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -381,8 +386,8 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@HAVE_PERL_FALSE@install-exec-local:
@HAVE_PERL_FALSE@clean-local:
+@HAVE_PERL_FALSE@install-exec-local:
clean: clean-am
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
diff --git a/libraries/libapparmor/swig/python/Makefile.am b/libraries/libapparmor/swig/python/Makefile.am
index 421acba9e68ebd4e41bd75820870264f5317c747..bf05fe0fc2f563f012b232c4925ed4cad75e88ca 100644
--- a/libraries/libapparmor/swig/python/Makefile.am
+++ b/libraries/libapparmor/swig/python/Makefile.am
@@ -1,5 +1,8 @@
if HAVE_PYTHON
+COMMONDIR = $(top_srcdir)/../../common/
+include $(COMMONDIR)/Make.rules
+
EXTRA_DIST = libapparmor_wrap.c
SUBDIRS = test
@@ -11,14 +14,14 @@ MOSTLYCLEANFILES=libapparmor_wrap.c LibAppArmor.py
all-local: libapparmor_wrap.c setup.py
if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
- $(PYTHON) setup.py build
+ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
install-exec-local:
$(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
clean-local:
if test -x "$(PYTHON)"; then $(PYTHON) setup.py clean; fi
- rm -rf build
+ rm -rf build LibAppArmor.egg-info
if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
endif
diff --git a/libraries/libapparmor/swig/python/Makefile.in b/libraries/libapparmor/swig/python/Makefile.in
index 5ec49dd85b576f07cecae049925b29da2aefee58..3591d849d2fdd0ee28a3b0cfaa92b284ba92ba95 100644
--- a/libraries/libapparmor/swig/python/Makefile.in
+++ b/libraries/libapparmor/swig/python/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -133,7 +133,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
+ distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -151,8 +151,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
DIST_SUBDIRS = test
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/setup.py.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -192,8 +190,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -204,6 +203,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -248,6 +248,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -324,6 +325,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
+@HAVE_PYTHON_TRUE@COMMONDIR = $(top_srcdir)/../../common/
@HAVE_PYTHON_TRUE@EXTRA_DIST = libapparmor_wrap.c
@HAVE_PYTHON_TRUE@SUBDIRS = test
@HAVE_PYTHON_TRUE@MOSTLYCLEANFILES = libapparmor_wrap.c LibAppArmor.py
@@ -347,8 +349,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -466,8 +468,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -645,20 +649,21 @@ uninstall-am:
.PRECIOUS: Makefile
+@HAVE_PYTHON_TRUE@include $(COMMONDIR)/Make.rules
@HAVE_PYTHON_TRUE@libapparmor_wrap.c: $(srcdir)/../SWIG/libapparmor.i
@HAVE_PYTHON_TRUE@ $(SWIG) -python -I$(srcdir)/../../include -module LibAppArmor -o $@ $(srcdir)/../SWIG/libapparmor.i
@HAVE_PYTHON_TRUE@all-local: libapparmor_wrap.c setup.py
@HAVE_PYTHON_TRUE@ if test ! -f libapparmor_wrap.c; then cp $(srcdir)/libapparmor_wrap.c . ; fi
-@HAVE_PYTHON_TRUE@ $(PYTHON) setup.py build
+@HAVE_PYTHON_TRUE@ CC="$(CC)" CFLAGS="$(PYTHON_CPPFLAGS) $(EXTRA_WARNINGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(PYTHON_LDFLAGS) $(LDFLAGS)" $(PYTHON) setup.py build
@HAVE_PYTHON_TRUE@install-exec-local:
@HAVE_PYTHON_TRUE@ $(PYTHON) setup.py install --root="/$(DESTDIR)" --prefix="$(prefix)"
@HAVE_PYTHON_TRUE@clean-local:
@HAVE_PYTHON_TRUE@ if test -x "$(PYTHON)"; then $(PYTHON) setup.py clean; fi
-@HAVE_PYTHON_TRUE@ rm -rf build
+@HAVE_PYTHON_TRUE@ rm -rf build LibAppArmor.egg-info
@HAVE_PYTHON_TRUE@ if test $(top_srcdir) != $(top_builddir) ; then rm -f libapparmor_wrap.c ; fi
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/libraries/libapparmor/swig/python/setup.py.in b/libraries/libapparmor/swig/python/setup.py.in
index 32abd46b21a1de959e357127443eb0fed2d6f8ea..b23e40746241006b494977d1c994969e4ce486cb 100644
--- a/libraries/libapparmor/swig/python/setup.py.in
+++ b/libraries/libapparmor/swig/python/setup.py.in
@@ -1,4 +1,4 @@
-from distutils.core import setup, Extension
+from setuptools import setup, Extension
import string
setup(name = 'LibAppArmor',
diff --git a/libraries/libapparmor/swig/python/test/Makefile.am b/libraries/libapparmor/swig/python/test/Makefile.am
index 7287819c9d872987189da368832ca947afe36aac..761735a9af41729a19c3f55ac9dbad333e17bd73 100644
--- a/libraries/libapparmor/swig/python/test/Makefile.am
+++ b/libraries/libapparmor/swig/python/test/Makefile.am
@@ -10,8 +10,7 @@ test_python.py: test_python.py.in $(top_builddir)/config.status
CLEANFILES = test_python.py
-# bah, how brittle is this?
-PYTHON_DIST_BUILD_PATH = '$(builddir)/../build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")'
+PYTHON_DIST_BUILD_PATH = '$(builddir)/../build/$$($(PYTHON) buildpath.py)'
TESTS = test_python.py
TESTS_ENVIRONMENT = \
diff --git a/libraries/libapparmor/swig/python/test/Makefile.in b/libraries/libapparmor/swig/python/test/Makefile.in
index 6fc13ee3bafbddc3a6033b4faafe8f2cb46c5d25..9ef993efcad7ea4df7f4c00a9440cdeea2d119cd 100644
--- a/libraries/libapparmor/swig/python/test/Makefile.in
+++ b/libraries/libapparmor/swig/python/test/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -301,6 +301,7 @@ am__set_TESTS_bases = \
bases='$(TEST_LOGS)'; \
bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
RECHECK_LOGS = $(TEST_LOGS)
AM_RECURSIVE_TARGETS = check recheck
TEST_SUITE_LOG = test-suite.log
@@ -336,8 +337,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -348,6 +350,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -392,6 +395,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -469,9 +473,7 @@ top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
@HAVE_PYTHON_TRUE@CLEANFILES = test_python.py
-
-# bah, how brittle is this?
-@HAVE_PYTHON_TRUE@PYTHON_DIST_BUILD_PATH = '$(builddir)/../build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")'
+@HAVE_PYTHON_TRUE@PYTHON_DIST_BUILD_PATH = '$(builddir)/../build/$$($(PYTHON) buildpath.py)'
@HAVE_PYTHON_TRUE@TESTS = test_python.py
@HAVE_PYTHON_TRUE@TESTS_ENVIRONMENT = \
@HAVE_PYTHON_TRUE@ LD_LIBRARY_PATH='$(top_builddir)/src/.libs:$(PYTHON_DIST_BUILD_PATH)' \
@@ -498,8 +500,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -630,7 +632,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
fi; \
echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \
echo "$${col}$$br$${std}"; \
create_testsuite_report --maybe-color; \
echo "$$col$$br$$std"; \
@@ -643,7 +645,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS:
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -685,8 +687,10 @@ test_python.py.log: test_python.py
@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/swig/python/test/buildpath.py b/libraries/libapparmor/swig/python/test/buildpath.py
new file mode 100644
index 0000000000000000000000000000000000000000..94b63c2e40ee18e3a9f67a455c62a10e6c0de737
--- /dev/null
+++ b/libraries/libapparmor/swig/python/test/buildpath.py
@@ -0,0 +1,13 @@
+#!/usr/bin/python3
+# the build path has changed in setuptools 62.1:
+# https://github.com/pypa/setuptools/commit/1c23f5e1e4b18b50081cbabb2dea22bf345f5894
+import sys
+import sysconfig
+import setuptools
+
+
+if tuple(map(int, setuptools.__version__.split("."))) >= (62, 1):
+ identifier = sys.implementation.cache_tag
+else:
+ identifier = "%d.%d" % sys.version_info[:2]
+print("lib.%s-%s" % (sysconfig.get_platform(), identifier))
diff --git a/libraries/libapparmor/swig/ruby/Makefile.am b/libraries/libapparmor/swig/ruby/Makefile.am
index 03ef02fd69c85b0843915f37698c2db495331a20..465fa746301f32f0d2030b0494701586d526284e 100644
--- a/libraries/libapparmor/swig/ruby/Makefile.am
+++ b/libraries/libapparmor/swig/ruby/Makefile.am
@@ -9,7 +9,9 @@ LibAppArmor_wrap.c : $(srcdir)/../SWIG/libapparmor.i
MOSTLYCLEANFILES=LibAppArmor_wrap.c
Makefile.ruby: extconf.rb
+ mv Makefile Makefile.bak
PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/include
+ mv Makefile.bak Makefile
LibAppArmor.so: LibAppArmor_wrap.c Makefile.ruby
$(MAKE) -fMakefile.ruby
@@ -22,7 +24,7 @@ install-exec-local: Makefile.ruby
clean-local:
if test -f Makefile.ruby; then $(MAKE) -fMakefile.ruby clean; fi
- rm -f Makefile.ruby Makefile.new
+ rm -f Makefile.ruby Makefile.bak
rm -f *.o *.so *.log
endif
diff --git a/libraries/libapparmor/swig/ruby/Makefile.in b/libraries/libapparmor/swig/ruby/Makefile.in
index b89544e7a6c2b86c2e504fc10a0908a9ff1245c1..5c9b2403e4c18b848cd2297acef945182c30f9ba 100644
--- a/libraries/libapparmor/swig/ruby/Makefile.in
+++ b/libraries/libapparmor/swig/ruby/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -134,8 +134,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -146,6 +147,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -190,6 +192,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -289,8 +292,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -313,8 +316,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -468,7 +473,9 @@ uninstall-am:
@HAVE_RUBY_TRUE@ $(SWIG) -ruby -module LibAppArmor -I$(top_srcdir)/include -o $@ $(srcdir)/../SWIG/libapparmor.i
@HAVE_RUBY_TRUE@Makefile.ruby: extconf.rb
+@HAVE_RUBY_TRUE@ mv Makefile Makefile.bak
@HAVE_RUBY_TRUE@ PREFIX=$(prefix) $(RUBY) $< --with-LibAppArmor-include=$(top_srcdir)/include
+@HAVE_RUBY_TRUE@ mv Makefile.bak Makefile
@HAVE_RUBY_TRUE@LibAppArmor.so: LibAppArmor_wrap.c Makefile.ruby
@HAVE_RUBY_TRUE@ $(MAKE) -fMakefile.ruby
@@ -481,7 +488,7 @@ uninstall-am:
@HAVE_RUBY_TRUE@clean-local:
@HAVE_RUBY_TRUE@ if test -f Makefile.ruby; then $(MAKE) -fMakefile.ruby clean; fi
-@HAVE_RUBY_TRUE@ rm -f Makefile.ruby Makefile.new
+@HAVE_RUBY_TRUE@ rm -f Makefile.ruby Makefile.bak
@HAVE_RUBY_TRUE@ rm -f *.o *.so *.log
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/libraries/libapparmor/swig/ruby/extconf.rb b/libraries/libapparmor/swig/ruby/extconf.rb
index 647d2d8316014c2f08a257d3ab7f2ca211b08364..6a2ef745790c43c295702071424a1a2c4c74447a 100644
--- a/libraries/libapparmor/swig/ruby/extconf.rb
+++ b/libraries/libapparmor/swig/ruby/extconf.rb
@@ -2,16 +2,8 @@
require 'mkmf'
-# hack 1: ruby black magic to write a Makefile.new instead of a Makefile
-alias open_orig open
-def open(path, mode=nil, perm=nil)
- path = 'Makefile.new' if path == 'Makefile'
- if block_given?
- open_orig(path, mode, perm) { |io| yield(io) }
- else
- open_orig(path, mode, perm)
- end
-end
+# hack 1: Before extconf.rb gets called, Makefile gets backed up, and
+# restored afterwards (see Makefile.am)
if ENV['PREFIX']
prefix = CONFIG['prefix']
@@ -27,7 +19,7 @@ if find_library('apparmor', 'parse_record', '../../src/.libs') and
# hack 2: strip all rpath references
open('Makefile.ruby', 'w') do |out|
- IO.foreach('Makefile.new') do |line|
+ IO.foreach('Makefile') do |line|
out.puts line.gsub(/-Wl,-R'[^']*'/, '')
end
end
diff --git a/libraries/libapparmor/test-driver b/libraries/libapparmor/test-driver
index 8e575b017d93702e9ec30bc6c3f0e08839e805e8..be73b80adf95515f3fc7cdc504facb29bc12e6b3 100755
--- a/libraries/libapparmor/test-driver
+++ b/libraries/libapparmor/test-driver
@@ -1,9 +1,9 @@
#! /bin/sh
# test-driver - basic testsuite driver script.
-scriptversion=2013-07-13.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 2011-2014 Free Software Foundation, Inc.
+# Copyright (C) 2011-2021 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@ scriptversion=2013-07-13.22; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -42,11 +42,13 @@ print_usage ()
{
cat <<END
Usage:
- test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
- [--expect-failure={yes|no}] [--color-tests={yes|no}]
- [--enable-hard-errors={yes|no}] [--]
+ test-driver --test-name NAME --log-file PATH --trs-file PATH
+ [--expect-failure {yes|no}] [--color-tests {yes|no}]
+ [--enable-hard-errors {yes|no}] [--]
TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
+
The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+See the GNU Automake documentation for information.
END
}
@@ -103,8 +105,11 @@ trap "st=130; $do_exit" 2
trap "st=141; $do_exit" 13
trap "st=143; $do_exit" 15
-# Test script is run here.
-"$@" >$log_file 2>&1
+# Test script is run here. We create the file first, then append to it,
+# to ameliorate tests themselves also writing to the log file. Our tests
+# don't, but others can (automake bug#35762).
+: >"$log_file"
+"$@" >>"$log_file" 2>&1
estatus=$?
if test $enable_hard_errors = no && test $estatus -eq 99; then
@@ -126,7 +131,7 @@ esac
# know whether the test passed or failed simply by looking at the '.log'
# file, without the need of also peaking into the corresponding '.trs'
# file (automake bug#11814).
-echo "$res $test_name (exit status: $estatus)" >>$log_file
+echo "$res $test_name (exit status: $estatus)" >>"$log_file"
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
@@ -140,9 +145,9 @@ echo ":copy-in-global-log: $gcopy" >> $trs_file
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:
diff --git a/libraries/libapparmor/testsuite/Makefile.am b/libraries/libapparmor/testsuite/Makefile.am
index 55dcb686bdef9c5792ad334e3e2d5617a58e9541..6a00e9749893ca3eb54ee50460da766fa39d0caa 100644
--- a/libraries/libapparmor/testsuite/Makefile.am
+++ b/libraries/libapparmor/testsuite/Makefile.am
@@ -2,6 +2,9 @@ SUBDIRS = lib config libaalogparse.test
PACKAGE = libaalogparse
AUTOMAKE_OPTIONS = dejagnu
+COMMONDIR=$(top_srcdir)/../../common
+include $(COMMONDIR)/Make.rules
+
INCLUDES = -I. -I$(top_srcdir)/include
AM_CPPFLAGS = $(DEBUG_FLAGS) -DLOCALEDIR=\"${localedir}\"
@@ -10,7 +13,7 @@ AM_CFLAGS = -Wall
noinst_PROGRAMS = test_multi.multi
test_multi_multi_SOURCES = test_multi.c
-test_multi_multi_CFLAGS = -Wall
+test_multi_multi_CFLAGS = -Wall $(EXTRA_WARNINGS)
test_multi_multi_LDADD = -L../src/.libs -lapparmor
clean-local:
diff --git a/libraries/libapparmor/testsuite/Makefile.in b/libraries/libapparmor/testsuite/Makefile.in
index b93bcdf80ec828aff58c87ddef1cf1c10bde9282..ce85d92d9c15a043b87c5d98db59d083d270925a 100644
--- a/libraries/libapparmor/testsuite/Makefile.in
+++ b/libraries/libapparmor/testsuite/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -127,7 +127,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/test_multi_multi-test_multi.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -169,7 +170,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
+ distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -187,8 +188,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
DEJATOOL = $(PACKAGE)
RUNTESTDEFAULTFLAGS = --tool $$tool --srcdir $$srcdir
EXPECT = expect
@@ -232,8 +231,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -244,6 +244,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -288,6 +289,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -366,11 +368,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
SUBDIRS = lib config libaalogparse.test
AUTOMAKE_OPTIONS = dejagnu
+COMMONDIR = $(top_srcdir)/../../common
INCLUDES = -I. -I$(top_srcdir)/include
AM_CPPFLAGS = $(DEBUG_FLAGS) -DLOCALEDIR=\"${localedir}\"
AM_CFLAGS = -Wall
test_multi_multi_SOURCES = test_multi.c
-test_multi_multi_CFLAGS = -Wall
+test_multi_multi_CFLAGS = -Wall $(EXTRA_WARNINGS)
test_multi_multi_LDADD = -L../src/.libs -lapparmor
EXTRA_DIST = test_multi/*.in test_multi/*.out test_multi/*.err
all: all-recursive
@@ -394,8 +397,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -426,7 +429,13 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_multi_multi-test_multi.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_multi_multi-test_multi.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -573,7 +582,7 @@ check-DEJAGNU: site.exp
EXPECT=$(EXPECT); export EXPECT; \
if $(SHELL) -c "$(RUNTEST) --version" > /dev/null 2>&1; then \
exit_status=0; l='$(DEJATOOL)'; for tool in $$l; do \
- if $(RUNTEST) $(AM_RUNTESTFLAGS) $(RUNTESTDEFAULTFLAGS) $(RUNTESTFLAGS); \
+ if $(RUNTEST) $(RUNTESTDEFAULTFLAGS) $(AM_RUNTESTFLAGS) $(RUNTESTFLAGS); \
then :; else exit_status=1; fi; \
done; \
else echo "WARNING: could not find '$(RUNTEST)'" 1>&2; :;\
@@ -585,7 +594,7 @@ site.exp: Makefile $(EXTRA_DEJAGNU_SITE_CONFIG)
@echo '# Do not edit here. If you wish to override these values' >>site.tmp
@echo '# edit the last section' >>site.tmp
@echo 'set srcdir "$(srcdir)"' >>site.tmp
- @echo "set objdir `pwd`" >>site.tmp
+ @echo "set objdir \"`pwd`\"" >>site.tmp
@echo 'set build_alias "$(build_alias)"' >>site.tmp
@echo 'set build_triplet $(build_triplet)' >>site.tmp
@echo 'set host_alias "$(host_alias)"' >>site.tmp
@@ -609,8 +618,10 @@ distclean-DEJAGNU:
-l='$(DEJATOOL)'; for tool in $$l; do \
rm -f $$tool.sum $$tool.log; \
done
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -707,7 +718,7 @@ clean-am: clean-generic clean-libtool clean-local clean-noinstPROGRAMS \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/test_multi_multi-test_multi.Po
-rm -f Makefile
distclean-am: clean-am distclean-DEJAGNU distclean-compile \
distclean-generic distclean-tags
@@ -753,7 +764,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/test_multi_multi-test_multi.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -774,23 +785,25 @@ uninstall-am:
.MAKE: $(am__recursive_targets) check-am install-am install-strip
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-DEJAGNU check-am check-local clean clean-generic \
- clean-libtool clean-local clean-noinstPROGRAMS cscopelist-am \
- ctags ctags-am distclean distclean-DEJAGNU distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs installdirs-am \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
+ am--depfiles check check-DEJAGNU check-am check-local clean \
+ clean-generic clean-libtool clean-local clean-noinstPROGRAMS \
+ cscopelist-am ctags ctags-am distclean distclean-DEJAGNU \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am
.PRECIOUS: Makefile
+include $(COMMONDIR)/Make.rules
clean-local:
rm -rf tmp.err.* tmp.out.* site.exp site.bak test_multi/out
diff --git a/libraries/libapparmor/testsuite/config/Makefile.in b/libraries/libapparmor/testsuite/config/Makefile.in
index b04a0015d689c45002ef4369e58ce1334e275685..05377bf1b91860fc752d7086790dcf0194db0397 100644
--- a/libraries/libapparmor/testsuite/config/Makefile.in
+++ b/libraries/libapparmor/testsuite/config/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -132,8 +132,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -144,6 +145,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -188,6 +190,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -285,8 +288,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -309,8 +312,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/testsuite/lib/Makefile.in b/libraries/libapparmor/testsuite/lib/Makefile.in
index 376565adaab76148f5344cd47081cf9b679e4b0f..1b8b260bb2c83e051b93de381c2e501afb4685d1 100644
--- a/libraries/libapparmor/testsuite/lib/Makefile.in
+++ b/libraries/libapparmor/testsuite/lib/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -132,8 +132,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -144,6 +145,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -188,6 +190,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -285,8 +288,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -309,8 +312,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in b/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
index 1dce54c5819f954801382c94eb17f275e6f997b5..dff549c3c944b62c25d4b3c357d34b37e3e4e210 100644
--- a/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
+++ b/libraries/libapparmor/testsuite/libaalogparse.test/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -132,8 +132,9 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
-CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
@@ -144,6 +145,7 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
+ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
@@ -188,6 +190,7 @@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POD2MAN = @POD2MAN@
PODCHECKER = @PODCHECKER@
PYTHON = @PYTHON@
+PYTHON_CONFIG = @PYTHON_CONFIG@
PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
@@ -285,8 +288,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -309,8 +312,10 @@ ctags CTAGS:
cscope cscopelist:
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
-distdir: $(DISTFILES)
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
diff --git a/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.err b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.in b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.in
new file mode 100644
index 0000000000000000000000000000000000000000..6b28cb6db127c007dd23f3d3d9e2c470db3fc446
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1661734785.992:270): apparmor="ALLOWED" operation="open" profile="/usr/bin/dolphin" name="/home/otis/.config/kdedefaults/kdeglobals" pid=3483 comm="dolphin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0�FSUID="otis" OUID="root"
diff --git a/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.out b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.out
new file mode 100644
index 0000000000000000000000000000000000000000..61f6ef57da87fecc20da2a855efc15cdacd65883
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.out
@@ -0,0 +1,15 @@
+START
+File: 0x1d-uppercase-FSUID-OUID.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1661734785.992:270
+Operation: open
+Mask: r
+Denied Mask: r
+fsuid: 1000
+ouid: 0
+Profile: /usr/bin/dolphin
+Name: /home/otis/.config/kdedefaults/kdeglobals
+Command: dolphin
+PID: 3483
+Epoch: 1661734785
+Audit subid: 270
diff --git a/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.profile b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.profile
new file mode 100644
index 0000000000000000000000000000000000000000..d94236aaf9057db63d89b9e75beb9e7aabe04024
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/0x1d-uppercase-FSUID-OUID.profile
@@ -0,0 +1,4 @@
+/usr/bin/dolphin {
+ /home/otis/.config/kdedefaults/kdeglobals r,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/complex_profile_name.err b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/complex_profile_name.in b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.in
new file mode 100644
index 0000000000000000000000000000000000000000..0717da5ce980ed854d6a3b3bf1653b52b6a887f1
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1553903266.854:518): apparmor="DENIED" operation="open" profile="/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}" name="/sys/class/scsi_device/" pid=543 comm="wine" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/complex_profile_name.out b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.out
new file mode 100644
index 0000000000000000000000000000000000000000..c869d4b57c3194f0510efdfe722f3384c56efe57
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.out
@@ -0,0 +1,15 @@
+START
+File: complex_profile_name.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1553903266.854:518
+Operation: open
+Mask: r
+Denied Mask: r
+fsuid: 1000
+ouid: 0
+Profile: /usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}
+Name: /sys/class/scsi_device/
+Command: wine
+PID: 543
+Epoch: 1553903266
+Audit subid: 518
diff --git a/libraries/libapparmor/testsuite/test_multi/complex_profile_name.profile b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.profile
new file mode 100644
index 0000000000000000000000000000000000000000..d70184869f90d1c43d37b304ef3f4014b1360557
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/complex_profile_name.profile
@@ -0,0 +1,4 @@
+/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*} {
+ /sys/class/scsi_device/ r,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/exec01.err b/libraries/libapparmor/testsuite/test_multi/exec01.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/exec01.in b/libraries/libapparmor/testsuite/test_multi/exec01.in
new file mode 100644
index 0000000000000000000000000000000000000000..1fd6561b96680faf418aae8e638b4843b8bacf99
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec01.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1556742889.059:3686): apparmor="ALLOWED" operation="exec" profile="/home/cb/bin/hello.sh" name="/usr/bin/rm" pid=13108 comm="hello.sh" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0 target="/home/cb/bin/hello.sh//null-/usr/bin/rm"
diff --git a/libraries/libapparmor/testsuite/test_multi/exec01.out b/libraries/libapparmor/testsuite/test_multi/exec01.out
new file mode 100644
index 0000000000000000000000000000000000000000..462afb49eaa9be99de3d9d20c73718046621405d
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec01.out
@@ -0,0 +1,16 @@
+START
+File: exec01.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1556742889.059:3686
+Operation: exec
+Mask: x
+Denied Mask: x
+fsuid: 1000
+ouid: 0
+Profile: /home/cb/bin/hello.sh
+Name: /usr/bin/rm
+Command: hello.sh
+Name2: /home/cb/bin/hello.sh//null-/usr/bin/rm
+PID: 13108
+Epoch: 1556742889
+Audit subid: 3686
diff --git a/libraries/libapparmor/testsuite/test_multi/exec01.profile b/libraries/libapparmor/testsuite/test_multi/exec01.profile
new file mode 100644
index 0000000000000000000000000000000000000000..edf510590cffc5c0537ee40af07f38a5743f129b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec01.profile
@@ -0,0 +1,2 @@
+/home/cb/bin/hello.sh {
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/exec02.err b/libraries/libapparmor/testsuite/test_multi/exec02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/exec02.in b/libraries/libapparmor/testsuite/test_multi/exec02.in
new file mode 100644
index 0000000000000000000000000000000000000000..e602028210c0326ade8af449979431dd6f4f53ed
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec02.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1564250674.378:1307): apparmor="DENIED" operation="exec" profile="/usr/bin/wireshark" name="/usr/lib64/wireshark/extcap/androiddump" pid=23247 comm="pool" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
diff --git a/libraries/libapparmor/testsuite/test_multi/exec02.out b/libraries/libapparmor/testsuite/test_multi/exec02.out
new file mode 100644
index 0000000000000000000000000000000000000000..5543e4222ae63c883c0b6a10b521332f3f608fc0
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec02.out
@@ -0,0 +1,15 @@
+START
+File: exec02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1564250674.378:1307
+Operation: exec
+Mask: x
+Denied Mask: x
+fsuid: 1000
+ouid: 0
+Profile: /usr/bin/wireshark
+Name: /usr/lib64/wireshark/extcap/androiddump
+Command: pool
+PID: 23247
+Epoch: 1564250674
+Audit subid: 1307
diff --git a/libraries/libapparmor/testsuite/test_multi/exec02.profile b/libraries/libapparmor/testsuite/test_multi/exec02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..e05eb5ab7efb99df6dbb1a8bbb1ab1cb3aa079e5
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/exec02.profile
@@ -0,0 +1,2 @@
+/usr/bin/wireshark {
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.err b/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.in b/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.in
new file mode 100644
index 0000000000000000000000000000000000000000..6a5cbdd90fc3944158aed1d81e82b92d032949b5
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.in
@@ -0,0 +1 @@
+audit.log:type=AVC msg=audit(1630913351.586:4): apparmor="STATUS" info="AppArmor Filesystem Enabled" pid=1 comm="swapper/0"
diff --git a/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.out b/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.out
new file mode 100644
index 0000000000000000000000000000000000000000..7bce2774794f896d55c047347549e05f9aa97b46
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/status-filesystem-enabled.out
@@ -0,0 +1,3 @@
+START
+File: status-filesystem-enabled.in
+Event type: AA_RECORD_INVALID
diff --git a/libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.profile b/libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.profile
index f1fbb8c84615a771aea75217d1eb92c39f8d2044..a1931b8e7e8a8cadaed4a5417e9bd8046c587a34 100644
--- a/libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.profile
+++ b/libraries/libapparmor/testsuite/test_multi/syslog_datetime_10.profile
@@ -1,4 +1,5 @@
/usr/lib/virtualbox/VBoxSVC {
+
^null-2d {
/sys/class/power_supply/ r,
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.err b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.in b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.in
new file mode 100644
index 0000000000000000000000000000000000000000..6d4b73835e5a7c2251af032cd582d9160fa9124b
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.in
@@ -0,0 +1 @@
+type=AVC msg=audit(1598805776.452:88586): apparmor="DENIED" operation="change_profile" profile="php-fpm" name="php-fpm//webapp" pid=825 comm="php-fpm" target="php-fpm//webapp"
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.out b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.out
new file mode 100644
index 0000000000000000000000000000000000000000..df781659cfad1aaec8e08f5cf190fda248f4366c
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.out
@@ -0,0 +1,12 @@
+START
+File: testcase_changeprofile_02.in
+Event type: AA_RECORD_DENIED
+Audit ID: 1598805776.452:88586
+Operation: change_profile
+Profile: php-fpm
+Name: php-fpm//webapp
+Command: php-fpm
+Name2: php-fpm//webapp
+PID: 825
+Epoch: 1598805776
+Audit subid: 88586
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.profile b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.profile
new file mode 100644
index 0000000000000000000000000000000000000000..0e5c172901d4c3532b926867ac6224cd0a085a67
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_changeprofile_02.profile
@@ -0,0 +1,4 @@
+profile php-fpm {
+ change_profile -> php-fpm//webapp,
+
+}
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile b/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
index 24b2f3be6312b53b65b117522328ea987c4d37c0..d56590696bfbd5d03ae1baa4504c1fa7a17e4179 100644
--- a/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_network_send_receive.profile
@@ -1,4 +1,5 @@
/usr/bin/nginx-amplify-agent.py {
+
^null-/bin/dash {
network inet stream,
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.err b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.err
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.in b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.in
new file mode 100644
index 0000000000000000000000000000000000000000..05ff28ac2bdce1b038e41d581c1c321b3a5670f5
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.in
@@ -0,0 +1 @@
+2021-09-11T20:57:41.91645 kern.notice: [ 469.180605] audit: type=1400 audit(1631392703.952:3): apparmor="ALLOWED" operation="mkdir" profile="/usr/sbin/sshd" name="/run/user/1000/kakoune/" pid=2545 comm="sshd" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.out b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.out
new file mode 100644
index 0000000000000000000000000000000000000000..7f70604b87b4e404dbe1dac37397483821ec60b9
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.out
@@ -0,0 +1,15 @@
+START
+File: testcase_socklogd_mkdir.in
+Event type: AA_RECORD_ALLOWED
+Audit ID: 1631392703.952:3
+Operation: mkdir
+Mask: c
+Denied Mask: c
+fsuid: 1000
+ouid: 1000
+Profile: /usr/sbin/sshd
+Name: /run/user/1000/kakoune/
+Command: sshd
+PID: 2545
+Epoch: 1631392703
+Audit subid: 3
diff --git a/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.profile b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.profile
new file mode 100644
index 0000000000000000000000000000000000000000..6a4b637cc0b49947541bcff7fe4685e0ecb43da9
--- /dev/null
+++ b/libraries/libapparmor/testsuite/test_multi/testcase_socklogd_mkdir.profile
@@ -0,0 +1,4 @@
+/usr/sbin/sshd {
+ owner /run/user/1000/kakoune/ w,
+
+}
diff --git a/libraries/libapparmor/ylwrap b/libraries/libapparmor/ylwrap
index d788f2da5581a552ebc9f4ea10e1e843bb36b554..e8ec109fa26c0306dc1e234b84998b5ab4b460ca 100755
--- a/libraries/libapparmor/ylwrap
+++ b/libraries/libapparmor/ylwrap
@@ -1,9 +1,9 @@
#! /bin/sh
# ylwrap - wrapper for lex/yacc invocations.
-scriptversion=2016-01-11.22; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2021 Free Software Foundation, Inc.
#
# Written by Tom Tromey <tromey@cygnus.com>.
#
@@ -18,7 +18,7 @@ scriptversion=2016-01-11.22; # UTC
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -239,7 +239,7 @@ exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC0"
diff --git a/parser/Makefile b/parser/Makefile
index 1ab173dd43136c51072ee389a48e9bef91eca34f..15f9d975d0d30d58ee74d5a23758aeb55be6d809 100644
--- a/parser/Makefile
+++ b/parser/Makefile
@@ -30,19 +30,34 @@ SYSTEMD_UNIT_DIR=${DESTDIR}/usr/lib/systemd/system
CONFDIR=/etc/apparmor
INSTALL_CONFDIR=${DESTDIR}${CONFDIR}
LOCALEDIR=/usr/share/locale
-MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 subdomain.conf.5 aa-teardown.8
+MANPAGES=apparmor.d.5 apparmor.7 apparmor_parser.8 aa-teardown.8 apparmor_xattrs.7
+
+# Test for bison version
+# parse.error added in version 3.0
+# default behavior changed in version 3.6
+# parse.error=verbose supported from 3.0 so just test on that
+# TODO move to autoconf
+BISON_MAJOR:=$(shell bison --version | awk '/^bison/ { print ($$NF) }' | awk -F. '{print $$1 }')
+USE_PARSE_ERROR:=$(shell test ${BISON_MAJOR} -ge 3 && echo true)
YACC := bison
YFLAGS := -d
+ifeq ($(USE_PARSE_ERROR),true)
+YFLAGS+=--define=parse.error=verbose
+endif
LEX := flex
LEXFLAGS = -B -v
+ifndef DEBUG
+LEXFLAGS += --noyy_top_state
+endif
+
+CPPFLAGS += -D_GNU_SOURCE
+
+STDLIB_INCLUDE:="\#include <stdlib.h>"
+HAVE_REALLOCARRAY:=$(shell echo $(STDLIB_INCLUDE) | ${CPP} ${CPPFLAGS} - - | grep -q reallocarray && echo true)
+
WARNINGS = -Wall
-EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
-CXX_WARNINGS = ${WARNINGS} $(shell for warning in ${EXTRA_WARNINGS} ; do \
- if ${CXX} $${warning} -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then \
- echo "$${warning}"; \
- fi ; \
- done)
+CXX_WARNINGS = ${WARNINGS} ${EXTRA_WARNINGS}
CPP_WARNINGS =
ifndef CFLAGS
CFLAGS = -g -O2 -pipe
@@ -55,10 +70,19 @@ CFLAGS = -g -pg -fprofile-arcs -ftest-coverage
endif
endif #CFLAGS
-EXTRA_CXXFLAGS = ${CFLAGS} ${CPPFLAGS} ${CXX_WARNINGS} -std=gnu++0x -D_GNU_SOURCE
+CFLAGS += -flto-partition=none
+
+EXTRA_CXXFLAGS = ${CFLAGS} ${CPPFLAGS} ${CXX_WARNINGS} -std=gnu++0x
EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
-#LEXLIB := -lfl
+ifeq ($(HAVE_REALLOCARRAY),true)
+EXTRA_CXXCFLAGS+=-DHAVE_REALLOCARRAY=1
+EXTRA_CFLAGS+=-DHAVE_REALLOCARRAY=1
+endif
+
+ifdef DEBUG
+LEXLIB := -lfl
+endif
# override this on the make command to point to where the immunix.h file is
# (yeah this is lame, but since we are tied to the kernel so tightly...)
@@ -72,18 +96,15 @@ endif
# Internationalization support. Define a package and a LOCALEDIR
EXTRA_CFLAGS+=-DPACKAGE=\"${NAME}\" -DLOCALEDIR=\"${LOCALEDIR}\"
-# Compile-time configuration of the location of the config file
-EXTRA_CFLAGS+=-DSUBDOMAIN_CONFDIR=\"${CONFDIR}\"
-
SRCS = parser_common.c parser_include.c parser_interface.c parser_lex.c \
parser_main.c parser_misc.c parser_merge.c parser_symtab.c \
parser_yacc.c parser_regex.c parser_variable.c parser_policy.c \
parser_alias.c common_optarg.c lib.c network.c \
mount.cc dbus.cc profile.cc rule.cc signal.cc ptrace.cc \
- af_rule.cc af_unix.cc policy_cache.c
+ af_rule.cc af_unix.cc policy_cache.c default_features.c
HDRS = parser.h parser_include.h immunix.h mount.h dbus.h lib.h profile.h \
rule.h common_optarg.h signal.h ptrace.h network.h af_rule.h af_unix.h \
- policy_cache.h
+ policy_cache.h file_cache.h
TOOLS = apparmor_parser
OBJECTS = $(patsubst %.cc, %.o, $(SRCS:.c=.o))
@@ -196,10 +217,10 @@ apparmor_parser: $(OBJECTS) $(AAREOBJECTS) $(LIBAPPARMOR_A)
$(CXX) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \
${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) $(AALIB)
-parser_yacc.c parser_yacc.h: parser_yacc.y parser.h profile.h
+parser_yacc.c parser_yacc.h: parser_yacc.y parser.h profile.h file_cache.h
$(YACC) $(YFLAGS) -o parser_yacc.c parser_yacc.y
-parser_lex.c: parser_lex.l parser_yacc.h parser.h profile.h mount.h dbus.h policy_cache.h
+parser_lex.c: parser_lex.l parser_yacc.h parser.h profile.h mount.h dbus.h policy_cache.h file_cache.h
$(LEX) ${LEXFLAGS} -o$@ $<
parser_lex.o: parser_lex.c parser.h parser_yacc.h
@@ -211,13 +232,13 @@ parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h cap_names.h $(APPA
parser_yacc.o: parser_yacc.c parser_yacc.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_main.o: parser_main.c parser.h parser_version.h policy_cache.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
+parser_main.o: parser_main.c parser.h parser_version.h policy_cache.h file_cache.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_interface.o: parser_interface.c parser.h profile.h libapparmor_re/apparmor_re.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_include.o: parser_include.c parser.h parser_include.h
+parser_include.o: parser_include.c parser.h parser_include.h file_cache.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_merge.o: parser_merge.c parser.h profile.h
@@ -238,7 +259,7 @@ parser_policy.o: parser_policy.c parser.h parser_yacc.h profile.h
parser_alias.o: parser_alias.c parser.h profile.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
-parser_common.o: parser_common.c parser.h
+parser_common.o: parser_common.c parser.h file_cache.h
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
mount.o: mount.cc mount.h parser.h immunix.h rule.h
@@ -265,6 +286,9 @@ ptrace.o: ptrace.cc ptrace.h parser.h immunix.h parser_yacc.h rule.h $(APPARMOR_
network.o: network.c network.h parser.h immunix.h parser_yacc.h rule.h af_names.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+default_features.o: default_features.c parser.h
+ $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
+
af_rule.o: af_rule.cc af_rule.h network.h parser.h profile.h immunix.h parser_yacc.h rule.h $(APPARMOR_H)
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
@@ -285,13 +309,21 @@ parser_version.h: Makefile
# as well as the filtering that occurs for network protocols that
# apparmor should not mediate.
-af_names.h: ../common/list_af_names.sh
- ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@
- ../common/list_af_names.sh | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@
- # cat $@
+generated_af_names.h: ../common/list_af_names.sh
+ ../common/list_af_names.sh > $@
+
+af_names.h: generated_af_names.h base_af_names.h
+ cat base_af_names.h | diff -u - generated_af_names.h | grep -v '^.AF_MAX' | grep '^\+[^+]' ; \
+ if [ $$? -eq 1 ] ; then \
+ cat base_af_names.h | LC_ALL=C sed -n -e 's/[ \t]\?AF_MAX[ \t]\+[0-9]\+,//g' -e 's/[ \t]\+\?AF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\),/#ifndef AF_\1\n# define AF_\1 \2\n#endif\nAA_GEN_NET_ENT("\L\1", \UAF_\1)\n/pg' > $@ ; \
+ cat base_af_names.h | LC_ALL=C sed -n -e 's/AF_MAX[ \t]\+\([0-9]\+\),\?.*/\n#define AA_AF_MAX \1\n/p' >> $@ ; \
+ else \
+ echo "Error: new AF names detected; please update base_af_names.h with values from generated_af_names.h" ; \
+ exit 1 ; \
+ fi
generated_cap_names.h: /usr/include/linux/capability.h
- ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
+ ../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE\},\\n/pg" > $@
cap_names.h: generated_cap_names.h base_cap_names.h
@LC_ALL=C sed -e 's/\([^,]*,[^,]*,\) CAP_[A-Z0-9_]\+,/\1 NO_BACKMAP_CAP,/g' base_cap_names.h | diff -u - generated_cap_names.h | grep '^\+[^+]' ; \
@@ -354,11 +386,11 @@ DISTRO=$(shell if [ -f /etc/slackware-version ] ; then \
elif [ -f /etc/debian_version ] ; then \
echo debian ;\
elif which rpm > /dev/null ; then \
- if [ "$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \
+ if [ "$$(rpm --eval '0%{?suse_version}')" != "0" ] ; then \
echo suse ;\
- elif [ "$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \
+ elif [ "$$(rpm --eval '%{_host_vendor}')" = redhat ] ; then \
echo rhel4 ;\
- elif [ "$(rpm --eval '0%{?fedora}')" != "0" ] ; then \
+ elif [ "$$(rpm --eval '0%{?fedora}')" != "0" ] ; then \
echo rhel4 ;\
else \
echo unknown ;\
@@ -385,11 +417,11 @@ install-arch: $(INSTALLDEPS)
.PHONY: install-indep
install-indep: indep
install -m 755 -d $(INSTALL_CONFDIR)
- install -m 644 subdomain.conf $(INSTALL_CONFDIR)
install -m 644 parser.conf $(INSTALL_CONFDIR)
install -m 755 -d ${DESTDIR}/var/lib/apparmor
install -m 755 -d $(APPARMOR_BIN_PREFIX)
install -m 755 rc.apparmor.functions $(APPARMOR_BIN_PREFIX)
+ install -m 755 profile-load $(APPARMOR_BIN_PREFIX)
$(MAKE) -C po install NAME=${NAME} DESTDIR=${DESTDIR}
$(MAKE) install_manpages DESTDIR=${DESTDIR}
@@ -413,7 +445,7 @@ clean: pod_clean
rm -f $(YACC_C_FILES)
rm -f parser_version.h
rm -f $(NAME)*.tar.gz $(NAME)*.tgz
- rm -f af_names.h
+ rm -f af_names.h generated_af_names.h
rm -f cap_names.h generated_cap_names.h
rm -rf techdoc.aux techdoc.out techdoc.log techdoc.pdf techdoc.toc techdoc.txt techdoc/
$(MAKE) -s -C $(AAREDIR) clean
diff --git a/parser/aa-teardown b/parser/aa-teardown
index f52cbbd087a777646ba0c41f79e0431f5fb2d602..7a727439c279504f1da7ae6149af6c0b31150589 100644
--- a/parser/aa-teardown
+++ b/parser/aa-teardown
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
test $# = 0 || {
echo "Usage: $0"
diff --git a/parser/aa-teardown.8 b/parser/aa-teardown.8
index cf5d747da2b22cbf619fc80870710d3665e5fdaa..e4080fd8a1452e8b1655a155ad05df510837cdc3 100644
--- a/parser/aa-teardown.8
+++ b/parser/aa-teardown.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-TEARDOWN 8"
-.TH AA-TEARDOWN 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-TEARDOWN 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +149,7 @@ aa-teardown unloads all AppArmor profiles
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), and <https://wiki.apparmor.net>.
diff --git a/parser/aa-teardown.8.html b/parser/aa-teardown.8.html
index e5bee078d9fdcd8906870fc27bcae317ef496515..6e3847bdc80f7532649f86ce462722441799e872 100644
--- a/parser/aa-teardown.8.html
+++ b/parser/aa-teardown.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-teardown - unload all AppArmor profiles</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-teardown - unload all AppArmor profiles</span></strong></big>
</td></tr>
</table>
@@ -39,7 +39,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -47,7 +47,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-teardown - unload all AppArmor profiles</span></strong></big>
</td></tr>
</table>
diff --git a/parser/aa-teardown.pod b/parser/aa-teardown.pod
index e2311e6da576557ed46eae6fbde652719dafe94a..e9f58c9560f0bbeb56284771353c34224b026a3e 100644
--- a/parser/aa-teardown.pod
+++ b/parser/aa-teardown.pod
@@ -31,7 +31,7 @@ aa-teardown unloads all AppArmor profiles
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/parser/af_unix.cc b/parser/af_unix.cc
index 98a9b657ef7280077153eee878d822b8a8199955..674ab88c7f84be554949d95fc1e6875d52c1533c 100644
--- a/parser/af_unix.cc
+++ b/parser/af_unix.cc
@@ -22,7 +22,6 @@
#include <iomanip>
#include <string>
-#include <iostream>
#include <sstream>
#include "network.h"
@@ -30,6 +29,9 @@
#include "profile.h"
#include "af_unix.h"
+/* See unix(7) for autobind address definiation */
+#define autobind_address_pattern "\\x00[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]";
+
int parse_unix_mode(const char *str_mode, int *mode, int fail)
{
return parse_X_mode("unix", AA_VALID_NET_PERMS, str_mode, mode, fail);
@@ -55,7 +57,9 @@ void unix_rule::move_conditionals(struct cond_entry *conds)
}
if (strcmp(ent->name, "addr") == 0) {
move_conditional_value("unix socket", &addr, ent);
- if (addr[0] != '@' && strcmp(addr, "none") != 0)
+ if (addr[0] != '@' &&
+ !(strcmp(addr, "none") == 0 ||
+ strcmp(addr, "auto") == 0))
yyerror("unix rule: invalid value for addr='%s'\n", addr);
}
@@ -83,7 +87,9 @@ void unix_rule::move_peer_conditionals(struct cond_entry *conds)
}
if (strcmp(ent->name, "addr") == 0) {
move_conditional_value("unix", &peer_addr, ent);
- if (peer_addr[0] != '@' && strcmp(peer_addr, "none") != 0)
+ if ((peer_addr[0] != '@') &&
+ !(strcmp(peer_addr, "none") == 0 ||
+ strcmp(peer_addr, "auto") == 0))
yyerror("unix rule: invalid value for addr='%s'\n", peer_addr);
}
}
@@ -160,26 +166,10 @@ int unix_rule::expand_variables(void)
return 0;
}
-/* do we want to warn once/profile or just once per compile?? */
-static void warn_once(const char *name, const char *msg)
-{
- static const char *warned_name = NULL;
-
- if (warned_name != name) {
- cerr << "Warning from profile " << name << " (";
- if (current_filename)
- cerr << current_filename;
- else
- cerr << "stdin";
- cerr << "): " << msg << "\n";
- warned_name = name;
- }
-}
-static void warn_once(const char *name)
+void unix_rule::warn_once(const char *name)
{
- if (warnflags & WARN_RULE_NOT_ENFORCED)
- warn_once(name, "extended network unix socket rules not enforced");
+ rule_t::warn_once(name, "extended network unix socket rules not enforced");
}
static void writeu16(std::ostringstream &o, int v)
@@ -204,28 +194,26 @@ void unix_rule::downgrade_rule(Profile &prof) {
yyerror(_("Memory allocation error."));
if (sock_type_n != -1)
mask = 1 << sock_type_n;
- if (deny) {
- prof.net.deny[AF_UNIX] |= mask;
- if (!audit)
- prof.net.quiet[AF_UNIX] |= mask;
- } else {
+ if (!deny) {
prof.net.allow[AF_UNIX] |= mask;
if (audit)
prof.net.audit[AF_UNIX] |= mask;
+ } else {
+ /* deny rules have to be dropped because the downgrade makes
+ * the rule less specific meaning it will make the profile more
+ * restrictive and may end up denying accesses that might be
+ * allowed by the profile.
+ */
+ if (warnflags & WARN_RULE_NOT_ENFORCED)
+ rule_t::warn_once(prof.name, "deny unix socket rule not enforced, can't be downgraded to generic network rule\n");
}
}
-static uint32_t map_perms(uint32_t mask)
-{
- return (mask & 0x7f) |
- ((mask & (AA_NET_GETATTR | AA_NET_SETATTR)) << (AA_OTHER_SHIFT - 8)) |
- ((mask & (AA_NET_ACCEPT | AA_NET_BIND | AA_NET_LISTEN)) >> 4) | /* 2 + (AA_OTHER_SHIFT - 20) */
- ((mask & (AA_NET_SETOPT | AA_NET_GETOPT)) >> 5); /* 5 + (AA_OTHER_SHIFT - 24) */
-}
-
void unix_rule::write_to_prot(std::ostringstream &buffer)
{
- buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_NET;
+ int c = features_supports_networkv8 ? AA_CLASS_NETV8 : AA_CLASS_NET;
+
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << c;
writeu16(buffer, AF_UNIX);
if (sock_type)
writeu16(buffer, sock_type_n);
@@ -247,6 +235,12 @@ bool unix_rule::write_addr(std::ostringstream &buffer, const char *addr)
if (strcmp(addr, "none") == 0) {
/* anonymous */
buffer << "\\x01";
+ } else if (strcmp(addr, "auto") == 0) {
+ /* autobind - special autobind rule written already
+ * just generate pattern that matches autobind
+ * generated addresses.
+ */
+ buffer << autobind_address_pattern;
} else {
/* skip leading @ */
ptype = convert_aaregex_to_pcre(addr + 1, 0, glob_null, buf, &pos);
@@ -324,12 +318,12 @@ int unix_rule::gen_policy_re(Profile &prof)
* rules ability
*/
downgrade_rule(prof);
- if (!kernel_supports_unix) {
- if (kernel_supports_network) {
+ if (!features_supports_unix) {
+ if (features_supports_network || features_supports_networkv8) {
/* only warn if we are building against a kernel
* that requires downgrading */
if (warnflags & WARN_RULE_DOWNGRADED)
- warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
+ rule_t::warn_once(prof.name, "downgrading extended network unix socket rule to generic network rule\n");
/* TODO: add ability to abort instead of downgrade */
return RULE_OK;
}
@@ -348,6 +342,33 @@ int unix_rule::gen_policy_re(Profile &prof)
mask &= ~AA_NET_CREATE;
}
+ /* write special pattern for autobind? Will not grant bind
+ * on any specific address
+ */
+ if ((mask & AA_NET_BIND) && (!addr || (strcmp(addr, "auto") == 0))) {
+ std::ostringstream tmp;
+
+ tmp << buffer.str();
+ /* todo: change to out of band separator */
+ /* skip addr, its 0 length */
+ tmp << "\\x00";
+ /* local label option */
+ if (!write_label(tmp, label))
+ goto fail;
+ /* seperator */
+ tmp << "\\x00";
+
+ buf = tmp.str();
+ if (!prof.policy.rules->add_rule(buf.c_str(), deny,
+ map_perms(AA_NET_BIND),
+ map_perms(audit & AA_NET_BIND),
+ dfaflags))
+ goto fail;
+ /* clear if auto, else generic need to generate addr below */
+ if (addr)
+ mask &= ~AA_NET_BIND;
+ }
+
if (mask) {
/* local addr */
if (!write_addr(buffer, addr))
diff --git a/parser/af_unix.h b/parser/af_unix.h
index d1d1fc8fa2925710cf2cd6a16612013a520d9e36..763ed166b3888b5d0ff4ab5499d359cd86e6e86b 100644
--- a/parser/af_unix.h
+++ b/parser/af_unix.h
@@ -58,6 +58,9 @@ public:
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
virtual void post_process(Profile &prof unused) { };
+
+protected:
+ virtual void warn_once(const char *name) override;
};
#endif /* __AA_AF_UNIX_H */
diff --git a/parser/apparmor.7 b/parser/apparmor.7
index c7550a998ecde2a10216f1ccdbab0ccbd1d2100d..b5e7e4859ba1ac033fecf952acd356971287269e 100644
--- a/parser/apparmor.7
+++ b/parser/apparmor.7
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "APPARMOR 7"
-.TH APPARMOR 7 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH APPARMOR 7 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +147,7 @@ of resources. AppArmor's unique security model is to bind access control
attributes to programs rather than to users.
.PP
AppArmor confinement is provided via \fIprofiles\fR loaded into the kernel
-via \fIapparmor_parser\fR\|(8), typically through the \fI/etc/init.d/apparmor\fR
+via \fBapparmor_parser\fR\|(8), typically through the \fI/etc/init.d/apparmor\fR
SysV initscript, which is used like this:
.PP
.Vb 3
@@ -161,7 +165,7 @@ policy violation attempts to syslogd.
\&\fIcomplain\fR \- Profiles loaded in \f(CW\*(C`complain\*(C'\fR mode will not enforce policy.
Instead, it will report policy violation attempts. This mode is convenient for
developing profiles. To manage complain mode for individual profiles the
-utilities \fIaa\-complain\fR\|(8) and \fIaa\-enforce\fR\|(8) can be used.
+utilities \fBaa\-complain\fR\|(8) and \fBaa\-enforce\fR\|(8) can be used.
These utilities take a program name as an argument.
.PP
Profiles are traditionally stored in files in \fI/etc/apparmor.d/\fR
@@ -169,9 +173,9 @@ under filenames with the convention of replacing the \fB/\fR in pathnames
with \fB.\fR (except for the root \fB/\fR) so profiles are easier to manage
(e.g. the \fI/usr/sbin/nscd\fR profile would be named \fIusr.sbin.nscd\fR).
.PP
-Profiles are applied to a process at \fIexec\fR\|(3) time (as seen through the
-\&\fIexecve\fR\|(2) system call): once a profile is loaded for a program, that
-program will be confined on the next \fIexec\fR\|(3). If a process is already
+Profiles are applied to a process at \fBexec\fR\|(3) time (as seen through the
+\&\fBexecve\fR\|(2) system call): once a profile is loaded for a program, that
+program will be confined on the next \fBexec\fR\|(3). If a process is already
running under a profile, when one replaces that profile in the kernel,
the updated profile is applied immediately to that process.
On the other hand, a process that is already running unconfined cannot
@@ -303,7 +307,7 @@ messages, you will likely have to turn off rate limiting by doing:
But even then the kernel ring buffer may overflow and you might
lose messages.
.PP
-Else, if auditd is running, see \fIauditd\fR\|(8) and \fIauditd.conf\fR\|(5).
+Else, if auditd is running, see \fBauditd\fR\|(8) and \fBauditd.conf\fR\|(5).
.SH "FILES"
.IX Header "FILES"
.IP "\fI/etc/init.d/apparmor\fR" 4
@@ -320,8 +324,8 @@ Else, if auditd is running, see \fIauditd\fR\|(8) and \fIauditd.conf\fR\|(5).
.PD
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor_parser\fR\|(8), \fIaa_change_hat\fR\|(2), \fIapparmor.d\fR\|(5),
-\&\fIsubdomain.conf\fR\|(5), \fIaa\-autodep\fR\|(1), \fIclean\fR\|(1),
-\&\fIauditd\fR\|(8),
-\&\fIaa\-unconfined\fR\|(8), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1), and
+\&\fBapparmor_parser\fR\|(8), \fBaa_change_hat\fR\|(2), \fBapparmor.d\fR\|(5),
+\&\fBaa\-autodep\fR\|(1), \fBclean\fR\|(1),
+\&\fBauditd\fR\|(8),
+\&\fBaa\-unconfined\fR\|(8), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), and
<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.7.html b/parser/apparmor.7.html
index e238f2bc2c64fb92b38d6f962454116788efbc94..da1cf7e08f4c07234680b379d81ae54496c00846 100644
--- a/parser/apparmor.7.html
+++ b/parser/apparmor.7.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>AppArmor - kernel enhancement to confine programs to a limited set of resources.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> AppArmor - kernel enhancement to confine programs to a limited set of resources.</span></strong></big>
</td></tr>
</table>
@@ -42,9 +42,9 @@
<p>AppArmor confinement is provided via <i>profiles</i> loaded into the kernel via apparmor_parser(8), typically through the <i>/etc/init.d/apparmor</i> SysV initscript, which is used like this:</p>
-<pre><code> # /etc/init.d/apparmor start
- # /etc/init.d/apparmor stop
- # /etc/init.d/apparmor restart</code></pre>
+<pre><code># /etc/init.d/apparmor start
+# /etc/init.d/apparmor stop
+# /etc/init.d/apparmor restart</code></pre>
<p>AppArmor can operate in two modes: <i>enforcement</i>, and <i>complain or learning</i>:</p>
@@ -64,47 +64,47 @@
<p>AppArmor supports the Linux kernel's securityfs filesystem, and makes available the list of the profiles currently loaded; to mount the filesystem:</p>
-<pre><code> # mount -tsecurityfs securityfs /sys/kernel/security
- $ cat /sys/kernel/security/apparmor/profiles
- /usr/bin/mutt
- /usr/bin/gpg
- ...</code></pre>
+<pre><code># mount -tsecurityfs securityfs /sys/kernel/security
+$ cat /sys/kernel/security/apparmor/profiles
+/usr/bin/mutt
+/usr/bin/gpg
+ ...</code></pre>
<p>Normally, the initscript will mount securityfs if it has not already been done.</p>
<p>AppArmor also restricts what privileged operations a confined process may execute, even if the process is running as root. A confined process cannot call the following system calls:</p>
-<pre><code> create_module(2) delete_module(2) init_module(2) ioperm(2)
- iopl(2) ptrace(2) reboot(2) setdomainname(2)
- sethostname(2) swapoff(2) swapon(2) sysctl(2)</code></pre>
+<pre><code>create_module(2) delete_module(2) init_module(2) ioperm(2)
+iopl(2) ptrace(2) reboot(2) setdomainname(2)
+sethostname(2) swapoff(2) swapon(2) sysctl(2)</code></pre>
<h1 id="ERRORS">ERRORS</h1>
<p>When a confined process tries to access a file it does not have permission to access, the kernel will report a message through audit, similar to:</p>
-<pre><code> audit(1386511672.612:238): apparmor="DENIED" operation="exec"
- parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
- comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
+<pre><code>audit(1386511672.612:238): apparmor="DENIED" operation="exec"
+ parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
+ comm="sh" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
- audit(1386511672.613:239): apparmor="DENIED" operation="open"
- parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
- comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
+audit(1386511672.613:239): apparmor="DENIED" operation="open"
+ parent=7589 profile="/tmp/sh" name="/bin/uname" pid=7605
+ comm="sh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
- audit(1386511772.804:246): apparmor="DENIED" operation="capable"
- parent=7246 profile="/tmp/sh" pid=7589 comm="sh" pid=7589
- comm="sh" capability=2 capname="dac_override"</code></pre>
+audit(1386511772.804:246): apparmor="DENIED" operation="capable"
+ parent=7246 profile="/tmp/sh" pid=7589 comm="sh" pid=7589
+ comm="sh" capability=2 capname="dac_override"</code></pre>
<p>The permissions requested by the process are described in the operation= and denied_mask= (for files - capabilities etc. use a slightly different log format). The "name" and process id of the running program are reported, as well as the profile name including any "hat" that may be active, separated by "//". ("Name" is in quotes, because the process name is limited to 15 bytes; it is the same as reported through the Berkeley process accounting.)</p>
<p>For confined processes running under a profile that has been loaded in complain mode, enforcement will not take place and the log messages reported to audit will be of the form:</p>
-<pre><code> audit(1386512577.017:275): apparmor="ALLOWED" operation="open"
- parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
- pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
+<pre><code>audit(1386512577.017:275): apparmor="ALLOWED" operation="open"
+ parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
+ pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
- audit(1386512577.017:276): apparmor="ALLOWED" operation="open"
- parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
- pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0</code></pre>
+audit(1386512577.017:276): apparmor="ALLOWED" operation="open"
+ parent=8012 profile="/usr/bin/du" name="/etc/apparmor.d/tunables/"
+ pid=8049 comm="du" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0</code></pre>
<p>If the userland auditd is not running, the kernel will send audit events to klogd; klogd will send the messages to syslog, which will log the messages with the KERN facility. Thus, REJECTING and PERMITTING messages may go to either <i>/var/log/audit/audit.log</i> or <i>/var/log/messages</i>, depending upon local configuration.</p>
@@ -118,7 +118,7 @@
<p>To enable debug mode, run:</p>
-<pre><code> echo 1 > /sys/module/apparmor/parameters/debug</code></pre>
+<pre><code>echo 1 > /sys/module/apparmor/parameters/debug</code></pre>
<h2 id="Turn-off-deny-audit-quieting">Turn off deny audit quieting</h2>
@@ -126,7 +126,7 @@
<p>To turn off deny audit quieting, run:</p>
-<pre><code> echo -n noquiet >/sys/module/apparmor/parameters/audit</code></pre>
+<pre><code>echo -n noquiet >/sys/module/apparmor/parameters/audit</code></pre>
<h2 id="Force-audit-mode">Force audit mode</h2>
@@ -136,15 +136,15 @@
<p>To set a specific profile in force audit mode, add the <code>audit</code> flag:</p>
-<pre><code> profile foo flags=(audit) { ... }</code></pre>
+<pre><code>profile foo flags=(audit) { ... }</code></pre>
<p>To enable force audit mode globally, run:</p>
-<pre><code> echo -n all > /sys/module/apparmor/parameters/audit</code></pre>
+<pre><code>echo -n all > /sys/module/apparmor/parameters/audit</code></pre>
<p>If auditd is not running, to avoid losing too many of the extra log messages, you will likely have to turn off rate limiting by doing:</p>
-<pre><code> echo 0 > /proc/sys/kernel/printk_ratelimit</code></pre>
+<pre><code>echo 0 > /proc/sys/kernel/printk_ratelimit</code></pre>
<p>But even then the kernel ring buffer may overflow and you might lose messages.</p>
@@ -178,11 +178,11 @@
<h1 id="SEE-ALSO">SEE ALSO</h1>
-<p>apparmor_parser(8), aa_change_hat(2), apparmor.d(5), subdomain.conf(5), aa-autodep(1), clean(1), auditd(8), aa-unconfined(8), aa-enforce(1), aa-complain(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
+<p>apparmor_parser(8), aa_change_hat(2), apparmor.d(5), aa-autodep(1), clean(1), auditd(8), aa-unconfined(8), aa-enforce(1), aa-complain(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> AppArmor - kernel enhancement to confine programs to a limited set of resources.</span></strong></big>
</td></tr>
</table>
diff --git a/parser/apparmor.d.5 b/parser/apparmor.d.5
index 74640be7a7f841f345573dddf06479cb3578475c..a7d3c827d43c821fccb222b322e99d7e1611838b 100644
--- a/parser/apparmor.d.5
+++ b/parser/apparmor.d.5
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "APPARMOR.D 5"
-.TH APPARMOR.D 5 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH APPARMOR.D 5 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,21 +144,44 @@ apparmor.d \- syntax of security profiles for AppArmor.
.IX Header "DESCRIPTION"
AppArmor profiles describe mandatory access rights granted to given
programs and are fed to the AppArmor policy enforcement module using
-\&\fIapparmor_parser\fR\|(8). This man page describes the format of the AppArmor
-configuration files; see \fIapparmor\fR\|(7) for an overview of AppArmor.
+\&\fBapparmor_parser\fR\|(8). This man page describes the format of the AppArmor
+configuration files; see \fBapparmor\fR\|(7) for an overview of AppArmor.
.SH "FORMAT"
.IX Header "FORMAT"
+AppArmor policy is written in a declarative language, in which the
+order of rules within a given section or block does not
+matter. Policy is by convention written so that it is contained in
+multiple files, but this is not a requirement. It could just as easily
+be written in a single file. The policy language is compiled to a
+architecture independent binary format that is loaded into the kernel
+for enforcement.
+.PP
+The base unit of AppArmor confinement is the profile. It contains a
+set of rules which are enforced when the profile is associated with a
+running program. The rules within the profile provide a whitelist of
+different permission that are allowed, along with a few other special
+rules.
+.PP
+The text in AppArmor policy is split into two sections, the preamble
+and the profile definitions. The preamble must occur at the head of
+the file and once profile definitions begin, no more preamble rules
+are allowed (even in files that are included into the profile). When
+AppArmor policy (set of profiles) is split across multiple files, each
+file can have its own preamble section, which may be the same or
+different from other files preamble. Files included within a profile
+section can not have a preamble section.
+.PP
The following is a BNF-style description of AppArmor policy
configuration files; see below for an example AppArmor policy file.
AppArmor configuration files are line-oriented; \fB#\fR introduces a
comment, similar to shell scripting languages. The exception to this
rule is that \fB#include\fR will \fIinclude\fR the contents of a file inline
-to the policy; this behaviour is modelled after \fIcpp\fR\|(1).
+to the policy; this behaviour is modelled after \fBcpp\fR\|(1).
.Sp
.RS 4
\&\fB\s-1PROFILE FILE\s0\fR = ( [ \fI\s-1PREAMBLE\s0\fR ] [ \fI\s-1PROFILE\s0\fR ] )*
.Sp
-\&\fB\s-1PREAMBLE\s0\fR = ( \fI\s-1COMMENT\s0\fR | \fI\s-1VARIABLE ASSIGNMENT\s0\fR | \fI\s-1ALIAS RULE\s0\fR | \fI\s-1INCLUDE\s0\fR )*
+\&\fB\s-1PREAMBLE\s0\fR = ( \fI\s-1COMMENT\s0\fR | \fI\s-1VARIABLE ASSIGNMENT\s0\fR | \fI\s-1ALIAS RULE\s0\fR | \fI\s-1INCLUDE\s0\fR | \fI\s-1ABI\s0\fR )*
Variable assignment and alias rules must come before the profile.
.Sp
\&\fB\s-1VARIABLE ASSIGNMENT\s0\fR = \fI\s-1VARIABLE\s0\fR ('=' | '+=') (space separated values)
@@ -165,7 +192,9 @@ to the policy; this behaviour is modelled after \fIcpp\fR\|(1).
.Sp
\&\fB\s-1INCLUDE\s0\fR = ( '#include' | 'include' ) [ 'if exists' ] ( \fI\s-1ABS PATH\s0\fR | \fI\s-1MAGIC PATH\s0\fR )
.Sp
-\&\fB\s-1ABS PATH\s0\fR = '\*(L"' path '\*(R"' (the path is passed to \fIopen\fR\|(2))
+\&\fB\s-1ABI\s0\fR = ( 'abi' ) ( \fI\s-1ABS PATH\s0\fR | \fI\s-1MAGIC PATH\s0\fR ) ','
+.Sp
+\&\fB\s-1ABS PATH\s0\fR = '\*(L"' path '\*(R"' (the path is passed to \fBopen\fR\|(2))
.Sp
\&\fB\s-1MAGIC PATH\s0\fR = '<' relative path '>'
The path is relative to \fI/etc/apparmor.d/\fR.
@@ -184,11 +213,23 @@ to the policy; this behaviour is modelled after \fIcpp\fR\|(1).
.Sp
\&\fB\s-1UNQUOTED PROFILE NAME\s0\fR = (must start with alphanumeric character (after variable expansion), or '/' \fB\s-1AARE\s0\fR have special meanings; see below. May include \fI\s-1VARIABLE\s0\fR. Rules with embedded spaces or tabs must be quoted.)
.Sp
-\&\fB\s-1ATTACHMENT SPECIFICATION\s0\fR = \fI\s-1FILEGLOB\s0\fR
+\&\fB\s-1ATTACHMENT SPECIFICATION\s0\fR = [ \fI\s-1PROFILE_EXEC_COND\s0\fR ] [ \fI\s-1PROFILE XATTR CONDS\s0\fR ]
+.Sp
+\&\fB\s-1PROFILE_EXEC_COND\s0\fR = \fI\s-1FILEGLOB\s0\fR
+.Sp
+\&\fB\s-1PROFILE XATTR CONDS\s0\fR = [ 'xattrs=' ] '(' comma or white space separated list of \fI\s-1PROFILE XATTR\s0\fR ')'
+.Sp
+\&\fB\s-1PROFILE XATTR\s0\fR = extended attribute name '=' \fI\s-1XATTR VALUE FILEGLOB\s0\fR
+.Sp
+\&\fB\s-1XATTR VALUE FILEGLOB\s0\fR = \fI\s-1FILEGLOB\s0\fR
.Sp
\&\fB\s-1PROFILE FLAG CONDS\s0\fR = [ 'flags=' ] '(' comma or white space separated list of \fI\s-1PROFILE FLAGS\s0\fR ')'
.Sp
-\&\fB\s-1PROFILE FLAGS\s0\fR = 'complain' | 'audit' | 'enforce' | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
+\&\fB\s-1PROFILE FLAGS\s0\fR = \fI\s-1PROFILE MODE\s0\fR | \fI\s-1AUDIT_MODE\s0\fR | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
+.Sp
+\&\fB\s-1PROFILE MODE\s0\fR = 'enforce' | 'complain' | 'kill' | 'unconfined'
+.Sp
+\&\fB\s-1AUDIT MODE\s0\fR = 'audit'
.Sp
\&\fB\s-1RULES\s0\fR = [ ( \fI\s-1LINE RULES\s0\fR | \fI\s-1COMMA RULES\s0\fR ',' | \fI\s-1BLOCK RULES\s0\fR )
.Sp
@@ -202,7 +243,7 @@ to the policy; this behaviour is modelled after \fIcpp\fR\|(1).
.Sp
\&\fB\s-1HAT\s0\fR = ('hat' | '^') \fI\s-1HATNAME\s0\fR [ \fI\s-1PROFILE FLAG CONDS\s0\fR ] '{' ( \fI\s-1RULES\s0\fR )* '}'
.Sp
-\&\fB\s-1HATNAME\s0\fR = (must start with alphanumeric character. See \fIaa_change_hat\fR\|(2) for a description of how this \*(L"hat\*(R" is used. If '^' is used to start a hat then there is no space between the '^' and \fI\s-1HATNAME\s0\fR)
+\&\fB\s-1HATNAME\s0\fR = (must start with alphanumeric character. See \fBaa_change_hat\fR\|(2) for a description of how this \*(L"hat\*(R" is used. If '^' is used to start a hat then there is no space between the '^' and \fI\s-1HATNAME\s0\fR)
.Sp
\&\fB\s-1QUALIFIER BLOCK\s0\fR = \fI\s-1QUALIFIERS\s0\fR \fI\s-1BLOCK\s0\fR
.Sp
@@ -215,11 +256,11 @@ to the policy; this behaviour is modelled after \fIcpp\fR\|(1).
\&\fB\s-1CAPABILITY LIST\s0\fR = ( \fI\s-1CAPABILITY\s0\fR )+
.Sp
\&\fB\s-1CAPABILITY\s0\fR = (lowercase capability name without '\s-1CAP_\s0' prefix; see
-\&\fIcapabilities\fR\|(7))
+\&\fBcapabilities\fR\|(7))
.Sp
\&\fB\s-1NETWORK RULE\s0\fR = [ \fI\s-1QUALIFIERS\s0\fR ] 'network' [ \fI\s-1DOMAIN\s0\fR ] [ \fI\s-1TYPE\s0\fR | \fI\s-1PROTOCOL\s0\fR ]
.Sp
-\&\fB\s-1DOMAIN\s0\fR = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' ) ','
+\&\fB\s-1DOMAIN\s0\fR = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','
.Sp
\&\fB\s-1TYPE\s0\fR = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
.Sp
@@ -398,13 +439,135 @@ memory. Subprofile names are limited to 974 characters. Child profiles can
be used to confine an application in a special way, or when you want the
child to be unconfined on the system, but confined when called from the
parent. Hats are a special child profile that can be used with the
-\&\fIaa_change_hat\fR\|(2) \s-1API\s0 call. Applications written or modified to use
-\&\fIaa_change_hat\fR\|(2) can take advantage of subprofiles to run under different
-confinements, dependent on program logic. Several \fIaa_change_hat\fR\|(2)\-aware
-applications exist, including an Apache module, \fImod_apparmor\fR\|(5); a \s-1PAM\s0
+\&\fBaa_change_hat\fR\|(2) \s-1API\s0 call. Applications written or modified to use
+\&\fBaa_change_hat\fR\|(2) can take advantage of subprofiles to run under different
+confinements, dependent on program logic. Several \fBaa_change_hat\fR\|(2)\-aware
+applications exist, including an Apache module, \fBmod_apparmor\fR\|(5); a \s-1PAM\s0
module, pam_apparmor; and a Tomcat valve, tomcat_apparmor. Applications
-written or modified to use \fIchange_profile\fR\|(2) transition permanently to the
+written or modified to use \fBchange_profile\fR\|(2) transition permanently to the
specified profile. libvirt is one such application.
+.SS "Profile Head"
+.IX Subsection "Profile Head"
+The profile head consists of a required name that is unique and optional
+attachment conditionals and control flags.
+.PP
+\fIName\fR
+.IX Subsection "Name"
+.PP
+The name of the profile is its identifier. It is what is displayed
+during introspection (eg. ps \-Z), and defines how the profile is
+referenced by policy rules for any policy interaction via ipc or
+domain changes. It is recommended that the name be kept short and have
+meaning for the application it is being applied eg. \fIfirefox\fR for the
+firefox web browser or its functional role eg. log_admin.
+.PP
+If the name is an applications full absolute path name
+eg. \fI/usr/bin/firefox\fR and an exec attachment conditional is not
+specified the name is also used as the profile's exec attachment
+conditional. This use however has been deprecated and is discouraged
+as it makes for long names that can make profile rules difficult to
+understand, and may not be fully displayed by some introspection
+tools.
+.PP
+\fIAttachment Conditionals\fR
+.IX Subsection "Attachment Conditionals"
+.PP
+The attachment conditionals are used during profile changes to
+determine whether a profile is a match for the proposed profile
+transition. The attachment conditionals are optional, how and when
+they are applied is determined by the specific condition(s) used.
+.PP
+When attachment conditionals are used, the attachment conditionals for
+all profiles in the namespace will be evaluated. The profile with the
+set of attachments that result in the best match will become the new
+profile after a transition operation. Attachments that don't match
+will result in the profile not being available for transition.
+.PP
+If no conditionals are specified the profile will only be used if a
+transition explicitly specifies the profile name.
+.PP
+Exec Attachment Conditional
+.IX Subsection "Exec Attachment Conditional"
+.PP
+The exec attachment conditional governs how closely the profile
+matches an executable program. This conditional is only used during an
+exec operation when the matching exec rule specifies either a \fBpx\fR or
+\&\fBcx\fR (or their derivatives) transition type. The exec attachment
+conditional will also be used by tasks that are \fIunconfined\fR as they
+use a \fBpix\fR transition rule.
+.PP
+If there are no attachment matches then it is up to the exec rule to
+determine what happens (fail or a fallback option).
+.PP
+Note: see profile \fIName\fR for information around using the profile name
+as an attachment conditional.
+.PP
+Exec attachment conditionals can contain variable names and pattern
+matching. They use a longest left match heuristic to deterime the
+winner in the case of multiple matches at run time. The exact
+implementation of this resolution is kernel specific and has improved
+over time, while retaining backwards compatibility. If the heuristic
+can not determine a winner between multiple matches the exec will be
+denied.
+.PP
+Extended Attributes Attachment Conditional
+.IX Subsection "Extended Attributes Attachment Conditional"
+.PP
+AppArmor profiles have the ability to target files based on their \fBxattr\fR\|(7)
+values in addition to their path. For example, the following profile matches
+files in /usr/bin with the attribute \*(L"security.apparmor\*(R" and value \*(L"trusted\*(R":
+.PP
+.Vb 3
+\& /usr/bin/* xattrs(security.apparmor="trusted") {
+\& # ...
+\& }
+.Ve
+.PP
+See \fBapparmor_xattrs\fR\|(7) for further details.
+.PP
+\fIFlags\fR
+.IX Subsection "Flags"
+.PP
+The profile flags allow modifying the behavior of the profile. If a
+profile flag is specified it takes priority over any conflicting flags
+that have been specified by rules in the profile body.
+.PP
+Profile Mode
+.IX Subsection "Profile Mode"
+.PP
+The profile mode allow controlling the enforcement behavior of the
+profile rules.
+.PP
+If no mode is specified the profile defaults to \fIenforce\fR mode.
+.IP "\fBenforce\fR For a given action, if the profile rules do not grant permission the action will be denied, with an \fI\s-1EACCES\s0\fR or \fI\s-1EPERM\s0\fR error code returned to userspace, and the violation will be logged with a tag of the access being \fB\s-1DENIED\s0\fR." 8
+.IX Item "enforce For a given action, if the profile rules do not grant permission the action will be denied, with an EACCES or EPERM error code returned to userspace, and the violation will be logged with a tag of the access being DENIED."
+.PD 0
+.IP "\fBkill\fR This is a variant of enforce mode where in addition to returning \fI\s-1EACCES\s0\fR or \fI\s-1EPERM\s0\fR for a violation, the task is also sent a signal to kill it." 8
+.IX Item "kill This is a variant of enforce mode where in addition to returning EACCES or EPERM for a violation, the task is also sent a signal to kill it."
+.IP "\fBcomplain\fR For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being \fB\s-1ALLOWED\s0\fR." 8
+.IX Item "complain For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being ALLOWED."
+.IP "\fBunconfined\fR This mode allows a task confined by the profile to behave as though they are \fIunconfined\fR. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios." 8
+.IX Item "unconfined This mode allows a task confined by the profile to behave as though they are unconfined. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios."
+.PD
+.PP
+Audit Mode
+.IX Subsection "Audit Mode"
+.PP
+The audit mode allows control of how AppArmor messages are are logged
+to the audit system.
+.IP "\fBaudit\fR This flag causes all actions whether allowed or denied to be logged." 8
+.IX Item "audit This flag causes all actions whether allowed or denied to be logged."
+.PP
+Misc modes
+.IX Subsection "Misc modes"
+.IP "\fBmediate_deleted\fR This forces AppArmor to mediate deleted files as if they still exist in the file system." 8
+.IX Item "mediate_deleted This forces AppArmor to mediate deleted files as if they still exist in the file system."
+.PD 0
+.IP "\fBattach_disconnected\fR This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. \s-1WARNING\s0 this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool." 8
+.IX Item "attach_disconnected This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. WARNING this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool."
+.IP "\fBchroot_relative\fR This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace." 8
+.IX Item "chroot_relative This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace."
+.PD
.SS "Access Modes"
.IX Subsection "Access Modes"
File permission access modes consists of combinations of the following
@@ -468,7 +631,7 @@ modes:
\&\- disallow execute (in rules with the deny qualifier)
.IP "\fBm\fR" 8
.IX Item "m"
-\&\- allow \s-1PROT_EXEC\s0 with \fImmap\fR\|(2) calls
+\&\- allow \s-1PROT_EXEC\s0 with \fBmmap\fR\|(2) calls
.IP "\fBl\fR" 8
.IX Item "l"
\&\- link
@@ -505,7 +668,7 @@ a privileged operation, such as rebooting the machine. By placing the
privileged section in another executable and granting unconfined
execution rights, it is possible to bypass the mandatory constraints
imposed on all confined processes. For more information on what is
-constrained, see the \fIapparmor\fR\|(7) man page.
+constrained, see the \fBapparmor\fR\|(7) man page.
.Sp
\&\fB\s-1WARNING\s0\fR 'ux' should only be used in very special cases. It enables the
designated child processes to be run without any AppArmor protection.
@@ -520,7 +683,7 @@ Incompatible with other exec transition modes and the deny qualifier.
.IX Item "Ux - unconfined execute scrub the environment"
\&'Ux' allows the named program to run in 'ux' mode, but AppArmor
will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fIld.so\fR\|(8) for some
+the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
information on setuid/setgid environment scrubbing.)
.Sp
\&\fB\s-1WARNING\s0\fR 'Ux' should only be used in very special cases. It enables the
@@ -544,7 +707,7 @@ Incompatible with other exec transition modes and the deny qualifier.
.IX Item "Px - Discrete Profile execute mode scrub the environment"
\&'Px' allows the named program to run in 'px' mode, but AppArmor
will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fIld.so\fR\|(8) for some
+the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
information on setuid/setgid environment scrubbing.)
.Sp
Incompatible with other exec transition modes and the deny qualifier.
@@ -563,13 +726,13 @@ Incompatible with other exec transition modes and the deny qualifier.
.IX Item "Cx - Transition to Subprofile execute mode scrub the environment"
\&'Cx' allows the named program to run in 'cx' mode, but AppArmor
will invoke the Linux Kernel's \fBunsafe_exec\fR routines to scrub
-the environment, similar to setuid programs. (See \fIld.so\fR\|(8) for some
+the environment, similar to setuid programs. (See \fBld.so\fR\|(8) for some
information on setuid/setgid environment scrubbing.)
.Sp
Incompatible with other exec transition modes and the deny qualifier.
.IP "\fBix \- Inherit execute mode\fR" 4
.IX Item "ix - Inherit execute mode"
-Prevent the normal AppArmor domain transition on \fIexecve\fR\|(2) when the
+Prevent the normal AppArmor domain transition on \fBexecve\fR\|(2) when the
profiled program executes the named program. Instead, the executed resource
will inherit the current profile.
.Sp
@@ -635,14 +798,14 @@ followed by the name of the profile to transition to. Eg.
Incompatible with other exec transition modes.
.IP "\fBm \- Allow executable mapping\fR" 4
.IX Item "m - Allow executable mapping"
-This mode allows a file to be mapped into memory using \fImmap\fR\|(2)'s
+This mode allows a file to be mapped into memory using \fBmmap\fR\|(2)'s
\&\s-1PROT_EXEC\s0 flag. This flag marks the pages executable; it is used on some
architectures to provide non-executable data pages, which can complicate
exploit attempts. AppArmor uses this mode to limit which files a
well-behaved program (or all programs on architectures that enforce
non-executable memory access controls) may use as libraries, to limit
-the effect of invalid \fB\-L\fR flags given to \fIld\fR\|(1) and \fB\s-1LD_PRELOAD\s0\fR,
-\&\fB\s-1LD_LIBRARY_PATH\s0\fR, given to \fIld.so\fR\|(8).
+the effect of invalid \fB\-L\fR flags given to \fBld\fR\|(1) and \fB\s-1LD_PRELOAD\s0\fR,
+\&\fB\s-1LD_LIBRARY_PATH\s0\fR, given to \fBld.so\fR\|(8).
.IP "\fBl \- Link mode\fR" 4
.IX Item "l - Link mode"
Allows the program to be able to create a link with this name. When a
@@ -724,19 +887,19 @@ shell scripts.
.SS "Capabilities"
.IX Subsection "Capabilities"
The only capabilities a confined process may use may be enumerated; for
-the complete list, please refer to \fIcapabilities\fR\|(7). Note that granting
+the complete list, please refer to \fBcapabilities\fR\|(7). Note that granting
some capabilities renders AppArmor confinement for that domain advisory;
-while \fIopen\fR\|(2), \fIread\fR\|(2), \fIwrite\fR\|(2), etc., will still return error when
+while \fBopen\fR\|(2), \fBread\fR\|(2), \fBwrite\fR\|(2), etc., will still return error when
access is not granted, some capabilities allow loading kernel modules,
arbitrary access to \s-1IPC,\s0 ability to bypass discretionary access controls,
and other operations that are typically reserved for the root user.
.SS "Network Rules"
.IX Subsection "Network Rules"
AppArmor supports simple coarse grained network mediation. The network
-rule restrict all \fIsocket\fR\|(2) based operations. The mediation done is
-a course grained check on whether a socket of a given type and family
+rule restrict all \fBsocket\fR\|(2) based operations. The mediation done is
+a coarse-grained check on whether a socket of a given type and family
can be created, read, or written. There is no mediation based of port
-number or protocol beyond tcp, udp, and raw. Network \fInetlink\fR\|(7) rules may
+number or protocol beyond tcp, udp, and raw. Network \fBnetlink\fR\|(7) rules may
only specify type 'dgram' and 'raw'.
.PP
AppArmor network rules are accumulated so that the granted network
@@ -757,7 +920,7 @@ eg.
.SS "Mount Rules"
.IX Subsection "Mount Rules"
AppArmor supports mount mediation and allows specifying filesystem types and
-mount flags. The syntax of mount rules in AppArmor is based on the \fImount\fR\|(8)
+mount flags. The syntax of mount rules in AppArmor is based on the \fBmount\fR\|(8)
command syntax. Mount rules must contain one of the mount, remount or umount
keywords, but all mount conditions are optional. Unspecified optional
conditionals are assumed to match all entries (eg, not specifying fstype means
@@ -967,16 +1130,16 @@ Matches only:
.Ve
.SS "Pivot Root Rules"
.IX Subsection "Pivot Root Rules"
-AppArmor mediates changing of the root filesystem through the \fIpivot_root\fR\|(2)
+AppArmor mediates changing of the root filesystem through the \fBpivot_root\fR\|(2)
system call. The syntax of 'pivot_root' rules in AppArmor is based on the
-\&\fIpivot_root\fR\|(2) system call parameters with the notable exception that the
+\&\fBpivot_root\fR\|(2) system call parameters with the notable exception that the
ordering is reversed. The path corresponding to the put_old parameter of
-\&\fIpivot_root\fR\|(2) is optionally specified in the 'pivot_root' rule using the
+\&\fBpivot_root\fR\|(2) is optionally specified in the 'pivot_root' rule using the
\&'oldroot=' prefix.
.PP
AppArmor 'pivot_root' rules can specify a profile transition to occur during
-the \fIpivot_root\fR\|(2) system call. Note that AppArmor will only transition the
-process calling \fIpivot_root\fR\|(2) to the new profile.
+the \fBpivot_root\fR\|(2) system call. Note that AppArmor will only transition the
+process calling \fBpivot_root\fR\|(2) to the new profile.
.PP
The paths specified in 'pivot_root' rules must end with '/' since they are
directories.
@@ -1004,16 +1167,16 @@ Here are some example 'pivot_root' rules:
.Ve
.SS "PTrace rules"
.IX Subsection "PTrace rules"
-AppArmor supports mediation of \fIptrace\fR\|(2). AppArmor PTrace rules are accumulated
+AppArmor supports mediation of \fBptrace\fR\|(2). AppArmor PTrace rules are accumulated
so that the granted PTrace permissions are the union of all the listed PTrace
rule permissions.
.PP
AppArmor PTrace permissions are implied when a rule does not explicitly state
an access list. By default, all PTrace permissions are implied.
.PP
-The trace and tracedby permissions govern \fIptrace\fR\|(2) while read and readby
-govern certain \fIproc\fR\|(5) filesystem accesses, \fIkcmp\fR\|(2), futexes
-(\fIget_robust_list\fR\|(2)) and perf trace events.
+The trace and tracedby permissions govern \fBptrace\fR\|(2) while read and readby
+govern certain \fBproc\fR\|(5) filesystem accesses, \fBkcmp\fR\|(2), futexes
+(\fBget_robust_list\fR\|(2)) and perf trace events.
.PP
For a ptrace operation to be allowed the profile of the tracing process and the
profile of the target task must both have the correct permissions. For example,
@@ -1041,7 +1204,7 @@ Example AppArmor PTrace rules:
.Ve
.SS "Signal rules"
.IX Subsection "Signal rules"
-AppArmor supports mediation of \fIsignal\fR\|(7). AppArmor signal rules are accumulated
+AppArmor supports mediation of \fBsignal\fR\|(7). AppArmor signal rules are accumulated
so that the granted signal permissions are the union of all the listed signal
rule permissions.
.PP
@@ -1152,7 +1315,7 @@ anonymous sockets. Unix domain sockets with file system paths are
mediated via file access rules.
.PP
Abstract unix domain sockets is a nonportable Linux extension of unix
-domain sockets, see \fIunix\fR\|(7) for more information.
+domain sockets, see \fBunix\fR\|(7) for more information.
.PP
\fIUnix socket address paths\fR
.IX Subsection "Unix socket address paths"
@@ -1180,6 +1343,37 @@ in an abstract socket name. Eg.
\& unix addr=@*,
.Ve
.PP
+Autobound unix domain sockets have a unix sun_path assigned to them
+by the kernel, as such specifying a policy based address is not possible.
+The autobinding of sockets can be controlled by specifying the special
+\&\fIauto\fR keyword. Eg.
+.PP
+.Vb 1
+\& unix addr=auto,
+.Ve
+.PP
+To indicate that the rule only applies to auto binding of unix domain
+sockets. It is important to note this only applies to the \fIbind\fR
+permission as once the socket is bound to an address it is
+indistinguishable from a socket that have an addr bound with a
+specified name. When the \fIauto\fR keyword is used with other permissions
+or as part of a peer addr it will be replaced with a pattern that
+can match an autobound socket. Eg. For some kernels
+.PP
+.Vb 1
+\& unix rw addr=auto,
+.Ve
+.PP
+is transformed to
+.PP
+.Vb 1
+\& unix rw addr=@[a\-f0\-9][a\-f0\-9][a\-f0\-9][a\-f0\-9][a\-f0\-9],
+.Ve
+.PP
+It is important to note, this pattern may match abstract sockets that
+were not autobound but have an addr that fits what is generated by
+the kernel when autobinding a socket.
+.PP
Anonymous unix domain sockets have no sun_path associated with the socket
address, however it can be specified with the special \fInone\fR keyword to
indicate the rule only applies to anonymous unix domain sockets. Eg.
@@ -1189,7 +1383,7 @@ indicate the rule only applies to anonymous unix domain sockets. Eg.
.Ve
.PP
If the address component of a rule is not specified then the rule applies
-to both abstract and anonymous sockets.
+to autobind, abstract and anonymous sockets.
.PP
\fIUnix socket permissions\fR
.IX Subsection "Unix socket permissions"
@@ -1331,7 +1525,7 @@ rule set. Eg.
.PP
The exec mode dictates whether or not the Linux Kernel's \fBunsafe_exec\fR
routines should be used to scrub the environment, similar to setuid programs.
-(See \fIld.so\fR\|(8) for some information on setuid/setgid environment scrubbing.) The
+(See \fBld.so\fR\|(8) for some information on setuid/setgid environment scrubbing.) The
\&\fBsafe\fR mode sets up environment scrubbing to occur when the new application is
executed and \fBunsafe\fR mode disables AppArmor's requirement for environment
scrubbing (the kernel and/or libc may still require environment scrubbing). An
@@ -1347,7 +1541,7 @@ Not all kernels support \fBsafe\fR mode and the parser will downgrade rules to
.SS "rlimit rules"
.IX Subsection "rlimit rules"
AppArmor can set and control the resource limits associated with a
-profile as described in the \fIsetrlimit\fR\|(2) man page.
+profile as described in the \fBsetrlimit\fR\|(2) man page.
.PP
The AppArmor rlimit controls allow setting of limits and restricting
changes of them and these actions can be audited. Enforcement of the
@@ -1431,7 +1625,7 @@ typically included at the beginning of an AppArmor profile.
.SS "Globbing"
.IX Subsection "Globbing"
File resources may be specified with a globbing syntax similar to that
-used by popular shells, such as \fIcsh\fR\|(1), \fIbash\fR\|(1), \fIzsh\fR\|(1).
+used by popular shells, such as \fBcsh\fR\|(1), \fBbash\fR\|(1), \fBzsh\fR\|(1).
.IP "\fB*\fR" 4
.IX Item "*"
can substitute for any number of characters, excepting '/'
@@ -1512,7 +1706,7 @@ access requirements; this abstraction is an extremely flexible way to
grant site-specific rights and makes writing new AppArmor profiles very
simple by assembling the needed building blocks for any given program.
.PP
-The use of '#include' is modelled directly after \fIcpp\fR\|(1); its use will
+The use of '#include' is modelled directly after \fBcpp\fR\|(1); its use will
replace the '#include' statement with the specified file's contents.
The leading '#' is optional, and the '#include' keyword can be followed
by an option conditional 'if exists' that specifies profile compilation
@@ -1522,7 +1716,7 @@ should continue if the specified file or directory is not found.
used. \fB#include \*(L"relative/path\*(R"\fR specifies that \fIrelative/path\fR should
be used, where the path is relative to the current working directory.
\&\fB#include <magic/path>\fR is the most common usage; it will load
-\&\fImagic/path\fR relative to a directory specified to \fIapparmor_parser\fR\|(8).
+\&\fImagic/path\fR relative to a directory specified to \fBapparmor_parser\fR\|(8).
\&\fI/etc/apparmor.d/\fR is the AppArmor default.
.PP
The supplied AppArmor profiles follow several conventions; the
@@ -1542,11 +1736,11 @@ Includes files that should be readable and writable in all profiles.
.IP "\fIabstractions/bash\fR" 4
.IX Item "abstractions/bash"
Includes many files used by bash; useful for interactive shells and
-programs that call \fIsystem\fR\|(3).
+programs that call \fBsystem\fR\|(3).
.IP "\fIabstractions/consoles\fR" 4
.IX Item "abstractions/consoles"
Includes read and write access to the device files controlling the
-virtual console, \fIsshd\fR\|(8), \fIxterm\fR\|(1), etc. This abstraction is needed for
+virtual console, \fBsshd\fR\|(8), \fBxterm\fR\|(1), etc. This abstraction is needed for
many programs that interact with users.
.IP "\fIabstractions/fonts\fR" 4
.IX Item "abstractions/fonts"
@@ -1585,7 +1779,7 @@ Some profiles for typical \*(L"user\*(R" programs will use these include files
to describe rights that users have in the system.
.IP "\fIabstractions/wutmp\fR" 4
.IX Item "abstractions/wutmp"
-Includes write access to files used to maintain \fIwtmp\fR\|(5) and \fIutmp\fR\|(5)
+Includes write access to files used to maintain \fBwtmp\fR\|(5) and \fButmp\fR\|(5)
databases, used with the w(1) and associated commands.
.IP "\fIabstractions/X\fR" 4
.IX Item "abstractions/X"
@@ -1598,14 +1792,50 @@ Some of the abstractions rely on variables that are set in files in the
they can only be set before the profile. Therefore, any profiles that
use abstractions should either \fB#include <tunables/global>\fR or
otherwise ensure that \fB@{\s-1HOME\s0}\fR and \fB@{\s-1HOMEDIRS\s0}\fR are set before
-starting the profile definition. The \fIaa\-autodep\fR\|(8) and \fIaa\-genprof\fR\|(8) utilities
+starting the profile definition. The \fBaa\-autodep\fR\|(8) and \fBaa\-genprof\fR\|(8) utilities
will automatically emit \fB#include <tunables/global>\fR in
generated profiles.
+.SS "Feature \s-1ABI\s0"
+.IX Subsection "Feature ABI"
+The feature abi tells AppArmor which feature set the policy was
+developed under. This is important to ensure that kernels with a
+different feature set don't enforce features that the policy doesn't
+support, which can result in unexpected application failures.
+.PP
+When policy is compiled both the kernel feature abi and policy feature
+abi are consulted to build a policy that will work for the system's
+kernel.
+.PP
+If the kernel supports a feature not supported by the policy then
+policy will be built so that the kernel does \s-1NOT\s0 enforce that feature.
+.PP
+If the policy supports a feature not supported by the kernel the
+compile may downgrade the rule with the feature to something the
+kernel supports, drop the rule completely, or fail the compile.
+.PP
+If the policy abi is specified as \fBkernel\fR then the running kernel's
+abi will be used. This should never be used in shipped policy as it
+can cause system breakage when a new kernel is installed.
+.PP
+\fI\s-1ABI\s0 compatibility with AppArmor 2.x\fR
+.IX Subsection "ABI compatibility with AppArmor 2.x"
+.PP
+AppArmor 3 remains compatible with AppArmor 2.x by detecting when a
+profile does not have a feature \s-1ABI\s0 specified. In this case the policy
+compile will either apply the pinned feature \s-1ABI\s0 as specified by the
+config file or the command line, or if neither of those are applied by
+using a default feature \s-1ABI.\s0
+.PP
+It is important to note that the default feature \s-1ABI\s0 does not support
+new features added in AppArmor 3 or later.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
An example AppArmor profile:
.PP
.Vb 2
+\& # which feature abi the policy was developed with
+\& abi <abi/3.0>,
+\&
\& # a variable definition in the preamble
\& @{HOME} = /home/*/ /root/
\&
@@ -1671,6 +1901,6 @@ negative values match when specifying one or the other. Eg, 'rw' matches when
\&'options in (ro,nodev)' is equivalent to 'options in (rw,dev)'.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor_parser\fR\|(8), \fIaa\-complain\fR\|(1),
-\&\fIaa\-enforce\fR\|(1), \fIaa_change_hat\fR\|(2), \fImod_apparmor\fR\|(5), and
+\&\fBapparmor\fR\|(7), \fBapparmor_parser\fR\|(8), \fBapparmor_xattrs\fR\|(7), \fBaa\-complain\fR\|(1),
+\&\fBaa\-enforce\fR\|(1), \fBaa_change_hat\fR\|(2), \fBmod_apparmor\fR\|(5), and
<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.d.5.html b/parser/apparmor.d.5.html
index c9cc44805fe24c65ddd2a97c317a6248bbf1a531..4bf9de443e4fe25e4688a330d60f622abf62a16d 100644
--- a/parser/apparmor.d.5.html
+++ b/parser/apparmor.d.5.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>apparmor.d - syntax of security profiles for AppArmor.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> apparmor.d - syntax of security profiles for AppArmor.</span></strong></big>
</td></tr>
</table>
@@ -22,6 +22,24 @@
<li><a href="#DESCRIPTION">DESCRIPTION</a></li>
<li><a href="#FORMAT">FORMAT</a>
<ul>
+ <li><a href="#Profile-Head">Profile Head</a>
+ <ul>
+ <li><a href="#Name">Name</a></li>
+ <li><a href="#Attachment-Conditionals">Attachment Conditionals</a>
+ <ul>
+ <li><a href="#Exec-Attachment-Conditional">Exec Attachment Conditional</a></li>
+ <li><a href="#Extended-Attributes-Attachment-Conditional">Extended Attributes Attachment Conditional</a></li>
+ </ul>
+ </li>
+ <li><a href="#Flags">Flags</a>
+ <ul>
+ <li><a href="#Profile-Mode">Profile Mode</a></li>
+ <li><a href="#Audit-Mode">Audit Mode</a></li>
+ <li><a href="#Misc-modes">Misc modes</a></li>
+ </ul>
+ </li>
+ </ul>
+ </li>
<li><a href="#Access-Modes">Access Modes</a></li>
<li><a href="#Access-Modes-Details">Access Modes Details</a></li>
<li><a href="#Link-rules">Link rules</a></li>
@@ -53,6 +71,11 @@
</ul>
</li>
<li><a href="#include-mechanism">#include mechanism</a></li>
+ <li><a href="#Feature-ABI">Feature ABI</a>
+ <ul>
+ <li><a href="#ABI-compatibility-with-AppArmor-2.x">ABI compatibility with AppArmor 2.x</a></li>
+ </ul>
+ </li>
</ul>
</li>
<li><a href="#EXAMPLE">EXAMPLE</a></li>
@@ -71,13 +94,19 @@
<h1 id="FORMAT">FORMAT</h1>
+<p>AppArmor policy is written in a declarative language, in which the order of rules within a given section or block does not matter. Policy is by convention written so that it is contained in multiple files, but this is not a requirement. It could just as easily be written in a single file. The policy language is compiled to a architecture independent binary format that is loaded into the kernel for enforcement.</p>
+
+<p>The base unit of AppArmor confinement is the profile. It contains a set of rules which are enforced when the profile is associated with a running program. The rules within the profile provide a whitelist of different permission that are allowed, along with a few other special rules.</p>
+
+<p>The text in AppArmor policy is split into two sections, the preamble and the profile definitions. The preamble must occur at the head of the file and once profile definitions begin, no more preamble rules are allowed (even in files that are included into the profile). When AppArmor policy (set of profiles) is split across multiple files, each file can have its own preamble section, which may be the same or different from other files preamble. Files included within a profile section can not have a preamble section.</p>
+
<p>The following is a BNF-style description of AppArmor policy configuration files; see below for an example AppArmor policy file. AppArmor configuration files are line-oriented; <b>#</b> introduces a comment, similar to shell scripting languages. The exception to this rule is that <b>#include</b> will <i>include</i> the contents of a file inline to the policy; this behaviour is modelled after cpp(1).</p>
<ul>
<p><b>PROFILE FILE</b> = ( [ <i>PREAMBLE</i> ] [ <i>PROFILE</i> ] )*</p>
-<p><b>PREAMBLE</b> = ( <i>COMMENT</i> | <i>VARIABLE ASSIGNMENT</i> | <i>ALIAS RULE</i> | <i>INCLUDE</i> )* Variable assignment and alias rules must come before the profile.</p>
+<p><b>PREAMBLE</b> = ( <i>COMMENT</i> | <i>VARIABLE ASSIGNMENT</i> | <i>ALIAS RULE</i> | <i>INCLUDE</i> | <i>ABI</i> )* Variable assignment and alias rules must come before the profile.</p>
<p><b>VARIABLE ASSIGNMENT</b> = <i>VARIABLE</i> ('=' | '+=') (space separated values)</p>
@@ -87,6 +116,8 @@
<p><b>INCLUDE</b> = ( '#include' | 'include' ) [ 'if exists' ] ( <i>ABS PATH</i> | <i>MAGIC PATH</i> )</p>
+<p><b>ABI</b> = ( 'abi' ) ( <i>ABS PATH</i> | <i>MAGIC PATH</i> ) ','</p>
+
<p><b>ABS PATH</b> = '"' path '"' (the path is passed to open(2))</p>
<p><b>MAGIC PATH</b> = '<' relative path '>' The path is relative to <i>/etc/apparmor.d/</i>.</p>
@@ -105,11 +136,23 @@
<p><b>UNQUOTED PROFILE NAME</b> = (must start with alphanumeric character (after variable expansion), or '/' <b>AARE</b> have special meanings; see below. May include <i>VARIABLE</i>. Rules with embedded spaces or tabs must be quoted.)</p>
-<p><b>ATTACHMENT SPECIFICATION</b> = <i>FILEGLOB</i></p>
+<p><b>ATTACHMENT SPECIFICATION</b> = [ <i>PROFILE_EXEC_COND</i> ] [ <i>PROFILE XATTR CONDS</i> ]</p>
+
+<p><b>PROFILE_EXEC_COND</b> = <i>FILEGLOB</i></p>
+
+<p><b>PROFILE XATTR CONDS</b> = [ 'xattrs=' ] '(' comma or white space separated list of <i>PROFILE XATTR</i> ')'</p>
+
+<p><b>PROFILE XATTR</b> = extended attribute name '=' <i>XATTR VALUE FILEGLOB</i></p>
+
+<p><b>XATTR VALUE FILEGLOB</b> = <i>FILEGLOB</i></p>
<p><b>PROFILE FLAG CONDS</b> = [ 'flags=' ] '(' comma or white space separated list of <i>PROFILE FLAGS</i> ')'</p>
-<p><b>PROFILE FLAGS</b> = 'complain' | 'audit' | 'enforce' | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'</p>
+<p><b>PROFILE FLAGS</b> = <i>PROFILE MODE</i> | <i>AUDIT_MODE</i> | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'</p>
+
+<p><b>PROFILE MODE</b> = 'enforce' | 'complain' | 'kill' | 'unconfined'</p>
+
+<p><b>AUDIT MODE</b> = 'audit'</p>
<p><b>RULES</b> = [ ( <i>LINE RULES</i> | <i>COMMA RULES</i> ',' | <i>BLOCK RULES</i> )</p>
@@ -139,7 +182,7 @@
<p><b>NETWORK RULE</b> = [ <i>QUALIFIERS</i> ] 'network' [ <i>DOMAIN</i> ] [ <i>TYPE</i> | <i>PROTOCOL</i> ]</p>
-<p><b>DOMAIN</b> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' ) ','</p>
+<p><b>DOMAIN</b> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','</p>
<p><b>TYPE</b> = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )</p>
@@ -303,6 +346,104 @@
<p>All resources and programs need a full path. There may be any number of subprofiles (aka child profiles) in a profile, limited only by kernel memory. Subprofile names are limited to 974 characters. Child profiles can be used to confine an application in a special way, or when you want the child to be unconfined on the system, but confined when called from the parent. Hats are a special child profile that can be used with the aa_change_hat(2) API call. Applications written or modified to use aa_change_hat(2) can take advantage of subprofiles to run under different confinements, dependent on program logic. Several aa_change_hat(2)-aware applications exist, including an Apache module, mod_apparmor(5); a PAM module, pam_apparmor; and a Tomcat valve, tomcat_apparmor. Applications written or modified to use change_profile(2) transition permanently to the specified profile. libvirt is one such application.</p>
+<h2 id="Profile-Head">Profile Head</h2>
+
+<p>The profile head consists of a required name that is unique and optional attachment conditionals and control flags.</p>
+
+<h3 id="Name">Name</h3>
+
+<p>The name of the profile is its identifier. It is what is displayed during introspection (eg. ps -Z), and defines how the profile is referenced by policy rules for any policy interaction via ipc or domain changes. It is recommended that the name be kept short and have meaning for the application it is being applied eg. <i>firefox</i> for the firefox web browser or its functional role eg. log_admin.</p>
+
+<p>If the name is an applications full absolute path name eg. <i>/usr/bin/firefox</i> and an exec attachment conditional is not specified the name is also used as the profile's exec attachment conditional. This use however has been deprecated and is discouraged as it makes for long names that can make profile rules difficult to understand, and may not be fully displayed by some introspection tools.</p>
+
+<h3 id="Attachment-Conditionals">Attachment Conditionals</h3>
+
+<p>The attachment conditionals are used during profile changes to determine whether a profile is a match for the proposed profile transition. The attachment conditionals are optional, how and when they are applied is determined by the specific condition(s) used.</p>
+
+<p>When attachment conditionals are used, the attachment conditionals for all profiles in the namespace will be evaluated. The profile with the set of attachments that result in the best match will become the new profile after a transition operation. Attachments that don't match will result in the profile not being available for transition.</p>
+
+<p>If no conditionals are specified the profile will only be used if a transition explicitly specifies the profile name.</p>
+
+<h4 id="Exec-Attachment-Conditional">Exec Attachment Conditional</h4>
+
+<p>The exec attachment conditional governs how closely the profile matches an executable program. This conditional is only used during an exec operation when the matching exec rule specifies either a <b>px</b> or <b>cx</b> (or their derivatives) transition type. The exec attachment conditional will also be used by tasks that are <i>unconfined</i> as they use a <b>pix</b> transition rule.</p>
+
+<p>If there are no attachment matches then it is up to the exec rule to determine what happens (fail or a fallback option).</p>
+
+<p>Note: see profile <i>Name</i> for information around using the profile name as an attachment conditional.</p>
+
+<p>Exec attachment conditionals can contain variable names and pattern matching. They use a longest left match heuristic to deterime the winner in the case of multiple matches at run time. The exact implementation of this resolution is kernel specific and has improved over time, while retaining backwards compatibility. If the heuristic can not determine a winner between multiple matches the exec will be denied.</p>
+
+<h4 id="Extended-Attributes-Attachment-Conditional">Extended Attributes Attachment Conditional</h4>
+
+<p>AppArmor profiles have the ability to target files based on their xattr(7) values in addition to their path. For example, the following profile matches files in /usr/bin with the attribute "security.apparmor" and value "trusted":</p>
+
+<pre><code>/usr/bin/* xattrs(security.apparmor="trusted") {
+ # ...
+}</code></pre>
+
+<p>See apparmor_xattrs(7) for further details.</p>
+
+<h3 id="Flags">Flags</h3>
+
+<p>The profile flags allow modifying the behavior of the profile. If a profile flag is specified it takes priority over any conflicting flags that have been specified by rules in the profile body.</p>
+
+<h4 id="Profile-Mode">Profile Mode</h4>
+
+<p>The profile mode allow controlling the enforcement behavior of the profile rules.</p>
+
+<p>If no mode is specified the profile defaults to <i>enforce</i> mode.</p>
+
+<dl>
+
+<dt id="enforce-For-a-given-action-if-the-profile-rules-do-not-grant-permission-the-action-will-be-denied-with-an-EACCES-or-EPERM-error-code-returned-to-userspace-and-the-violation-will-be-logged-with-a-tag-of-the-access-being-DENIED"><b>enforce</b> For a given action, if the profile rules do not grant permission the action will be denied, with an <i>EACCES</i> or <i>EPERM</i> error code returned to userspace, and the violation will be logged with a tag of the access being <b>DENIED</b>.</dt>
+<dd>
+
+</dd>
+<dt id="kill-This-is-a-variant-of-enforce-mode-where-in-addition-to-returning-EACCES-or-EPERM-for-a-violation-the-task-is-also-sent-a-signal-to-kill-it"><b>kill</b> This is a variant of enforce mode where in addition to returning <i>EACCES</i> or <i>EPERM</i> for a violation, the task is also sent a signal to kill it.</dt>
+<dd>
+
+</dd>
+<dt id="complain-For-a-given-action-if-the-profile-rules-do-not-grant-permission-the-action-will-be-allowed-but-the-violation-will-be-logged-with-a-tag-of-the-access-being-ALLOWED"><b>complain</b> For a given action, if the profile rules do not grant permission the action will be allowed, but the violation will be logged with a tag of the access being <b>ALLOWED</b>.</dt>
+<dd>
+
+</dd>
+<dt id="unconfined-This-mode-allows-a-task-confined-by-the-profile-to-behave-as-though-they-are-unconfined.-This-mode-allow-for-an-unconfined-behavior-that-can-be-later-changed-to-confinement-by-using-profile-replacement.-This-mode-is-should-not-be-used-under-regular-deployment-but-can-be-useful-during-debugging-and-some-system-initialization-scenarios"><b>unconfined</b> This mode allows a task confined by the profile to behave as though they are <i>unconfined</i>. This mode allow for an unconfined behavior that can be later changed to confinement by using profile replacement. This mode is should not be used under regular deployment but can be useful during debugging and some system initialization scenarios.</dt>
+<dd>
+
+</dd>
+</dl>
+
+<h4 id="Audit-Mode">Audit Mode</h4>
+
+<p>The audit mode allows control of how AppArmor messages are are logged to the audit system.</p>
+
+<dl>
+
+<dt id="audit-This-flag-causes-all-actions-whether-allowed-or-denied-to-be-logged"><b>audit</b> This flag causes all actions whether allowed or denied to be logged.</dt>
+<dd>
+
+</dd>
+</dl>
+
+<h4 id="Misc-modes">Misc modes</h4>
+
+<dl>
+
+<dt id="mediate_deleted-This-forces-AppArmor-to-mediate-deleted-files-as-if-they-still-exist-in-the-file-system"><b>mediate_deleted</b> This forces AppArmor to mediate deleted files as if they still exist in the file system.</dt>
+<dd>
+
+</dd>
+<dt id="attach_disconnected-This-forces-AppArmor-to-attach-disconnected-objects-to-the-tasks-namespace-and-mediate-them-as-though-they-are-part-of-the-namespace.-WARNING-this-mode-is-unsafe-and-can-result-in-aliasing-and-access-to-objects-that-should-not-be-allowed.-Its-intent-is-a-debug-and-policy-development-tool"><b>attach_disconnected</b> This forces AppArmor to attach disconnected objects to the task's namespace and mediate them as though they are part of the namespace. WARNING this mode is unsafe and can result in aliasing and access to objects that should not be allowed. Its intent is a debug and policy development tool.</dt>
+<dd>
+
+</dd>
+<dt id="chroot_relative-This-forces-file-names-to-be-relative-to-a-chroot-and-behave-as-if-the-chroot-is-a-mount-namespace"><b>chroot_relative</b> This forces file names to be relative to a chroot and behave as if the chroot is a mount namespace.</dt>
+<dd>
+
+</dd>
+</dl>
+
<h2 id="Access-Modes">Access Modes</h2>
<p>File permission access modes consists of combinations of the following modes:</p>
@@ -542,10 +683,10 @@
<p>These modes attempt to perform a domain transition as specified by the matching permission (shown below) and if that transition fails to find the matching profile the domain transition proceeds using the 'ix' transition mode.</p>
-<pre><code> 'Pix' == 'Px' with fallback to 'ix'
- 'pix' == 'px' with fallback to 'ix'
- 'Cix' == 'Cx' with fallback to 'ix'
- 'cix' == 'cx' with fallback to 'ix'</code></pre>
+<pre><code>'Pix' == 'Px' with fallback to 'ix'
+'pix' == 'px' with fallback to 'ix'
+'Cix' == 'Cx' with fallback to 'ix'
+'cix' == 'cx' with fallback to 'ix'</code></pre>
<p>Incompatible with other exec transition modes and the deny qualifier.</p>
@@ -555,10 +696,10 @@
<p>These modes attempt to perform a domain transition as specified by the matching permission (shown below) and if that transition fails to find the matching profile the domain transition proceeds using the 'ux' transition mode if 'pux', 'cux' or the 'Ux' transition mode if 'PUx', 'CUx' is used.</p>
-<pre><code> 'PUx' == 'Px' with fallback to 'Ux'
- 'pux' == 'px' with fallback to 'ux'
- 'CUx' == 'Cx' with fallback to 'Ux'
- 'cux' == 'cx' with fallback to 'ux'</code></pre>
+<pre><code>'PUx' == 'Px' with fallback to 'Ux'
+'pux' == 'px' with fallback to 'ux'
+'CUx' == 'Cx' with fallback to 'Ux'
+'cux' == 'cx' with fallback to 'ux'</code></pre>
<p>Incompatible with other exec transition modes and the deny qualifier.</p>
@@ -578,7 +719,7 @@
<p>The name of the profile to transition to is specified using the '->' followed by the name of the profile to transition to. Eg.</p>
-<pre><code> /bin/** px -> profile,</code></pre>
+<pre><code>/bin/** px -> profile,</code></pre>
<p>Incompatible with other exec transition modes.</p>
@@ -606,13 +747,13 @@
<p>File rules can be specified with the access permission either leading or trailing the file glob. Eg.</p>
-<pre><code> rw /**, # leading permissions
+<pre><code>rw /**, # leading permissions
- /** rw, # trailing permissions</code></pre>
+/** rw, # trailing permissions</code></pre>
<p>When leading permissions are used further rule options and context may be allowed, Eg.</p>
-<pre><code> l /foo -> /bar, # lead 'l' link permission is equivalent to link rules</code></pre>
+<pre><code>l /foo -> /bar, # lead 'l' link permission is equivalent to link rules</code></pre>
</dd>
</dl>
@@ -623,10 +764,10 @@
<p>Eg.</p>
-<pre><code> /file1 r,
- /file2 rwk,
- /link* rw,
- link subset /link* -> /**,</code></pre>
+<pre><code>/file1 r,
+/file2 rwk,
+/link* rw,
+link subset /link* -> /**,</code></pre>
<p>The link rule allows linking of /link to both /file1 or /file2 by name however because the /link file has 'rw' permissions it is not allowed to link to /file1 because that would grant an access path to /file1 with more permissions than the 'r' permissions the profile specifies.</p>
@@ -636,14 +777,14 @@
<p>The following link rule is equivalent to the 'l' permission file rule</p>
-<pre><code> link /foo -> bar,
- l /foo -> /bar,</code></pre>
+<pre><code>link /foo -> bar,
+l /foo -> /bar,</code></pre>
<p>File rules that specify the 'l' permission and don't specify the extend link permissions map to link rules as follows.</p>
-<pre><code> /foo l,
- l /foo,
- link subset /foo -> /**,</code></pre>
+<pre><code>/foo l,
+l /foo,
+link subset /foo -> /**,</code></pre>
<h2 id="Comments">Comments</h2>
@@ -655,7 +796,7 @@
<h2 id="Network-Rules">Network Rules</h2>
-<p>AppArmor supports simple coarse grained network mediation. The network rule restrict all socket(2) based operations. The mediation done is a course grained check on whether a socket of a given type and family can be created, read, or written. There is no mediation based of port number or protocol beyond tcp, udp, and raw. Network netlink(7) rules may only specify type 'dgram' and 'raw'.</p>
+<p>AppArmor supports simple coarse grained network mediation. The network rule restrict all socket(2) based operations. The mediation done is a coarse-grained check on whether a socket of a given type and family can be created, read, or written. There is no mediation based of port number or protocol beyond tcp, udp, and raw. Network netlink(7) rules may only specify type 'dgram' and 'raw'.</p>
<p>AppArmor network rules are accumulated so that the granted network permissions are the union of all the listed network rule permissions.</p>
@@ -663,11 +804,11 @@
<p>eg.</p>
-<pre><code> network, #allow access to all networking
- network tcp, #allow access to tcp
- network inet tcp, #allow access to tcp only for inet4 addresses
- network inet6 tcp, #allow access to tcp only for inet6 addresses
- network netlink raw, #allow access to AF_NETLINK SOCK_RAW</code></pre>
+<pre><code>network, #allow access to all networking
+network tcp, #allow access to tcp
+network inet tcp, #allow access to tcp only for inet4 addresses
+network inet6 tcp, #allow access to tcp only for inet6 addresses
+network netlink raw, #allow access to AF_NETLINK SOCK_RAW</code></pre>
<h2 id="Mount-Rules">Mount Rules</h2>
@@ -677,72 +818,72 @@
<li><p>If a conditional is specified using '=', then the rule only grants permission for mounts matching the exactly specified options. For example, an AppArmor policy with the following rule:</p>
-<pre><code> mount options=ro /dev/foo -E<gt> /mnt/,</code></pre>
+<pre><code>mount options=ro /dev/foo -E<gt> /mnt/,</code></pre>
<p>Would match:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt</code></pre>
+<pre><code>$ mount -o ro /dev/foo /mnt</code></pre>
<p>but not either of these:</p>
-<pre><code> $ mount -o ro,atime /dev/foo /mnt
+<pre><code>$ mount -o ro,atime /dev/foo /mnt
- $ mount -o rw /dev/foo /mnt</code></pre>
+$ mount -o rw /dev/foo /mnt</code></pre>
</li>
<li><p>If a conditional is specified using 'in', then the rule grants permission for mounts matching any combination of the specified options. For example, if an AppArmor policy has the following rule:</p>
-<pre><code> mount options in (ro,atime) /dev/foo -> /mnt/,</code></pre>
+<pre><code>mount options in (ro,atime) /dev/foo -> /mnt/,</code></pre>
<p>all of these mount commands will match:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt
+<pre><code>$ mount -o ro /dev/foo /mnt
- $ mount -o ro,atime /dev/foo /mnt
+$ mount -o ro,atime /dev/foo /mnt
- $ mount -o atime /dev/foo /mnt</code></pre>
+$ mount -o atime /dev/foo /mnt</code></pre>
<p>but none of these will:</p>
-<pre><code> $ mount -o ro,sync /dev/foo /mnt
+<pre><code>$ mount -o ro,sync /dev/foo /mnt
- $ mount -o ro,atime,sync /dev/foo /mnt
+$ mount -o ro,atime,sync /dev/foo /mnt
- $ mount -o rw /dev/foo /mnt
+$ mount -o rw /dev/foo /mnt
- $ mount -o rw,noatime /dev/foo /mnt
+$ mount -o rw,noatime /dev/foo /mnt
- $ mount /dev/foo /mnt</code></pre>
+$ mount /dev/foo /mnt</code></pre>
</li>
<li><p>If multiple conditionals are specified in a single mount rule, then the rule grants permission for each set of options. This provides a shorthand when writing mount rules which might help to logically break up a conditional. For example, if an AppArmor policy has the following rule:</p>
-<pre><code> mount options=ro options=atime</code></pre>
+<pre><code>mount options=ro options=atime</code></pre>
<p>both of these mount commands will match:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt
+<pre><code>$ mount -o ro /dev/foo /mnt
- $ mount -o atime /dev/foo /mnt</code></pre>
+$ mount -o atime /dev/foo /mnt</code></pre>
<p>but this one will not:</p>
-<pre><code> $ mount -o ro,atime /dev/foo /mnt</code></pre>
+<pre><code>$ mount -o ro,atime /dev/foo /mnt</code></pre>
</li>
</ol>
<p>Note that separate mount rules are distinct and the options do not accumulate. For example, these AppArmor mount rules:</p>
-<pre><code> mount options=ro,
+<pre><code>mount options=ro,
- mount options=atime,</code></pre>
+mount options=atime,</code></pre>
<p>are not equivalent to either of these mount rules:</p>
-<pre><code> mount options=(ro,atime),
+<pre><code>mount options=(ro,atime),
- mount options in (ro,atime),</code></pre>
+mount options in (ro,atime),</code></pre>
<p>To help clarify the flexibility and complexity of mount rules, here are some example rules with accompanying matching commands:</p>
@@ -759,13 +900,13 @@
<p>allow mounting of /dev/foo anywhere with any options. Some matching mount commands:</p>
-<pre><code> $ mount /dev/foo /mnt
+<pre><code>$ mount /dev/foo /mnt
- $ mount -t ext3 /dev/foo /mnt
+$ mount -t ext3 /dev/foo /mnt
- $ mount -t vfat /dev/foo /mnt
+$ mount -t vfat /dev/foo /mnt
- $ mount -o ro,atime,noexec,nodiratime /dev/foo /srv/some/mountpoint</code></pre>
+$ mount -o ro,atime,noexec,nodiratime /dev/foo /srv/some/mountpoint</code></pre>
</dd>
<dt id="mount-options-ro-dev-foo"><b>mount options=ro /dev/foo,</b></dt>
@@ -773,9 +914,9 @@
<p>allow mounting of /dev/foo anywhere, as read only. Some matching mount commands:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt
+<pre><code>$ mount -o ro /dev/foo /mnt
- $ mount -o ro /dev/foo /some/where/else</code></pre>
+$ mount -o ro /dev/foo /some/where/else</code></pre>
</dd>
<dt id="mount-options-ro-atime-dev-foo"><b>mount options=(ro,atime) /dev/foo,</b></dt>
@@ -783,9 +924,9 @@
<p>allow mount of /dev/foo anywhere, as read only and using inode access times. Some matching mount commands:</p>
-<pre><code> $ mount -o ro,atime /dev/foo /mnt
+<pre><code>$ mount -o ro,atime /dev/foo /mnt
- $ mount -o ro,atime /dev/foo /some/where/else</code></pre>
+$ mount -o ro,atime /dev/foo /some/where/else</code></pre>
</dd>
<dt id="mount-options-in-ro-atime-dev-foo"><b>mount options in (ro,atime) /dev/foo,</b></dt>
@@ -793,11 +934,11 @@
<p>allow mount of /dev/foo anywhere using some combination of 'ro' and 'atime' (see above). Some matching mount commands:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt
+<pre><code>$ mount -o ro /dev/foo /mnt
- $ mount -o atime /dev/foo /some/where/else
+$ mount -o atime /dev/foo /some/where/else
- $ mount -o ro,atime /dev/foo /some/other/place</code></pre>
+$ mount -o ro,atime /dev/foo /some/other/place</code></pre>
</dd>
<dt id="mount-options-ro-dev-foo-mount-options-atime-dev-foo"><b>mount options=ro /dev/foo, mount options=atime /dev/foo,</b></dt>
@@ -805,9 +946,9 @@
<p>allow mount of /dev/foo anywhere as read only, and allow mount of /dev/foo anywhere using inode access times. Note this is expressed as two different rules. Matches:</p>
-<pre><code> $ mount -o ro /dev/foo /mnt/1
+<pre><code>$ mount -o ro /dev/foo /mnt/1
- $ mount -o atime /dev/foo /mnt/2</code></pre>
+$ mount -o atime /dev/foo /mnt/2</code></pre>
</dd>
<dt id="mount---mnt"><b>mount -> /mnt/**,</b></dt>
@@ -815,9 +956,9 @@
<p>allow mounting anything under a directory in /mnt/**. Some matching mount commands:</p>
-<pre><code> $ mount /dev/foo1 /mnt/1
+<pre><code>$ mount /dev/foo1 /mnt/1
- $ mount -o ro,atime,noexec,nodiratime /dev/foo2 /mnt/deep/path/foo2</code></pre>
+$ mount -o ro,atime,noexec,nodiratime /dev/foo2 /mnt/deep/path/foo2</code></pre>
</dd>
<dt id="mount-options-ro---mnt"><b>mount options=ro -> /mnt/**,</b></dt>
@@ -825,9 +966,9 @@
<p>allow mounting anything under /mnt/**, as read only. Some matching mount commands:</p>
-<pre><code> $ mount -o ro /dev/foo1 /mnt/1
+<pre><code>$ mount -o ro /dev/foo1 /mnt/1
- $ mount -o ro /dev/foo2 /mnt/deep/path/foo2</code></pre>
+$ mount -o ro /dev/foo2 /mnt/deep/path/foo2</code></pre>
</dd>
<dt id="mount-fstype-ext3-options-rw-atime-dev-sdb1---mnt-stick"><b>mount fstype=ext3 options=(rw,atime) /dev/sdb1 -> /mnt/stick/,</b></dt>
@@ -835,7 +976,7 @@
<p>allow mounting an ext3 filesystem in /dev/sdb1 on /mnt/stick as read/write and using inode access times. Matches only:</p>
-<pre><code> $ mount -o rw,atime /dev/sdb1 /mnt/stick</code></pre>
+<pre><code>$ mount -o rw,atime /dev/sdb1 /mnt/stick</code></pre>
</dd>
<dt id="mount-options-ro-atime-options-in-nodev-user-dev-foo---mnt"><b>mount options=(ro, atime) options in (nodev, user) /dev/foo -> /mnt/,</b></dt>
@@ -843,13 +984,13 @@
<p>allow mounting /dev/foo on /mmt/ read only and using inode access times or allow mounting /dev/foo on /mnt/ with some combination of 'nodev' and 'user'. Matches only:</p>
-<pre><code> $ mount -o ro,atime /dev/foo /mnt
+<pre><code>$ mount -o ro,atime /dev/foo /mnt
- $ mount -o nodev /dev/foo /mnt
+$ mount -o nodev /dev/foo /mnt
- $ mount -o user /dev/foo /mnt
+$ mount -o user /dev/foo /mnt
- $ mount -o nodev,user /dev/foo /mnt</code></pre>
+$ mount -o nodev,user /dev/foo /mnt</code></pre>
</dd>
</dl>
@@ -864,23 +1005,23 @@
<p>Here are some example 'pivot_root' rules:</p>
-<pre><code> # Allow any pivot
- pivot_root,
+<pre><code># Allow any pivot
+pivot_root,
- # Allow pivoting to any new root directory and putting the old root
- # directory at /mnt/root/old/
- pivot_root oldroot=/mnt/root/old/,
+# Allow pivoting to any new root directory and putting the old root
+# directory at /mnt/root/old/
+pivot_root oldroot=/mnt/root/old/,
- # Allow pivoting the root directory to /mnt/root/
- pivot_root /mnt/root/,
+# Allow pivoting the root directory to /mnt/root/
+pivot_root /mnt/root/,
- # Allow pivoting to /mnt/root/ and putting the old root directory at
- # /mnt/root/old/
- pivot_root oldroot=/mnt/root/old/ /mnt/root/,
+# Allow pivoting to /mnt/root/ and putting the old root directory at
+# /mnt/root/old/
+pivot_root oldroot=/mnt/root/old/ /mnt/root/,
- # Allow pivoting to /mnt/root/, putting the old root directory at
- # /mnt/root/old/ and transition to the /mnt/root/sbin/init profile
- pivot_root oldroot=/mnt/root/old/ /mnt/root/ -> /mnt/root/sbin/init,</code></pre>
+# Allow pivoting to /mnt/root/, putting the old root directory at
+# /mnt/root/old/ and transition to the /mnt/root/sbin/init profile
+pivot_root oldroot=/mnt/root/old/ /mnt/root/ -> /mnt/root/sbin/init,</code></pre>
<h2 id="PTrace-rules">PTrace rules</h2>
@@ -894,20 +1035,20 @@
<p>Example AppArmor PTrace rules:</p>
-<pre><code> # Allow all PTrace access
- ptrace,
+<pre><code># Allow all PTrace access
+ptrace,
- # Explicitly allow all PTrace access,
- ptrace (read, readby, trace, tracedby),
+# Explicitly allow all PTrace access,
+ptrace (read, readby, trace, tracedby),
- # Explicitly deny use of ptrace(2)
- deny ptrace (trace),
+# Explicitly deny use of ptrace(2)
+deny ptrace (trace),
- # Allow unconfined processes (eg, a debugger) to ptrace us
- ptrace (readby, tracedby) peer=unconfined,
+# Allow unconfined processes (eg, a debugger) to ptrace us
+ptrace (readby, tracedby) peer=unconfined,
- # Allow ptrace of a process running under the /usr/bin/foo profile
- ptrace (trace) peer=/usr/bin/foo,</code></pre>
+# Allow ptrace of a process running under the /usr/bin/foo profile
+ptrace (trace) peer=/usr/bin/foo,</code></pre>
<h2 id="Signal-rules">Signal rules</h2>
@@ -919,27 +1060,27 @@
<p>Example AppArmor signal rules:</p>
-<pre><code> # Allow all signal access
- signal,
+<pre><code># Allow all signal access
+signal,
- # Explicitly deny sending the HUP and INT signals
- deny signal (send) set=(hup, int),
+# Explicitly deny sending the HUP and INT signals
+deny signal (send) set=(hup, int),
- # Allow unconfined processes to send us signals
- signal (receive) peer=unconfined,
+# Allow unconfined processes to send us signals
+signal (receive) peer=unconfined,
- # Allow sending of signals to a process running under the /usr/bin/foo
- # profile
- signal (send) peer=/usr/bin/foo,
+# Allow sending of signals to a process running under the /usr/bin/foo
+# profile
+signal (send) peer=/usr/bin/foo,
- # Allow checking for PID existence
- signal (receive, send) set=("exists"),
+# Allow checking for PID existence
+signal (receive, send) set=("exists"),
- # Allow us to signal ourselves using the built-in @{profile_name} variable
- signal peer=@{profile_name},
+# Allow us to signal ourselves using the built-in @{profile_name} variable
+signal peer=@{profile_name},
- # Allow two real-time signals
- signal set=(rtmin+0 rtmin+32),</code></pre>
+# Allow two real-time signals
+signal set=(rtmin+0 rtmin+32),</code></pre>
<h2 id="DBus-rules">DBus rules</h2>
@@ -957,41 +1098,41 @@
<p>Example AppArmor DBus rules:</p>
-<pre><code> # Allow all DBus access
- dbus,
+<pre><code># Allow all DBus access
+dbus,
- # Explicitly allow all DBus access,
- dbus (send, receive, bind),
+# Explicitly allow all DBus access,
+dbus (send, receive, bind),
- # Deny send/receive/bind access to the session bus
- deny dbus bus=session,
+# Deny send/receive/bind access to the session bus
+deny dbus bus=session,
- # Allow bind access for a particular name on any bus
- dbus bind name=com.example.ExampleName,
+# Allow bind access for a particular name on any bus
+dbus bind name=com.example.ExampleName,
- # Allow receive access for a particular path and interface
- dbus receive path=/com/example/path interface=com.example.Interface,
+# Allow receive access for a particular path and interface
+dbus receive path=/com/example/path interface=com.example.Interface,
- # Deny send/receive access to the system bus for a particular interface
- deny dbus bus=system interface=com.example.ExampleInterface,
+# Deny send/receive access to the system bus for a particular interface
+deny dbus bus=system interface=com.example.ExampleInterface,
- # Allow send access for a particular path, interface, member, and pair of
- # peer names:
- dbus send
- bus=session
- path=/com/example/path
- interface=com.example.Interface
- member=ExampleMethod
- peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
+# Allow send access for a particular path, interface, member, and pair of
+# peer names:
+dbus send
+ bus=session
+ path=/com/example/path
+ interface=com.example.Interface
+ member=ExampleMethod
+ peer=(name=(com.example.ExampleName1|com.example.ExampleName2)),
- # Allow receive access for all unconfined peers
- dbus receive peer=(label=unconfined),
+# Allow receive access for all unconfined peers
+dbus receive peer=(label=unconfined),
- # Allow eavesdropping on the system bus
- dbus eavesdrop bus=system,
+# Allow eavesdropping on the system bus
+dbus eavesdrop bus=system,
- # Allow and audit all eavesdropping
- audit dbus eavesdrop,</code></pre>
+# Allow and audit all eavesdropping
+audit dbus eavesdrop,</code></pre>
<h2 id="Unix-socket-rules">Unix socket rules</h2>
@@ -1003,19 +1144,33 @@
<p>The sun_path component (aka the socket address) of a unix domain socket is specified by the</p>
-<pre><code> addr=</code></pre>
+<pre><code>addr=</code></pre>
<p>conditional. If an address conditional is not specified as part of a rule then the rule matches both abstract and anonymous sockets.</p>
<p>In apparmor the address of an abstract unix domain socket begins with the <i>@</i> character, similar to how they are reported (as paths) by netstat -x. The address then follows and may contain pattern matching and any characters including the null character. In apparmor null characters must be specified by using an escape sequence <i>\000</i> or <i>\x00</i>. The pattern matching is the same as is used by file path matching so * will not match <i>/</i> even though it has no special meaning with in an abstract socket name. Eg.</p>
-<pre><code> unix addr=@*,</code></pre>
+<pre><code>unix addr=@*,</code></pre>
+
+<p>Autobound unix domain sockets have a unix sun_path assigned to them by the kernel, as such specifying a policy based address is not possible. The autobinding of sockets can be controlled by specifying the special <i>auto</i> keyword. Eg.</p>
+
+<pre><code>unix addr=auto,</code></pre>
+
+<p>To indicate that the rule only applies to auto binding of unix domain sockets. It is important to note this only applies to the <i>bind</i> permission as once the socket is bound to an address it is indistinguishable from a socket that have an addr bound with a specified name. When the <i>auto</i> keyword is used with other permissions or as part of a peer addr it will be replaced with a pattern that can match an autobound socket. Eg. For some kernels</p>
+
+<pre><code>unix rw addr=auto,</code></pre>
+
+<p>is transformed to</p>
+
+<pre><code>unix rw addr=@[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],</code></pre>
+
+<p>It is important to note, this pattern may match abstract sockets that were not autobound but have an addr that fits what is generated by the kernel when autobinding a socket.</p>
<p>Anonymous unix domain sockets have no sun_path associated with the socket address, however it can be specified with the special <i>none</i> keyword to indicate the rule only applies to anonymous unix domain sockets. Eg.</p>
-<pre><code> unix addr=none,</code></pre>
+<pre><code>unix addr=none,</code></pre>
-<p>If the address component of a rule is not specified then the rule applies to both abstract and anonymous sockets.</p>
+<p>If the address component of a rule is not specified then the rule applies to autobind, abstract and anonymous sockets.</p>
<h3 id="Unix-socket-permissions">Unix socket permissions</h3>
@@ -1031,31 +1186,31 @@
<h3 id="Example-Unix-domain-socket-rules">Example Unix domain socket rules:</h3>
-<pre><code> # Allow all permissions to unix sockets
- unix,
+<pre><code># Allow all permissions to unix sockets
+unix,
- # Explicitly allow all unix permissions
- unix (create, listen, accept, connect, send, receive, getattr, setattr, setopt, getopt),
+# Explicitly allow all unix permissions
+unix (create, listen, accept, connect, send, receive, getattr, setattr, setopt, getopt),
- # Explicitly deny unix socket access
- deny unix,
+# Explicitly deny unix socket access
+deny unix,
- # Allow create and use of abstract and anonymous sockets for profile_name
- unix peer=(label=@{profile_name}),
+# Allow create and use of abstract and anonymous sockets for profile_name
+unix peer=(label=@{profile_name}),
- # Allow receiving via unix sockets from unconfined
- unix (receive) peer=(label=unconfined),
+# Allow receiving via unix sockets from unconfined
+unix (receive) peer=(label=unconfined),
- # Allow getattr and shutdown on anonymous sockets
- unix (getattr, shutdown) addr=none,
+# Allow getattr and shutdown on anonymous sockets
+unix (getattr, shutdown) addr=none,
- # Allow SOCK_STREAM connect, receive and send on an abstract socket @bar
- # with peer running under profile '/foo'
- unix (connect, receive, send) type=stream peer=(label=/foo,addr="@bar"),
+# Allow SOCK_STREAM connect, receive and send on an abstract socket @bar
+# with peer running under profile '/foo'
+unix (connect, receive, send) type=stream peer=(label=/foo,addr="@bar"),
- # Allow accepting connections from and receiving from peer running under
- # profile '/bar' on abstract socket '@foo'
- unix (accept, receive) addr=@foo peer=(label=/bar),</code></pre>
+# Allow accepting connections from and receiving from peer running under
+# profile '/bar' on abstract socket '@foo'
+unix (accept, receive) addr=@foo peer=(label=/bar),</code></pre>
<h3 id="Abstract-unix-domain-sockets-autobind">Abstract unix domain sockets autobind</h3>
@@ -1067,42 +1222,42 @@
<p>E.G.</p>
-<pre><code> network unix, => unix,
+<pre><code>network unix, => unix,
- network unix stream, => unix stream,</code></pre>
+network unix stream, => unix stream,</code></pre>
<p>Fine grained mediation rules however can not be losslessly converted back to the coarse grained network rule; e.g.</p>
-<pre><code> unix bind addr=@example,</code></pre>
+<pre><code>unix bind addr=@example,</code></pre>
<p>Has no exact match under coarse grained network rules, the closest match is the much wider permission rule of</p>
-<pre><code> network unix,</code></pre>
+<pre><code>network unix,</code></pre>
<h2 id="change_profile-rules">change_profile rules</h2>
<p>AppArmor supports self directed profile transitions via the change_profile api. Change_profile rules control which permissions for which profiles a confined task can transition to. The profile name can contain apparmor pattern matching to specify different profiles.</p>
-<pre><code> change_profile -> **,</code></pre>
+<pre><code>change_profile -> **,</code></pre>
<p>The change_profile api allows the transition to be delayed until when a task executes another application. If an exec rule transition is specified for the application and the change_profile api is used to make a transition at exec time, the transition specified by the change_profile api takes precedence.</p>
<p>The Change_profile permission can restrict which profiles can be transitioned to based off of the executable name by specifying the exec condition.</p>
-<pre><code> change_profile /bin/bash -> new_profile,</code></pre>
+<pre><code>change_profile /bin/bash -> new_profile,</code></pre>
<p>The restricting of the transition profile to a given executable at exec time is only useful when then current task is allowed to make dynamic decisions about what confinement should be, but the decision set needs to be controlled. A list of profiles or multiple rules can be used to specify the profiles in the set. Eg.</p>
-<pre><code> change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
+<pre><code>change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
<p>An exec rule can be used to specify a transition for the executable, if the transition should be allowed even if the change_profile api has not been used to select a transition for those available in the change_profile rule set. Eg.</p>
-<pre><code> /bin/bash Px -> new_profile1,
- change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
+<pre><code>/bin/bash Px -> new_profile1,
+change_profile /bin/bash -> {new_profile1,new_profile2,new_profile3},</code></pre>
<p>The exec mode dictates whether or not the Linux Kernel's <b>unsafe_exec</b> routines should be used to scrub the environment, similar to setuid programs. (See ld.so(8) for some information on setuid/setgid environment scrubbing.) The <b>safe</b> mode sets up environment scrubbing to occur when the new application is executed and <b>unsafe</b> mode disables AppArmor's requirement for environment scrubbing (the kernel and/or libc may still require environment scrubbing). An exec mode can only be specified when an exec condition is present.</p>
-<pre><code> change_profile safe /bin/bash -> new_profile,</code></pre>
+<pre><code>change_profile safe /bin/bash -> new_profile,</code></pre>
<p>Not all kernels support <b>safe</b> mode and the parser will downgrade rules to <b>unsafe</b> mode in that situation. If no exec mode is specified, the default is <b>safe</b> mode in kernels that support it.</p>
@@ -1118,9 +1273,9 @@
<p>Eg.</p>
-<pre><code> set rlimit data <= 100M,
- set rlimit nproc <= 10,
- set rlimit nice <= 5,</code></pre>
+<pre><code>set rlimit data <= 100M,
+set rlimit nproc <= 10,
+set rlimit nice <= 5,</code></pre>
<h2 id="Variables">Variables</h2>
@@ -1130,25 +1285,25 @@
<p>At the time of this writing, the following variables are defined in the provided AppArmor policy:</p>
-<pre><code> @{HOME}
- @{HOMEDIRS}
- @{multiarch}
- @{pid}
- @{pids}
- @{PROC}
- @{securityfs}
- @{apparmorfs}
- @{sys}
- @{tid}
- @{run}
- @{XDG_DESKTOP_DIR}
- @{XDG_DOWNLOAD_DIR}
- @{XDG_TEMPLATES_DIR}
- @{XDG_PUBLICSHARE_DIR}
- @{XDG_DOCUMENTS_DIR}
- @{XDG_MUSIC_DIR}
- @{XDG_PICTURES_DIR}
- @{XDG_VIDEOS_DIR}</code></pre>
+<pre><code>@{HOME}
+@{HOMEDIRS}
+@{multiarch}
+@{pid}
+@{pids}
+@{PROC}
+@{securityfs}
+@{apparmorfs}
+@{sys}
+@{tid}
+@{run}
+@{XDG_DESKTOP_DIR}
+@{XDG_DOWNLOAD_DIR}
+@{XDG_TEMPLATES_DIR}
+@{XDG_PUBLICSHARE_DIR}
+@{XDG_DOCUMENTS_DIR}
+@{XDG_MUSIC_DIR}
+@{XDG_PICTURES_DIR}
+@{XDG_VIDEOS_DIR}</code></pre>
<p>These are defined in files in <i>/etc/apparmor.d/tunables</i> and are used in many of the abstractions described later.</p>
@@ -1276,10 +1431,10 @@
<p>Rule Qualifiers can be applied to multiple rules at a time by grouping the rules into a rule block.</p>
-<pre><code> audit {
- /foo r,
- network,
- }</code></pre>
+<pre><code>audit {
+ /foo r,
+ network,
+}</code></pre>
<h2 id="include-mechanism">#include mechanism</h2>
@@ -1397,45 +1552,66 @@
<p>Some of the abstractions rely on variables that are set in files in the <i>/etc/apparmor.d/tunables/</i> directory. These variables are currently <b>@{HOME}</b> and <b>@{HOMEDIRS}</b>. Variables cannot be set in profile scope; they can only be set before the profile. Therefore, any profiles that use abstractions should either <b>#include <tunables/global></b> or otherwise ensure that <b>@{HOME}</b> and <b>@{HOMEDIRS}</b> are set before starting the profile definition. The aa-autodep(8) and aa-genprof(8) utilities will automatically emit <b>#include <tunables/global></b> in generated profiles.</p>
+<h2 id="Feature-ABI">Feature ABI</h2>
+
+<p>The feature abi tells AppArmor which feature set the policy was developed under. This is important to ensure that kernels with a different feature set don't enforce features that the policy doesn't support, which can result in unexpected application failures.</p>
+
+<p>When policy is compiled both the kernel feature abi and policy feature abi are consulted to build a policy that will work for the system's kernel.</p>
+
+<p>If the kernel supports a feature not supported by the policy then policy will be built so that the kernel does NOT enforce that feature.</p>
+
+<p>If the policy supports a feature not supported by the kernel the compile may downgrade the rule with the feature to something the kernel supports, drop the rule completely, or fail the compile.</p>
+
+<p>If the policy abi is specified as <b>kernel</b> then the running kernel's abi will be used. This should never be used in shipped policy as it can cause system breakage when a new kernel is installed.</p>
+
+<h3 id="ABI-compatibility-with-AppArmor-2.x">ABI compatibility with AppArmor 2.x</h3>
+
+<p>AppArmor 3 remains compatible with AppArmor 2.x by detecting when a profile does not have a feature ABI specified. In this case the policy compile will either apply the pinned feature ABI as specified by the config file or the command line, or if neither of those are applied by using a default feature ABI.</p>
+
+<p>It is important to note that the default feature ABI does not support new features added in AppArmor 3 or later.</p>
+
<h1 id="EXAMPLE">EXAMPLE</h1>
<p>An example AppArmor profile:</p>
-<pre><code> # a variable definition in the preamble
- @{HOME} = /home/*/ /root/
-
- # a comment about foo.
- /usr/bin/foo {
- /bin/mount ux,
- /dev/{,u}random r,
- /etc/ld.so.cache r,
- /etc/foo.conf r,
- /etc/foo/* r,
- /lib/ld-*.so* rmix,
- /lib/lib*.so* r,
- /proc/[0-9]** r,
- /usr/lib/** r,
- /tmp/foo.pid wr,
- /tmp/foo.* lrw,
- /@{HOME}/.foo_file rw,
- /usr/bin/baz Cx -> baz,
-
- # a comment about foo's hat (subprofile), bar.
- ^bar {
- /lib/ld-*.so* rmix,
- /usr/bin/bar rmix,
- /var/spool/* rwl,
- }
-
- # a comment about foo's subprofile, baz.
- profile baz {
- #include <abstractions/bash>
- owner /proc/[0-9]*/stat r,
- /bin/bash ixr,
- /var/lib/baz/ r,
- owner /var/lib/baz/* rw,
- }
- }</code></pre>
+<pre><code># which feature abi the policy was developed with
+abi <abi/3.0>,
+
+# a variable definition in the preamble
+@{HOME} = /home/*/ /root/
+
+# a comment about foo.
+/usr/bin/foo {
+ /bin/mount ux,
+ /dev/{,u}random r,
+ /etc/ld.so.cache r,
+ /etc/foo.conf r,
+ /etc/foo/* r,
+ /lib/ld-*.so* rmix,
+ /lib/lib*.so* r,
+ /proc/[0-9]** r,
+ /usr/lib/** r,
+ /tmp/foo.pid wr,
+ /tmp/foo.* lrw,
+ /@{HOME}/.foo_file rw,
+ /usr/bin/baz Cx -> baz,
+
+ # a comment about foo's hat (subprofile), bar.
+ ^bar {
+ /lib/ld-*.so* rmix,
+ /usr/bin/bar rmix,
+ /var/spool/* rwl,
+ }
+
+ # a comment about foo's subprofile, baz.
+ profile baz {
+ #include <abstractions/bash>
+ owner /proc/[0-9]*/stat r,
+ /bin/bash ixr,
+ /var/lib/baz/ r,
+ owner /var/lib/baz/* rw,
+ }
+}</code></pre>
<h1 id="FILES">FILES</h1>
@@ -1471,11 +1647,11 @@
<h1 id="SEE-ALSO">SEE ALSO</h1>
-<p>apparmor(7), apparmor_parser(8), aa-complain(1), aa-enforce(1), aa_change_hat(2), mod_apparmor(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
+<p>apparmor(7), apparmor_parser(8), apparmor_xattrs(7), aa-complain(1), aa-enforce(1), aa_change_hat(2), mod_apparmor(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> apparmor.d - syntax of security profiles for AppArmor.</span></strong></big>
</td></tr>
</table>
diff --git a/parser/apparmor.d.pod b/parser/apparmor.d.pod
index 59ac72c9abfb728093a881cd5b07989a4b945f53..d6f492a39319ed36d2379b442608e10a670bca8e 100644
--- a/parser/apparmor.d.pod
+++ b/parser/apparmor.d.pod
@@ -35,6 +35,29 @@ configuration files; see apparmor(7) for an overview of AppArmor.
=head1 FORMAT
+AppArmor policy is written in a declarative language, in which the
+order of rules within a given section or block does not
+matter. Policy is by convention written so that it is contained in
+multiple files, but this is not a requirement. It could just as easily
+be written in a single file. The policy language is compiled to a
+architecture independent binary format that is loaded into the kernel
+for enforcement.
+
+The base unit of AppArmor confinement is the profile. It contains a
+set of rules which are enforced when the profile is associated with a
+running program. The rules within the profile provide a whitelist of
+different permission that are allowed, along with a few other special
+rules.
+
+The text in AppArmor policy is split into two sections, the preamble
+and the profile definitions. The preamble must occur at the head of
+the file and once profile definitions begin, no more preamble rules
+are allowed (even in files that are included into the profile). When
+AppArmor policy (set of profiles) is split across multiple files, each
+file can have its own preamble section, which may be the same or
+different from other files preamble. Files included within a profile
+section can not have a preamble section.
+
The following is a BNF-style description of AppArmor policy
configuration files; see below for an example AppArmor policy file.
AppArmor configuration files are line-oriented; B<#> introduces a
@@ -46,7 +69,7 @@ to the policy; this behaviour is modelled after cpp(1).
B<PROFILE FILE> = ( [ I<PREAMBLE> ] [ I<PROFILE> ] )*
-B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<ALIAS RULE> | I<INCLUDE> )*
+B<PREAMBLE> = ( I<COMMENT> | I<VARIABLE ASSIGNMENT> | I<ALIAS RULE> | I<INCLUDE> | I<ABI> )*
Variable assignment and alias rules must come before the profile.
B<VARIABLE ASSIGNMENT> = I<VARIABLE> ('=' | '+=') (space separated values)
@@ -57,6 +80,8 @@ B<ALIAS RULE> = 'alias' I<ABS PATH> '-E<gt>' I<REWRITTEN ABS PATH> ','
B<INCLUDE> = ( '#include' | 'include' ) [ 'if exists' ] ( I<ABS PATH> | I<MAGIC PATH> )
+B<ABI> = ( 'abi' ) ( I<ABS PATH> | I<MAGIC PATH> ) ','
+
B<ABS PATH> = '"' path '"' (the path is passed to open(2))
B<MAGIC PATH> = 'E<lt>' relative path 'E<gt>'
@@ -76,11 +101,23 @@ B<QUOTED PROFILE NAME> = '"' I<UNQUOTED PROFILE NAME> '"'
B<UNQUOTED PROFILE NAME> = (must start with alphanumeric character (after variable expansion), or '/' B<AARE> have special meanings; see below. May include I<VARIABLE>. Rules with embedded spaces or tabs must be quoted.)
-B<ATTACHMENT SPECIFICATION> = I<FILEGLOB>
+B<ATTACHMENT SPECIFICATION> = [ I<PROFILE_EXEC_COND> ] [ I<PROFILE XATTR CONDS> ]
+
+B<PROFILE_EXEC_COND> = I<FILEGLOB>
+
+B<PROFILE XATTR CONDS> = [ 'xattrs=' ] '(' comma or white space separated list of I<PROFILE XATTR> ')'
+
+B<PROFILE XATTR> = extended attribute name '=' I<XATTR VALUE FILEGLOB>
+
+B<XATTR VALUE FILEGLOB> = I<FILEGLOB>
B<PROFILE FLAG CONDS> = [ 'flags=' ] '(' comma or white space separated list of I<PROFILE FLAGS> ')'
-B<PROFILE FLAGS> = 'complain' | 'audit' | 'enforce' | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
+B<PROFILE FLAGS> = I<PROFILE MODE> | I<AUDIT_MODE> | 'mediate_deleted' | 'attach_disconnected' | 'chroot_relative'
+
+B<PROFILE MODE> = 'enforce' | 'complain' | 'kill' | 'unconfined'
+
+B<AUDIT MODE> = 'audit'
B<RULES> = [ ( I<LINE RULES> | I<COMMA RULES> ',' | I<BLOCK RULES> )
@@ -111,7 +148,7 @@ capabilities(7))
B<NETWORK RULE> = [ I<QUALIFIERS> ] 'network' [ I<DOMAIN> ] [ I<TYPE> | I<PROTOCOL> ]
-B<DOMAIN> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' ) ','
+B<DOMAIN> = ( 'unix' | 'inet' | 'ax25' | 'ipx' | 'appletalk' | 'netrom' | 'bridge' | 'atmpvc' | 'x25' | 'inet6' | 'rose' | 'netbeui' | 'security' | 'key' | 'netlink' | 'packet' | 'ash' | 'econet' | 'atmsvc' | 'rds' | 'sna' | 'irda' | 'pppox' | 'wanpipe' | 'llc' | 'ib' | 'mpls' | 'can' | 'tipc' | 'bluetooth' | 'iucv' | 'rxrpc' | 'isdn' | 'phonet' | 'ieee802154' | 'caif' | 'alg' | 'nfc' | 'vsock' | 'kcm' | 'qipcrtr' | 'smc' | 'xdp' | 'mctp' ) ','
B<TYPE> = ( 'stream' | 'dgram' | 'seqpacket' | 'rdm' | 'raw' | 'packet' )
@@ -299,6 +336,147 @@ module, pam_apparmor; and a Tomcat valve, tomcat_apparmor. Applications
written or modified to use change_profile(2) transition permanently to the
specified profile. libvirt is one such application.
+=head2 Profile Head
+
+The profile head consists of a required name that is unique and optional
+attachment conditionals and control flags.
+
+=head3 Name
+
+The name of the profile is its identifier. It is what is displayed
+during introspection (eg. ps -Z), and defines how the profile is
+referenced by policy rules for any policy interaction via ipc or
+domain changes. It is recommended that the name be kept short and have
+meaning for the application it is being applied eg. I<firefox> for the
+firefox web browser or its functional role eg. log_admin.
+
+If the name is an applications full absolute path name
+eg. I</usr/bin/firefox> and an exec attachment conditional is not
+specified the name is also used as the profile's exec attachment
+conditional. This use however has been deprecated and is discouraged
+as it makes for long names that can make profile rules difficult to
+understand, and may not be fully displayed by some introspection
+tools.
+
+=head3 Attachment Conditionals
+
+The attachment conditionals are used during profile changes to
+determine whether a profile is a match for the proposed profile
+transition. The attachment conditionals are optional, how and when
+they are applied is determined by the specific condition(s) used.
+
+When attachment conditionals are used, the attachment conditionals for
+all profiles in the namespace will be evaluated. The profile with the
+set of attachments that result in the best match will become the new
+profile after a transition operation. Attachments that don't match
+will result in the profile not being available for transition.
+
+If no conditionals are specified the profile will only be used if a
+transition explicitly specifies the profile name.
+
+=head4 Exec Attachment Conditional
+
+The exec attachment conditional governs how closely the profile
+matches an executable program. This conditional is only used during an
+exec operation when the matching exec rule specifies either a B<px> or
+B<cx> (or their derivatives) transition type. The exec attachment
+conditional will also be used by tasks that are I<unconfined> as they
+use a B<pix> transition rule.
+
+If there are no attachment matches then it is up to the exec rule to
+determine what happens (fail or a fallback option).
+
+Note: see profile I<Name> for information around using the profile name
+as an attachment conditional.
+
+Exec attachment conditionals can contain variable names and pattern
+matching. They use a longest left match heuristic to deterime the
+winner in the case of multiple matches at run time. The exact
+implementation of this resolution is kernel specific and has improved
+over time, while retaining backwards compatibility. If the heuristic
+can not determine a winner between multiple matches the exec will be
+denied.
+
+=head4 Extended Attributes Attachment Conditional
+
+AppArmor profiles have the ability to target files based on their xattr(7)
+values in addition to their path. For example, the following profile matches
+files in /usr/bin with the attribute "security.apparmor" and value "trusted":
+
+ /usr/bin/* xattrs(security.apparmor="trusted") {
+ # ...
+ }
+
+See apparmor_xattrs(7) for further details.
+
+
+=head3 Flags
+
+The profile flags allow modifying the behavior of the profile. If a
+profile flag is specified it takes priority over any conflicting flags
+that have been specified by rules in the profile body.
+
+=head4 Profile Mode
+
+The profile mode allow controlling the enforcement behavior of the
+profile rules.
+
+If no mode is specified the profile defaults to I<enforce> mode.
+
+=over 8
+
+=item B<enforce> For a given action, if the profile rules do not grant
+permission the action will be denied, with an I<EACCES> or I<EPERM>
+error code returned to userspace, and the violation will be logged
+with a tag of the access being B<DENIED>.
+
+=item B<kill> This is a variant of enforce mode where in addition to
+returning I<EACCES> or I<EPERM> for a violation, the task is also sent
+a signal to kill it.
+
+=item B<complain> For a given action, if the profile rules do not grant
+permission the action will be allowed, but the violation will be logged
+with a tag of the access being B<ALLOWED>.
+
+=item B<unconfined> This mode allows a task confined by the profile to
+behave as though they are I<unconfined>. This mode allow for an
+unconfined behavior that can be later changed to confinement by using
+profile replacement. This mode is should not be used under regular
+deployment but can be useful during debugging and some system
+initialization scenarios.
+
+=back
+
+=head4 Audit Mode
+
+The audit mode allows control of how AppArmor messages are are logged
+to the audit system.
+
+=over 8
+
+=item B<audit> This flag causes all actions whether allowed or denied to be
+logged.
+
+=back
+
+=head4 Misc modes
+
+=over 8
+
+=item B<mediate_deleted> This forces AppArmor to mediate deleted files
+as if they still exist in the file system.
+
+=item B<attach_disconnected> This forces AppArmor to attach
+disconnected objects to the task's namespace and mediate them as
+though they are part of the namespace. WARNING this mode is unsafe and
+can result in aliasing and access to objects that should not be
+allowed. Its intent is a debug and policy development tool.
+
+=item B<chroot_relative> This forces file names to be relative to a
+chroot and behave as if the chroot is a mount namespace.
+
+=back
+
=head2 Access Modes
File permission access modes consists of combinations of the following
@@ -664,7 +842,7 @@ and other operations that are typically reserved for the root user.
AppArmor supports simple coarse grained network mediation. The network
rule restrict all socket(2) based operations. The mediation done is
-a course grained check on whether a socket of a given type and family
+a coarse-grained check on whether a socket of a given type and family
can be created, read, or written. There is no mediation based of port
number or protocol beyond tcp, udp, and raw. Network netlink(7) rules may
only specify type 'dgram' and 'raw'.
@@ -1085,6 +1263,31 @@ in an abstract socket name. Eg.
unix addr=@*,
+Autobound unix domain sockets have a unix sun_path assigned to them
+by the kernel, as such specifying a policy based address is not possible.
+The autobinding of sockets can be controlled by specifying the special
+I<auto> keyword. Eg.
+
+ unix addr=auto,
+
+To indicate that the rule only applies to auto binding of unix domain
+sockets. It is important to note this only applies to the I<bind>
+permission as once the socket is bound to an address it is
+indistinguishable from a socket that have an addr bound with a
+specified name. When the I<auto> keyword is used with other permissions
+or as part of a peer addr it will be replaced with a pattern that
+can match an autobound socket. Eg. For some kernels
+
+ unix rw addr=auto,
+
+is transformed to
+
+ unix rw addr=@[a-f0-9][a-f0-9][a-f0-9][a-f0-9][a-f0-9],
+
+It is important to note, this pattern may match abstract sockets that
+were not autobound but have an addr that fits what is generated by
+the kernel when autobinding a socket.
+
Anonymous unix domain sockets have no sun_path associated with the socket
address, however it can be specified with the special I<none> keyword to
indicate the rule only applies to anonymous unix domain sockets. Eg.
@@ -1092,7 +1295,7 @@ indicate the rule only applies to anonymous unix domain sockets. Eg.
unix addr=none,
If the address component of a rule is not specified then the rule applies
-to both abstract and anonymous sockets.
+to autobind, abstract and anonymous sockets.
=head3 Unix socket permissions
@@ -1527,10 +1730,46 @@ starting the profile definition. The aa-autodep(8) and aa-genprof(8) utilities
will automatically emit B<#include E<lt>tunables/globalE<gt>> in
generated profiles.
+=head2 Feature ABI
+
+The feature abi tells AppArmor which feature set the policy was
+developed under. This is important to ensure that kernels with a
+different feature set don't enforce features that the policy doesn't
+support, which can result in unexpected application failures.
+
+When policy is compiled both the kernel feature abi and policy feature
+abi are consulted to build a policy that will work for the system's
+kernel.
+
+If the kernel supports a feature not supported by the policy then
+policy will be built so that the kernel does NOT enforce that feature.
+
+If the policy supports a feature not supported by the kernel the
+compile may downgrade the rule with the feature to something the
+kernel supports, drop the rule completely, or fail the compile.
+
+If the policy abi is specified as B<kernel> then the running kernel's
+abi will be used. This should never be used in shipped policy as it
+can cause system breakage when a new kernel is installed.
+
+=head3 ABI compatibility with AppArmor 2.x
+
+AppArmor 3 remains compatible with AppArmor 2.x by detecting when a
+profile does not have a feature ABI specified. In this case the policy
+compile will either apply the pinned feature ABI as specified by the
+config file or the command line, or if neither of those are applied by
+using a default feature ABI.
+
+It is important to note that the default feature ABI does not support
+new features added in AppArmor 3 or later.
+
=head1 EXAMPLE
An example AppArmor profile:
+ # which feature abi the policy was developed with
+ abi <abi/3.0>,
+
# a variable definition in the preamble
@{HOME} = /home/*/ /root/
@@ -1610,7 +1849,7 @@ negative values match when specifying one or the other. Eg, 'rw' matches when
=head1 SEE ALSO
-apparmor(7), apparmor_parser(8), aa-complain(1),
+apparmor(7), apparmor_parser(8), apparmor_xattrs(7), aa-complain(1),
aa-enforce(1), aa_change_hat(2), mod_apparmor(5), and
L<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.pod b/parser/apparmor.pod
index 575200290cce55e38186058e153f55851f23ffcc..4d731f3cbf54d2054ea9b127579809d9cb8397e7 100644
--- a/parser/apparmor.pod
+++ b/parser/apparmor.pod
@@ -212,7 +212,7 @@ Else, if auditd is running, see auditd(8) and auditd.conf(5).
=head1 SEE ALSO
apparmor_parser(8), aa_change_hat(2), apparmor.d(5),
-subdomain.conf(5), aa-autodep(1), clean(1),
+aa-autodep(1), clean(1),
auditd(8),
aa-unconfined(8), aa-enforce(1), aa-complain(1), and
L<https://wiki.apparmor.net>.
diff --git a/parser/apparmor.service b/parser/apparmor.service
index f84eac952cb314bf8332777edbfb52b39e93fae3..15b9f74e6c5eff6fdb0a5cf8bc52582f8f12041d 100644
--- a/parser/apparmor.service
+++ b/parser/apparmor.service
@@ -3,8 +3,8 @@ Description=Load AppArmor profiles
DefaultDependencies=no
Before=sysinit.target
After=systemd-journald-audit.socket
-# profile cache
-After=var.mount var-lib.mount
+# profile cache: /var/cache/apparmor/ and /usr/share/apparmor/cache/
+After=var.mount var-cache.mount usr.mount usr-share.mount
ConditionSecurity=apparmor
[Service]
diff --git a/parser/apparmor.systemd b/parser/apparmor.systemd
index aa81ca8bbc72a25e7977eb655773b8cb1efc2e0e..09d579245dcc27855cb54b6d7bd3f9a3dfd06377 100644
--- a/parser/apparmor.systemd
+++ b/parser/apparmor.systemd
@@ -71,6 +71,13 @@ fi
case "$1" in
start)
+ if [ -x /usr/bin/systemd-detect-virt ] && \
+ systemd-detect-virt --quiet --container && \
+ ! is_container_with_internal_policy; then
+ aa_log_daemon_msg "Not starting AppArmor in container"
+ aa_log_end_msg 0
+ exit 0
+ fi
apparmor_start
rc=$?
;;
@@ -79,6 +86,13 @@ case "$1" in
rc=$?
;;
restart|reload|force-reload)
+ if [ -x /usr/bin/systemd-detect-virt ] && \
+ systemd-detect-virt --quiet --container && \
+ ! is_container_with_internal_policy; then
+ aa_log_daemon_msg "Not starting AppArmor in container"
+ aa_log_end_msg 0
+ exit 0
+ fi
apparmor_restart
rc=$?
;;
diff --git a/parser/apparmor_parser.8 b/parser/apparmor_parser.8
index 5d73a36e4f95f5850b8a146c1996b48315397790..462fbfe2a417a00ed1c8c7d43a57f68dacce85ab 100644
--- a/parser/apparmor_parser.8
+++ b/parser/apparmor_parser.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "APPARMOR_PARSER 8"
-.TH APPARMOR_PARSER 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH APPARMOR_PARSER 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +150,7 @@ apparmor_parser \- loads AppArmor profiles into the kernel
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBapparmor_parser\fR is used as a general tool to compile, and manage AppArmor
-policy, including loading new \fIapparmor.d\fR\|(5) profiles into the Linux kernel.
+policy, including loading new \fBapparmor.d\fR\|(5) profiles into the Linux kernel.
.PP
AppArmor profiles restrict the operations available to processes.
.PP
@@ -161,7 +165,7 @@ The \fBapparmor_parser\fR will fall back to taking input from standard input if
a profile or directory is not supplied.
.PP
The input supplied to \fBapparmor_parser\fR should be in the format described in
-\&\fIapparmor.d\fR\|(5).
+\&\fBapparmor.d\fR\|(5).
.SH "COMMANDS"
.IX Header "COMMANDS"
The command set is broken into four subcategories.
@@ -225,7 +229,7 @@ in the kernel with the definition given on standard input.
.IX Item "-R, --remove"
This flag is used to remove an AppArmor definition already in the kernel.
Note that it still requires a complete AppArmor definition as described
-in \fIapparmor.d\fR\|(5) even though the contents of the definition aren't
+in \fBapparmor.d\fR\|(5) even though the contents of the definition aren't
used.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -246,18 +250,35 @@ defined as relative paths.
.IX Item "-I n, --Include n"
Add element n to the search path when resolving #include directives
defined as an absolute paths.
-.IP "\-f n, \-\-subdomainfs n" 4
-.IX Item "-f n, --subdomainfs n"
+.IP "\-f n, \-\-apparmorfs n" 4
+.IX Item "-f n, --apparmorfs n"
Set the location of the apparmor security filesystem (default is
\&\*(L"/sys/kernel/security/apparmor\*(R").
+.IP "\-\-policy\-features n" 4
+.IX Item "--policy-features n"
+Specify the feature set that the policy was developed under. This does
+not override feature \s-1ABI\s0 rules.
+.IP "\-\-override\-policy\-abi n" 4
+.IX Item "--override-policy-abi n"
+Specify the feature set that the policy was developed under and
+override any feature \s-1ABI\s0 rules that the policy may be using.
+.IP "\-\-kernel\-features n" 4
+.IX Item "--kernel-features n"
+Specify the feature set of the kernel that the policy is being compiled for. If not specified this will be determined by the system's kernel.
.IP "\-M n, \-\-features\-file n" 4
.IX Item "-M n, --features-file n"
Use the features file located at path \*(L"n\*(R" (default is
/etc/apparmor.d/cache/.features). If the \-\-cache\-loc option is present, the
\&\*(L".features\*(R" file in the specified cache directory is used.
+.Sp
+Note: this sets both the \-\-kernel\-features and \-\-policy\-features to be the
+same.
.IP "\-m n, \-\-match\-string n" 4
.IX Item "-m n, --match-string n"
Only use match features \*(L"n\*(R".
+.Sp
+Note: this sets both the \-\-kernel\-features and \-\-policy\-features to be the
+same.
.IP "\-n n, \-\-namespace\-string n" 4
.IX Item "-n n, --namespace-string n"
Force a profile to load in the namespace \*(L"n\*(R".
@@ -327,7 +348,7 @@ Do not report on the profiles as they are loaded, and not show warnings.
Report on the profiles as they are loaded, and show warnings.
.IP "\-\-warn=n" 4
.IX Item "--warn=n"
-Enable various warnings during policy compilation. A single dump flag
+Enable various warnings during policy compilation. A single warn flag
can be specified per \-\-warn option, but the \-\-warn flag can be passed
multiple times.
.Sp
@@ -335,7 +356,27 @@ multiple times.
\& apparmor_parser \-\-warn=rules\-not\-enforced ...
.Ve
.Sp
+A specific warning can be disabled by prepending \fIno\fR\- to the flag
+.Sp
+.Vb 1
+\& apparmor_parser \-\-warn=no\-rules\-not\-enforced ...
+.Ve
+.Sp
Use \-\-help=warn to see a full list of which warn flags are supported.
+.IP "\-\-Werror[=n]" 4
+.IX Item "--Werror[=n]"
+Convert warnings into errors during policy compilation. If the
+optional flag is not specified all warnings become errors. If the
+optional flag is specified only the class of warnings specified will
+become errors. A single flag can be specified per \-\-Werror option, but
+the \-\-Werror flag can be passed multiple times.
+.Sp
+.Vb 1
+\& apparmor_parser \-\-Werror=deprecated ...
+.Ve
+.Sp
+Use \-\-help=warn or \-\-help=Werror to see a full list of which warn flags
+are supported.
.IP "\-d, \-\-debug" 4
.IX Item "-d, --debug"
Given once, only checks the profiles to ensure syntactic correctness.
@@ -357,7 +398,8 @@ Use \-\-help=dump to see a full list of which dump flags are supported
Set the number of jobs used to compile the specified policy. Where n can
be
.Sp
-.Vb 3
+.Vb 4
+\& 0 \- disable jobs and use the main process for all compilation
\& # \- a specific number of jobs
\& auto \- the # of cpus in the in the system
\& x# \- # * number of cpus
@@ -369,11 +411,14 @@ Eg.
\-jx4 \s-1OR\s0 \-\-jobs=x4 sets the jobs to # of cpus * 4
\-jx1 is equivalent to \-jauto
.Sp
-The default value is the number of cpus in the system.
+The default value is the number of cpus in the system. Note that if jobs
+is a positive integer number the \-\-jobs\-max parameter is automatically
+set to the same value.
.IP "\-\-max\-jobs n" 4
.IX Item "--max-jobs n"
-Set a hard cap on the value that can be specified by the \-\-jobs flag.
-It takes the same set of options available to the \-\-jobs option, and
+When \-\-jobs is set to a scaling value (ie. auto or xN) the specify a
+hard cap on the value that can be specified by the \-\-jobs flag. It
+takes the same set of options available to the \-\-jobs option, and
defaults to 8*cpus
.IP "\-O n, \-\-optimize=n" 4
.IX Item "-O n, --optimize=n"
@@ -443,8 +488,8 @@ All other options override previously set values.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIsubdomain.conf\fR\|(5), \fIaa_change_hat\fR\|(2), and
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), and
<https://wiki.apparmor.net>.
diff --git a/parser/apparmor_parser.8.html b/parser/apparmor_parser.8.html
index 51ac9dfda1070ee4dac10623b8f00e09adbb661a..f18b940575baee8ddda2e987658328a60e901737 100644
--- a/parser/apparmor_parser.8.html
+++ b/parser/apparmor_parser.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>apparmor_parser - loads AppArmor profiles into the kernel</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> apparmor_parser - loads AppArmor profiles into the kernel</span></strong></big>
</td></tr>
</table>
@@ -198,23 +198,45 @@
<p>Add element n to the search path when resolving #include directives defined as an absolute paths.</p>
</dd>
-<dt id="f-n---subdomainfs-n">-f n, --subdomainfs n</dt>
+<dt id="f-n---apparmorfs-n">-f n, --apparmorfs n</dt>
<dd>
<p>Set the location of the apparmor security filesystem (default is "/sys/kernel/security/apparmor").</p>
+</dd>
+<dt id="policy-features-n">--policy-features n</dt>
+<dd>
+
+<p>Specify the feature set that the policy was developed under. This does not override feature ABI rules.</p>
+
+</dd>
+<dt id="override-policy-abi-n">--override-policy-abi n</dt>
+<dd>
+
+<p>Specify the feature set that the policy was developed under and override any feature ABI rules that the policy may be using.</p>
+
+</dd>
+<dt id="kernel-features-n">--kernel-features n</dt>
+<dd>
+
+<p>Specify the feature set of the kernel that the policy is being compiled for. If not specified this will be determined by the system's kernel.</p>
+
</dd>
<dt id="M-n---features-file-n">-M n, --features-file n</dt>
<dd>
<p>Use the features file located at path "n" (default is /etc/apparmor.d/cache/.features). If the --cache-loc option is present, the ".features" file in the specified cache directory is used.</p>
+<p>Note: this sets both the --kernel-features and --policy-features to be the same.</p>
+
</dd>
<dt id="m-n---match-string-n">-m n, --match-string n</dt>
<dd>
<p>Only use match features "n".</p>
+<p>Note: this sets both the --kernel-features and --policy-features to be the same.</p>
+
</dd>
<dt id="n-n---namespace-string-n">-n n, --namespace-string n</dt>
<dd>
@@ -299,12 +321,26 @@
<dt id="warn-n">--warn=n</dt>
<dd>
-<p>Enable various warnings during policy compilation. A single dump flag can be specified per --warn option, but the --warn flag can be passed multiple times.</p>
+<p>Enable various warnings during policy compilation. A single warn flag can be specified per --warn option, but the --warn flag can be passed multiple times.</p>
-<pre><code> apparmor_parser --warn=rules-not-enforced ...</code></pre>
+<pre><code>apparmor_parser --warn=rules-not-enforced ...</code></pre>
+
+<p>A specific warning can be disabled by prepending <i>no</i>- to the flag</p>
+
+<pre><code>apparmor_parser --warn=no-rules-not-enforced ...</code></pre>
<p>Use --help=warn to see a full list of which warn flags are supported.</p>
+</dd>
+<dt id="Werror-n">--Werror[=n]</dt>
+<dd>
+
+<p>Convert warnings into errors during policy compilation. If the optional flag is not specified all warnings become errors. If the optional flag is specified only the class of warnings specified will become errors. A single flag can be specified per --Werror option, but the --Werror flag can be passed multiple times.</p>
+
+<pre><code>apparmor_parser --Werror=deprecated ...</code></pre>
+
+<p>Use --help=warn or --help=Werror to see a full list of which warn flags are supported.</p>
+
</dd>
<dt id="d---debug">-d, --debug</dt>
<dd>
@@ -317,7 +353,7 @@
<p>Debug flag for dumping various structures and passes of policy compilation. A single dump flag can be specified per --dump option, but the dump flag can be passed multiple times. Note progress flags tend to also imply the matching stats flag.</p>
-<pre><code> apparmor_parser --dump=dfa-stats --dump=trans-stats <file></code></pre>
+<pre><code>apparmor_parser --dump=dfa-stats --dump=trans-stats <file></code></pre>
<p>Use --help=dump to see a full list of which dump flags are supported</p>
@@ -327,19 +363,20 @@
<p>Set the number of jobs used to compile the specified policy. Where n can be</p>
-<pre><code> # - a specific number of jobs
- auto - the # of cpus in the in the system
- x# - # * number of cpus</code></pre>
+<pre><code>0 - disable jobs and use the main process for all compilation
+# - a specific number of jobs
+auto - the # of cpus in the in the system
+x# - # * number of cpus</code></pre>
<p>Eg. -j8 OR --jobs=8 allows for 8 parallel jobs -jauto OR --jobs=auto sets the jobs to the # of cpus -jx4 OR --jobs=x4 sets the jobs to # of cpus * 4 -jx1 is equivalent to -jauto</p>
-<p>The default value is the number of cpus in the system.</p>
+<p>The default value is the number of cpus in the system. Note that if jobs is a positive integer number the --jobs-max parameter is automatically set to the same value.</p>
</dd>
<dt id="max-jobs-n">--max-jobs n</dt>
<dd>
-<p>Set a hard cap on the value that can be specified by the --jobs flag. It takes the same set of options available to the --jobs option, and defaults to 8*cpus</p>
+<p>When --jobs is set to a scaling value (ie. auto or xN) the specify a hard cap on the value that can be specified by the --jobs flag. It takes the same set of options available to the --jobs option, and defaults to 8*cpus</p>
</dd>
<dt id="O-n---optimize-n">-O n, --optimize=n</dt>
@@ -386,8 +423,8 @@
<p>Eg. #comment</p>
-<pre><code> optimize=no-expr-tree
- optimize=compress-fast</code></pre>
+<pre><code>optimize=no-expr-tree
+optimize=compress-fast</code></pre>
<p>As with the command line some options accumulate and others override, ie. when there are conflicting versions of switch the last option is the one chosen.</p>
@@ -401,15 +438,15 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
-<p>apparmor(7), apparmor.d(5), subdomain.conf(5), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
+<p>apparmor(7), apparmor.d(5), aa_change_hat(2), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> apparmor_parser - loads AppArmor profiles into the kernel</span></strong></big>
</td></tr>
</table>
diff --git a/parser/apparmor_parser.pod b/parser/apparmor_parser.pod
index 2ea283c831ea83266d735989a7e7ae7f336474c9..f670443dd04eefd2af88d0b4c5e4892810c3f47f 100644
--- a/parser/apparmor_parser.pod
+++ b/parser/apparmor_parser.pod
@@ -179,21 +179,41 @@ defined as relative paths.
Add element n to the search path when resolving #include directives
defined as an absolute paths.
-=item -f n, --subdomainfs n
+=item -f n, --apparmorfs n
Set the location of the apparmor security filesystem (default is
"/sys/kernel/security/apparmor").
+=item --policy-features n
+
+Specify the feature set that the policy was developed under. This does
+not override feature ABI rules.
+
+=item --override-policy-abi n
+
+Specify the feature set that the policy was developed under and
+override any feature ABI rules that the policy may be using.
+
+=item --kernel-features n
+
+Specify the feature set of the kernel that the policy is being compiled for. If not specified this will be determined by the system's kernel.
+
=item -M n, --features-file n
Use the features file located at path "n" (default is
/etc/apparmor.d/cache/.features). If the --cache-loc option is present, the
".features" file in the specified cache directory is used.
+Note: this sets both the --kernel-features and --policy-features to be the
+same.
+
=item -m n, --match-string n
Only use match features "n".
+Note: this sets both the --kernel-features and --policy-features to be the
+same.
+
=item -n n, --namespace-string n
Force a profile to load in the namespace "n".
@@ -275,14 +295,31 @@ Report on the profiles as they are loaded, and show warnings.
=item --warn=n
-Enable various warnings during policy compilation. A single dump flag
+Enable various warnings during policy compilation. A single warn flag
can be specified per --warn option, but the --warn flag can be passed
multiple times.
apparmor_parser --warn=rules-not-enforced ...
+A specific warning can be disabled by prepending I<no>- to the flag
+
+ apparmor_parser --warn=no-rules-not-enforced ...
+
Use --help=warn to see a full list of which warn flags are supported.
+=item --Werror[=n]
+
+Convert warnings into errors during policy compilation. If the
+optional flag is not specified all warnings become errors. If the
+optional flag is specified only the class of warnings specified will
+become errors. A single flag can be specified per --Werror option, but
+the --Werror flag can be passed multiple times.
+
+ apparmor_parser --Werror=deprecated ...
+
+Use --help=warn or --help=Werror to see a full list of which warn flags
+are supported.
+
=item -d, --debug
Given once, only checks the profiles to ensure syntactic correctness.
@@ -304,6 +341,7 @@ Use --help=dump to see a full list of which dump flags are supported
Set the number of jobs used to compile the specified policy. Where n can
be
+ 0 - disable jobs and use the main process for all compilation
# - a specific number of jobs
auto - the # of cpus in the in the system
x# - # * number of cpus
@@ -314,12 +352,15 @@ Eg.
-jx4 OR --jobs=x4 sets the jobs to # of cpus * 4
-jx1 is equivalent to -jauto
-The default value is the number of cpus in the system.
+The default value is the number of cpus in the system. Note that if jobs
+is a positive integer number the --jobs-max parameter is automatically
+set to the same value.
=item --max-jobs n
-Set a hard cap on the value that can be specified by the --jobs flag.
-It takes the same set of options available to the --jobs option, and
+When --jobs is set to a scaling value (ie. auto or xN) the specify a
+hard cap on the value that can be specified by the --jobs flag. It
+takes the same set of options available to the --jobs option, and
defaults to 8*cpus
=item -O n, --optimize=n
@@ -403,11 +444,11 @@ All other options override previously set values.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
-apparmor(7), apparmor.d(5), subdomain.conf(5), aa_change_hat(2), and
+apparmor(7), apparmor.d(5), aa_change_hat(2), and
L<https://wiki.apparmor.net>.
=cut
diff --git a/parser/apparmor_xattrs.7 b/parser/apparmor_xattrs.7
new file mode 100644
index 0000000000000000000000000000000000000000..890dabd87395b8f4baa4b725dd75362d22fe8307
--- /dev/null
+++ b/parser/apparmor_xattrs.7
@@ -0,0 +1,225 @@
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+. \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "APPARMOR_XATTRS 7"
+.TH APPARMOR_XATTRS 7 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+apparmor_xattrs \- AppArmor profile xattr(7) matching
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+AppArmor profiles can conditionally match files based on the presence and value
+of extended attributes in addition to file path. The following profile applies
+to any file under \*(L"/usr/bin\*(R" where the \*(L"security.apparmor\*(R" extended attribute
+has the value \*(L"trusted\*(R":
+.PP
+.Vb 3
+\& profile trusted /usr/bin/* xattrs=(security.apparmor="trusted") {
+\& # ...
+\& }
+.Ve
+.PP
+Note that \*(L"security.apparmor\*(R" and \*(L"trusted\*(R" are arbitrary, and profiles can
+match based on the value of any attribute.
+.PP
+The xattrs value may also contain a path regex:
+.PP
+.Vb 1
+\& profile trusted /usr/bin/* xattrs=(user.trust="tier/*") {
+\&
+\& # ...
+\& }
+.Ve
+.PP
+The \fBgetfattr\fR\|(1) and \fBsetfattr\fR\|(1) tools can be used to view and manage xattr
+values:
+.PP
+.Vb 4
+\& $ setfattr \-n \*(Aqsecurity.apparmor\*(Aq \-v \*(Aqtrusted\*(Aq /usr/bin/example\-tool
+\& $ getfattr \-\-absolute\-names \-d \-m \- /usr/bin/example\-tool
+\& # file: usr/bin/example\-tool
+\& security.apparmor="trusted"
+.Ve
+.PP
+The priority of each profile is determined by the length of the path, then the
+number of xattrs specified. A more specific path is preferred over xattr
+matches:
+.PP
+.Vb 4
+\& # Highest priority, longest path.
+\& profile example1 /usr/bin/example\-tool {
+\& # ...
+\& }
+\&
+\& # Lower priority than the longer path, but higher priority than a rule
+\& # with fewer xattr matches.
+\& profile example2 /usr/** xattrs=(
+\& security.apparmor="trusted"
+\& user.domain="**"
+\& ) {
+\& # ...
+\& }
+\&
+\& # Lowest priority. Same path length as the second profile, but has
+\& # fewer xattr matches.
+\& profile example2 /usr/** {
+\& # ...
+\& }
+.Ve
+.PP
+xattr matching requires the following kernel feature:
+.PP
+.Vb 1
+\& /sys/kernel/security/apparmor/features/domain/attach_conditions/xattr
+.Ve
+.SH "KNOWN ISSUES"
+.IX Header "KNOWN ISSUES"
+AppArmor profiles currently can't reliably match extended attributes with
+binary values such as security.evm and security.ima. In the future AppArmor may
+gain the ability to match based on the presence of certain attributes while
+ignoring their values.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fBapparmor\fR\|(8),
+\&\fBapparmor_parser\fR\|(8),
+\&\fBapparmor.d\fR\|(5),
+\&\fBxattr\fR\|(7),
+\&\fBaa\-autodep\fR\|(1), \fBclean\fR\|(1),
+\&\fBauditd\fR\|(8),
+\&\fBgetfattr\fR\|(1),
+\&\fBsetfattr\fR\|(1),
+and <https://wiki.apparmor.net>.
diff --git a/parser/apparmor_xattrs.7.html b/parser/apparmor_xattrs.7.html
new file mode 100644
index 0000000000000000000000000000000000000000..9a1e5752f627a1d7afdfa13f208d9395749bf1de
--- /dev/null
+++ b/parser/apparmor_xattrs.7.html
@@ -0,0 +1,99 @@
+<?xml version="1.0" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<title>apparmor_xattrs - AppArmor profile xattr(7) matching</title>
+<link rel="stylesheet" href="apparmor.css" type="text/css" />
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<link rev="made" href="mailto:root@localhost" />
+</head>
+
+<body>
+<table border="0" width="100%" cellspacing="0" cellpadding="3">
+<tr><td class="_podblock_" valign="middle">
+<big><strong><span class="_podblock_"> apparmor_xattrs - AppArmor profile xattr(7) matching</span></strong></big>
+</td></tr>
+</table>
+
+
+
+<ul id="index">
+ <li><a href="#NAME">NAME</a></li>
+ <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
+ <li><a href="#KNOWN-ISSUES">KNOWN ISSUES</a></li>
+ <li><a href="#SEE-ALSO">SEE ALSO</a></li>
+</ul>
+
+<h1 id="NAME">NAME</h1>
+
+<p>apparmor_xattrs - AppArmor profile xattr(7) matching</p>
+
+<h1 id="DESCRIPTION">DESCRIPTION</h1>
+
+<p>AppArmor profiles can conditionally match files based on the presence and value of extended attributes in addition to file path. The following profile applies to any file under "/usr/bin" where the "security.apparmor" extended attribute has the value "trusted":</p>
+
+<pre><code>profile trusted /usr/bin/* xattrs=(security.apparmor="trusted") {
+ # ...
+}</code></pre>
+
+<p>Note that "security.apparmor" and "trusted" are arbitrary, and profiles can match based on the value of any attribute.</p>
+
+<p>The xattrs value may also contain a path regex:</p>
+
+<pre><code>profile trusted /usr/bin/* xattrs=(user.trust="tier/*") {
+
+ # ...
+}</code></pre>
+
+<p>The getfattr(1) and setfattr(1) tools can be used to view and manage xattr values:</p>
+
+<pre><code>$ setfattr -n 'security.apparmor' -v 'trusted' /usr/bin/example-tool
+$ getfattr --absolute-names -d -m - /usr/bin/example-tool
+# file: usr/bin/example-tool
+security.apparmor="trusted"</code></pre>
+
+<p>The priority of each profile is determined by the length of the path, then the number of xattrs specified. A more specific path is preferred over xattr matches:</p>
+
+<pre><code># Highest priority, longest path.
+profile example1 /usr/bin/example-tool {
+ # ...
+}
+
+# Lower priority than the longer path, but higher priority than a rule
+# with fewer xattr matches.
+profile example2 /usr/** xattrs=(
+ security.apparmor="trusted"
+ user.domain="**"
+) {
+ # ...
+}
+
+# Lowest priority. Same path length as the second profile, but has
+# fewer xattr matches.
+profile example2 /usr/** {
+ # ...
+}</code></pre>
+
+<p>xattr matching requires the following kernel feature:</p>
+
+<pre><code>/sys/kernel/security/apparmor/features/domain/attach_conditions/xattr</code></pre>
+
+<h1 id="KNOWN-ISSUES">KNOWN ISSUES</h1>
+
+<p>AppArmor profiles currently can't reliably match extended attributes with binary values such as security.evm and security.ima. In the future AppArmor may gain the ability to match based on the presence of certain attributes while ignoring their values.</p>
+
+<h1 id="SEE-ALSO">SEE ALSO</h1>
+
+<p>apparmor(8), apparmor_parser(8), apparmor.d(5), xattr(7), aa-autodep(1), clean(1), auditd(8), getfattr(1), setfattr(1), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="3">
+<tr><td class="_podblock_" valign="middle">
+<big><strong><span class="_podblock_"> apparmor_xattrs - AppArmor profile xattr(7) matching</span></strong></big>
+</td></tr>
+</table>
+
+</body>
+
+</html>
+
+
diff --git a/parser/apparmor_xattrs.pod b/parser/apparmor_xattrs.pod
new file mode 100644
index 0000000000000000000000000000000000000000..6f8be195e0a4422313dc7891d9166eb4795dbda5
--- /dev/null
+++ b/parser/apparmor_xattrs.pod
@@ -0,0 +1,108 @@
+# ----------------------------------------------------------------------
+# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+# 2008, 2009
+# NOVELL (All rights reserved)
+#
+# Copyright (c) 2010
+# Canonical Ltd. (All rights reserved)
+#
+# Copyright (c) 2013
+# Christian Boltz (All rights reserved)
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact Novell, Inc.
+# ----------------------------------------------------------------------
+
+
+=pod
+
+=head1 NAME
+
+apparmor_xattrs - AppArmor profile xattr(7) matching
+
+=head1 DESCRIPTION
+
+AppArmor profiles can conditionally match files based on the presence and value
+of extended attributes in addition to file path. The following profile applies
+to any file under "/usr/bin" where the "security.apparmor" extended attribute
+has the value "trusted":
+
+ profile trusted /usr/bin/* xattrs=(security.apparmor="trusted") {
+ # ...
+ }
+
+Note that "security.apparmor" and "trusted" are arbitrary, and profiles can
+match based on the value of any attribute.
+
+The xattrs value may also contain a path regex:
+
+ profile trusted /usr/bin/* xattrs=(user.trust="tier/*") {
+
+ # ...
+ }
+
+The getfattr(1) and setfattr(1) tools can be used to view and manage xattr
+values:
+
+ $ setfattr -n 'security.apparmor' -v 'trusted' /usr/bin/example-tool
+ $ getfattr --absolute-names -d -m - /usr/bin/example-tool
+ # file: usr/bin/example-tool
+ security.apparmor="trusted"
+
+The priority of each profile is determined by the length of the path, then the
+number of xattrs specified. A more specific path is preferred over xattr
+matches:
+
+ # Highest priority, longest path.
+ profile example1 /usr/bin/example-tool {
+ # ...
+ }
+
+ # Lower priority than the longer path, but higher priority than a rule
+ # with fewer xattr matches.
+ profile example2 /usr/** xattrs=(
+ security.apparmor="trusted"
+ user.domain="**"
+ ) {
+ # ...
+ }
+
+ # Lowest priority. Same path length as the second profile, but has
+ # fewer xattr matches.
+ profile example2 /usr/** {
+ # ...
+ }
+
+xattr matching requires the following kernel feature:
+
+ /sys/kernel/security/apparmor/features/domain/attach_conditions/xattr
+
+=head1 KNOWN ISSUES
+
+AppArmor profiles currently can't reliably match extended attributes with
+binary values such as security.evm and security.ima. In the future AppArmor may
+gain the ability to match based on the presence of certain attributes while
+ignoring their values.
+
+=head1 SEE ALSO
+
+apparmor(8),
+apparmor_parser(8),
+apparmor.d(5),
+xattr(7),
+aa-autodep(1), clean(1),
+auditd(8),
+getfattr(1),
+setfattr(1),
+and L<https://wiki.apparmor.net>.
+
+=cut
diff --git a/parser/base_af_names.h b/parser/base_af_names.h
new file mode 100644
index 0000000000000000000000000000000000000000..9eb1089f66ec2bc8c55b781508e6448bea7fe61f
--- /dev/null
+++ b/parser/base_af_names.h
@@ -0,0 +1,46 @@
+AF_UNSPEC 0,
+AF_UNIX 1,
+AF_INET 2,
+AF_AX25 3,
+AF_IPX 4,
+AF_APPLETALK 5,
+AF_NETROM 6,
+AF_BRIDGE 7,
+AF_ATMPVC 8,
+AF_X25 9,
+AF_INET6 10,
+AF_ROSE 11,
+AF_NETBEUI 13,
+AF_SECURITY 14,
+AF_KEY 15,
+AF_NETLINK 16,
+AF_PACKET 17,
+AF_ASH 18,
+AF_ECONET 19,
+AF_ATMSVC 20,
+AF_RDS 21,
+AF_SNA 22,
+AF_IRDA 23,
+AF_PPPOX 24,
+AF_WANPIPE 25,
+AF_LLC 26,
+AF_IB 27,
+AF_MPLS 28,
+AF_CAN 29,
+AF_TIPC 30,
+AF_BLUETOOTH 31,
+AF_IUCV 32,
+AF_RXRPC 33,
+AF_ISDN 34,
+AF_PHONET 35,
+AF_IEEE802154 36,
+AF_CAIF 37,
+AF_ALG 38,
+AF_NFC 39,
+AF_VSOCK 40,
+AF_KCM 41,
+AF_QIPCRTR 42,
+AF_SMC 43,
+AF_XDP 44,
+AF_MCTP 45,
+AF_MAX 46,
diff --git a/parser/base_cap_names.h b/parser/base_cap_names.h
index d934ce48b861657276b03b4cbe9a1ebfbb04cce7..9f922c2290552d117d3fb1672d489bb7c03b935f 100644
--- a/parser/base_cap_names.h
+++ b/parser/base_cap_names.h
@@ -1,82 +1,82 @@
-{"audit_control", CAP_AUDIT_CONTROL},
+{"audit_control", CAP_AUDIT_CONTROL, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"audit_read", CAP_AUDIT_READ},
+{"audit_read", CAP_AUDIT_READ, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"audit_write", CAP_AUDIT_WRITE},
+{"audit_write", CAP_AUDIT_WRITE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"block_suspend", CAP_BLOCK_SUSPEND},
+{"block_suspend", CAP_BLOCK_SUSPEND, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"bpf", CAP_BPF},
+{"bpf", CAP_BPF, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
-{"checkpoint_restore", CAP_CHECKPOINT_RESTORE},
+{"checkpoint_restore", CAP_CHECKPOINT_RESTORE, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
-{"chown", CAP_CHOWN},
+{"chown", CAP_CHOWN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"dac_override", CAP_DAC_OVERRIDE},
+{"dac_override", CAP_DAC_OVERRIDE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"dac_read_search", CAP_DAC_READ_SEARCH},
+{"dac_read_search", CAP_DAC_READ_SEARCH, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"fowner", CAP_FOWNER},
+{"fowner", CAP_FOWNER, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"fsetid", CAP_FSETID},
+{"fsetid", CAP_FSETID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"ipc_lock", CAP_IPC_LOCK},
+{"ipc_lock", CAP_IPC_LOCK, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"ipc_owner", CAP_IPC_OWNER},
+{"ipc_owner", CAP_IPC_OWNER, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"kill", CAP_KILL},
+{"kill", CAP_KILL, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"lease", CAP_LEASE},
+{"lease", CAP_LEASE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"linux_immutable", CAP_LINUX_IMMUTABLE},
+{"linux_immutable", CAP_LINUX_IMMUTABLE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"mac_admin", CAP_MAC_ADMIN},
+{"mac_admin", CAP_MAC_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"mac_override", CAP_MAC_OVERRIDE},
+{"mac_override", CAP_MAC_OVERRIDE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"mknod", CAP_MKNOD},
+{"mknod", CAP_MKNOD, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"net_admin", CAP_NET_ADMIN},
+{"net_admin", CAP_NET_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"net_bind_service", CAP_NET_BIND_SERVICE},
+{"net_bind_service", CAP_NET_BIND_SERVICE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"net_broadcast", CAP_NET_BROADCAST},
+{"net_broadcast", CAP_NET_BROADCAST, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"net_raw", CAP_NET_RAW},
+{"net_raw", CAP_NET_RAW, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"perfmon", CAP_PERFMON},
+{"perfmon", CAP_PERFMON, CAP_SYS_ADMIN, CAPFLAG_BASE_FEATURE},
-{"setfcap", CAP_SETFCAP},
+{"setfcap", CAP_SETFCAP, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"setgid", CAP_SETGID},
+{"setgid", CAP_SETGID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"setpcap", CAP_SETPCAP},
+{"setpcap", CAP_SETPCAP, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"setuid", CAP_SETUID},
+{"setuid", CAP_SETUID, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"syslog", CAP_SYSLOG},
+{"syslog", CAP_SYSLOG, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_admin", CAP_SYS_ADMIN},
+{"sys_admin", CAP_SYS_ADMIN, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_boot", CAP_SYS_BOOT},
+{"sys_boot", CAP_SYS_BOOT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_chroot", CAP_SYS_CHROOT},
+{"sys_chroot", CAP_SYS_CHROOT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_module", CAP_SYS_MODULE},
+{"sys_module", CAP_SYS_MODULE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_nice", CAP_SYS_NICE},
+{"sys_nice", CAP_SYS_NICE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_pacct", CAP_SYS_PACCT},
+{"sys_pacct", CAP_SYS_PACCT, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_ptrace", CAP_SYS_PTRACE},
+{"sys_ptrace", CAP_SYS_PTRACE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_rawio", CAP_SYS_RAWIO},
+{"sys_rawio", CAP_SYS_RAWIO, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_resource", CAP_SYS_RESOURCE},
+{"sys_resource", CAP_SYS_RESOURCE, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_time", CAP_SYS_TIME},
+{"sys_time", CAP_SYS_TIME, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"sys_tty_config", CAP_SYS_TTY_CONFIG},
+{"sys_tty_config", CAP_SYS_TTY_CONFIG, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
-{"wake_alarm", CAP_WAKE_ALARM},
+{"wake_alarm", CAP_WAKE_ALARM, NO_BACKMAP_CAP, CAPFLAG_BASE_FEATURE},
diff --git a/parser/capability.h b/parser/capability.h
new file mode 100644
index 0000000000000000000000000000000000000000..eed8f2c2b6e67d8ce30dcb2fe72194bc5bffbeb5
--- /dev/null
+++ b/parser/capability.h
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2020
+ * Canonical Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Novell, Inc. or Canonical
+ * Ltd.
+ */
+
+#ifndef __AA_CAPABILITY_H
+#define __AA_CAPABILITY_H
+
+#include <cstdint>
+#include <linux/capability.h>
+
+#define NO_BACKMAP_CAP 0xff
+
+
+#ifndef CAP_AUDIT_WRITE
+#define CAP_AUDIT_WRITE 29
+#endif
+#ifndef CAP_AUDIT_CONTROL
+#define CAP_AUDIT_CONTROL 30
+#endif
+#ifndef CAP_SETFCAP
+#define CAP_SETFCAP 31
+#endif
+#ifndef CAP_MAC_OVERRIDE
+#define CAP_MAC_OVERRIDE 32
+#endif
+
+#ifndef CAP_PERFMON
+#define CAP_PERFMON 38
+#endif
+
+#ifndef CAP_BPF
+#define CAP_BPF 39
+#endif
+
+#ifndef CAP_CHECKPOINT_RESTORE
+#define CAP_CHECKPOINT_RESTORE 40
+#endif
+
+typedef enum capability_flags {
+ CAPFLAGS_CLEAR = 0,
+ CAPFLAG_BASE_FEATURE = 1,
+ CAPFLAG_KERNEL_FEATURE = 2,
+ CAPFLAG_POLICY_FEATURE = 4,
+ CAPFLAG_EXTERNAL_FEATURE = 8,
+} capability_flags;
+
+int name_to_capability(const char *keyword);
+void capabilities_init(void);
+void __debug_capabilities(uint64_t capset, const char *name);
+bool add_cap_feature_mask(struct aa_features *features, capability_flags flags);
+void clear_cap_flag(capability_flags flags);
+int capability_backmap(unsigned int cap);
+bool capability_in_kernel(unsigned int cap);
+
+#endif /* __AA_CAPABILITY_H */
diff --git a/parser/common_optarg.c b/parser/common_optarg.c
index 9806bdeb70e3a9b8fabff4207570ed71a7d292cf..bd77b0b1bc235ef72673c69c25b039b2be237ca1 100644
--- a/parser/common_optarg.c
+++ b/parser/common_optarg.c
@@ -112,12 +112,30 @@ void print_flag_table(optflag_table_t *table)
longest = strlen(table[i].option);
}
+ printf("%-*s \t%s\n", longest, " show", "show flags that have been set and exit");
for (i = 0; table[i].option; i++) {
printf("%5s%-*s \t%s\n", (table[i].control & 1) ? "[no-]" : "",
longest, table[i].option, table[i].desc);
}
}
+void print_flags(const char *prefix, optflag_table_t *table, dfaflags_t flags)
+{
+ int i, count = 0;
+
+ printf("%s=", prefix);
+ for (i = 0; table[i].option; i++) {
+ if ((table[i].flags & flags) == table[i].flags) {
+ if (count)
+ printf(", ");
+ printf("%s", table[i].option);
+ count++;
+ }
+ }
+ if (count)
+ printf("\n");
+}
+
int handle_flag_table(optflag_table_t *table, const char *optarg,
dfaflags_t *flags)
{
@@ -147,24 +165,14 @@ int handle_flag_table(optflag_table_t *table, const char *optarg,
return 0;
}
-void display_dump(const char *command)
-{
- display_version();
- printf("\n%s: --dump [Option]\n\n"
- "Options:\n"
- "--------\n"
- " variables \tDump variables\n"
- " expanded-variables\t Dump variables after expansion\n"
- ,command);
- print_flag_table(dumpflag_table);
-}
-
-void display_optimize(const char *command)
+void flagtable_help(const char *name, const char *header, const char *command,
+ optflag_table_t *table)
{
display_version();
- printf("\n%s: -O [Option]\n\n"
+ printf("\n%s: %s[Option]\n\n"
+ "%s"
"Options:\n"
"--------\n"
- ,command);
- print_flag_table(optflag_table);
+ ,command, name, header);
+ print_flag_table(table);
}
diff --git a/parser/common_optarg.h b/parser/common_optarg.h
index d2522482a35e4f0af3e3ff022c0eb6d9d8b081e7..d10e70109325b5875c69b05d9574917fda7cceae 100644
--- a/parser/common_optarg.h
+++ b/parser/common_optarg.h
@@ -37,11 +37,11 @@ typedef struct {
extern optflag_table_t dumpflag_table[];
extern optflag_table_t optflag_table[];
-void print_flag_table(optflag_table_t *table);
+void print_flags(const char *prefix, optflag_table_t *table, dfaflags_t flags);
int handle_flag_table(optflag_table_t *table, const char *optarg,
dfaflags_t *flags);
-void display_dump(const char *command);
-void display_optimize(const char *command);
+void flagtable_help(const char *name, const char *header, const char *command,
+ optflag_table_t *table);
#endif /* __AA_COMMON_OPTARG_H */
diff --git a/parser/dbus.cc b/parser/dbus.cc
index e231c074a4df5384864755dfa06e357c417d8dc5..d02b90dd2b1503853677929ed1a08f32738c3cc8 100644
--- a/parser/dbus.cc
+++ b/parser/dbus.cc
@@ -22,7 +22,6 @@
#include <iomanip>
#include <string>
-#include <iostream>
#include <sstream>
#include "parser.h"
@@ -190,20 +189,9 @@ int dbus_rule::expand_variables(void)
return 0;
}
-/* do we want to warn once/profile or just once per compile?? */
-static void warn_once(const char *name)
+void dbus_rule::warn_once(const char *name)
{
- static const char *warned_name = NULL;
-
- if ((warnflags & WARN_RULE_NOT_ENFORCED) && warned_name != name) {
- cerr << "Warning from profile " << name << " (";
- if (current_filename)
- cerr << current_filename;
- else
- cerr << "stdin";
- cerr << ") dbus rules not enforced\n";
- warned_name = name;
- }
+ rule_t::warn_once(name, "dbus rules not enforced");
}
int dbus_rule::gen_policy_re(Profile &prof)
@@ -220,7 +208,7 @@ int dbus_rule::gen_policy_re(Profile &prof)
pattern_t ptype;
int pos;
- if (!kernel_supports_dbus) {
+ if (!features_supports_dbus) {
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}
@@ -292,21 +280,21 @@ int dbus_rule::gen_policy_re(Profile &prof)
if (mode & AA_DBUS_BIND) {
if (!prof.policy.rules->add_rule_vec(deny, mode & AA_DBUS_BIND,
audit & AA_DBUS_BIND,
- 2, vec, dfaflags))
+ 2, vec, dfaflags, false))
goto fail;
}
if (mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE)) {
if (!prof.policy.rules->add_rule_vec(deny,
mode & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
audit & (AA_DBUS_SEND | AA_DBUS_RECEIVE),
- 6, vec, dfaflags))
+ 6, vec, dfaflags, false))
goto fail;
}
if (mode & AA_DBUS_EAVESDROP) {
if (!prof.policy.rules->add_rule_vec(deny,
mode & AA_DBUS_EAVESDROP,
audit & AA_DBUS_EAVESDROP,
- 1, vec, dfaflags))
+ 1, vec, dfaflags, false))
goto fail;
}
diff --git a/parser/dbus.h b/parser/dbus.h
index cb113c2eccf4aa13fd0ae13aad17fec9747ab3c6..f736cc3e42074766ef89bb7186f224b5c395dfeb 100644
--- a/parser/dbus.h
+++ b/parser/dbus.h
@@ -59,7 +59,8 @@ public:
virtual int gen_policy_re(Profile &prof);
virtual void post_process(Profile &prof unused) { };
-
+protected:
+ virtual void warn_once(const char *name) override;
};
#endif /* __AA_DBUS_H */
diff --git a/parser/default_features.c b/parser/default_features.c
new file mode 100644
index 0000000000000000000000000000000000000000..a8463b78be3ef4d467fe512dc800761574b17251
--- /dev/null
+++ b/parser/default_features.c
@@ -0,0 +1,201 @@
+/*
+ * This file contains a set of old feature files that are used under different
+ * circumstances.
+ *
+ * match_n_abi: feature abi for oldest match_file (pre features) abi.
+ *
+ * match_c_abi: features abi for match_file (pre features) abi that supports
+ * create.
+ *
+ * match_cn_abi: features abi for match_file (pre features) abi that supports
+ * create and network.
+ *
+ * default_features_abi: is the feature abi used when policy is not tagged
+ * with an abi and no featuere-abi was specified to the
+ * parser.
+ */
+
+#include "parser.h"
+
+
+const char *match_n_abi =
+ "caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read\
+}\
+}\
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime\
+}\
+}\
+capability {0xffffff\
+}\
+network {af_unix {yes\
+}\
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp\
+}\
+}\
+file {mask {read write exec append mmap_exec link lock\
+}\
+}\
+domain {change_profile {yes\
+}\
+change_onexec {yes\
+}\
+change_hatv {yes\
+}\
+change_hat {yes\
+}\
+}\
+policy {\
+v6 {yes\
+}\
+v5 {yes\
+}\
+}\
+}\
+";
+
+
+/****************************** match_c_abi *******************************/
+const char *match_c_abi =
+"caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read\
+}\
+}\
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime\
+}\
+}\
+capability {0xffffff\
+}\
+file {mask {create read write exec append mmap_exec link lock\
+}\
+}\
+domain {change_profile {yes\
+}\
+change_onexec {yes\
+}\
+change_hatv {yes\
+}\
+change_hat {yes\
+}\
+}\
+policy {\
+v6 {yes\
+}\
+v5 {yes\
+}\
+}\
+}\
+";
+
+/****************************** match_cn_abi ******************************/
+const char *match_cn_abi =
+"caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read\
+}\
+}\
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime\
+}\
+}\
+capability {0xffffff\
+}\
+network {af_unix {yes\
+}\
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp\
+}\
+}\
+file {mask {create read write exec append mmap_exec link lock\
+}\
+}\
+domain {change_profile {yes\
+}\
+change_onexec {yes\
+}\
+change_hatv {yes\
+}\
+change_hat {yes\
+}\
+}\
+policy {\
+v6 {yes\
+}\
+v5 {yes\
+}\
+}\
+}\
+";
+
+
+/************************** deafult_features_abi ***************************/
+
+const char *default_features_abi =
+"query {label {multi_transaction {yes\
+}\
+data {yes\
+}\
+perms {allow deny audit quiet\
+}\
+}\
+}\
+dbus {mask {acquire send receive\
+}\
+}\
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost\
+}\
+}\
+ptrace {mask {read trace\
+}\
+}\
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf\
+}\
+}\
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime\
+}\
+}\
+capability {0xffffff\
+}\
+namespaces {pivot_root {no\
+}\
+profile {yes\
+}\
+}\
+mount {mask {mount umount pivot_root\
+}\
+}\
+network {af_unix {yes\
+}\
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp\
+}\
+}\
+file {mask {create read write exec append mmap_exec link lock\
+}\
+}\
+domain {version {1.2\
+}\
+}\
+computed_longest_left {yes\
+}\
+post_nnp_subset {yes\
+}\
+fix_binfmt_elf_mmap {yes\
+}\
+stack {yes\
+}\
+change_profile {yes\
+}\
+change_onexec {yes\
+}\
+change_hatv {yes\
+}\
+change_hat {yes\
+}\
+}\
+policy {set_load {yes\
+}\
+versions {v8 {yes\
+}\
+v7 {yes\
+}\
+v6 {yes\
+}\
+v5 {yes\
+}\
+}\
+}\
+";
diff --git a/parser/file_cache.h b/parser/file_cache.h
new file mode 100644
index 0000000000000000000000000000000000000000..7483be22dac46f28613b7809c924a6e0f3d5a91e
--- /dev/null
+++ b/parser/file_cache.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2021
+ * Canonical, Ltd. (All rights reserved)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, contact Canonical Ltd.
+ */
+
+#ifndef __AA_FILE_CACHE_H
+#define __AA_FILE_CACHE_H
+
+#include <set>
+#include <string>
+
+using namespace std;
+
+/* TODO: have includecache be a frontend for file cache, don't just
+ * store name.
+ */
+class IncludeCache_t {
+public:
+ set<string> cache;
+
+ IncludeCache_t() = default;
+ virtual ~IncludeCache_t() = default;
+
+ /* return true if in set */
+ bool find(const char *name) {
+ return cache.find(name) != cache.end();
+ }
+
+ bool insert(const char *name) {
+ pair<set<string>::iterator,bool> res = cache.insert(name);
+ if (res.second == false) {
+ return false;
+ }
+ /* inserted */
+
+ return true;
+ }
+};
+
+#endif /* __AA_FILE_CACHE_H */
diff --git a/parser/immunix.h b/parser/immunix.h
index e033eede0579e04cc0c600fffff963fc7b7eecc0..9039817b99566d4a134c814105087c6586f0f308 100644
--- a/parser/immunix.h
+++ b/parser/immunix.h
@@ -145,18 +145,33 @@ enum pattern_t {
#define HAS_CHANGE_PROFILE(mode) ((mode) & AA_CHANGE_PROFILE)
#include <stdio.h>
+#include <errno.h>
+
+#ifdef DEBUG
+#define PDEBUG(fmt, args...) \
+do { \
+ int pdebug_error = errno; \
+ fprintf(stderr, "parser: " fmt, ## args); \
+ errno = pdebug_error; \
+} while (0)
+#else
+#define PDEBUG(fmt, args...) /* Do nothing */
+#endif
+
static inline int is_merged_x_consistent(int a, int b)
{
if ((a & AA_USER_EXEC) && (b & AA_USER_EXEC) &&
((a & AA_USER_EXEC_TYPE) != (b & AA_USER_EXEC_TYPE)))
- { //fprintf(stderr, "failed user merge 0x%x 0x%x\n", a, b);
+ {
+ PDEBUG("failed user merge 0x%x 0x%x\n", a, b);
return 0;
-}
+ }
if ((a & AA_OTHER_EXEC) && (b & AA_OTHER_EXEC) &&
((a & AA_OTHER_EXEC_TYPE) != (b & AA_OTHER_EXEC_TYPE)))
- { //fprintf(stderr, "failed other merge 0x%x 0x%x\n", a, b);
+ {
+ PDEBUG("failed other merge 0x%x 0x%x\n", a, b);
return 0;
-}
+ }
return 1;
}
diff --git a/parser/libapparmor_re/README b/parser/libapparmor_re/README
index a89b947f368e251ab3160524ed186c3eda529a2f..41d02281c547a9971aa6dec29972ee889bdaaecf 100644
--- a/parser/libapparmor_re/README
+++ b/parser/libapparmor_re/README
@@ -1,3 +1,15 @@
+apparmor_re.h - control flags for hfa generation
+expr-tree.{h,cc} - abstract syntax tree (ast) built from a regex parse
+parse.{h,y} - code to parse a regex into an ast
+hfc.{h,cc} - code to build and manipulate a hybrid finite automata (state
+ machine).
+flex-tables.h - basic defines used by chfa
+chfa.{h,cc} - code to build a highly compressed runtime readonly version
+ of an hfa.
+aare_rules.{h,cc} - code to that binds parse -> expr-tree -> hfa generation
+ -> chfa generation into a basic interface for converting
+ rules to a runtime ready statemachine.
+
Regular Expression Scanner Generator
====================================
diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index fd719db487b16a1c1497ad0e01b9fb5b6eaf4ab1..124499044eba7c463949d1cf40559bbffd11d933 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -47,7 +47,7 @@ aare_rules::~aare_rules(void)
bool aare_rules::add_rule(const char *rule, int deny, uint32_t perms,
uint32_t audit, dfaflags_t flags)
{
- return add_rule_vec(deny, perms, audit, 1, &rule, flags);
+ return add_rule_vec(deny, perms, audit, 1, &rule, flags, false);
}
void aare_rules::add_to_rules(Node *tree, Node *perms)
@@ -66,8 +66,14 @@ static Node *cat_with_null_seperator(Node *l, Node *r)
return new CatNode(new CatNode(l, new CharNode(0)), r);
}
+static Node *cat_with_oob_seperator(Node *l, Node *r)
+{
+ return new CatNode(new CatNode(l, new CharNode(transchar(-1, true))), r);
+}
+
bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
- int count, const char **rulev, dfaflags_t flags)
+ int count, const char **rulev, dfaflags_t flags,
+ bool oob)
{
Node *tree = NULL, *accept;
int exact_match;
@@ -77,8 +83,11 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
for (int i = 1; i < count; i++) {
Node *subtree = NULL;
if (regex_parse(&subtree, rulev[i]))
- return false;
- tree = cat_with_null_seperator(tree, subtree);
+ goto err;
+ if (oob)
+ tree = cat_with_oob_seperator(tree, subtree);
+ else
+ tree = cat_with_null_seperator(tree, subtree);
}
/*
@@ -102,10 +111,15 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
accept = unique_perms.insert(deny, perms, audit, exact_match);
if (flags & DFA_DUMP_RULE_EXPR) {
+ const char *seperator;
+ if (oob)
+ seperator = "\\-x01";
+ else
+ seperator = "\\x00";
cerr << "rule: ";
cerr << rulev[0];
for (int i = 1; i < count; i++) {
- cerr << "\\x00";
+ cerr << seperator;
cerr << rulev[i];
}
cerr << " -> ";
@@ -122,6 +136,58 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
rule_count++;
return true;
+
+err:
+ delete tree;
+ return false;
+}
+
+/*
+ * append_rule is like add_rule, but appends the rule to any existing rules
+ * with a separating transition. The appended rule matches with the same
+ * permissions as the rule it's appended to. If there are no existing rules
+ * append_rule returns true.
+ *
+ * This is used by xattrs matching where, after matching the path, the DFA is
+ * advanced by a null character for each xattr.
+ */
+bool aare_rules::append_rule(const char *rule, bool oob, bool with_perm,
+ dfaflags_t flags)
+{
+ Node *tree = NULL;
+ if (regex_parse(&tree, rule))
+ return false;
+
+ if (flags & DFA_DUMP_RULE_EXPR) {
+ cerr << "rule: ";
+ cerr << rule;
+ cerr << " -> ";
+ tree->dump(cerr);
+ cerr << "\n\n";
+ }
+
+ /*
+ * For each matching state, we want to create an optional path
+ * separated by a separating character.
+ *
+ * When matching xattrs, the DFA must end up in an accepting state for
+ * the path, then each value of the xattrs. Using an optional node
+ * lets each rule end up in an accepting state.
+ */
+ tree = new CatNode(oob ? new CharNode(transchar(-1, true)) : new CharNode(0), tree);
+ if (expr_map.size() == 0) {
+ // There's nothing to append to. Free the tree reference.
+ delete tree;
+ return true;
+ }
+ PermExprMap::iterator it;
+ for (it = expr_map.begin(); it != expr_map.end(); it++) {
+ if (with_perm)
+ expr_map[it->first] = new CatNode(it->second, new AltNode(it->first, tree));
+ else
+ expr_map[it->first] = new CatNode(it->second, tree);
+ }
+ return true;
}
/* create a dfa from the ruleset
@@ -129,7 +195,8 @@ bool aare_rules::add_rule_vec(int deny, uint32_t perms, uint32_t audit,
* else NULL on failure, @min_match_len set to the shortest string
* that can match the dfa for determining xmatch priority.
*/
-void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags)
+void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
+ bool filedfa)
{
char *buffer = NULL;
@@ -183,7 +250,7 @@ void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags)
stringstream stream;
try {
- DFA dfa(root, flags);
+ DFA dfa(root, flags, filedfa);
if (flags & DFA_DUMP_UNIQ_PERMS)
dfa.dump_uniq_perms("dfa");
@@ -219,7 +286,7 @@ void *aare_rules::create_dfa(size_t *size, int *min_match_len, dfaflags_t flags)
if (flags & DFA_DUMP_GRAPH)
dfa.dump_dot_graph(cerr);
- map<uchar, uchar> eq;
+ map<transchar, transchar> eq;
if (flags & DFA_CONTROL_EQUIV) {
eq = dfa.equivalence_classes(flags);
dfa.apply_equivalence_classes(eq);
diff --git a/parser/libapparmor_re/aare_rules.h b/parser/libapparmor_re/aare_rules.h
index 3cdfa09632764f356cbe8f7c17e385ca0250d7e5..ab88f0af0bf8063b674d2dfe367ba0de45864f62 100644
--- a/parser/libapparmor_re/aare_rules.h
+++ b/parser/libapparmor_re/aare_rules.h
@@ -103,8 +103,10 @@ class aare_rules {
bool add_rule(const char *rule, int deny, uint32_t perms,
uint32_t audit, dfaflags_t flags);
bool add_rule_vec(int deny, uint32_t perms, uint32_t audit, int count,
- const char **rulev, dfaflags_t flags);
- void *create_dfa(size_t *size, int *min_match_len, dfaflags_t flags);
+ const char **rulev, dfaflags_t flags, bool oob);
+ bool append_rule(const char *rule, bool oob, bool with_perm, dfaflags_t flags);
+ void *create_dfa(size_t *size, int *min_match_len, dfaflags_t flags,
+ bool filedfa);
};
#endif /* __LIBAA_RE_RULES_H */
diff --git a/parser/libapparmor_re/chfa.cc b/parser/libapparmor_re/chfa.cc
index 80d2bb38b2efc2547851875eb8a73d7a69e8411c..55adfbf7d0684ee864cdb01bac06489e1c38ef46 100644
--- a/parser/libapparmor_re/chfa.cc
+++ b/parser/libapparmor_re/chfa.cc
@@ -49,21 +49,22 @@ void CHFA::init_free_list(vector<pair<size_t, size_t> > &free_list,
/**
* new Construct the transition table.
*/
-CHFA::CHFA(DFA &dfa, map<uchar, uchar> &eq, dfaflags_t flags): eq(eq)
+CHFA::CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags): eq(eq)
{
if (flags & DFA_DUMP_TRANS_PROGRESS)
fprintf(stderr, "Compressing HFA:\r");
+ chfaflags = 0;
if (dfa.diffcount)
- chfaflags = YYTH_FLAG_DIFF_ENCODE;
- else
- chfaflags = 0;
+ chfaflags |= YYTH_FLAG_DIFF_ENCODE;
+ if (dfa.oob_range)
+ chfaflags |= YYTH_FLAG_OOB_TRANS;
if (eq.empty())
max_eq = 255;
else {
max_eq = 0;
- for (map<uchar, uchar>::iterator i = eq.begin();
+ for (map<transchar, transchar>::iterator i = eq.begin();
i != eq.end(); i++) {
if (i->second > max_eq)
max_eq = i->second;
@@ -85,9 +86,9 @@ CHFA::CHFA(DFA &dfa, map<uchar, uchar> &eq, dfaflags_t flags): eq(eq)
size_t range = 0;
if ((*i)->trans.size())
range =
- (*i)->trans.rbegin()->first -
- (*i)->trans.begin()->first;
- size_t ord = ((256 - (*i)->trans.size()) << 8) | (256 - range);
+ (*i)->trans.rbegin()->first.c -
+ (*i)->trans.begin()->first.c;
+ size_t ord = ((dfa.max_range - (*i)->trans.size()) << dfa.ord_range) | (dfa.max_range - range);
/* reverse sort by entry count, most entries first */
order.insert(make_pair(ord, *i));
}
@@ -100,7 +101,7 @@ CHFA::CHFA(DFA &dfa, map<uchar, uchar> &eq, dfaflags_t flags): eq(eq)
accept.resize(max(dfa.states.size(), (size_t) 2));
accept2.resize(max(dfa.states.size(), (size_t) 2));
- next_check.resize(max(optimal, (size_t) 256));
+ next_check.resize(max(optimal, (size_t) dfa.max_range));
free_list.resize(next_check.size());
accept[0] = 0;
@@ -166,12 +167,15 @@ bool CHFA::fits_in(vector<pair<size_t, size_t> > &free_list
__attribute__ ((unused)), size_t pos,
StateTrans &trans)
{
- size_t c, base = pos - trans.begin()->first;
+ ssize_t c, base = pos - trans.begin()->first.c;
+
+ if (base < 0)
+ return false;
for (StateTrans::iterator i = trans.begin(); i != trans.end(); i++) {
- c = base + i->first;
+ c = base + i->first.c;
/* if it overflows the next_check array it fits in as we will
* resize */
- if (c >= next_check.size())
+ if (c >= (ssize_t) next_check.size())
return true;
if (next_check[c].second)
return false;
@@ -187,13 +191,13 @@ void CHFA::insert_state(vector<pair<size_t, size_t> > &free_list,
State *from, DFA &dfa)
{
State *default_state = dfa.nonmatching;
- size_t base = 0;
+ ssize_t base = 0;
int resize;
StateTrans &trans = from->trans;
- size_t c = trans.begin()->first;
- size_t prev = 0;
- size_t x = first_free;
+ ssize_t c = trans.begin()->first.c;
+ ssize_t prev = 0;
+ ssize_t x = first_free;
if (from->otherwise)
default_state = from->otherwise;
@@ -203,7 +207,7 @@ void CHFA::insert_state(vector<pair<size_t, size_t> > &free_list,
repeat:
resize = 0;
/* get the first free entry that won't underflow */
- while (x && (x < c)) {
+ while (x && ((x < c) || (x + c < 0))) {
prev = x;
x = free_list[x].second;
}
@@ -214,17 +218,17 @@ repeat:
x = free_list[x].second;
}
if (!x) {
- resize = 256 - trans.begin()->first;
+ resize = dfa.upper_bound - c;
x = free_list.size();
/* set prev to last free */
- } else if (x + 255 - trans.begin()->first >= next_check.size()) {
- resize = (255 - trans.begin()->first - (next_check.size() - 1 - x));
+ } else if (x + (dfa.upper_bound - 1) - c >= (ssize_t) next_check.size()) {
+ resize = ((dfa.upper_bound -1) - c - (next_check.size() - 1 - x));
for (size_t y = x; y; y = free_list[y].second)
prev = y;
}
if (resize) {
/* expand next_check and free_list */
- size_t old_size = free_list.size();
+ ssize_t old_size = free_list.size();
next_check.resize(next_check.size() + resize);
free_list.resize(free_list.size() + resize);
init_free_list(free_list, prev, old_size);
@@ -236,18 +240,21 @@ repeat:
base = x - c;
for (StateTrans::iterator j = trans.begin(); j != trans.end(); j++) {
- next_check[base + j->first] = make_pair(j->second, from);
- size_t prev = free_list[base + j->first].first;
- size_t next = free_list[base + j->first].second;
+ next_check[base + j->first.c] = make_pair(j->second, from);
+ size_t prev = free_list[base + j->first.c].first;
+ size_t next = free_list[base + j->first.c].second;
if (prev)
free_list[prev].second = next;
if (next)
free_list[next].first = prev;
- if (base + j->first == first_free)
+ if (base + j->first.c == first_free)
first_free = next;
}
do_insert:
+ if (c < 0) {
+ base |= MATCH_FLAG_OOB_TRANSITION;
+ }
if (from->flags & DiffEncodeFlag)
base |= DiffEncodeBit32;
default_base.push_back(make_pair(default_state, base));
@@ -291,7 +298,7 @@ void CHFA::dump(ostream &os)
if (eq.size())
os << offs;
else
- os << (uchar) offs;
+ os << (transchar) offs;
}
os << "\n";
}
@@ -339,10 +346,13 @@ template<class Iter>
case 4:
os.put((char)(*pos >> 24));
os.put((char)(*pos >> 16));
+ /* Fall through */
case 2:
os.put((char)(*pos >> 8));
+ /* Fall through */
case 1:
os.put((char)*pos);
+ /* Fall through */
}
}
@@ -379,8 +389,8 @@ void CHFA::flex_table(ostream &os, const char *name)
vector<uint8_t> equiv_vec;
if (eq.size()) {
equiv_vec.resize(256);
- for (map<uchar, uchar>::iterator i = eq.begin(); i != eq.end(); i++) {
- equiv_vec[i->first] = i->second;
+ for (map<transchar, transchar>::iterator i = eq.begin(); i != eq.end(); i++) {
+ equiv_vec[i->first.c] = i->second.c;
}
}
@@ -399,10 +409,10 @@ void CHFA::flex_table(ostream &os, const char *name)
}
/* Write the actual flex parser table. */
-
+ /* TODO: add max_oob */
size_t hsize = pad64(sizeof(th) + sizeof(th_version) + strlen(name) + 1);
th.th_magic = htonl(YYTH_REGEX_MAGIC);
- th.th_flags = htonl(chfaflags);
+ th.th_flags = htons(chfaflags);
th.th_hsize = htonl(hsize);
th.th_ssize = htonl(hsize +
flex_table_size(accept.begin(), accept.end()) +
diff --git a/parser/libapparmor_re/chfa.h b/parser/libapparmor_re/chfa.h
index 88f6820dc7350887aa566bfafa6f0c0cb78cccce..0577215dc0185912671ea42821346212a87121ac 100644
--- a/parser/libapparmor_re/chfa.h
+++ b/parser/libapparmor_re/chfa.h
@@ -28,6 +28,7 @@
#define BASE32_FLAGS 0xff000000
#define DiffEncodeBit32 0x80000000
+#define MATCH_FLAG_OOB_TRANSITION 0x20000000
#define base_mask_size(X) ((X) & ~BASE32_FLAGS)
using namespace std;
@@ -36,7 +37,7 @@ class CHFA {
typedef vector<pair<const State *, size_t> > DefaultBase;
typedef vector<pair<const State *, const State *> > NextCheck;
public:
- CHFA(DFA &dfa, map<uchar, uchar> &eq, dfaflags_t flags);
+ CHFA(DFA &dfa, map<transchar, transchar> &eq, dfaflags_t flags);
void dump(ostream & os);
void flex_table(ostream &os, const char *name);
void init_free_list(vector<pair<size_t, size_t> > &free_list,
@@ -52,9 +53,9 @@ class CHFA {
DefaultBase default_base;
NextCheck next_check;
map<const State *, size_t> num;
- map<uchar, uchar> &eq;
- uchar max_eq;
- size_t first_free;
+ map<transchar, transchar> &eq;
+ transchar max_eq;
+ ssize_t first_free;
unsigned int chfaflags;
};
diff --git a/parser/libapparmor_re/expr-tree.cc b/parser/libapparmor_re/expr-tree.cc
index a80f9037f17552ae11fb45d3a2e43b24d1958bf6..b3005f6fdcc1ab9d7b08ea0dec5e84199246f7d1 100644
--- a/parser/libapparmor_re/expr-tree.cc
+++ b/parser/libapparmor_re/expr-tree.cc
@@ -41,19 +41,38 @@
/* Use a single static EpsNode as it carries no node specific information */
EpsNode epsnode;
-ostream &operator<<(ostream &os, uchar c)
+ostream &transchar::dump(ostream &os) const
+{
+ const char *search = "\a\033\f\n\r\t|*+[](). ",
+ *replace = "aefnrt|*+[](). ", *s;
+
+ if (this->c < 0)
+ os << "-0x" << hex << -this->c << dec;
+ else if (this->c > 255)
+ os << "0x" << hex << this->c << dec;
+ else if ((s = strchr(search, this->c)) && *s != '\0')
+ os << '\\' << replace[s - search] << " 0x" << hex << this->c << dec;
+ else if (!isprint(this->c))
+ os << "0x" << hex << this->c << dec;
+ else
+ os << (char)this->c << " 0x" << hex << this->c << dec;
+ return os;
+}
+
+ostream &operator<<(ostream &os, transchar tc)
{
const char *search = "\a\033\f\n\r\t|*+[](). ",
*replace = "aefnrt|*+[](). ", *s;
+ short c = tc.c;
- if ((s = strchr(search, c)) && *s != '\0') {
+ if (c < 0)
+ os << "\\d" << "" << tc.c;
+ else if ((s = strchr(search, c)) && *s != '\0')
os << '\\' << replace[s - search];
- } else if (c < 32 || c >= 127) {
- os << '\\' << '0' << char ('0' + (c >> 6))
- << char ('0' + ((c >> 3) & 7)) << char ('0' + (c & 7));
- } else {
+ else if (!isprint(c))
+ os << "\\x" << hex << c << dec;
+ else
os << (char)c;
- }
return os;
}
@@ -534,6 +553,9 @@ static void count_tree_nodes(Node *t, struct node_counts *counts)
} else if (dynamic_cast<StarNode *>(t)) {
counts->star++;
count_tree_nodes(t->child[0], counts);
+ } else if (dynamic_cast<OptionalNode *>(t)) {
+ counts->optional++;
+ count_tree_nodes(t->child[0], counts);
} else if (dynamic_cast<CharNode *>(t)) {
counts->charnode++;
} else if (dynamic_cast<AnyCharNode *>(t)) {
@@ -549,12 +571,17 @@ static void count_tree_nodes(Node *t, struct node_counts *counts)
#include "stdint.h"
#include "apparmor_re.h"
+// maximum number of passes to iterate on the expression tree doing
+// simplification passes. Simplification may exit sooner if no changes
+// are made.
+#define MAX_PASSES 1
Node *simplify_tree(Node *t, dfaflags_t flags)
{
- bool update;
+ bool update = true;
+ int i;
if (flags & DFA_DUMP_TREE_STATS) {
- struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0 };
+ struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
count_tree_nodes(t, &counts);
fprintf(stderr,
"expr tree: c %d, [] %d, [^] %d, | %d, + %d, * %d, . %d, cat %d\n",
@@ -562,7 +589,7 @@ Node *simplify_tree(Node *t, dfaflags_t flags)
counts.alt, counts.plus, counts.star, counts.any,
counts.cat);
}
- do {
+ for (i = 0; update && i < MAX_PASSES; i++) {
update = false;
//default to right normalize first as this reduces the number
//of trailing nodes which might follow an internal *
@@ -588,9 +615,9 @@ Node *simplify_tree(Node *t, dfaflags_t flags)
else
dir--;
}
- } while (update);
+ }
if (flags & DFA_DUMP_TREE_STATS) {
- struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0 };
+ struct node_counts counts = { 0, 0, 0, 0, 0, 0, 0, 0, 0 };
count_tree_nodes(t, &counts);
fprintf(stderr,
"simplified expr tree: c %d, [] %d, [^] %d, | %d, + %d, * %d, . %d, cat %d\n",
diff --git a/parser/libapparmor_re/expr-tree.h b/parser/libapparmor_re/expr-tree.h
index a67fab55e86c79c78edb2ee5f306dafcbcb358e0..de73f854ed07e68892ddff2bc50c49f15999181f 100644
--- a/parser/libapparmor_re/expr-tree.h
+++ b/parser/libapparmor_re/expr-tree.h
@@ -45,10 +45,139 @@
using namespace std;
-typedef unsigned char uchar;
-typedef set<uchar> Chars;
+/*
+ * transchar - representative input character for state transitions
+ *
+ * the transchar is used as the leaf node in the expr tree created
+ * by parsing an input regex (parse.y), and is used to build both the
+ * states and the transitions for a state machine (hfa.{h,cc}) built
+ * from the expression tree.
+ *
+ * While the state machine is currently based on byte inputs the
+ * transchar abstraction allows for flexibility and the option of
+ * moving to a larger input in the future. It also allows the ability
+ * to specify out of band transitions.
+ *
+ * Out of band transitions allow for code to specify special transitions
+ * that can not be triggered by an input byte stream. As such out of
+ * band transitions can be used to separate logical units of a match.
+ *
+ * eg.
+ * you need to allow an arbitrary data match (.*) followed by an arbitrary
+ * string match ([^\x00]*), and make an acceptance dission based
+ * on both matches.
+ *
+ * One way to do this is to chain the two matches in a single state
+ * machine. However without an out of band transition, the matche pattern
+ * for the data match (.*) could also consume the input for the string match.
+ * To ensure the data pattern match cannot consume characters for the second
+ * match a special character is used. This prevents state machine
+ * generation from intermixing the two expressions. For string matches
+ * this can be achieved with the pattern.
+ * ([^\x00]*)\x00([\x00]*)
+ * since \x00 can not be matched by the first expression (and is not a
+ * valid character in a C string), the nul character can be used to
+ * separate the string match. This however is not possible when matching
+ * arbitrary data that can have any input character.
+ *
+ * Out of band transitions replace the \x00 transition in the string
+ * example with a new input transition that comes from the driver
+ * code. Once the first match is done, the driver supplies the non-input
+ * character, causing the state machine to transition to the second
+ * match pattern.
+ *
+ * Out of band transitions are specified using negative integers
+ * (-1..-32k). They llow for different transitions if needed (currently
+ * only -1 is used).
+ *
+ * Negative integers were chosen to represent out of band transitions
+ * because it makes the run time match simple, and also keeps the
+ * upper positive integer range open for future input character
+ * expansion.
+ *
+ * When a chfa is built, the out of band transition is encoded as
+ * a negative offset of the same value specified in the transchar from the
+ * state base base value. The check value at the negative offset will
+ * contain the owning state value. The chfa state machine is constructed
+ * in such a way that this value will always be in bounds, and only an
+ * unpack time verification is needed.
+ */
+class transchar {
+public:
+ short c;
-ostream &operator<<(ostream &os, uchar c);
+ transchar(unsigned char a): c((unsigned short) a) {}
+ transchar(short a, bool oob __attribute__((unused))): c(a) {}
+ transchar(const transchar &a): c(a.c) {}
+ transchar(): c(0) {}
+
+ bool operator==(const transchar &rhs) const {
+ return this->c == rhs.c;
+ }
+ bool operator==(const int &rhs) const {
+ return this->c == rhs;
+ }
+ bool operator!=(const transchar &rhs) const {
+ return this->c != rhs.c;
+ }
+ bool operator>(const transchar &rhs) const {
+ return this->c > rhs.c;
+ }
+ bool operator<(const transchar &rhs) const {
+ return this->c < rhs.c;
+ }
+ bool operator<=(const transchar &rhs) const {
+ return this->c <= rhs.c;
+ }
+ transchar &operator++() { // prefix
+ (this->c)++;
+ return *this;
+ }
+ transchar operator++(int) { // postfix
+ transchar tmp(*this);
+ (this->c)++;
+ return tmp;
+ }
+
+ ostream &dump(ostream &os) const;
+
+};
+
+class Chars {
+public:
+ set<transchar> chars;
+
+ typedef set<transchar>::iterator iterator;
+ iterator begin() { return chars.begin(); }
+ iterator end() { return chars.end(); }
+
+ Chars(): chars() {}
+
+ bool empty() const
+ {
+ return chars.empty();
+ }
+ std::size_t size() const
+ {
+ return chars.size();
+ }
+ iterator find(const transchar &key)
+ {
+ return chars.find(key);
+ }
+ pair<iterator,bool> insert(transchar c)
+ {
+ return chars.insert(c);
+ }
+ pair<iterator,bool> insert(char c)
+ {
+ transchar tmp(c);
+ return chars.insert(tmp);
+ }
+};
+
+
+ostream &operator<<(ostream &os, transchar c);
/* Compute the union of two sets. */
template<class T> set<T> operator+(const set<T> &a, const set<T> &b)
@@ -82,12 +211,12 @@ ostream &operator<<(ostream &os, const NodeSet &state);
* enumerating all the explicit tranitions for default matches.
*/
typedef struct Cases {
- typedef map<uchar, NodeSet *>::iterator iterator;
+ typedef map<transchar, NodeSet *>::iterator iterator;
iterator begin() { return cases.begin(); }
iterator end() { return cases.end(); }
Cases(): otherwise(0) { }
- map<uchar, NodeSet *> cases;
+ map<transchar, NodeSet *> cases;
NodeSet *otherwise;
} Cases;
@@ -116,8 +245,28 @@ public:
}
/**
- * See the "Dragon Book" for an explanation of nullable, firstpos,
- * lastpos, and followpos.
+ * firstpos, lastpos, and followpos are used to convert the syntax tree
+ * to a DFA.
+ *
+ * firstpos holds nodes that can match the first character of a string
+ * that matches the syntax tree. For the regex 'a*bcd', firstpos holds
+ * the 'a' and 'b' nodes. firstpos is used to determine the start state
+ * of the DFA.
+ *
+ * lastpos is the same as firstpos for the last character. For the regex
+ * 'a*bcd', lastpos holds the 'd' node. lastpos is used to determine the
+ * accepting states of the DFA.
+ *
+ * followpos holds the set of nodes that can match a character directly
+ * after the current node. For the regexp 'a*bcd', the followpos of the
+ * 'a' node are the 'b' node and the 'a' node itself. followpos is used
+ * to determine the transitions of the DFA.
+ *
+ * nullable indicates that a node can match the empty string. It is used
+ * to compute firstpos and lastpos.
+ *
+ * See the "Dragon Book" 2nd Edition section 3.9.2 for an in-depth
+ * explanation.
*/
virtual void compute_nullable() { }
virtual void compute_firstpos() = 0;
@@ -130,11 +279,11 @@ public:
*/
virtual int min_match_len() { return 0; }
/*
- * contains_null returns if the expression tree contains a null character.
- * Null characters indicate that the rest of the DFA matches the xattrs and
- * not the path. This is used to compute min_match_len.
+ * contains_oob returns if the expression tree contains a oob character.
+ * oob characters indicate that the rest of the DFA matches has an
+ * out of band transition. This is used to compute min_match_len.
*/
- virtual bool contains_null() { return false; }
+ virtual bool contains_oob() { return false; }
virtual int eq(Node *other) = 0;
virtual ostream &dump(ostream &os) = 0;
@@ -245,12 +394,12 @@ public:
/* Match one specific character (/c/). */
class CharNode: public CNode {
public:
- CharNode(uchar c): c(c) { }
+ CharNode(transchar c): c(c) { }
void follow(Cases &cases)
{
NodeSet **x = &cases.cases[c];
if (!*x) {
- if (cases.otherwise)
+ if (cases.otherwise && c.c >= 0)
*x = new NodeSet(*cases.otherwise);
else
*x = new NodeSet;
@@ -272,16 +421,19 @@ public:
int min_match_len()
{
- if (c == 0) {
- // Null character indicates end of string.
+ if (c < 0) {
+ // oob characters indicates end of string.
+ // note: does NOT currently calc match len
+ // base on NULL char separator transitions
+ // which some match rules use.
return 0;
}
return 1;
}
- bool contains_null() { return c == 0; }
+ bool contains_oob() { return c < 0; }
- uchar c;
+ transchar c;
};
/* Match a set of characters (/[abc]/). */
@@ -293,7 +445,7 @@ public:
for (Chars::iterator i = chars.begin(); i != chars.end(); i++) {
NodeSet **x = &cases.cases[*i];
if (!*x) {
- if (cases.otherwise)
+ if (cases.otherwise && i->c >= 0)
*x = new NodeSet(*cases.otherwise);
else
*x = new NodeSet;
@@ -324,16 +476,16 @@ public:
int min_match_len()
{
- if (contains_null()) {
+ if (contains_oob()) {
return 0;
}
return 1;
}
- bool contains_null()
+ bool contains_oob()
{
for (Chars::iterator i = chars.begin(); i != chars.end(); i++) {
- if (*i == 0) {
+ if (*i < 0) {
return true;
}
}
@@ -362,7 +514,8 @@ public:
cases.otherwise->insert(followpos.begin(), followpos.end());
for (Cases::iterator i = cases.begin(); i != cases.end();
i++) {
- if (chars.find(i->first) == chars.end())
+ /* does not match oob transition chars */
+ if (i->first.c >=0 && chars.find(i->first) == chars.end())
i->second->insert(followpos.begin(),
followpos.end());
}
@@ -390,16 +543,16 @@ public:
int min_match_len()
{
- if (contains_null()) {
- return 0;
- }
+ /* Inverse match does not match any oob char at this time
+ * so only count characters
+ */
return 1;
}
- bool contains_null()
+ bool contains_oob()
{
for (Chars::iterator i = chars.begin(); i != chars.end(); i++) {
- if (*i == 0) {
+ if (*i < 0) {
return false;
}
}
@@ -420,7 +573,9 @@ public:
cases.otherwise->insert(followpos.begin(), followpos.end());
for (Cases::iterator i = cases.begin(); i != cases.end();
i++)
- i->second->insert(followpos.begin(), followpos.end());
+ /* does not match oob transition chars */
+ if (i->first.c >= 0)
+ i->second->insert(followpos.begin(), followpos.end());
}
int eq(Node *other)
{
@@ -429,8 +584,6 @@ public:
return 0;
}
ostream &dump(ostream &os) { return os << "."; }
-
- bool contains_null() { return true; }
};
/* Match a node zero or more times. (This is a unary operator.) */
@@ -459,7 +612,27 @@ public:
return os << ")*";
}
- bool contains_null() { return child[0]->contains_null(); }
+ bool contains_oob() { return child[0]->contains_oob(); }
+};
+
+/* Match a node zero or one times. */
+class OptionalNode: public OneChildNode {
+public:
+ OptionalNode(Node *left): OneChildNode(left) { nullable = true; }
+ void compute_firstpos() { firstpos = child[0]->firstpos; }
+ void compute_lastpos() { lastpos = child[0]->lastpos; }
+ int eq(Node *other)
+ {
+ if (dynamic_cast<OptionalNode *>(other))
+ return child[0]->eq(other->child[0]);
+ return 0;
+ }
+ ostream &dump(ostream &os)
+ {
+ os << '(';
+ child[0]->dump(os);
+ return os << ")?";
+ }
};
/* Match a node one or more times. (This is a unary operator.) */
@@ -488,7 +661,7 @@ public:
return os << ")+";
}
int min_match_len() { return child[0]->min_match_len(); }
- bool contains_null() { return child[0]->contains_null(); }
+ bool contains_oob() { return child[0]->contains_oob(); }
};
/* Match a pair of consecutive nodes. */
@@ -539,18 +712,18 @@ public:
int min_match_len()
{
int len = child[0]->min_match_len();
- if (child[0]->contains_null()) {
- // Null characters are used to indicate when the DFA transitions
+ if (child[0]->contains_oob()) {
+ // oob characters are used to indicate when the DFA transitions
// from matching the path to matching the xattrs. If the left child
- // contains a null character, the right side doesn't contribute to
+ // contains an oob character, the right side doesn't contribute to
// the path match.
return len;
}
return len + child[1]->min_match_len();
}
- bool contains_null()
+ bool contains_oob()
{
- return child[0]->contains_null() || child[1]->contains_null();
+ return child[0]->contains_oob() || child[1]->contains_oob();
}
};
@@ -599,9 +772,9 @@ public:
}
return m2;
}
- bool contains_null()
+ bool contains_oob()
{
- return child[0]->contains_null() || child[1]->contains_null();
+ return child[0]->contains_oob() || child[1]->contains_oob();
}
};
@@ -693,6 +866,7 @@ struct node_counts {
int alt;
int plus;
int star;
+ int optional;
int any;
int cat;
};
diff --git a/parser/libapparmor_re/flex-tables.h b/parser/libapparmor_re/flex-tables.h
index efd05ac9a090116be71ee644755abfe5b5423487..6cd2959a187bf42eddb93bec9c42358e8739f5ac 100644
--- a/parser/libapparmor_re/flex-tables.h
+++ b/parser/libapparmor_re/flex-tables.h
@@ -6,6 +6,7 @@
#define YYTH_MAGIC 0xF13C57B1
#define YYTH_FLAG_DIFF_ENCODE 1
+#define YYTH_FLAG_OOB_TRANS 2
struct table_set_header {
uint32_t th_magic; /* TH_MAGIC */
diff --git a/parser/libapparmor_re/hfa.cc b/parser/libapparmor_re/hfa.cc
index 976e17b99f3ee70ea008e8a887034870b25c2370..6b0109133f7b4cce8ca70200bf92bc7fda047508 100644
--- a/parser/libapparmor_re/hfa.cc
+++ b/parser/libapparmor_re/hfa.cc
@@ -73,6 +73,15 @@ ostream &operator<<(ostream &os, const State &state)
return os;
}
+ostream &operator<<(ostream &os, State &state)
+{
+ /* dump the state label */
+ os << '{';
+ os << state.label;
+ os << '}';
+ return os;
+}
+
/**
* diff_weight - Find differential compression distance between @rel and @this
* @rel: State to compare too
@@ -91,9 +100,10 @@ ostream &operator<<(ostream &os, const State &state)
*
* Should be applied after state minimization
*/
-int State::diff_weight(State *rel)
+int State::diff_weight(State *rel, int max_range, int upper_bound)
{
int weight = 0;
+ int first = 0;
if (this == rel)
return 0;
@@ -108,8 +118,10 @@ int State::diff_weight(State *rel)
} else if (rel->diff->depth >= this->diff->depth)
return 0;
+ if (rel->trans.begin()->first.c < first)
+ first = rel->trans.begin()->first.c;
if (rel->flags & DiffEncodeFlag) {
- for (int i = 0; i < 256; i++) {
+ for (int i = first; i < upper_bound; i++) {
State *state = rel->next(i);
StateTrans::iterator j = trans.find(i);
if (j != trans.end()) {
@@ -175,7 +187,7 @@ int State::diff_weight(State *rel)
/* rel default transitions have to be masked with transitions
* This covers all transitions not covered above
*/
- weight -= 256 - (rel->trans.size() + this_count);
+ weight -= (max_range) - (rel->trans.size() + this_count);
}
return weight;
@@ -184,12 +196,14 @@ int State::diff_weight(State *rel)
/**
* make_relative - Make this state relative to @rel
* @rel: state to make this state relative too
+ * @upper_bound: the largest value for an input transition (256 for a byte).
*
* @rel can be a relative (differentially compressed state)
*/
-int State::make_relative(State *rel)
+int State::make_relative(State *rel, int upper_bound)
{
int weight = 0;
+ int first = 0;
if (this == rel || !rel)
return 0;
@@ -197,9 +211,12 @@ int State::make_relative(State *rel)
if (flags & DiffEncodeFlag)
return 0;
+ if (rel->trans.begin()->first.c < 0)
+ first = rel->trans.begin()->first.c;
+
flags |= DiffEncodeFlag;
- for (int i = 0; i < 256 ; i++) {
+ for (int i = first; i < upper_bound ; i++) {
State *next = rel->next(i);
StateTrans::iterator j = trans.find(i);
@@ -227,27 +244,33 @@ int State::make_relative(State *rel)
/**
* flatten_differential - remove differential encode from this state
+ * @nonmatching: the nonmatching state for the state machine
+ * @upper_bound: the largest value for an input transition (256 for a byte).
*/
-void State::flatten_relative(void)
+void State::flatten_relative(State *nonmatching, int upper_bound)
{
if (!(flags & DiffEncodeFlag))
return;
map<State *, int> count;
- for (int i = 0; i < 256; i++)
+ int first = 0;
+ if (next(-1) != nonmatching)
+ first = -1;
+
+ for (int i = first; i < upper_bound; i++)
count[next(i)] += 1;
- int j = 0;
- State *def = next(0);
- for (int i = 1; i < 256; i++) {
+ int j = first;
+ State *def = next(first);
+ for (int i = first + 1; i < upper_bound; i++) {
if (count[next(i)] > count[next(j)]) {
j = i;
def = next(i);
}
}
- for (int i = 0; i < 256; i++) {
+ for (int i = first; i < upper_bound; i++) {
if (trans.find(i) != trans.end()) {
if (trans[i] == def)
trans.erase(i);
@@ -286,7 +309,7 @@ State *DFA::add_new_state(NodeSet *anodes, NodeSet *nnodes, State *other)
ProtoState proto;
proto.init(nnodev, anodes);
- State *state = new State(node_map.size(), proto, other);
+ State *state = new State(node_map.size(), proto, other, filedfa);
pair<NodeMap::iterator,bool> x = node_map.insert(proto, state);
if (x.second == false) {
delete state;
@@ -348,8 +371,11 @@ void DFA::update_state_transitions(State *state)
/* Don't insert transition that the otherwise transition
* already covers
*/
- if (target != state->otherwise)
+ if (target != state->otherwise) {
state->trans[j->first] = target;
+ if (j->first.c < 0 && -j->first.c > oob_range)
+ oob_range = -j->first.c;
+ }
}
}
@@ -394,9 +420,13 @@ void DFA::process_work_queue(const char *header, dfaflags_t flags)
/**
* Construct a DFA from a syntax tree.
*/
-DFA::DFA(Node *root, dfaflags_t flags): root(root)
+DFA::DFA(Node *root, dfaflags_t flags, bool buildfiledfa): root(root), filedfa(buildfiledfa)
{
diffcount = 0; /* set by diff_encode */
+ max_range = 256;
+ upper_bound = 256;
+ oob_range = 0;
+ ord_range = 8;
if (flags & DFA_DUMP_PROGRESS)
fprintf(stderr, "Creating dfa:\r");
@@ -428,7 +458,10 @@ DFA::DFA(Node *root, dfaflags_t flags): root(root)
*/
work_queue.push_back(start);
process_work_queue("Creating dfa", flags);
-
+ max_range += oob_range;
+ /* if oob_range is ever greater than 256 need to move to computing this */
+ if (oob_range)
+ ord_range = 9;
/* cleanup Sets of nodes used computing the DFA as they are no longer
* needed.
*/
@@ -746,21 +779,16 @@ void DFA::minimize(dfaflags_t flags)
c = rep->trans.erase(c);
}
-//if ((*p)->size() > 1)
-//cerr << rep->label << ": ";
/* clear the state label for all non representative states,
* and accumulate permissions */
for (Partition::iterator i = ++(*p)->begin(); i != (*p)->end(); i++) {
-//cerr << " " << (*i)->label;
if (flags & DFA_DUMP_MIN_PARTS)
cerr << **i << ", ";
(*i)->label = -1;
- rep->perms.add((*i)->perms);
+ rep->perms.add((*i)->perms, filedfa);
}
if (rep->perms.is_accept())
final_accept++;
-//if ((*p)->size() > 1)
-//cerr << "\n";
if (flags & DFA_DUMP_MIN_PARTS)
cerr << "\n";
}
@@ -827,7 +855,7 @@ static unsigned int add_to_dag(DiffDag *dag, State *state,
return rc;
}
-static int diff_partition(State *state, Partition &part, State **candidate)
+static int diff_partition(State *state, Partition &part, int max_range, int upper_bound, State **candidate)
{
int weight = 0;
*candidate = NULL;
@@ -836,7 +864,7 @@ static int diff_partition(State *state, Partition &part, State **candidate)
if (*i == state)
continue;
- int tmp = state->diff_weight(*i);
+ int tmp = state->diff_weight(*i, max_range, upper_bound);
if (tmp > weight) {
weight = tmp;
*candidate = *i;
@@ -923,14 +951,14 @@ void DFA::diff_encode(dfaflags_t flags)
State *candidate = NULL;
int weight = diff_partition(state,
- state->otherwise->diff->parents,
- &candidate);
+ state->otherwise->diff->parents, max_range,
+ upper_bound, &candidate);
for (StateTrans::iterator j = state->trans.begin(); j != state->trans.end(); j++) {
State *tmp_candidate;
int tmp = diff_partition(state,
- j->second->diff->parents,
- &tmp_candidate);
+ j->second->diff->parents, max_range,
+ upper_bound, &tmp_candidate);
if (tmp > weight) {
weight = tmp;
candidate = tmp_candidate;
@@ -958,7 +986,7 @@ void DFA::diff_encode(dfaflags_t flags)
diffcount = 0;
for (int i = tail - 1; i > 1; i--) {
if (dag[i].rel) {
- int weight = dag[i].state->make_relative(dag[i].rel);
+ int weight = dag[i].state->make_relative(dag[i].rel, upper_bound);
aweight += weight;
diffcount++;
}
@@ -991,7 +1019,7 @@ void DFA::diff_encode(dfaflags_t flags)
void DFA::undiff_encode(void)
{
for (Partition::iterator i = states.begin(); i != states.end(); i++)
- (*i)->flatten_relative();
+ (*i)->flatten_relative(nonmatching, upper_bound);
diffcount = 0;
}
@@ -1058,39 +1086,52 @@ void DFA::dump(ostream & os)
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
Chars excluded;
+ bool first = true;
for (StateTrans::iterator j = (*i)->trans.begin();
j != (*i)->trans.end(); j++) {
if (j->second == nonmatching) {
excluded.insert(j->first);
} else {
- os << **i;
- if ((*i)->perms.is_accept())
- os << " ", (*i)->perms.dump(os);
- os << " -> " << *(j)->second << ": 0x"
- << hex << (int) j->first;
- if (isprint(j->first))
- os << " " << j->first;
- os << dec << "\n";
+ if (first) {
+ first = false;
+ os << **i << " perms: ";
+ if ((*i)->perms.is_accept())
+ (*i)->perms.dump(os);
+ else
+ os << "none";
+ os << "\n";
+ }
+ os << " "; j->first.dump(os) << " -> " <<
+ *(j)->second;
+ if ((j)->second->perms.is_accept())
+ os << " ", (j->second)->perms.dump(os);
+ os << "\n";
}
}
if ((*i)->otherwise != nonmatching) {
- os << **i;
- if ((*i)->perms.is_accept())
- os << " ", (*i)->perms.dump(os);
- os << " -> " << *(*i)->otherwise << ": [";
+ if (first) {
+ first = false;
+ os << **i << " perms: ";
+ if ((*i)->perms.is_accept())
+ (*i)->perms.dump(os);
+ else
+ os << "none";
+ os << "\n";
+ }
+ os << " [";
if (!excluded.empty()) {
os << "^";
for (Chars::iterator k = excluded.begin();
k != excluded.end(); k++) {
- if (isprint(*k))
- os << *k;
- else
- os << "\\0x" << hex << (int) *k << dec;
+ os << *k;
}
}
- os << "]\n";
+ os << "] -> " << *(*i)->otherwise;
+ if ((*i)->otherwise->perms.is_accept())
+ os << " ", (*i)->otherwise->perms.dump(os);
+ os << "\n";
}
}
os << "\n";
@@ -1128,11 +1169,7 @@ void DFA::dump_dot_graph(ostream & os)
os << "\t\"" << **i << "\" -> \"" << *j->second
<< "\" [" << "\n";
os << "\t\tlabel=\"";
- if (isprint(j->first))
- os << j->first;
- else
- os << "\\0x" << hex << (int) j->first << dec;
-
+ j->first.dump(os);
os << "\"\n\t]" << "\n";
}
}
@@ -1143,10 +1180,7 @@ void DFA::dump_dot_graph(ostream & os)
os << "\t\tlabel=\"[^";
for (Chars::iterator i = excluded.begin();
i != excluded.end(); i++) {
- if (isprint(*i))
- os << *i;
- else
- os << "\\0x" << hex << (int) *i << dec;
+ i->dump(os);
}
os << "]\"" << "\n";
}
@@ -1160,42 +1194,44 @@ void DFA::dump_dot_graph(ostream & os)
* Compute character equivalence classes in the DFA to save space in the
* transition table.
*/
-map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
+map<transchar, transchar> DFA::equivalence_classes(dfaflags_t flags)
{
- map<uchar, uchar> classes;
- uchar next_class = 1;
+ map<transchar, transchar> classes;
+ transchar next_class = 1;
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
/* Group edges to the same next state together */
map<const State *, Chars> node_sets;
- for (StateTrans::iterator j = (*i)->trans.begin(); j != (*i)->trans.end(); j++)
+ for (StateTrans::iterator j = (*i)->trans.begin(); j != (*i)->trans.end(); j++) {
+ if (j->first.c < 0)
+ continue;
node_sets[j->second].insert(j->first);
-
+ }
for (map<const State *, Chars>::iterator j = node_sets.begin();
j != node_sets.end(); j++) {
/* Group edges to the same next state together by class */
- map<uchar, Chars> node_classes;
+ map<transchar, Chars> node_classes;
bool class_used = false;
for (Chars::iterator k = j->second.begin();
k != j->second.end(); k++) {
- pair<map<uchar, uchar>::iterator, bool> x = classes.insert(make_pair(*k, next_class));
+ pair<map<transchar, transchar>::iterator, bool> x = classes.insert(make_pair(*k, next_class));
if (x.second)
class_used = true;
- pair<map<uchar, Chars>::iterator, bool> y = node_classes.insert(make_pair(x.first->second, Chars()));
+ pair<map<transchar, Chars>::iterator, bool> y = node_classes.insert(make_pair(x.first->second, Chars()));
y.first->second.insert(*k);
}
if (class_used) {
next_class++;
class_used = false;
}
- for (map<uchar, Chars>::iterator k = node_classes.begin();
+ for (map<transchar, Chars>::iterator k = node_classes.begin();
k != node_classes.end(); k++) {
/**
* If any other characters are in the same class, move
* the characters in this class into their own new
* class
*/
- map<uchar, uchar>::iterator l;
+ map<transchar, transchar>::iterator l;
for (l = classes.begin(); l != classes.end(); l++) {
if (l->second == k->first &&
k->second.find(l->first) == k->second.end()) {
@@ -1217,24 +1253,24 @@ map<uchar, uchar> DFA::equivalence_classes(dfaflags_t flags)
if (flags & DFA_DUMP_EQUIV_STATS)
fprintf(stderr, "Equiv class reduces to %d classes\n",
- next_class - 1);
+ next_class.c - 1);
return classes;
}
/**
* Text-dump the equivalence classes (for debugging).
*/
-void dump_equivalence_classes(ostream &os, map<uchar, uchar> &eq)
+void dump_equivalence_classes(ostream &os, map<transchar, transchar> &eq)
{
- map<uchar, Chars> rev;
+ map<transchar, Chars> rev;
- for (map<uchar, uchar>::iterator i = eq.begin(); i != eq.end(); i++) {
+ for (map<transchar, transchar>::iterator i = eq.begin(); i != eq.end(); i++) {
Chars &chars = rev.insert(make_pair(i->second, Chars())).first->second;
chars.insert(i->first);
}
os << "(eq):" << "\n";
- for (map<uchar, Chars>::iterator i = rev.begin(); i != rev.end(); i++) {
- os << (int)i->first << ':';
+ for (map<transchar, Chars>::iterator i = rev.begin(); i != rev.end(); i++) {
+ os << i->first.c << ':';
Chars &chars = i->second;
for (Chars::iterator j = chars.begin(); j != chars.end(); j++) {
os << ' ' << *j;
@@ -1247,17 +1283,20 @@ void dump_equivalence_classes(ostream &os, map<uchar, uchar> &eq)
* Replace characters with classes (which are also represented as
* characters) in the DFA transition table.
*/
-void DFA::apply_equivalence_classes(map<uchar, uchar> &eq)
+void DFA::apply_equivalence_classes(map<transchar, transchar> &eq)
{
/**
* Note: We only transform the transition table; the nodes continue to
* contain the original characters.
*/
for (Partition::iterator i = states.begin(); i != states.end(); i++) {
- map<uchar, State *> tmp;
+ map<transchar, State *> tmp;
tmp.swap((*i)->trans);
- for (StateTrans::iterator j = tmp.begin(); j != tmp.end(); j++)
+ for (StateTrans::iterator j = tmp.begin(); j != tmp.end(); j++) {
+ if (j->first.c < 0)
+ continue;
(*i)->trans.insert(make_pair(eq[j->first], j->second));
+ }
}
}
@@ -1301,7 +1340,7 @@ static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
* have any exact matches, then they override the execute and safe
* execute flags.
*/
-int accept_perms(NodeSet *state, perms_t &perms)
+int accept_perms(NodeSet *state, perms_t &perms, bool filedfa)
{
int error = 0;
uint32_t exact_match_allow = 0;
@@ -1318,7 +1357,7 @@ int accept_perms(NodeSet *state, perms_t &perms)
continue;
if (dynamic_cast<ExactMatchFlag *>(match)) {
/* exact match only ever happens with x */
- if (!is_merged_x_consistent(exact_match_allow,
+ if (filedfa && !is_merged_x_consistent(exact_match_allow,
match->flag))
error = 1;;
exact_match_allow |= match->flag;
@@ -1327,16 +1366,20 @@ int accept_perms(NodeSet *state, perms_t &perms)
perms.deny |= match->flag;
perms.quiet |= match->audit;
} else {
- if (!is_merged_x_consistent(perms.allow, match->flag))
+ if (filedfa && !is_merged_x_consistent(perms.allow, match->flag))
error = 1;
perms.allow |= match->flag;
perms.audit |= match->audit;
}
}
- perms.allow |= exact_match_allow & ~(ALL_AA_EXEC_TYPE);
- perms.audit |= exact_audit & ~(ALL_AA_EXEC_TYPE);
-
+ if (filedfa) {
+ perms.allow |= exact_match_allow & ~(ALL_AA_EXEC_TYPE);
+ perms.audit |= exact_audit & ~(ALL_AA_EXEC_TYPE);
+ } else {
+ perms.allow |= exact_match_allow;
+ perms.audit |= exact_audit;
+ }
if (exact_match_allow & AA_USER_EXEC) {
perms.allow = (exact_match_allow & AA_USER_EXEC_TYPE) |
(perms.allow & ~AA_USER_EXEC_TYPE);
@@ -1347,10 +1390,10 @@ int accept_perms(NodeSet *state, perms_t &perms)
(perms.allow & ~AA_OTHER_EXEC_TYPE);
perms.exact |= AA_OTHER_EXEC_TYPE;
}
- if (AA_USER_EXEC & perms.deny)
+ if (filedfa && (AA_USER_EXEC & perms.deny))
perms.deny |= AA_USER_EXEC_TYPE;
- if (AA_OTHER_EXEC & perms.deny)
+ if (filedfa && (AA_OTHER_EXEC & perms.deny))
perms.deny |= AA_OTHER_EXEC_TYPE;
perms.allow &= ~perms.deny;
diff --git a/parser/libapparmor_re/hfa.h b/parser/libapparmor_re/hfa.h
index f8fe3d31f25505115d4af483d9bd62b3ebc1f442..3ad7aaaa4d4c70faf0ec7b8dc2b060a07ba9a8b8 100644
--- a/parser/libapparmor_re/hfa.h
+++ b/parser/libapparmor_re/hfa.h
@@ -37,14 +37,17 @@
class State;
-typedef map<uchar, State *> StateTrans;
+typedef map<transchar, State *> StateTrans;
typedef list<State *> Partition;
#include "../immunix.h"
+ostream &operator<<(ostream &os, const State &state);
+ostream &operator<<(ostream &os, State &state);
+
class perms_t {
public:
- perms_t(void) throw(int): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
+ perms_t(void): allow(0), deny(0), audit(0), quiet(0), exact(0) { };
bool is_accept(void) { return (allow | audit | quiet); }
@@ -56,11 +59,11 @@ public:
}
void clear(void) { allow = deny = audit = quiet = 0; }
- void add(perms_t &rhs)
+ void add(perms_t &rhs, bool filedfa)
{
deny |= rhs.deny;
- if (!is_merged_x_consistent(allow & ALL_USER_EXEC,
+ if (filedfa && !is_merged_x_consistent(allow & ALL_USER_EXEC,
rhs.allow & ALL_USER_EXEC)) {
if ((exact & AA_USER_EXEC_TYPE) &&
!(rhs.exact & AA_USER_EXEC_TYPE)) {
@@ -71,10 +74,10 @@ public:
(rhs.allow & AA_USER_EXEC_TYPE);
} else
throw 1;
- } else
+ } else if (filedfa)
allow |= rhs.allow & AA_USER_EXEC_TYPE;
- if (!is_merged_x_consistent(allow & ALL_OTHER_EXEC,
+ if (filedfa && !is_merged_x_consistent(allow & ALL_OTHER_EXEC,
rhs.allow & ALL_OTHER_EXEC)) {
if ((exact & AA_OTHER_EXEC_TYPE) &&
!(rhs.exact & AA_OTHER_EXEC_TYPE)) {
@@ -85,11 +88,13 @@ public:
(rhs.allow & AA_OTHER_EXEC_TYPE);
} else
throw 1;
- } else
+ } else if (filedfa)
allow |= rhs.allow & AA_OTHER_EXEC_TYPE;
-
- allow = (allow | (rhs.allow & ~ALL_AA_EXEC_TYPE));
+ if (filedfa)
+ allow = (allow | (rhs.allow & ~ALL_AA_EXEC_TYPE));
+ else
+ allow |= rhs.allow;
audit |= rhs.audit;
quiet = (quiet | rhs.quiet);
@@ -128,7 +133,7 @@ public:
uint32_t allow, deny, audit, quiet, exact;
};
-int accept_perms(NodeSet *state, perms_t &perms);
+int accept_perms(NodeSet *state, perms_t &perms, bool filedfa);
/*
* ProtoState - NodeSet and ancillery information used to create a state
@@ -192,7 +197,7 @@ struct DiffDag {
*/
class State {
public:
- State(int l, ProtoState &n, State *other) throw(int):
+ State(int l, ProtoState &n, State *other, bool filedfa):
label(l), flags(0), perms(), trans()
{
int error;
@@ -205,14 +210,14 @@ public:
proto = n;
/* Compute permissions associated with the State. */
- error = accept_perms(n.anodes, perms);
+ error = accept_perms(n.anodes, perms, filedfa);
if (error) {
//cerr << "Failing on accept perms " << error << "\n";
throw error;
}
};
- State *next(uchar c) {
+ State *next(transchar c) {
State *state = this;
do {
StateTrans::iterator i = state->trans.find(c);
@@ -229,9 +234,18 @@ public:
return NULL;
}
- int diff_weight(State *rel);
- int make_relative(State *rel);
- void flatten_relative(void);
+ ostream &dump(ostream &os)
+ {
+ cerr << *this << "\n";
+ for (StateTrans::iterator i = trans.begin(); i != trans.end(); i++) {
+ os << " " << i->first.c << " -> " << *i->second << "\n";
+ }
+ return os;
+ }
+
+ int diff_weight(State *rel, int max_range, int upper_bound);
+ int make_relative(State *rel, int upper_bound);
+ void flatten_relative(State *, int upper_bound);
int apply_and_clear_deny(void) { return perms.apply_and_clear_deny(); }
@@ -249,8 +263,6 @@ public:
};
};
-ostream &operator<<(ostream &os, const State &state);
-
class NodeMap: public CacheStats
{
public:
@@ -306,7 +318,7 @@ class DFA {
list<State *> work_queue;
public:
- DFA(Node *root, dfaflags_t flags);
+ DFA(Node *root, dfaflags_t flags, bool filedfa);
virtual ~DFA();
State *match_len(State *state, const char *str, size_t len);
@@ -326,15 +338,20 @@ public:
void dump_dot_graph(ostream &os);
void dump_uniq_perms(const char *s);
- map<uchar, uchar> equivalence_classes(dfaflags_t flags);
- void apply_equivalence_classes(map<uchar, uchar> &eq);
+ map<transchar, transchar> equivalence_classes(dfaflags_t flags);
+ void apply_equivalence_classes(map<transchar, transchar> &eq);
unsigned int diffcount;
+ int oob_range;
+ int max_range;
+ int ord_range;
+ int upper_bound;
Node *root;
State *nonmatching, *start;
Partition states;
+ bool filedfa;
};
-void dump_equivalence_classes(ostream &os, map<uchar, uchar> &eq);
+void dump_equivalence_classes(ostream &os, map<transchar, transchar> &eq);
#endif /* __LIBAA_RE_HFA_H */
diff --git a/parser/libapparmor_re/parse.y b/parser/libapparmor_re/parse.y
index 3ec07e12c28fec18bdd9ea29fc45425650462ee0..843a5090c08a7973e7770d712d49d10b50cc7aa9 100644
--- a/parser/libapparmor_re/parse.y
+++ b/parser/libapparmor_re/parse.y
@@ -38,17 +38,17 @@ void regex_error(Node **, const char *, const char *);
#define YYLEX_PARAM &text
int regex_lex(YYSTYPE *, const char **);
-static inline Chars *insert_char(Chars* cset, uchar a)
+static inline Chars *insert_char(Chars* cset, transchar a)
{
cset->insert(a);
return cset;
}
-static inline Chars* insert_char_range(Chars* cset, uchar a, uchar b)
+static inline Chars* insert_char_range(Chars* cset, transchar a, transchar b)
{
if (a > b)
swap(a, b);
- for (uchar i = a; i <= b; i++)
+ for (transchar i = a; i <= b; i++)
cset->insert(i);
return cset;
}
diff --git a/parser/mount.cc b/parser/mount.cc
index a592550a716ebbd119de4f250e70f609fba5525d..6fdb213bea5feb2f860828945a86ac7b873eb47f 100644
--- a/parser/mount.cc
+++ b/parser/mount.cc
@@ -216,7 +216,6 @@
#include <stdlib.h>
#include <string.h>
#include <linux/limits.h>
-#include <iostream>
#include "parser.h"
#include "policydb.h"
@@ -579,20 +578,9 @@ static int build_mnt_opts(std::string& buffer, struct value_list *opts)
return TRUE;
}
-/* do we want to warn once/profile or just once per compile?? */
-static void warn_once(const char *name)
+void mnt_rule::warn_once(const char *name)
{
- static const char *warned_name = NULL;
-
- if ((warnflags & WARN_RULE_NOT_ENFORCED) && warned_name != name) {
- cerr << "Warning from profile " << name << " (";
- if (current_filename)
- cerr << current_filename;
- else
- cerr << "stdin";
- cerr << ") mount rules not enforced\n";
- warned_name = name;
- }
+ rule_t::warn_once(name, "mount rules not enforce");
}
int mnt_rule::gen_policy_re(Profile &prof)
@@ -607,7 +595,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
int count = 0;
unsigned int tmpflags, tmpinv_flags;
- if (!kernel_supports_mount) {
+ if (!features_supports_mount) {
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}
@@ -657,7 +645,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
/* rule for match without required data || data MATCH_CONT */
if (!prof.policy.rules->add_rule_vec(deny, tmpallow,
audit | AA_AUDIT_MNT_DATA, 4,
- vec, dfaflags))
+ vec, dfaflags, false))
goto fail;
count++;
@@ -669,7 +657,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
vec[4] = optsbuf.c_str();
if (!prof.policy.rules->add_rule_vec(deny, allow,
audit | AA_AUDIT_MNT_DATA,
- 5, vec, dfaflags))
+ 5, vec, dfaflags, false))
goto fail;
count++;
}
@@ -698,7 +686,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
vec[3] = flagsbuf;
if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags))
+ dfaflags, false))
goto fail;
count++;
}
@@ -727,7 +715,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
vec[3] = flagsbuf;
if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags))
+ dfaflags, false))
goto fail;
count++;
}
@@ -757,7 +745,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
vec[3] = flagsbuf;
if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 4, vec,
- dfaflags))
+ dfaflags, false))
goto fail;
count++;
}
@@ -798,7 +786,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
/* rule for match without required data || data MATCH_CONT */
if (!prof.policy.rules->add_rule_vec(deny, tmpallow,
audit | AA_AUDIT_MNT_DATA, 4,
- vec, dfaflags))
+ vec, dfaflags, false))
goto fail;
count++;
@@ -810,7 +798,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
vec[4] = optsbuf.c_str();
if (!prof.policy.rules->add_rule_vec(deny, allow,
audit | AA_AUDIT_MNT_DATA,
- 5, vec, dfaflags))
+ 5, vec, dfaflags, false))
goto fail;
count++;
}
@@ -822,7 +810,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
vec[0] = mntbuf.c_str();
if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 1, vec,
- dfaflags))
+ dfaflags, false))
goto fail;
count++;
}
@@ -836,7 +824,7 @@ int mnt_rule::gen_policy_re(Profile &prof)
goto fail;
vec[1] = devbuf.c_str();
if (!prof.policy.rules->add_rule_vec(deny, allow, audit, 2, vec,
- dfaflags))
+ dfaflags, false))
goto fail;
count++;
}
diff --git a/parser/mount.h b/parser/mount.h
index c179fa26bcf1509863792568f2b13564c69c0142..9ec546cd752c2d459e4bb720f1767beffac0a287 100644
--- a/parser/mount.h
+++ b/parser/mount.h
@@ -149,6 +149,9 @@ public:
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
virtual void post_process(Profile &prof unused);
+
+protected:
+ virtual void warn_once(const char *name) override;
};
int is_valid_mnt_cond(const char *name, int src);
diff --git a/parser/network.h b/parser/network.h
index c033310a5e58f39fdb8660cd25b02d0b1293a93c..d51c5299e70f13fdf53b26351350803830554952 100644
--- a/parser/network.h
+++ b/parser/network.h
@@ -91,6 +91,15 @@ struct aa_network_entry {
struct aa_network_entry *next;
};
+static inline uint32_t map_perms(uint32_t mask)
+{
+ return (mask & 0x7f) |
+ ((mask & (AA_NET_GETATTR | AA_NET_SETATTR)) << (AA_OTHER_SHIFT - 8)) |
+ ((mask & (AA_NET_ACCEPT | AA_NET_BIND | AA_NET_LISTEN)) >> 4) | /* 2 + (AA_OTHER_SHIFT - 20) */
+ ((mask & (AA_NET_SETOPT | AA_NET_GETOPT)) >> 5); /* 5 + (AA_OTHER_SHIFT - 24) */
+};
+
+
int parse_net_mode(const char *str_mode, int *mode, int fail);
extern struct aa_network_entry *new_network_ent(unsigned int family,
unsigned int type,
diff --git a/parser/parser.conf b/parser/parser.conf
index 641cf1db8071170958f6247f39d6440c02af4f6d..1d1c0da210b73f9e62a7da4dac847fa006d7b9e6 100644
--- a/parser/parser.conf
+++ b/parser/parser.conf
@@ -59,3 +59,21 @@
## Adjust compression
#Optimize=compress-small
#Optimize=compress-fast
+
+### The policy-features abi rule pins policy that does not have an abi
+### rule to a given feature ABI. This enables apparmor 2.x developed
+### policy to be used in AppArmor 3.x without the warning
+### Warning from stdin (stdin line 1): apparmor_parser: File 'example'
+### missing feature abi, falling back to default policy feature abi.
+### For more info please see
+### https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorpolicyfeaturesabi
+
+### Turn off abi rule warnings without pinning the abi
+#warn=no-abi
+
+### Only a single feature ABI rule should be used at a time.
+## Pin older policy to the 5.4 kernel abi
+#policy-features=/etc/apparmor.d/abi/kernel-5.4-vanilla
+
+## Pin older policy to the 5.4 kernel abi + out of tree network and af_unix
+#policy-features=/etc/apparmor.d/abi/kernel-5.4-outoftree-network
diff --git a/parser/parser.h b/parser/parser.h
index 7b703c5c6fcbbcab9aee6cf60b575533ea5d8220..cd08afdd6ad311827a5efead55f868ade00d732b 100644
--- a/parser/parser.h
+++ b/parser/parser.h
@@ -32,6 +32,7 @@
#include <sys/apparmor.h>
+#include "file_cache.h"
#include "immunix.h"
#include "libapparmor_re/apparmor_re.h"
#include "libapparmor_re/aare_rules.h"
@@ -52,10 +53,34 @@ class rule_t;
extern int parser_token;
-#define WARN_RULE_NOT_ENFORCED 1
-#define WARN_RULE_DOWNGRADED 2
+#define WARN_RULE_NOT_ENFORCED 0x1
+#define WARN_RULE_DOWNGRADED 0x2
+#define WARN_ABI 0x4
+#define WARN_DEPRECATED 0x8
+#define WARN_CONFIG 0x10
+#define WARN_CACHE 0x20
+#define WARN_DEBUG_CACHE 0x40
+#define WARN_JOBS 0x80
+#define WARN_DANGEROUS 0x100
+#define WARN_UNEXPECTED 0x200
+#define WARN_FORMAT 0x400
+#define WARN_MISSING 0x800
+#define WARN_OVERRIDE 0x1000
+
+#define WARN_DEV (WARN_RULE_NOT_ENFORCED | WARN_RULE_DOWNGRADED | WARN_ABI | \
+ WARN_DEPRECATED | WARN_DANGEROUS | WARN_UNEXPECTED | \
+ WARN_FORMAT | WARN_MISSING | WARN_OVERRIDE | WARN_DEBUG_CACHE)
+
+#define DEFAULT_WARNINGS (WARN_CONFIG | WARN_CACHE | WARN_JOBS | \
+ WARN_UNEXPECTED | WARN_OVERRIDE)
+
+#define WARN_ALL (WARN_RULE_NOT_ENFORCED | WARN_RULE_DOWNGRADED | WARN_ABI | \
+ WARN_DEPRECATED | WARN_CONFIG | WARN_CACHE | \
+ WARN_DEBUG_CACHE | WARN_JOBS | WARN_DANGEROUS | \
+ WARN_UNEXPECTED | WARN_FORMAT | WARN_MISSING | WARN_OVERRIDE)
extern dfaflags_t warnflags;
+extern dfaflags_t werrflags;
typedef enum pattern_t pattern_t;
@@ -295,20 +320,28 @@ extern uint32_t policy_version;
extern uint32_t parser_abi_version;
extern uint32_t kernel_abi_version;
+extern aa_features *pinned_features;
+extern aa_features *policy_features;
+extern aa_features *override_features;
+extern aa_features *kernel_features;
+
extern int force_complain;
extern int perms_create;
extern int net_af_max_override;
extern int kernel_load;
extern int kernel_supports_setload;
-extern int kernel_supports_network;
+extern int features_supports_network;
+extern int features_supports_networkv8;
extern int kernel_supports_policydb;
extern int kernel_supports_diff_encode;
-extern int kernel_supports_mount;
-extern int kernel_supports_dbus;
-extern int kernel_supports_signal;
-extern int kernel_supports_ptrace;
-extern int kernel_supports_unix;
-extern int kernel_supports_stacking;
+extern int features_supports_mount;
+extern int features_supports_dbus;
+extern int features_supports_signal;
+extern int features_supports_ptrace;
+extern int features_supports_unix;
+extern int features_supports_stacking;
+extern int features_supports_domain_xattr;
+extern int kernel_supports_oob;
extern int conf_verbose;
extern int conf_quiet;
extern int names_only;
@@ -321,7 +354,12 @@ extern char *profile_ns;
extern char *current_filename;
extern FILE *ofile;
extern int read_implies_exec;
-extern void pwarn(const char *fmt, ...) __attribute__((__format__(__printf__, 1, 2)));
+extern IncludeCache_t *g_includecache;
+
+extern void pwarnf(bool werr, const char *fmt, ...) __attribute__((__format__(__printf__, 2, 3)));
+extern void common_warn_once(const char *name, const char *msg, const char **warned_name);
+
+#define pwarn(F, args...) do { if (warnflags & (F)) pwarnf((werrflags & (F)), ## args); } while (0)
/* from parser_main (cannot be used in tst builds) */
extern int force_complain;
@@ -387,12 +425,12 @@ extern void move_conditional_value(const char *rulename, char **dst_ptr,
struct cond_entry *cond_ent);
extern void free_cond_entry(struct cond_entry *ent);
extern void free_cond_list(struct cond_entry *ents);
+extern void free_cond_entry_list(struct cond_entry_list &cond);
extern void print_cond_entry(struct cond_entry *ent);
extern char *processid(const char *string, int len);
extern char *processquoted(const char *string, int len);
extern char *processunquoted(const char *string, int len);
extern int get_keyword_token(const char *keyword);
-extern int name_to_capability(const char *keyword);
extern int get_rlimit(const char *name);
extern char *process_var(const char *var);
extern int parse_mode(const char *mode);
@@ -406,7 +444,6 @@ extern struct cod_entry *new_entry(char *id, int mode, char *link_id);
extern int str_to_boolean(const char* str);
extern struct cod_entry *copy_cod_entry(struct cod_entry *cod);
extern void free_cod_entries(struct cod_entry *list);
-extern void __debug_capabilities(uint64_t capset, const char *name);
void debug_cod_entries(struct cod_entry *list);
#define SECONDS_P_MS (1000LL * 1000LL)
@@ -472,4 +509,13 @@ void dump_policy(void);
void free_policies(void);
+/* parser_main.c */
+extern void set_supported_features();
+
+/* default_features.c */
+extern const char *match_n_abi;
+extern const char *match_c_abi;
+extern const char *match_cn_abi;
+extern const char *default_features_abi;
+
#endif /** __AA_PARSER_H */
diff --git a/parser/parser_common.c b/parser/parser_common.c
index 4d5d8141ed71257f3e553d728f6c5dbe916a9518..398df43d7d3cfe7d62a149b2766690987dd621d2 100644
--- a/parser/parser_common.c
+++ b/parser/parser_common.c
@@ -15,10 +15,12 @@
* along with this program; if not, contact Novell, Inc. or Canonical,
* Ltd.
*/
+#include <iostream>
#include <stdlib.h>
#include <stdarg.h>
#include "parser.h"
+#include "file_cache.h"
/* Policy versioning is determined by a combination of 3 values:
* policy_version: version of txt policy
@@ -65,15 +67,18 @@ int perms_create = 0; /* perms contain create flag */
int net_af_max_override = -1; /* use kernel to determine af_max */
int kernel_load = 1;
int kernel_supports_setload = 0; /* kernel supports atomic set loads */
-int kernel_supports_network = 0; /* kernel supports network rules */
-int kernel_supports_unix = 0; /* kernel supports unix socket rules */
+int features_supports_network = 0; /* kernel supports network rules */
+int features_supports_networkv8 = 0; /* kernel supports 4.17 network rules */
+int features_supports_unix = 0; /* kernel supports unix socket rules */
int kernel_supports_policydb = 0; /* kernel supports new policydb */
-int kernel_supports_mount = 0; /* kernel supports mount rules */
-int kernel_supports_dbus = 0; /* kernel supports dbus rules */
+int features_supports_mount = 0; /* kernel supports mount rules */
+int features_supports_dbus = 0; /* kernel supports dbus rules */
int kernel_supports_diff_encode = 0; /* kernel supports diff_encode */
-int kernel_supports_signal = 0; /* kernel supports signal rules */
-int kernel_supports_ptrace = 0; /* kernel supports ptrace rules */
-int kernel_supports_stacking = 0; /* kernel supports stacking */
+int features_supports_signal = 0; /* kernel supports signal rules */
+int features_supports_ptrace = 0; /* kernel supports ptrace rules */
+int features_supports_stacking = 0; /* kernel supports stacking */
+int features_supports_domain_xattr = 0; /* x attachment cond */
+int kernel_supports_oob = 0; /* out of band transitions */
int conf_verbose = 0;
int conf_quiet = 0;
int names_only = 0;
@@ -81,7 +86,8 @@ int current_lineno = 1;
int option = OPTION_ADD;
dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_DIFF_ENCODE);
-dfaflags_t warnflags = 0;
+dfaflags_t warnflags = DEFAULT_WARNINGS;
+dfaflags_t werrflags = 0;
const char *progname = __FILE__;
char *profile_ns = NULL;
@@ -90,13 +96,15 @@ char *current_filename = NULL;
FILE *ofile = NULL;
+IncludeCache_t *g_includecache;
+
#ifdef FORCE_READ_IMPLIES_EXEC
int read_implies_exec = 1;
#else
int read_implies_exec = 0;
#endif
-void pwarn(const char *fmt, ...)
+void pwarnf(bool werr, const char *fmt, ...)
{
va_list arg;
char *newfmt;
@@ -104,7 +112,8 @@ void pwarn(const char *fmt, ...)
if (conf_quiet || names_only || option == OPTION_REMOVE)
return;
- if (asprintf(&newfmt, _("Warning from %s (%s%sline %d): %s"),
+ if (asprintf(&newfmt, _("%s from %s (%s%sline %d): %s"),
+ werr ? _("Warning converted to Error") : _("Warning"),
profilename ? profilename : "stdin",
current_filename ? current_filename : "",
current_filename ? " " : "",
@@ -117,4 +126,30 @@ void pwarn(const char *fmt, ...)
va_end(arg);
free(newfmt);
+
+ if (werr) {
+ fflush(stderr);
+ exit(1);
+ }
+}
+
+/* do we want to warn once/profile or just once per compile?? */
+void common_warn_once(const char *name, const char *msg, const char **warned_name)
+{
+ if ((warnflags & WARN_RULE_NOT_ENFORCED) && *warned_name != name) {
+ if (werrflags & WARN_RULE_NOT_ENFORCED)
+ cerr << "Warning converted to Error";
+ else
+ cerr << "Warning";
+ cerr << " from profile " << name << " (";
+ if (current_filename)
+ cerr << current_filename;
+ else
+ cerr << "stdin";
+ cerr << "): " << msg << "\n";
+ *warned_name = name;
+ }
+
+ if (werrflags & WARN_RULE_NOT_ENFORCED)
+ exit(1);
}
diff --git a/parser/parser_include.c b/parser/parser_include.c
index 9fc8b83b584d6c2ce1c574d5f03b4f701b32c0aa..d5672a9ac7aa235bc2a129d28183567fc6d5cbd7 100644
--- a/parser/parser_include.c
+++ b/parser/parser_include.c
@@ -17,21 +17,21 @@
* along with this program; if not, contact Canonical, Ltd.
*/
-/* Handle subdomain includes, as a straight forward preprocessing phase.
+/* Handle apparmor includes, as a straight forward preprocessing phase.
While we are at it we will strip comments. Why? because it made it
easier.
We support 2 types of includes
#include <name> which searches for the first occurance of name in the
- subdomain directory path.
+ apparmor directory path.
#include "name" which will search for a relative or absolute pathed
file
-p : preprocess only. Dump output to stdout
-I path : add a path to be search by #include < >
--b path : set the base path to something other than /etc/subdomain.d
+-b path : set the base path to something other than /etc/apparmor.d
*/
@@ -57,26 +57,14 @@
/* maximum depth of nesting */
#define MAX_NEST_LEVEL 100
-/* Location of the subdomain.conf file */
-#ifdef SUBDOMAIN_CONFDIR
-#define SUBDOMAIN_CONF SUBDOMAIN_CONFDIR "/subdomain.conf"
-#else /* !defined SUBDOMAIN_CONFDIR */
-#define SUBDOMAIN_CONF "/etc/subdomain.conf"
-#endif /* SUBDOMAIN_CONFDIR */
-
static char *path[MAX_PATH] = { NULL };
static int npath = 0;
-static int fgetline(FILE * f, char *buffer, size_t len);
-static int stripcomment(char *s);
-static char *stripblanks(char *s);
-
-/* default base directory is /etc/subdomain.d, it can be overriden
+/* default base directory is /etc/apparmor.d, it can be overriden
with the -b option. */
const char *basedir;
static const char *default_basedir = "/etc/apparmor.d";
-static const char *old_basedir = "/etc/subdomain.d";
/* set up basedir so that it can be overridden/used later. */
@@ -94,12 +82,6 @@ void init_base_dir(void)
basedir = default_basedir;
return;
}
-
- rc = stat(old_basedir, &sbuf);
- if (rc == 0 && S_ISDIR(sbuf.st_mode)) {
- basedir = old_basedir;
- return;
- }
}
/* Set the base dir. Used to change default path for relative includes */
@@ -164,56 +146,12 @@ int add_search_dir(const char *dir)
return 1;
}
-/* Parse Subdomain.conf and put the default dirs in place.
-
- subdomain.conf is a shell sourcable file
- we only parse entries starting with
- SUBDOMAIN_PATH=
-
- if there are multiple entries with SUBDOMAIN_PATH=
- each will get added.
-
- SUBDOMAIN_PATH=/etc/subdomain.d:/etc/subdomain.d/include
- is the same as
- SUBDOMAIN_PATH=/etc/subdomain.d
- SUBDOMAIN_PATH=/etc/subdomain.d/include */
void parse_default_paths(void)
{
- autofclose FILE *f;
- char buf[1024];
- char *t, *s;
- int saved_npath = npath;
-
- f = fopen(SUBDOMAIN_CONF, "r");
- if (f == NULL)
- goto out;
-
- memset(buf, 0, sizeof(buf));
-
- while (fgetline(f, buf, 1024)) {
- if (stripcomment(buf) && (t = strstr(buf, "SUBDOMAIN_PATH="))) {
- t += 15;
- /* handle : separating path elements */
- do {
- s = strchr(t, ':');
- if (s)
- *s = 0;
- if (!add_search_dir(stripblanks(t)))
- break;
- if (s)
- t = s + 1;
- } while (s != NULL);
- }
- }
-
- /* if subdomain.conf doesn't set a base search dir set it to this */
-out:
- if (npath - saved_npath == 0) {
- add_search_dir(basedir);
- }
+ add_search_dir(basedir);
}
-FILE *search_path(char *filename, char **fullpath)
+FILE *search_path(char *filename, char **fullpath, bool *skip)
{
FILE *newf = NULL;
char *buf = NULL;
@@ -223,60 +161,30 @@ FILE *search_path(char *filename, char **fullpath)
perror("asprintf");
exit(1);
}
+
+ if (g_includecache->find(buf)) {
+ /* hit do not want to re-include */
+ *skip = true;
+ return NULL;
+ }
+
newf = fopen(buf, "r");
- if (newf && fullpath)
- *fullpath = buf;
- else
- free(buf);
- buf = NULL;
- if (newf)
+ if (newf) {
+ /* ignore failing to insert into cache */
+ (void) g_includecache->insert(buf);
+ if (fullpath)
+ *fullpath = buf;
+ else
+ free(buf);
break;
+ }
+ free(buf);
+ buf = NULL;
}
+ *skip = false;
return newf;
}
-/* get a line from the file. If it is to long truncate it. */
-static int fgetline(FILE * f, char *buffer, size_t len)
-{
- char *b = buffer;
- int c;
-
- while (((c = fgetc(f)) != EOF) && (c != '\n')
- && (strlen(buffer) < len - 1)) {
- *b = c;
- b++;
- }
- *b = '\0';
- if (c != EOF)
- return 1;
- return 0;
-}
-
-/* If there is a comment null terminate the string,
- return strlen of the stripped string*/
-static int stripcomment(char *s)
-{
- char *t = s;
- while (*s != '#' && *s != 0)
- s++;
- *s = 0;
-
- return strlen(t);
-}
-
-static char *stripblanks(char *s)
-{
- char *c;
-
- while (isspace(*s))
- s++;
- c = s;
- while (!isspace(*s) && *s != 0)
- s++;
- *s = 0;
- return c;
-}
-
struct include_stack_t {
char *filename;
int lineno;
diff --git a/parser/parser_include.h b/parser/parser_include.h
index b6c9cd12ddf1b2099c63d7774730234633dacd57..76b5a647c813805bcdae5808c77e12c02a9a6a6c 100644
--- a/parser/parser_include.h
+++ b/parser/parser_include.h
@@ -27,7 +27,7 @@ extern void init_base_dir(void);
extern void set_base_dir(char *dir);
extern void parse_default_paths(void);
extern int do_include_preprocessing(char *profilename);
-FILE *search_path(char *filename, char **fullpath);
+FILE *search_path(char *filename, char **fullpath, bool *skip);
extern void push_include_stack(char *filename);
extern void pop_include_stack(void);
diff --git a/parser/parser_interface.c b/parser/parser_interface.c
index 5d9e0a0a28c0215131fb2dea2e901f3c607cebed..ab1077b4f7950fc491ceab33f6883617a909c5ae 100644
--- a/parser/parser_interface.c
+++ b/parser/parser_interface.c
@@ -118,6 +118,7 @@ int load_profile(int option, aa_kernel_interface *kernel_interface,
case OPTION_OFILE:
PERROR(_("%s: Unable to write to output file\n"),
progname);
+ break;
default:
PERROR(_("%s: ASSERT: Invalid option: %d\n"),
progname, option);
@@ -370,6 +371,28 @@ void sd_serialize_xtable(std::ostringstream &buf, char **table)
sd_write_structend(buf);
}
+void sd_serialize_xattrs(std::ostringstream &buf, struct cond_entry_list xattrs)
+{
+ int count;
+ struct cond_entry *entry;
+
+ if (!(xattrs.list))
+ return;
+
+ count = 0;
+ for (entry = xattrs.list; entry; entry = entry->next) {
+ count++;
+ }
+
+ sd_write_struct(buf, "xattrs");
+ sd_write_array(buf, NULL, count);
+ for (entry = xattrs.list; entry; entry = entry->next) {
+ sd_write_string(buf, entry->name, NULL);
+ }
+ sd_write_arrayend(buf);
+ sd_write_structend(buf);
+}
+
void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
int flattened)
{
@@ -398,7 +421,7 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
sd_write_struct(buf, "flags");
/* used to be flags.debug, but that's no longer supported */
sd_write_uint32(buf, profile->flags.hat);
- sd_write_uint32(buf, profile->flags.complain);
+ sd_write_uint32(buf, profile_mode_packed(profile->flags.mode));
sd_write_uint32(buf, profile->flags.audit);
sd_write_structend(buf);
if (profile->flags.path) {
@@ -431,9 +454,14 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
sd_write_uint32(buf, 0);
sd_write_structend(buf);
+ sd_serialize_xattrs(buf, profile->xattrs);
+
sd_serialize_rlimits(buf, &profile->rlimits);
- if (profile->net.allow && kernel_supports_network) {
+ /* choice to support / downgrade needs to already have been made */
+ if (features_supports_networkv8) {
+ /* nothing - encoded in policydb */
+ } else if (profile->net.allow && features_supports_network) {
size_t i;
sd_write_array(buf, "net_allowed_af", get_af_max());
for (i = 0; i < get_af_max(); i++) {
@@ -444,8 +472,8 @@ void sd_serialize_profile(std::ostringstream &buf, Profile *profile,
sd_write_uint16(buf, profile->net.deny[i] & profile->net.quiet[i]);
}
sd_write_arrayend(buf);
- } else if (profile->net.allow && (warnflags & WARN_RULE_NOT_ENFORCED))
- pwarn(_("profile %s network rules not enforced\n"), profile->name);
+ } else if (profile->net.allow)
+ pwarn(WARN_RULE_NOT_ENFORCED, _("profile %s network rules not enforced\n"), profile->name);
if (profile->policy.dfa) {
sd_write_struct(buf, "policydb");
diff --git a/parser/parser_lex.l b/parser/parser_lex.l
index fdf02bc02686975f91d6bbb7954ecd54032ad6c3..7d99cc0f28e904d6eebc1dfd46dae2c63e0c0476 100644
--- a/parser/parser_lex.l
+++ b/parser/parser_lex.l
@@ -20,8 +20,9 @@
/* Definitions section */
/* %option main */
-/* eliminates need to link with libfl */
+/* options set to noXXX eliminates need to link with libfl */
%option noyywrap
+/* set %option noyy_top_state in Makefile, so can be used when DEBUG=1 */
%option nounput
%option stack
%option nodefault
@@ -43,6 +44,7 @@
#include "parser_yacc.h"
#include "lib.h"
#include "policy_cache.h"
+#include "file_cache.h"
#ifdef PDEBUG
#undef PDEBUG
@@ -133,10 +135,19 @@ static int include_dir_cb(int dirfd unused, const char *name, struct stat *st,
if (is_blacklisted(name, path))
return 0;
+ if (g_includecache->find(path)) {
+ PDEBUG("skipping reinclude of \'%s\' in \'%s\'\n", path,
+ d->filename);
+ return 0;
+ }
+
+ /* Handle symlink here. See _aa_dirat_for_each in private.c */
+
if (S_ISREG(st->st_mode)) {
if (!(yyin = fopen(path,"r")))
yyerror(_("Could not open '%s' in '%s'"), path, d->filename);
PDEBUG("Opened include \"%s\" in \"%s\"\n", path, d->filename);
+ (void) g_includecache->insert(path);
update_mru_tstamp(yyin, path);
push_include_stack(path);
yypush_buffer_state(yy_create_buffer(yyin, YY_BUF_SIZE));
@@ -150,16 +161,29 @@ void include_filename(char *filename, int search, bool if_exists)
FILE *include_file = NULL;
struct stat my_stat;
autofree char *fullpath = NULL;
+ bool cached;
if (search) {
- if (preprocess_only)
+ include_file = search_path(filename, &fullpath, &cached);
+ if (!include_file && cached) {
+ goto skip;
+ } else if (preprocess_only) {
fprintf(yyout, "\n\n##included <%s>\n", filename);
- include_file = search_path(filename, &fullpath);
+ } else if (!include_file && preprocess_only) {
+ fprintf(yyout, "\n\n##failed include <%s>\n", filename);
+ }
+
+ } else if (g_includecache->find(filename)) {
+ /* duplicate entry skip */
+ goto skip;
} else {
if (preprocess_only)
fprintf(yyout, "\n\n##included \"%s\"\n", filename);
fullpath = strdup(filename);
include_file = fopen(fullpath, "r");
+ if (include_file)
+ /* ignore failure to insert into cache */
+ (void) g_includecache->insert(filename);
}
if (!include_file) {
@@ -180,6 +204,7 @@ void include_filename(char *filename, int search, bool if_exists)
yypush_buffer_state(yy_create_buffer( yyin, YY_BUF_SIZE ));
} else if (S_ISDIR(my_stat.st_mode)) {
struct cb_struct data = { fullpath, filename };
+ update_mru_tstamp(include_file, fullpath);
fclose(include_file);
include_file = NULL;
if (dirat_for_each(AT_FDCWD, fullpath, &data, include_dir_cb)) {
@@ -187,8 +212,34 @@ void include_filename(char *filename, int search, bool if_exists)
" '%s' in '%s'"), fullpath, filename);;
}
}
+
+ return;
+
+skip:
+ if (preprocess_only)
+ fprintf(yyout, "\n\n##skipped duplicate include <%s>\n", filename);
+ return;
}
+static char *lsntrim(char *s, int l)
+{
+ const char *end = s + l;
+
+ while (s <= end && isspace(*s))
+ s++;
+ return s;
+}
+
+static int rsntrim(const char *s, int l)
+{
+ const char *r = s + l;
+
+ while (r > s && isspace(*--r))
+ l--;
+ return l;
+}
+
+
%}
CARET "^"
@@ -207,13 +258,15 @@ NUMBER [[:digit:]]+
ID_CHARS [^ \t\r\n"!,]
ID {ID_CHARS}|(,{ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,)
IDS {ID}+
+INC_ID [^ \t\r\n"!,<>]|(,[^ \t\r\n"!,<>]|\\[ ]|\\\t|\\\"|\\!|\\,)
+INC_IDS {INC_ID}+
POST_VAR_ID_CHARS [^ \t\n"!,]{-}[=\+]
POST_VAR_ID {POST_VAR_ID_CHARS}|(,{POST_VAR_ID_CHARS}|\\[ ]|\\\t|\\\"|\\!|\\,|\\\(|\\\))
LIST_VALUE_ID_CHARS ([^ \t\n"!,]{-}[()]|\\[ ]|\\\t|\\\"|\\!|\\,|\\\(|\\\))
LIST_VALUE_QUOTED_ID_CHARS [^\0"]|\\\"
LIST_VALUE_ID {LIST_VALUE_ID_CHARS}+
QUOTED_LIST_VALUE_ID \"{LIST_VALUE_QUOTED_ID_CHARS}+\"
-ID_CHARS_NOEQ [^ \t\n"!,]{-}[=]
+ID_CHARS_NOEQ [^ \t\n"!,]{-}[=)]
LEADING_ID_CHARS_NOEQ [^ \t\n"!,]{-}[=()+&]
ID_NOEQ {ID_CHARS_NOEQ}|(,{ID_CHARS_NOEQ})
IDS_NOEQ {LEADING_ID_CHARS_NOEQ}{ID_NOEQ}*
@@ -240,6 +293,8 @@ EQUALS =
ADD_ASSIGN \+=
ARROW ->
LT_EQUAL <=
+LT <
+GT >
/* IF adding new state please update state_names table and default rule (just
* above the state_names table) at the eof.
@@ -288,54 +343,27 @@ LT_EQUAL <=
{WS}+ { DUMP_PREPROCESS; /* Ignoring whitespace */ }
}
-<INCLUDE_EXISTS>{
- (\<([^"\>\t\r\n]+)\>|{QUOTED_ID}) { /* <filename> | "filename" */
- autofree char *filename = strndup(yytext, yyleng - 1);
- include_filename(filename + 1, *filename == '<', true);
- POP_NODUMP();
- }
-
- (\<{QUOTED_ID}\>) { /* <"filename"> */
- autofree char *filename = strndup(yytext, yyleng - 2);
- include_filename(filename + 2, true, true);
- POP_NODUMP();
- }
-
- ({IDS}|{QUOTED_ID}) { /* filename */
- include_filename(yytext, 0, true);
- POP_NODUMP();
- }
-}
-
-<INCLUDE>{
- (\<([^"\>\t\r\n]+)\>|{QUOTED_ID}) { /* <filename> | "filename" */
- autofree char *filename = strndup(yytext, yyleng - 1);
- include_filename(filename + 1, *filename == '<', false);
- POP_NODUMP();
- }
-
- (\<{QUOTED_ID}\>) { /* <"filename"> */
- autofree char *filename = strndup(yytext, yyleng - 2);
- include_filename(filename + 2, true, false);
- POP_NODUMP();
- }
-
- ({IDS}|{QUOTED_ID}) { /* filename */
- include_filename(yytext, 0, false);
- POP_NODUMP();
- }
-}
-
-<ABI_MODE>{
- (\<(([^"\>\t\r\n]+)|{QUOTED_ID})\>|{QUOTED_ID}|{IDS}) { /* <filename> | <"filename"> | "filename" | filename */
+<INCLUDE,INCLUDE_EXISTS,ABI_MODE>{
+ (\<((([^"\>\t\r\n])+)|{QUOTED_ID})\>|{QUOTED_ID}|({INC_IDS})) { /* <filename> | <"filename"> | "filename" | filename */
int lt = *yytext == '<' ? 1 : 0;
- char *filename = processid(yytext + lt, yyleng - lt*2);
+ int len = yyleng - lt*2;
+ char *s = yytext + lt;
+ char * filename = lsntrim(s, yyleng);
bool exists = YYSTATE == INCLUDE_EXISTS;
+ filename = processid(filename, rsntrim(filename, len - (filename - s)));
if (!filename)
yyerror(_("Failed to process filename\n"));
- yylval.id = filename;
- POP_AND_RETURN(TOK_ID);
+ if (YYSTATE == ABI_MODE) {
+ yylval.id = filename;
+ if (lt)
+ RETURN_TOKEN(TOK_ID);
+ else
+ RETURN_TOKEN(TOK_VALUE);
+ }
+ include_filename(filename, lt, exists);
+ free(filename);
+ POP_NODUMP();
}
}
@@ -348,7 +376,7 @@ LT_EQUAL <=
}
<INITIAL,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
- peer/{WS}*={WS}*\( {
+ (peer|xattrs)/{WS}*={WS}*\( {
/* we match to the = in the lexer so that we can switch scanner
* state. By the time the parser see the = it may be too late
* as bison may have requested the next token from the scanner
@@ -700,7 +728,7 @@ include/{WS} {
PUSH_AND_RETURN(state, token);
}
-<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{
+<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,ABI_MODE>{
{END_OF_RULE} {
if (YY_START != INITIAL)
POP_NODUMP();
@@ -715,7 +743,7 @@ include/{WS} {
}
}
-<INITIAL,SUB_ID,SUB_ID_WS,SUB_VALUE,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,RLIMIT_MODEINCLUDE,INCLUDE_EXISTS,ABI_MODE>{
+<INITIAL,SUB_ID,SUB_ID_WS,SUB_VALUE,LIST_VAL_MODE,EXTCOND_MODE,LIST_COND_VAL,LIST_COND_PAREN_VAL,LIST_COND_MODE,EXTCONDLIST_MODE,ASSIGN_MODE,NETWORK_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE,RLIMIT_MODE,INCLUDE,INCLUDE_EXISTS,ABI_MODE>{
(.|\n) {
DUMP_PREPROCESS;
/* Something we didn't expect */
diff --git a/parser/parser_main.c b/parser/parser_main.c
index eff75e26e9e76ed61b9a0c942e9a4196e6ae215f..4ababf43b31ce8686df4b41c11560589acc38e6c 100644
--- a/parser/parser_main.c
+++ b/parser/parser_main.c
@@ -19,6 +19,7 @@
* Ltd.
*/
+#include <assert.h>
#include <ctype.h>
#include <stdio.h>
#include <string.h>
@@ -40,7 +41,7 @@
#include <sys/apparmor.h>
-
+#include "capability.h"
#include "lib.h"
#include "features.h"
#include "parser.h"
@@ -49,6 +50,7 @@
#include "common_optarg.h"
#include "policy_cache.h"
#include "libapparmor_re/apparmor_re.h"
+#include "file_cache.h"
#define OLD_MODULE_NAME "subdomain"
#define PROC_MODULES "/proc/modules"
@@ -59,7 +61,6 @@
#define PRIVILEGED_OPS (kernel_load)
#define UNPRIVILEGED_OPS (!(PRIVILEGED_OPS))
-#define EARLY_ARG_CONFIG_FILE 141
const char *parser_title = "AppArmor parser";
const char *parser_copyright = "Copyright (C) 1999-2008 Novell Inc.\nCopyright 2009-2018 Canonical Ltd.";
@@ -80,14 +81,13 @@ int skip_mode_force = 0;
int abort_on_error = 0; /* stop processing profiles if error */
int skip_bad_cache_rebuild = 0;
int mru_skip_cache = 1;
-int debug_cache = 0;
/* for jobs_max and jobs
* LONG_MAX : no limit
- * 0 : auto = detect system processing cores
+ * LONG_MIN : auto = detect system processing cores
* n : use that number of processes/threads to compile policy
*/
-#define JOBS_AUTO 0
+#define JOBS_AUTO LONG_MIN
long jobs_max = -8; /* 8 * cpus */
long jobs = JOBS_AUTO; /* default: number of processor cores */
long njobs = 0;
@@ -108,11 +108,28 @@ static const char *cacheloc[MAX_CACHE_LOCS];
static int cacheloc_n = 0;
static bool print_cache_dir = false;
-static aa_features *compile_features = NULL;
-static aa_features *kernel_features = NULL;
+aa_features *pinned_features = NULL;
+aa_features *policy_features = NULL;
+aa_features *override_features = NULL;
+aa_features *kernel_features = NULL;
static const char *config_file = "/etc/apparmor/parser.conf";
+#define ARG_SKIP_BAD_CACHE 129
+#define ARG_PURGE_CACHE 130
+#define ARG_CREATE_CACHE_DIR 131
+#define ARG_SKIP_BAD_CACHE_REBUILD 132
+#define ARG_DEBUG_CACHE 133
+#define ARG_PRINT_CACHE_DIR 134
+#define ARG_ABORT_ON_ERROR 135
+#define ARG_WARN 136
+#define ARG_MAX_JOBS 137
+#define ARG_KERNEL_FEATURES 138
+#define ARG_POLICY_FEATURES 139
+#define ARG_PRINT_CONFIG_FILE 140
+#define ARG_OVERRIDE_POLICY_ABI 141
+#define EARLY_ARG_CONFIG_FILE 142
+#define ARG_WERROR 143
/* Make sure to update BOTH the short and long_options */
static const char *short_options = "ad::f:h::rRVvI:b:BCD:NSm:M:qQn:XKTWkL:O:po:j:";
@@ -151,18 +168,21 @@ struct option long_options[] = {
{"Optimize", 1, 0, 'O'},
{"preprocess", 0, 0, 'p'},
{"jobs", 1, 0, 'j'},
- {"skip-bad-cache", 0, 0, 129}, /* no short option */
- {"purge-cache", 0, 0, 130}, /* no short option */
- {"create-cache-dir", 0, 0, 131}, /* no short option */
- {"abort-on-error", 0, 0, 132}, /* no short option */
- {"skip-bad-cache-rebuild", 0, 0, 133}, /* no short option */
- {"warn", 1, 0, 134}, /* no short option */
- {"debug-cache", 0, 0, 135}, /* no short option */
- {"max-jobs", 1, 0, 136}, /* no short option */
- {"print-cache-dir", 0, 0, 137}, /* no short option */
- {"kernel-features", 1, 0, 138}, /* no short option */
- {"compile-features", 1, 0, 139}, /* no short option */
- {"print-config-file", 0, 0, 140}, /* no short option */
+ {"skip-bad-cache", 0, 0, ARG_SKIP_BAD_CACHE},/* no short option */
+ {"purge-cache", 0, 0, ARG_PURGE_CACHE}, /* no short option */
+ {"create-cache-dir", 0, 0, ARG_CREATE_CACHE_DIR},/* no short option */
+ {"abort-on-error", 0, 0, ARG_ABORT_ON_ERROR}, /* no short option */
+ {"skip-bad-cache-rebuild", 0, 0, ARG_SKIP_BAD_CACHE_REBUILD},/* no short option */
+ {"warn", 1, 0, ARG_WARN}, /* no short option */
+ {"Werror", 2, 0, ARG_WERROR},
+ {"debug-cache", 0, 0, ARG_DEBUG_CACHE}, /* no short option */
+ {"max-jobs", 1, 0, ARG_MAX_JOBS}, /* no short option */
+ {"print-cache-dir", 0, 0, ARG_PRINT_CACHE_DIR}, /* no short option */
+ {"kernel-features", 1, 0, ARG_KERNEL_FEATURES}, /* no short option */
+ {"policy-features", 1, 0, ARG_POLICY_FEATURES}, /* no short option */
+ {"compile-features", 1, 0, ARG_POLICY_FEATURES}, /* original name of policy-features */
+ {"print-config-file", 0, 0, ARG_PRINT_CONFIG_FILE}, /* no short option */
+ {"override-policy-abi", 1, 0, ARG_OVERRIDE_POLICY_ABI}, /* no short option */
{"config-file", 1, 0, EARLY_ARG_CONFIG_FILE}, /* early option, no short option */
{NULL, 0, 0, 0},
@@ -195,7 +215,8 @@ static void display_usage(const char *command)
"-f n, --subdomainfs n Set location of apparmor filesystem\n"
"-m n, --match-string n Use only features n\n"
"-M n, --features-file n Set compile & kernel features to file n\n"
- "--compile-features n Compile features set in file n\n"
+ "--policy-features n Policy features set in file n\n"
+ "--override-policy-abi n As policy-features but override ABI rules\n"
"--kernel-features n Kernel features set in file n\n"
"-n n, --namespace n Set Namespace for the profile\n"
"-X, --readimpliesX Map profile read permissions to mr\n"
@@ -224,25 +245,29 @@ static void display_usage(const char *command)
"--config-file n Specify the parser config file location, processed early before other options.\n"
"--print-config Print config file location\n"
"--warn n Enable warnings (see --help=warn)\n"
+ "--Werror [n] Convert warnings to errors. If n is specified turn warn n into an error\n"
,command);
}
optflag_table_t warnflag_table[] = {
- { 0, "rule-not-enforced", "warn if a rule is not enforced", WARN_RULE_NOT_ENFORCED },
- { 0, "rule-downgraded", "warn if a rule is downgraded to a lesser but still enforcing rule", WARN_RULE_DOWNGRADED },
+ { 1, "rule-not-enforced", "warn if a rule is not enforced", WARN_RULE_NOT_ENFORCED },
+ { 1, "rule-downgraded", "warn if a rule is downgraded to a lesser but still enforcing rule", WARN_RULE_DOWNGRADED },
+ { 1, "abi", "warn if there are abi issues in the profile", WARN_ABI },
+ { 1, "deprecated", "warn if something in the profile is deprecated", WARN_DEPRECATED },
+ { 1, "config", "enable configuration warnings", WARN_CONFIG },
+ { 1, "cache", "enable regular cache warnings", WARN_CACHE },
+ { 1, "debug-cache", "enable warnings for debug cache file checks", WARN_DEBUG_CACHE },
+ { 1, "jobs", "enable job control warnings", WARN_JOBS },
+ { 1, "dangerous", "warn on dangerous policy", WARN_DANGEROUS },
+ { 1, "unexpected", "warn when an unexpected condition is found", WARN_UNEXPECTED },
+ { 1, "format", "warn on unnecessary or confusing formatting", WARN_FORMAT },
+ { 1, "missing", "warn when missing qualifier and a default is used", WARN_MISSING },
+ { 1, "override", "warn when overriding", WARN_OVERRIDE },
+ { 1, "dev", "turn on warnings that are useful for profile development", WARN_DEV },
+ { 1, "all", "turn on all warnings", WARN_ALL},
{ 0, NULL, NULL, 0 },
};
-void display_warn(const char *command)
-{
- display_version();
- printf("\n%s: --warn [Option]\n\n"
- "Options:\n"
- "--------\n"
- ,command);
- print_flag_table(warnflag_table);
-}
-
/* Parse comma separated cachelocations. Commas can be escaped by \, */
static int parse_cacheloc(const char *arg, const char **cacheloc, int max_size)
{
@@ -389,21 +414,35 @@ static long process_jobs_arg(const char *arg, const char *val) {
return n;
}
+#define EARLY_ARG 1
+#define LATE_ARG 2
+#define TWOPASS_ARG (EARLY_ARG | LATE_ARG)
-bool early_arg(int c) {
+int arg_pass(int c) {
switch(c) {
case EARLY_ARG_CONFIG_FILE:
- return true;
+ return EARLY_ARG;
+ break;
+ case ARG_WARN:
+ return TWOPASS_ARG;
+ break;
+ case ARG_WERROR:
+ return TWOPASS_ARG;
+ break;
}
- return false;
+ return LATE_ARG;
}
/* process a single argment from getopt_long
* Returns: 1 if an action arg, else 0
*/
+#define DUMP_HEADER " variables \tDump variables\n" \
+ " expanded-variables\t Dump variables after expansion\n"
+
static int process_arg(int c, char *optarg)
{
+ struct aa_features *tmp_features = NULL;
int count = 0;
switch (c) {
@@ -434,13 +473,16 @@ static int process_arg(int c, char *optarg)
} else if (strcmp(optarg, "Dump") == 0 ||
strcmp(optarg, "dump") == 0 ||
strcmp(optarg, "D") == 0) {
- display_dump(progname);
+ flagtable_help("--dump=", DUMP_HEADER, progname,
+ dumpflag_table);
} else if (strcmp(optarg, "Optimize") == 0 ||
strcmp(optarg, "optimize") == 0 ||
strcmp(optarg, "O") == 0) {
- display_optimize(progname);
+ flagtable_help("-O ", "", progname, optflag_table);
} else if (strcmp(optarg, "warn") == 0) {
- display_warn(progname);
+ flagtable_help("--warn=", "", progname, warnflag_table);
+ } else if (strcmp(optarg, "Werror") == 0) {
+ flagtable_help("--Werror=", "", progname, warnflag_table);
} else {
PERROR("%s: Invalid --help option %s\n",
progname, optarg);
@@ -506,6 +548,8 @@ static int process_arg(int c, char *optarg)
skip_read_cache = 1;
if (!optarg) {
dump_vars = 1;
+ } else if (strcmp(optarg, "show") == 0) {
+ print_flags("dump", dumpflag_table, dfaflags);
} else if (strcmp(optarg, "variables") == 0) {
dump_vars = 1;
} else if (strcmp(optarg, "expanded-variables") == 0) {
@@ -518,7 +562,9 @@ static int process_arg(int c, char *optarg)
}
break;
case 'O':
- if (!handle_flag_table(optflag_table, optarg,
+ if (strcmp(optarg, "show") == 0) {
+ print_flags("Optimize", optflag_table, dfaflags);
+ } else if (!handle_flag_table(optflag_table, optarg,
&dfaflags)) {
PERROR("%s: Invalid --Optimize option %s\n",
progname, optarg);
@@ -526,27 +572,34 @@ static int process_arg(int c, char *optarg)
}
break;
case 'm':
- if (aa_features_new_from_string(&compile_features,
+ if (pinned_features)
+ aa_features_unref(pinned_features);
+ if (kernel_features)
+ aa_features_unref(kernel_features);
+ if (aa_features_new_from_string(&tmp_features,
optarg, strlen(optarg))) {
fprintf(stderr,
"Failed to parse features string: %m\n");
exit(1);
}
+ kernel_features = aa_features_ref(tmp_features);
+ pinned_features = tmp_features;
break;
case 'M':
- if (compile_features)
- aa_features_unref(compile_features);
+ if (pinned_features)
+ aa_features_unref(pinned_features);
if (kernel_features)
aa_features_unref(kernel_features);
- if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
+ if (aa_features_new(&tmp_features, AT_FDCWD, optarg)) {
fprintf(stderr,
"Failed to load features from '%s': %m\n",
optarg);
exit(1);
}
- kernel_features = aa_features_ref(compile_features);
+ kernel_features = aa_features_ref(tmp_features);
+ pinned_features = tmp_features;
break;
- case 138:
+ case ARG_KERNEL_FEATURES:
if (kernel_features)
aa_features_unref(kernel_features);
if (aa_features_new(&kernel_features, AT_FDCWD, optarg)) {
@@ -556,15 +609,39 @@ static int process_arg(int c, char *optarg)
exit(1);
}
break;
- case 139:
- if (compile_features)
- aa_features_unref(compile_features);
- if (aa_features_new(&compile_features, AT_FDCWD, optarg)) {
+ case ARG_POLICY_FEATURES:
+ if (pinned_features)
+ aa_features_unref(pinned_features);
+ if (strcmp(optarg, "<kernel>") == 0) {
+ if (aa_features_new_from_kernel(&tmp_features)) {
+ fprintf(stderr,
+ "Failed to load kernel features into the policy-features abi: %m\n");
+ exit(1);
+ }
+ } else if (aa_features_new(&tmp_features, AT_FDCWD, optarg)) {
+ fprintf(stderr,
+ "Failed to load policy-features from '%s': %m\n",
+ optarg);
+ exit(1);
+ }
+ pinned_features = tmp_features;
+ break;
+ case ARG_OVERRIDE_POLICY_ABI:
+ if (override_features)
+ aa_features_unref(override_features);
+ if (strcmp(optarg, "<kernel>") == 0) {
+ if (aa_features_new_from_kernel(&tmp_features)) {
+ fprintf(stderr,
+ "Failed to load kernel features into the policy-features abi: %m\n");
+ exit(1);
+ }
+ } else if (aa_features_new(&tmp_features, AT_FDCWD, optarg)) {
fprintf(stderr,
- "Failed to load compile features from '%s': %m\n",
+ "Failed to load policy-features from '%s': %m\n",
optarg);
exit(1);
}
+ override_features = tmp_features;
break;
case 'q':
conf_verbose = 0;
@@ -593,19 +670,19 @@ static int process_arg(int c, char *optarg)
case 'T':
skip_read_cache = 1;
break;
- case 129:
+ case ARG_SKIP_BAD_CACHE:
cond_clear_cache = 0;
break;
- case 130:
+ case ARG_PURGE_CACHE:
force_clear_cache = 1;
break;
- case 131:
+ case ARG_CREATE_CACHE_DIR:
create_cache_dir = 1;
break;
- case 132:
+ case ARG_ABORT_ON_ERROR:
abort_on_error = 1;
break;
- case 133:
+ case ARG_SKIP_BAD_CACHE_REBUILD:
skip_bad_cache_rebuild = 1;
break;
case 'L':
@@ -625,24 +702,42 @@ static int process_arg(int c, char *optarg)
preprocess_only = 1;
skip_mode_force = 1;
break;
- case 134:
- if (!handle_flag_table(warnflag_table, optarg,
+ case ARG_WARN:
+ if (strcmp(optarg, "show") == 0) {
+ print_flags("warn", warnflag_table, warnflags);
+ } else if (!handle_flag_table(warnflag_table, optarg,
&warnflags)) {
PERROR("%s: Invalid --warn option %s\n",
progname, optarg);
exit(1);
}
break;
- case 135:
- debug_cache = 1;
+ case ARG_WERROR:
+ if (!optarg) {
+ werrflags = -1;
+ } else if (strcmp(optarg, "show") == 0) {
+ print_flags("Werror", warnflag_table, werrflags);
+ } else if (optarg && !handle_flag_table(warnflag_table, optarg,
+ &werrflags)) {
+ PERROR("%s: Invalid --Werror option %s\n",
+ progname, optarg);
+ exit(1);
+ }
+ break;
+ case ARG_DEBUG_CACHE:
+ warnflags |= WARN_DEBUG_CACHE;
break;
case 'j':
jobs = process_jobs_arg("-j", optarg);
+ if (jobs == 0)
+ jobs_max = 0;
+ else if (jobs != JOBS_AUTO && jobs < LONG_MAX)
+ jobs_max = jobs;
break;
- case 136:
+ case ARG_MAX_JOBS:
jobs_max = process_jobs_arg("max-jobs", optarg);
break;
- case 137:
+ case ARG_PRINT_CACHE_DIR:
kernel_load = 0;
print_cache_dir = true;
break;
@@ -653,7 +748,7 @@ static int process_arg(int c, char *optarg)
exit(1);
}
break;
- case 140:
+ case ARG_PRINT_CONFIG_FILE:
printf("%s\n", config_file);
break;
default:
@@ -671,7 +766,7 @@ static void process_early_args(int argc, char *argv[])
while ((c = getopt_long(argc, argv, short_options, long_options, &o)) != -1)
{
- if (early_arg(c))
+ if (arg_pass(c) & EARLY_ARG)
process_arg(c, optarg);
}
@@ -688,7 +783,7 @@ static int process_args(int argc, char *argv[])
opterr = 1;
while ((c = getopt_long(argc, argv, short_options, long_options, &o)) != -1)
{
- if (!early_arg(c))
+ if (arg_pass(c) & LATE_ARG)
count += process_arg(c, optarg);
}
@@ -710,7 +805,7 @@ static int process_config_file(const char *name)
f = fopen(name, "r");
if (!f) {
- pwarn("config file '%s' not found\n", name);
+ pwarn(WARN_CONFIG, "config file '%s' not found\n", name);
return 0;
}
@@ -741,7 +836,12 @@ int have_enough_privilege(void)
return 0;
}
-static void set_features_by_match_file(void)
+int features_intersect(aa_features *a, aa_features *b, const char *str)
+{
+ return aa_features_supports(a, str) && aa_features_supports(b, str);
+}
+
+static bool set_features_by_match_file(struct aa_features **features)
{
autofclose FILE *ms = fopen(MATCH_FILE, "r");
if (ms) {
@@ -751,20 +851,29 @@ static void set_features_by_match_file(void)
if (!fgets(match_string, 1000, ms))
goto no_match;
if (strstr(match_string, " perms=c"))
- perms_create = 1;
- kernel_supports_network = 1;
- return;
+ return aa_features_new_from_string(features,
+ match_cn_abi,
+ strlen(match_cn_abi)) == 0;
+
+ return aa_features_new_from_string(features, match_n_abi,
+ strlen(match_n_abi)) == 0;
}
no_match:
- perms_create = 1;
+ /* either extremely old kernel or a container without the interfaces
+ * mounted
+ */
+ return aa_features_new_from_string(features, match_c_abi,
+ strlen(match_c_abi)) == 0;
}
-static void set_supported_features(aa_features *kernel_features unused)
+void set_supported_features()
{
+ assert(kernel_features != NULL);
+
/* has process_args() already assigned a match string? */
- if (!compile_features && aa_features_new_from_kernel(&compile_features) == -1) {
- set_features_by_match_file();
- return;
+ if (!policy_features) {
+ policy_features = aa_features_ref(kernel_features);
+
}
/*
@@ -772,29 +881,32 @@ static void set_supported_features(aa_features *kernel_features unused)
* rule down grades for a give kernel
*/
perms_create = 1;
- kernel_supports_policydb = aa_features_supports(compile_features, "file");
- kernel_supports_network = aa_features_supports(compile_features, "network");
- kernel_supports_unix = aa_features_supports(compile_features,
+ features_supports_network = features_intersect(kernel_features,
+ policy_features,
+ "network");
+ features_supports_networkv8 = features_intersect(kernel_features,
+ policy_features,
+ "network_v8");
+ features_supports_unix = features_intersect(kernel_features,
+ policy_features,
"network/af_unix");
- kernel_supports_mount = aa_features_supports(compile_features, "mount");
- kernel_supports_dbus = aa_features_supports(compile_features, "dbus");
- kernel_supports_signal = aa_features_supports(compile_features, "signal");
- kernel_supports_ptrace = aa_features_supports(compile_features, "ptrace");
- kernel_supports_setload = aa_features_supports(compile_features,
- "policy/set_load");
- kernel_supports_diff_encode = aa_features_supports(compile_features,
- "policy/diff_encode");
- kernel_supports_stacking = aa_features_supports(compile_features,
+ features_supports_mount = features_intersect(kernel_features,
+ policy_features,
+ "mount");
+ features_supports_dbus = features_intersect(kernel_features,
+ policy_features, "dbus");
+ features_supports_signal = features_intersect(kernel_features,
+ policy_features,
+ "signal");
+ features_supports_ptrace = features_intersect(kernel_features,
+ policy_features,
+ "ptrace");
+ features_supports_stacking = features_intersect(kernel_features,
+ policy_features,
"domain/stack");
-
- if (aa_features_supports(compile_features, "policy/versions/v7"))
- kernel_abi_version = 7;
- else if (aa_features_supports(compile_features, "policy/versions/v6"))
- kernel_abi_version = 6;
-
- if (!kernel_supports_diff_encode)
- /* clear diff_encode because it is not supported */
- dfaflags &= ~DFA_CONTROL_DIFF_ENCODE;
+ features_supports_domain_xattr = features_intersect(kernel_features,
+ policy_features,
+ "domain/attach_conditions/xattr");
}
static bool do_print_cache_dir(aa_features *features, int dirfd, const char *path)
@@ -880,6 +992,7 @@ int process_binary(int option, aa_kernel_interface *kernel_interface,
void reset_parser(const char *filename)
{
+ PDEBUG("Resetting parser for profile %s\n", filename);
memset(&mru_policy_tstamp, 0, sizeof(mru_policy_tstamp));
memset(&cache_tstamp, 0, sizeof(cache_tstamp));
mru_skip_cache = 1;
@@ -887,6 +1000,11 @@ void reset_parser(const char *filename)
free_symtabs();
free_policies();
reset_include_stack(filename);
+ aa_features_unref(policy_features);
+ policy_features = NULL;
+ clear_cap_flag(CAPFLAG_POLICY_FEATURE);
+ delete g_includecache;
+ g_includecache = new IncludeCache_t();
}
int test_for_dir_mode(const char *basename, const char *linkdir)
@@ -928,7 +1046,7 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
}
} else {
if (write_cache)
- pwarn("%s: cannot use or update cache, disable, or force-complain via stdin\n", progname);
+ pwarn(WARN_CACHE, "%s: cannot use or update cache, disable, or force-complain via stdin\n", progname);
skip_cache = write_cache = 0;
}
@@ -961,7 +1079,7 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
basename,
O_RDONLY);
if (fd != -1)
- pwarn(_("Could not get cachename for '%s'\n"), basename);
+ pwarn(WARN_CACHE, _("Could not get cachename for '%s'\n"), basename);
} else {
valid_read_cache(cachename);
}
@@ -1034,21 +1152,23 @@ int process_profile(int option, aa_kernel_interface *kernel_interface,
if (pc && write_cache && !force_complain) {
writecachename = cache_filename(pc, 0, basename);
if (!writecachename) {
- pwarn("Cache write disabled: Cannot create cache file name '%s': %m\n", basename);
+ pwarn(WARN_CACHE, "Cache write disabled: Cannot create cache file name '%s': %m\n", basename);
write_cache = 0;
}
cachetmp = setup_cache_tmp(&cachetmpname, writecachename);
if (cachetmp == -1) {
- pwarn("Cache write disabled: Cannot create setup tmp cache file '%s': %m\n", writecachename);
+ pwarn(WARN_CACHE, "Cache write disabled: Cannot create setup tmp cache file '%s': %m\n", writecachename);
write_cache = 0;
}
}
/* cache file generated by load_policy */
retval = load_policy(option, kernel_interface, cachetmp);
if (retval == 0 && write_cache) {
- if (cachetmp == -1) {
+ if (force_complain) {
+ pwarn(WARN_CACHE, "Caching disabled for: '%s' due to force complain\n", basename);
+ } else if (cachetmp == -1) {
unlink(cachetmpname);
- pwarn("Warning failed to create cache: %s\n",
+ pwarn(WARN_CACHE, "Failed to create cache: %s\n",
basename);
} else {
install_cache(cachetmpname, writecachename);
@@ -1091,50 +1211,49 @@ do { \
({ \
int localrc = 0; \
do { \
- /* what to do to avoid fork() overhead when single threaded \
- if (jobs == 1) { \
- // no parallel work so avoid fork() overhead \
- RESULT(WORK); \
- break; \
- }*/ \
- if (jobs_scale) { \
- long n = sysconf(_SC_NPROCESSORS_ONLN); \
- if (n > jobs_max) \
- n = jobs_max; \
- if (n > jobs) { \
- /* reset sample chances - potentially reduce to 0 */ \
- jobs_scale = jobs_max - n; \
- jobs = n; \
- } else \
- /* reduce scaling chance by 1 */ \
- jobs_scale--; \
- } \
- if (njobs == jobs) { \
- /* wait for a child */ \
- if (debug_jobs) \
- fprintf(stderr, " JOBS SPAWN: waiting (jobs %ld == max %ld) ...\n", njobs, jobs); \
- work_sync_one(RESULT); \
- } \
+ if (jobs == 0) { \
+ /* no parallel work so avoid fork() overhead */ \
+ RESULT(WORK); \
+ break; \
+ } \
+ if (jobs_scale) { \
+ long n = sysconf(_SC_NPROCESSORS_ONLN); \
+ if (n > jobs_max) \
+ n = jobs_max; \
+ if (n > jobs) { \
+ /* reset sample chances - potentially reduce to 0 */ \
+ jobs_scale = jobs_max - n; \
+ jobs = n; \
+ } else \
+ /* reduce scaling chance by 1 */ \
+ jobs_scale--; \
+ } \
+ if (njobs == jobs) { \
+ /* wait for a child */ \
+ if (debug_jobs) \
+ fprintf(stderr, " JOBS SPAWN: waiting (jobs %ld == max %ld) ...\n", njobs, jobs); \
+ work_sync_one(RESULT); \
+ } \
\
- pid_t child = fork(); \
- if (child == 0) { \
- /* child - exit work unit with returned value */ \
- exit(WORK); \
- } else if (child > 0) { \
- /* parent */ \
- njobs++; \
- if (debug_jobs) \
- fprintf(stderr, " JOBS SPAWN: created %ld ...\n", njobs); \
- } else { \
- /* error */ \
- if (debug_jobs) { \
- int error = errno; \
- fprintf(stderr, " JOBS SPAWN: failed error: %d) ...\n", errno); \
- errno = error; \
+ pid_t child = fork(); \
+ if (child == 0) { \
+ /* child - exit work unit with returned value */\
+ exit(WORK); \
+ } else if (child > 0) { \
+ /* parent */ \
+ njobs++; \
+ if (debug_jobs) \
+ fprintf(stderr, " JOBS SPAWN: created %ld ...\n", njobs); \
+ } else { \
+ /* error */ \
+ if (debug_jobs) { \
+ int error = errno; \
+ fprintf(stderr, " JOBS SPAWN: failed error: %d) ...\n", errno); \
+ errno = error; \
+ } \
+ RESULT(errno); \
+ localrc = -1; \
} \
- RESULT(errno); \
- localrc = -1; \
- } \
} while (0); \
localrc; \
})
@@ -1183,14 +1302,16 @@ static void setup_parallel_compile(void)
if (maxn == -1)
/* unable to determine number of processors, default to 1 */
maxn = 1;
+ if (jobs < 0 || jobs == JOBS_AUTO)
+ jobs_scale = 1;
jobs = compute_jobs(n, jobs);
jobs_max = compute_jobs(maxn, jobs_max);
if (jobs > jobs_max) {
- pwarn("%s: Warning capping number of jobs to %ld * # of cpus == '%ld'",
+ pwarn(WARN_JOBS, "%s: Warning capping number of jobs to %ld * # of cpus == '%ld'",
progname, jobs_max, jobs);
jobs = jobs_max;
- } else if (jobs < jobs_max)
+ } else if (jobs_scale && jobs < jobs_max)
/* the bigger the difference the more sample chances given */
jobs_scale = jobs_max + 1 - n;
@@ -1211,6 +1332,8 @@ static int profile_dir_cb(int dirfd unused, const char *name, struct stat *st,
{
int rc = 0;
+ /* Handle symlink here. See _aa_dirat_for_each in private.c */
+
if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
struct dir_cb_data *cb_data = (struct dir_cb_data *)data;
autofree char *path = NULL;
@@ -1233,6 +1356,8 @@ static int binary_dir_cb(int dirfd unused, const char *name, struct stat *st,
{
int rc = 0;
+ /* Handle symlink here. See _aa_dirat_for_each in private.c */
+
if (!S_ISDIR(st->st_mode) && !is_blacklisted(name, NULL)) {
struct dir_cb_data *cb_data = (struct dir_cb_data *)data;
autofree char *path = NULL;
@@ -1249,19 +1374,39 @@ static int binary_dir_cb(int dirfd unused, const char *name, struct stat *st,
return rc;
}
-static void setup_flags(void)
+static bool get_kernel_features(struct aa_features **features)
{
/* Gracefully handle AppArmor kernel without compatibility patch */
- if (!kernel_features && aa_features_new_from_kernel(&kernel_features) == -1) {
+ if (!kernel_features && aa_features_new_from_kernel(features) == -1) {
PERROR("Cache read/write disabled: interface file missing. "
"(Kernel needs AppArmor 2.4 compatibility patch.)\n");
write_cache = 0;
skip_read_cache = 1;
- return;
+
+ /* Fall back to older match file */
+ if (!set_features_by_match_file(features))
+ return false;
}
- /* Get the match string to determine type of regex support needed */
- set_supported_features(kernel_features);
+ /* At this point we have features, extra commonly used values */
+ kernel_supports_policydb = aa_features_supports(*features, "file");
+ kernel_supports_setload = aa_features_supports(*features,
+ "policy/set_load");
+ kernel_supports_diff_encode = aa_features_supports(*features,
+ "policy/diff_encode");
+ kernel_supports_oob = aa_features_supports(*features,
+ "policy/outofband");
+
+ if (aa_features_supports(*features, "policy/versions/v7"))
+ kernel_abi_version = 7;
+ else if (aa_features_supports(*features, "policy/versions/v6"))
+ kernel_abi_version = 6;
+
+ if (!kernel_supports_diff_encode)
+ /* clear diff_encode because it is not supported */
+ dfaflags &= ~DFA_CONTROL_DIFF_ENCODE;
+
+ return true;
}
int main(int argc, char *argv[])
@@ -1276,6 +1421,7 @@ int main(int argc, char *argv[])
progname = argv[0];
init_base_dir();
+ capabilities_init();
process_early_args(argc, argv);
process_config_file(config_file);
@@ -1295,7 +1441,14 @@ int main(int argc, char *argv[])
if (!binary_input) parse_default_paths();
- setup_flags();
+ if (!get_kernel_features(&kernel_features)) {
+ PERROR(_("Kernel features abi not found"));
+ return 1;
+ }
+ if (!add_cap_feature_mask(kernel_features, CAPFLAG_KERNEL_FEATURE)) {
+ PERROR(_("Failed to add kernel capabilities to known capabilities set"));
+ return 1;
+ }
if (!(UNPRIVILEGED_OPS) &&
aa_kernel_interface_new(&kernel_interface, kernel_features, apparmorfs) == -1) {
@@ -1329,7 +1482,7 @@ int main(int argc, char *argv[])
}
if (create_cache_dir)
- pwarn(_("The --create-cache-dir option is deprecated. Please use --write-cache.\n"));
+ pwarn(WARN_DEPRECATED, _("The --create-cache-dir option is deprecated. Please use --write-cache.\n"));
retval = aa_policy_cache_new(&policy_cache, kernel_features,
AT_FDCWD, cacheloc[0], max_caches);
if (retval) {
@@ -1354,9 +1507,9 @@ int main(int argc, char *argv[])
for (i = 1; i < cacheloc_n; i++) {
if (aa_policy_cache_add_ro_dir(policy_cache, AT_FDCWD,
cacheloc[i])) {
- pwarn("Cache: failed to add read only location '%s', does not contain valid cache directory for the specified feature set\n", cacheloc[i]);
+ pwarn(WARN_CACHE, "Cache: failed to add read only location '%s', does not contain valid cache directory for the specified feature set\n", cacheloc[i]);
} else if (show_cache)
- pwarn("Cache: added readonly location '%s'\n", cacheloc[i]);
+ pwarn(WARN_CACHE, "Cache: added readonly location '%s'\n", cacheloc[i]);
}
}
}
@@ -1397,7 +1550,7 @@ int main(int argc, char *argv[])
if ((retval = dirat_for_each(AT_FDCWD, profilename,
&cb_data, cb))) {
last_error = errno;
- PDEBUG("Failed loading profiles from %s\n",
+ PERROR("There was an error while loading profiles from %s\n",
profilename);
if (abort_on_error)
break;
diff --git a/parser/parser_misc.c b/parser/parser_misc.c
index 09040096c0ddbb3126a5b0ab28b3b949c2a1c861..6b6b334b5b5eb0fb16777d938013c7c1bbfc1742 100644
--- a/parser/parser_misc.c
+++ b/parser/parser_misc.c
@@ -34,6 +34,7 @@
#include <sys/apparmor.h>
#include <sys/apparmor_private.h>
+#include "capability.h"
#include "lib.h"
#include "parser.h"
#include "profile.h"
@@ -51,6 +52,13 @@
#endif
#define NPDEBUG(fmt, args...) /* Do nothing */
+#ifndef HAVE_REALLOCARRAY
+void *reallocarray(void *ptr, size_t nmemb, size_t size)
+{
+ return realloc(ptr, nmemb * size);
+}
+#endif
+
int is_blacklisted(const char *name, const char *path)
{
int retval = _aa_is_blacklisted(name);
@@ -61,11 +69,6 @@ int is_blacklisted(const char *name, const char *path)
return !retval ? 0 : 1;
}
-/*
- * WARNING: if the format of the following table is changed then
- * the Makefile targets, cap_names.h and generated_cap_names.h
- * must be updated.
- */
struct keyword_table {
const char *keyword;
unsigned int token;
@@ -170,77 +173,246 @@ static int get_table_token(const char *name unused, struct keyword_table *table,
return -1;
}
+/* for alpha matches, check for keywords */
+int get_keyword_token(const char *keyword)
+{
+ return get_table_token("keyword", keyword_table, keyword);
+}
-#ifndef CAP_AUDIT_WRITE
-#define CAP_AUDIT_WRITE 29
-#endif
+int get_rlimit(const char *name)
+{
+ return get_table_token("rlimit", rlimit_table, name);
+}
-#ifndef CAP_AUDIT_CONTROL
-#define CAP_AUDIT_CONTROL 30
-#endif
-#ifndef CAP_SETFCAP
-#define CAP_SETFCAP 31
-#endif
+/*
+ * WARNING: if the format of the following table is changed then
+ * the Makefile targets, cap_names.h and generated_cap_names.h
+ * must be updated.
+ */
+struct capability_table {
+ const char *name;
+ unsigned int cap;
+ unsigned int backmap;
+ capability_flags flags;
+};
-#ifndef CAP_MAC_OVERRIDE
-#define CAP_MAC_OVERRIDE 32
-#endif
+static struct capability_table base_capability_table[] = {
+ /* capabilities */
+ #include "cap_names.h"
-#ifndef CAP_MAC_ADMIN
-#define CAP_MAC_ADMIN 33
-#endif
+ /* terminate */
+ {NULL, 0, 0, CAPFLAGS_CLEAR}
+};
-#ifndef CAP_SYSLOG
-#define CAP_SYSLOG 34
-#endif
+static struct capability_table *cap_table;
+static int cap_table_size;
-#ifndef CAP_WAKE_ALARM
-#define CAP_WAKE_ALARM 35
-#endif
+void capabilities_init(void)
+{
+ cap_table = (struct capability_table *) malloc(sizeof(base_capability_table));
+ if (!cap_table)
+ yyerror(_("Memory allocation error."));
+ memcpy(cap_table, base_capability_table, sizeof(base_capability_table));
+ cap_table_size = sizeof(base_capability_table)/sizeof(struct capability_table);
+}
-#ifndef CAP_BLOCK_SUSPEND
-#define CAP_BLOCK_SUSPEND 36
-#endif
+struct capability_table *find_cap_entry_by_name(const char *name)
+{
+ int i;
-#ifndef CAP_AUDIT_READ
-#define CAP_AUDIT_READ 37
-#endif
+ for (i = 0; cap_table[i].name; i++) {
+ PDEBUG("Checking %s %s\n", name, cap_table[i].name);
+ if (strcmp(name, cap_table[i].name) == 0) {
+ PDEBUG("Found %s %s\n", name, cap_table[i].name);
+ return &cap_table[i];
+ }
+ }
-#ifndef CAP_PERFMON
-#define CAP_PERFMON 38
-#endif
+ return NULL;
+}
-#ifndef CAP_BPF
-#define CAP_BPF 39
-#endif
+struct capability_table *find_cap_entry_by_num(unsigned int cap)
+{
+ int i;
-#ifndef CAP_CHECKPOINT_RESTORE
-#define CAP_CHECKPOINT_RESTORE 40
-#endif
+ for (i = 0; cap_table[i].name; i++) {
+ PDEBUG("Checking %d %d\n", cap, cap_table[i].cap);
+ if (cap == cap_table[i].cap) {
+ PDEBUG("Found %d %d\n", cap, cap_table[i].cap);
+ return &cap_table[i];
+ }
+ }
-static struct keyword_table capability_table[] = {
- /* capabilities */
- #include "cap_names.h"
+ return NULL;
+}
- /* terminate */
- {NULL, 0}
-};
+/* don't mark up str with \0 */
+static const char *strn_token(const char *str, size_t &len)
+{
+ const char *start;
+
+ while (isspace(*str))
+ str++;
+ start = str;
+ while (*str && !isspace(*str))
+ str++;
+ if (start == str)
+ return NULL;
-/* for alpha matches, check for keywords */
-int get_keyword_token(const char *keyword)
+ len = str - start;
+ return start;
+}
+
+/*
+ * Returns: -1: error
+ * 0: no change - capability already in table
+ * 1: added flag to capability in table
+ * 2: added new capability
+ */
+static int capable_add_cap(const char *str, int len, unsigned int cap,
+ capability_flags flag)
{
- return get_table_token("keyword", keyword_table, keyword);
+ /* extract name from str so we can treat as a string */
+ autofree char *name = strndup(str, len);
+
+ if (!name) {
+ yyerror(_("Out of memory"));
+ return -1;
+ }
+ struct capability_table *ent = find_cap_entry_by_name(name);
+ if (ent) {
+ if (ent->cap != cap) {
+ pwarn(WARN_UNEXPECTED, "feature capability '%s:%d' does not equal expected %d. Ignoring ...\n", name, cap, ent->cap);
+ /* TODO: make warn to error config */
+ return 0;
+ }
+ if (ent->flags & flag)
+ return 0; /* no change */
+ ent->flags = (capability_flags) (ent->flags | flag);
+ return 1; /* modified */
+ } else {
+ struct capability_table *tmp;
+
+ tmp = (struct capability_table *) reallocarray(cap_table, sizeof(struct capability_table), cap_table_size+1);
+ if (!tmp) {
+ yyerror(_("Out of memory"));
+ /* TODO: change away from yyerror */
+ return -1;
+ }
+ cap_table = tmp;
+ ent = &cap_table[cap_table_size - 1]; /* overwrite null */
+ ent->name = strndup(name, len);
+ if (!ent->name) {
+ /* TODO: change away from yyerror */
+ yyerror(_("Out of memory"));
+ return -1;
+ }
+ ent->cap = cap;
+ ent->flags = flag;
+ cap_table[cap_table_size].name = NULL; /* new null */
+ cap_table_size++;
+ }
+
+ return 2; /* added */
}
-int name_to_capability(const char *keyword)
+bool add_cap_feature_mask(struct aa_features *features, capability_flags flags)
{
- return get_table_token("capability", capability_table, keyword);
+ autofree char *value = NULL;
+ const char *capstr;
+ size_t valuelen, len = 0;
+ int n;
+
+ value = aa_features_value(features, "caps/mask", &valuelen);
+ if (!value)
+ /* nothing to add, just use existing set */
+ return true;
+
+ n = 0;
+ for (capstr = strn_token(value, len);
+ capstr;
+ capstr = strn_token(capstr + len, len)) {
+ if (capable_add_cap(capstr, len, n, flags) < 0)
+ return false;
+ n++;
+ if (len > valuelen) {
+ PDEBUG("caplen is > remaining feature string");
+ return false;
+ }
+ valuelen -= len;
+ PDEBUG("Adding %d capabilities\n", n);
+ }
+
+ return true;
}
-int get_rlimit(const char *name)
+void clear_cap_flag(capability_flags flags)
{
- return get_table_token("rlimit", rlimit_table, name);
+ int i;
+
+ for (i = 0; cap_table[i].name; i++) {
+ PDEBUG("Clearing capability flag for capability \"%s\"\n", cap_table[i].name);
+ cap_table[i].flags = (capability_flags) (cap_table[i].flags & ~flags);
+ }
+}
+
+int name_to_capability(const char *cap)
+{
+ struct capability_table *ent;
+
+ ent = find_cap_entry_by_name(cap);
+ if (ent)
+ return ent->cap;
+
+ PDEBUG("Unable to find %s %s\n", "capability", cap);
+ return -1;
+}
+
+const char *capability_to_name(unsigned int cap)
+{
+ struct capability_table *ent;
+
+ ent = find_cap_entry_by_num(cap);
+ if (ent)
+ return ent->name;
+
+ return "invalid-capability";
+}
+
+int capability_backmap(unsigned int cap)
+{
+ struct capability_table *ent;
+
+ ent = find_cap_entry_by_num(cap);
+ if (ent)
+ return ent->backmap;
+
+ return NO_BACKMAP_CAP;
+}
+
+bool capability_in_kernel(unsigned int cap)
+{
+ struct capability_table *ent;
+
+ ent = find_cap_entry_by_num(cap);
+ if (ent)
+ return ent->flags & CAPFLAG_KERNEL_FEATURE;
+
+ return false;
+}
+
+void __debug_capabilities(uint64_t capset, const char *name)
+{
+ unsigned int i;
+
+ printf("%s:", name);
+
+ for (i = 0; cap_table[i].name; i++) {
+ if ((1ull << cap_table[i].cap) & capset)
+ printf (" %s", cap_table[i].name);
+ }
+ printf("\n");
}
char *processunquoted(const char *string, int len)
@@ -290,6 +462,8 @@ char *processquoted(const char *string, int len)
{
/* skip leading " and eat trailing " */
if (*string == '"') {
+ if (string[len -1] != '"')
+ return NULL;
len -= 2;
if (len < 0) /* start and end point to same quote */
len = 0;
@@ -356,7 +530,7 @@ static int warned_uppercase = 0;
void warn_uppercase(void)
{
if (!warned_uppercase) {
- pwarn(_("Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
+ pwarn(WARN_DEPRECATED, _("Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
"See the apparmor.d(5) manpage for details.\n"));
warned_uppercase = 1;
}
@@ -432,7 +606,7 @@ reeval:
case COD_UNSAFE_UNCONFINED_CHAR:
tmode = AA_EXEC_UNSAFE;
- pwarn(_("Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
+ pwarn(WARN_DANGEROUS, _("Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"),
COD_UNSAFE_UNCONFINED_CHAR, COD_EXEC_CHAR);
/* fall through */
@@ -884,31 +1058,6 @@ void debug_cod_entries(struct cod_entry *list)
}
}
-const char *capability_to_name(unsigned int cap)
-{
- int i;
-
- for (i = 0; capability_table[i].keyword; i++) {
- if (capability_table[i].token == cap)
- return capability_table[i].keyword;
- }
-
- return "invalid-capability";
-}
-
-void __debug_capabilities(uint64_t capset, const char *name)
-{
- unsigned int i;
-
- printf("%s:", name);
-
- for (i = 0; capability_table[i].keyword; i++) {
- if ((1ull << capability_table[i].token) & capset)
- printf (" %s", capability_table[i].keyword);
- }
- printf("\n");
-}
-
struct value_list *new_value_list(char *value)
{
struct value_list *val = (struct value_list *) calloc(1, sizeof(struct value_list));
@@ -1011,11 +1160,21 @@ void free_cond_list(struct cond_entry *ents)
{
struct cond_entry *entry, *tmp;
- list_for_each_safe(ents, entry, tmp) {
- free_cond_entry(entry);
+ if (ents) {
+ list_for_each_safe(ents, entry, tmp) {
+ free_cond_entry(entry);
+ }
}
}
+void free_cond_entry_list(struct cond_entry_list &cond)
+{
+ free_cond_list(cond.list);
+ free(cond.name);
+ cond.list = NULL;
+ cond.name = NULL;
+}
+
void print_cond_entry(struct cond_entry *ent)
{
if (ent) {
diff --git a/parser/parser_policy.c b/parser/parser_policy.c
index 544ca118d737024e2ff120025231a08ca65a2016..f18d0a13c1c81dba886d2c45a24fd9b128e65bf0 100644
--- a/parser/parser_policy.c
+++ b/parser/parser_policy.c
@@ -29,6 +29,7 @@
#include <errno.h>
#include <sys/apparmor.h>
+#include "lib.h"
#include "parser.h"
#include "profile.h"
#include "parser_yacc.h"
@@ -145,6 +146,56 @@ void add_entry_to_policy(Profile *prof, struct cod_entry *entry)
prof->entries = entry;
}
+static bool add_proc_access(Profile *prof, const char *rule)
+{
+ /* FIXME: should use @{PROC}/@{PID}/attr/{apparmor/,}{current,exec} */
+ struct cod_entry *new_ent;
+ /* allow probe for new interfaces */
+ char *buffer = strdup("/proc/*/attr/apparmor/");
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_READ, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ /* allow probe if apparmor is enabled for the old interface */
+ buffer = strdup("/sys/module/apparmor/parameters/enabled");
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_READ, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ /* allow setting on new and old interfaces */
+ buffer = strdup(rule);
+ if (!buffer) {
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ new_ent = new_entry(buffer, AA_MAY_WRITE, NULL);
+ if (!new_ent) {
+ free(buffer);
+ PERROR("Memory allocation error\n");
+ return FALSE;
+ }
+ add_entry_to_policy(prof, new_ent);
+
+ return TRUE;
+}
+
+#define CHANGEPROFILE_PATH "/proc/*/attr/{apparmor/,}{current,exec}"
void post_process_file_entries(Profile *prof)
{
struct cod_entry *entry;
@@ -170,22 +221,11 @@ void post_process_file_entries(Profile *prof)
}
/* if there are change_profile rules, this implies that we need
- * access to /proc/self/attr/current
+ * access to some /proc/ interfaces
*/
if (cp_mode & AA_CHANGE_PROFILE) {
- /* FIXME: should use @{PROC}/@{PID}/attr/{current,exec} */
- struct cod_entry *new_ent;
- char *buffer = strdup("/proc/*/attr/{current,exec}");
- if (!buffer) {
- PERROR("Memory allocation error\n");
- exit(1);
- }
- new_ent = new_entry(buffer, AA_MAY_WRITE, NULL);
- if (!new_ent) {
- PERROR("Memory allocation error\n");
+ if (!add_proc_access(prof, CHANGEPROFILE_PATH))
exit(1);
- }
- add_entry_to_policy(prof, new_ent);
}
}
@@ -196,25 +236,19 @@ void post_process_rule_entries(Profile *prof)
}
-#define CHANGEHAT_PATH "/proc/[0-9]*/attr/current"
+#define CHANGEHAT_PATH "/proc/[0-9]*/attr/{apparmor/,}current"
/* add file rules to access /proc files to call change_hat()
*/
static int profile_add_hat_rules(Profile *prof)
{
- struct cod_entry *entry;
-
/* don't add hat rules if not hat or profile doesn't have hats */
- if (!prof->flags.hat || !prof->hat_table.empty())
+ if (!prof->flags.hat && prof->hat_table.empty())
return 0;
- /* add entry to hat */
- entry = new_entry(strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
- if (!entry)
+ if (!add_proc_access(prof, CHANGEHAT_PATH))
return ENOMEM;
- add_entry_to_policy(prof, entry);
-
return 0;
}
@@ -302,7 +336,12 @@ Profile *merge_policy(Profile *a, Profile *b)
}
b->entries = NULL;
- a->flags.complain = a->flags.complain || b->flags.complain;
+ if (merge_profile_mode(a->flags.mode, b->flags.mode) == MODE_CONFLICT) {
+ PERROR("ASSERT: policy merge with different modes 0x%x != 0x%x\n",
+ a->flags.mode, b->flags.mode);
+ exit(1);
+ }
+
a->flags.audit = a->flags.audit || b->flags.audit;
a->caps.allow |= b->caps.allow;
diff --git a/parser/parser_regex.c b/parser/parser_regex.c
index 8e0f635810a3c8e8dc2786b9e3112442f57adca6..f257ecfb9164f81c7b91c056300e2a3259052101 100644
--- a/parser/parser_regex.c
+++ b/parser/parser_regex.c
@@ -227,7 +227,18 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob,
} else {
update_re_pos(sptr - aare);
ptype = ePatternRegex;
- pcre.append("[^/\\x00]");
+ switch (glob) {
+ case glob_default:
+ pcre.append("[^/\\x00]");
+ break;
+ case glob_null:
+ pcre.append("[^/]");
+ break;
+ default:
+ PERROR(_("%s: Invalid glob type %d\n"), progname, glob);
+ error = e_parse_error;
+ break;
+ }
}
break;
@@ -355,7 +366,7 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob,
case '(':
case ')':
pcre.append("\\");
- // fall through to default
+ /* Fall through */
default:
if (bEscape) {
@@ -371,7 +382,7 @@ pattern_t convert_aaregex_to_pcre(const char *aare, int anchor, int glob,
/* quoting mark used for something that
* does not need to be quoted; give a
* warning */
- pwarn("Character %c was quoted "
+ pwarn(WARN_FORMAT, "Character %c was quoted"
"unnecessarily, dropped preceding"
" quote ('\\') character\n",
*sptr);
@@ -432,26 +443,56 @@ static const char *local_name(const char *name)
return name;
}
+/*
+ * get_xattr_value returns the value of an xattr expression, performing NULL
+ * checks along the way. The method returns NULL if the xattr match doesn't
+ * have an xattrs (though this case currently isn't permitted by the parser).
+ */
+char *get_xattr_value(struct cond_entry *entry)
+{
+ if (!entry->eq)
+ return NULL;
+ if (!entry->vals)
+ return NULL;
+ return entry->vals->value;
+}
+
+/* do we want to warn once/profile or just once per compile?? */
+static void warn_once_xattr(const char *name)
+{
+ static const char *warned_name = NULL;
+ common_warn_once(name, "xattr attachment conditional ignored", &warned_name);
+}
+
static int process_profile_name_xmatch(Profile *prof)
{
std::string tbuf;
pattern_t ptype;
- const char *name;
+ char *name;
+
+ struct cond_entry *entry;
+ const char *xattr_value;
- /* don't filter_slashes for profile names */
- if (prof->attachment)
+ if (prof->attachment) {
name = prof->attachment;
- else
- name = local_name(prof->name);
+ } else {
+ /* don't filter_slashes for profile names, do on attachment */
+ name = strdup(local_name(prof->name));
+ if (!name)
+ return FALSE;
+ }
+ filter_slashes(name);
ptype = convert_aaregex_to_pcre(name, 0, glob_default, tbuf,
&prof->xmatch_len);
if (ptype == ePatternBasic)
prof->xmatch_len = strlen(name);
+ if (!prof->attachment)
+ free(name);
if (ptype == ePatternInvalid) {
PERROR(_("%s: Invalid profile name '%s' - bad regular expression\n"), progname, name);
return FALSE;
- } else if (ptype == ePatternBasic && !(prof->altnames || prof->attachment)) {
+ } else if (ptype == ePatternBasic && !(prof->altnames || prof->attachment || prof->xattrs.list)) {
/* no regex so do not set xmatch */
prof->xmatch = NULL;
prof->xmatch_len = 0;
@@ -470,6 +511,7 @@ static int process_profile_name_xmatch(Profile *prof)
list_for_each(prof->altnames, alt) {
int len;
tbuf.clear();
+ filter_slashes(alt->name);
ptype = convert_aaregex_to_pcre(alt->name, 0,
glob_default,
tbuf, &len);
@@ -479,7 +521,50 @@ static int process_profile_name_xmatch(Profile *prof)
}
}
}
- prof->xmatch = rules->create_dfa(&prof->xmatch_size, &prof->xmatch_len, dfaflags);
+ if (prof->xattrs.list) {
+ if (!(features_supports_domain_xattr && kernel_supports_oob)) {
+ warn_once_xattr(prof->name);
+ free_cond_entry_list(prof->xattrs);
+ goto build;
+ }
+
+ for (entry = prof->xattrs.list; entry; entry = entry->next) {
+ xattr_value = get_xattr_value(entry);
+ if (!xattr_value)
+ xattr_value = "**"; // Default to allowing any value.
+ /* len is measured because it's required to
+ * convert the regex to pcre, but doesn't impact
+ * xmatch_len. The kernel uses the number of
+ * xattrs matched to prioritized in addition to
+ * xmatch_len.
+ */
+ int len;
+ tbuf.clear();
+ /* prepend \x00 to every value. This is
+ * done to separate the existance of the
+ * xattr from a null value match.
+ *
+ * if an xattr exists, a single \x00 will
+ * be done before matching any of the
+ * xattr_value data.
+ *
+ * the pattern for a required xattr
+ * \x00{value_match}\x-1
+ * optional xattr (null alternation)
+ * {\x00{value_match},}\x-1
+ */
+ tbuf.append("\\x00");
+ convert_aaregex_to_pcre(xattr_value, 0,
+ glob_null, tbuf,
+ &len);
+ if (!rules->append_rule(tbuf.c_str(), true, true, dfaflags)) {
+ delete rules;
+ return FALSE;
+ }
+ }
+ }
+build:
+ prof->xmatch = rules->create_dfa(&prof->xmatch_size, &prof->xmatch_len, dfaflags, true);
delete rules;
if (!prof->xmatch)
return FALSE;
@@ -564,6 +649,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
int pos;
vec[0] = tbuf.c_str();
if (entry->link_name) {
+ filter_slashes(entry->link_name);
ptype = convert_aaregex_to_pcre(entry->link_name, 0, glob_default, lbuf, &pos);
if (ptype == ePatternInvalid)
return FALSE;
@@ -574,7 +660,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
perms |= LINK_TO_LINK_SUBSET(perms);
vec[1] = "/[^/].*";
}
- if (!dfarules->add_rule_vec(entry->deny, perms, entry->audit & AA_LINK_BITS, 2, vec, dfaflags))
+ if (!dfarules->add_rule_vec(entry->deny, perms, entry->audit & AA_LINK_BITS, 2, vec, dfaflags, false))
return FALSE;
}
if (is_change_profile_mode(entry->mode)) {
@@ -602,7 +688,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
/* allow change_profile for all execs */
vec[0] = "/[^/\\x00][^\\x00]*";
- if (!kernel_supports_stacking) {
+ if (!features_supports_stacking) {
bool stack;
if (!parse_label(&stack, &ns, &name,
@@ -627,12 +713,12 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
/* regular change_profile rule */
if (!dfarules->add_rule_vec(entry->deny,
AA_CHANGE_PROFILE | onexec_perms,
- 0, index - 1, &vec[1], dfaflags))
+ 0, index - 1, &vec[1], dfaflags, false))
return FALSE;
/* onexec rules - both rules are needed for onexec */
if (!dfarules->add_rule_vec(entry->deny, onexec_perms,
- 0, 1, vec, dfaflags))
+ 0, 1, vec, dfaflags, false))
return FALSE;
/**
@@ -641,7 +727,7 @@ static int process_dfa_entry(aare_rules *dfarules, struct cod_entry *entry)
*/
onexec_perms |= (entry->mode & (AA_EXEC_BITS | ALL_AA_EXEC_UNSAFE));
if (!dfarules->add_rule_vec(entry->deny, onexec_perms,
- 0, index, vec, dfaflags))
+ 0, index, vec, dfaflags, false))
return FALSE;
}
return TRUE;
@@ -677,7 +763,7 @@ int process_profile_regex(Profile *prof)
if (prof->dfa.rules->rule_count > 0) {
int xmatch_len = 0;
prof->dfa.dfa = prof->dfa.rules->create_dfa(&prof->dfa.size,
- &xmatch_len, dfaflags);
+ &xmatch_len, dfaflags, true);
delete prof->dfa.rules;
prof->dfa.rules = NULL;
if (!prof->dfa.dfa)
@@ -762,6 +848,80 @@ int post_process_policydb_ents(Profile *prof)
return TRUE;
}
+
+static bool gen_net_rule(Profile *prof, u16 family, unsigned int type_mask,
+ bool audit, bool deny) {
+ std::ostringstream buffer;
+ std::string buf;
+
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << AA_CLASS_NETV8;
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((family & 0xff00) >> 8);
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (family & 0xff);
+ if (type_mask > 0xffff) {
+ buffer << "..";
+ } else {
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << ((type_mask & 0xff00) >> 8);
+ buffer << "\\x" << std::setfill('0') << std::setw(2) << std::hex << (type_mask & 0xff);
+ }
+ buf = buffer.str();
+ if (!prof->policy.rules->add_rule(buf.c_str(), deny, map_perms(AA_VALID_NET_PERMS),
+ audit ? map_perms(AA_VALID_NET_PERMS) : 0,
+ dfaflags))
+ return false;
+
+ return true;
+}
+
+static bool gen_af_rules(Profile *prof, u16 family, unsigned int type_mask,
+ unsigned int audit_mask, bool deny)
+{
+ if (type_mask > 0xffff && audit_mask > 0xffff) {
+ /* instead of generating multiple rules wild card type */
+ return gen_net_rule(prof, family, type_mask, audit_mask, deny);
+ } else {
+ int t;
+ /* generate rules for types that are set */
+ for (t = 0; t < 16; t++) {
+ if (type_mask & (1 << t)) {
+ if (!gen_net_rule(prof, family, t,
+ audit_mask & (1 << t),
+ deny))
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+bool post_process_policydb_net(Profile *prof)
+{
+ u16 af;
+
+ /* no network rules defined so we don't have generate them */
+ if (!prof->net.allow)
+ return true;
+
+ /* generate rules if the af has something set */
+ for (af = AF_UNSPEC; af < get_af_max(); af++) {
+ if (prof->net.allow[af] ||
+ prof->net.deny[af] ||
+ prof->net.audit[af] ||
+ prof->net.quiet[af]) {
+ if (!gen_af_rules(prof, af, prof->net.allow[af],
+ prof->net.audit[af],
+ false))
+ return false;
+ if (!gen_af_rules(prof, af, prof->net.deny[af],
+ prof->net.quiet[af],
+ true))
+ return false;
+ }
+ }
+
+ return true;
+}
+
#define MAKE_STR(X) #X
#define CLASS_STR(X) "\\d" MAKE_STR(X)
#define MAKE_SUB_STR(X) "\\000" MAKE_STR(X)
@@ -773,6 +933,7 @@ static const char *mediates_dbus = CLASS_STR(AA_CLASS_DBUS);
static const char *mediates_signal = CLASS_STR(AA_CLASS_SIGNAL);
static const char *mediates_ptrace = CLASS_STR(AA_CLASS_PTRACE);
static const char *mediates_extended_net = CLASS_STR(AA_CLASS_NET);
+static const char *mediates_netv8 = CLASS_STR(AA_CLASS_NETV8);
static const char *mediates_net_unix = CLASS_SUB_STR(AA_CLASS_NET, AF_UNIX);
int process_profile_policydb(Profile *prof)
@@ -785,6 +946,9 @@ int process_profile_policydb(Profile *prof)
if (!post_process_policydb_ents(prof))
goto out;
+ /* TODO: move to network class */
+ if (features_supports_networkv8 && !post_process_policydb_net(prof))
+ goto out;
/* insert entries to show indicate what compiler/policy expects
* to be supported
@@ -794,19 +958,22 @@ int process_profile_policydb(Profile *prof)
if (kernel_abi_version > 5 &&
!prof->policy.rules->add_rule(mediates_file, 0, AA_MAY_READ, 0, dfaflags))
goto out;
- if (kernel_supports_mount &&
+ if (features_supports_mount &&
!prof->policy.rules->add_rule(mediates_mount, 0, AA_MAY_READ, 0, dfaflags))
goto out;
- if (kernel_supports_dbus &&
+ if (features_supports_dbus &&
!prof->policy.rules->add_rule(mediates_dbus, 0, AA_MAY_READ, 0, dfaflags))
goto out;
- if (kernel_supports_signal &&
+ if (features_supports_signal &&
!prof->policy.rules->add_rule(mediates_signal, 0, AA_MAY_READ, 0, dfaflags))
goto out;
- if (kernel_supports_ptrace &&
+ if (features_supports_ptrace &&
!prof->policy.rules->add_rule(mediates_ptrace, 0, AA_MAY_READ, 0, dfaflags))
goto out;
- if (kernel_supports_unix &&
+ if (features_supports_networkv8 &&
+ !prof->policy.rules->add_rule(mediates_netv8, 0, AA_MAY_READ, 0, dfaflags))
+ goto out;
+ if (features_supports_unix &&
(!prof->policy.rules->add_rule(mediates_extended_net, 0, AA_MAY_READ, 0, dfaflags) ||
!prof->policy.rules->add_rule(mediates_net_unix, 0, AA_MAY_READ, 0, dfaflags)))
goto out;
@@ -814,7 +981,7 @@ int process_profile_policydb(Profile *prof)
if (prof->policy.rules->rule_count > 0) {
int xmatch_len = 0;
prof->policy.dfa = prof->policy.rules->create_dfa(&prof->policy.size,
- &xmatch_len, dfaflags);
+ &xmatch_len, dfaflags, false);
delete prof->policy.rules;
prof->policy.rules = NULL;
diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y
index ab3c9fc59f5c21d768ddbee7ff948a2e9339bcb6..f317556e4958d7a4c3f057b3144ae0b91b7c4f3a 100644
--- a/parser/parser_yacc.y
+++ b/parser/parser_yacc.y
@@ -32,6 +32,8 @@
/* #define DEBUG */
+#include "capability.h"
+#include "lib.h"
#include "parser.h"
#include "profile.h"
#include "mount.h"
@@ -42,20 +44,6 @@
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <linux/capability.h>
-
-#ifndef CAP_AUDIT_WRITE
-#define CAP_AUDIT_WRITE 29
-#endif
-#ifndef CAP_AUDIT_CONTROL
-#define CAP_AUDIT_CONTROL 30
-#endif
-#ifndef CAP_SETFCAP
-#define CAP_SETFCAP 31
-#endif
-#ifndef CAP_MAC_OVERRIDE
-#define CAP_MAC_OVERRIDE 32
-#endif
#define CIDR_32 htonl(0xffffffff)
#define CIDR_24 htonl(0xffffff00)
@@ -81,6 +69,7 @@ mnt_rule *do_mnt_rule(struct cond_entry *src_conds, char *src,
int mode);
mnt_rule *do_pivot_rule(struct cond_entry *old, char *root,
char *transition);
+static void abi_features(char *filename, bool search);
void add_local_entry(Profile *prof);
%}
@@ -217,6 +206,7 @@ void add_local_entry(Profile *prof);
struct cond_entry_list cond_entry_list;
int boolean;
struct prefixes prefix;
+ IncludeCache_t *includecache;
}
%type <id> TOK_ID
@@ -285,8 +275,33 @@ void add_local_entry(Profile *prof);
%%
-list: preamble profilelist
- { /* nothing */ };
+list: preamble
+ {
+ /* make sure abi is setup */
+ if (override_features) {
+ if (policy_features)
+ aa_features_unref(policy_features);
+ policy_features = aa_features_ref(override_features);
+ } else if (policy_features == NULL) {
+ if (pinned_features) {
+ policy_features = aa_features_ref(pinned_features);
+ /* use default feature abi */
+ } else {
+ if (aa_features_new_from_string(&policy_features,
+ default_features_abi,
+ strlen(default_features_abi))) {
+ yyerror(_("Failed to setup default policy feature abi"));
+ }
+ pwarn(WARN_ABI, _("%s: File '%s' missing feature abi, falling back to default policy feature abi\n"), progname, current_filename);
+ }
+ }
+ if (!add_cap_feature_mask(policy_features,
+ CAPFLAG_POLICY_FEATURE))
+ yyerror(_("Failed to add policy capabilities to known capabilities set"));
+ set_supported_features();
+
+ }
+ profilelist;
profilelist: { /* nothing */ };
@@ -306,9 +321,17 @@ opt_id: { /* nothing */ $$ = NULL; }
opt_id_or_var: { /* nothing */ $$ = NULL; }
| id_or_var { $$ = $1; }
-profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
+profile_base: TOK_ID opt_id_or_var opt_cond_list flags TOK_OPEN
+ {
+ /* mid rule action
+ * save current cache, restore at end of block
+ */
+ $<includecache>$ = g_includecache;
+ g_includecache = new IncludeCache_t();
+ }
+ rules TOK_CLOSE
{
- Profile *prof = $5;
+ Profile *prof = $7;
bool self_stack = false;
if (!prof) {
@@ -330,7 +353,7 @@ profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
* --namespace-string command line option
*/
if (prof->ns && strcmp(prof->ns, profile_ns))
- pwarn("%s: -n %s overriding policy specified namespace :%s:\n",
+ pwarn(WARN_OVERRIDE, "%s: -n %s overriding policy specified namespace :%s:\n",
progname, profile_ns, prof->ns);
free(prof->ns);
@@ -342,20 +365,27 @@ profile_base: TOK_ID opt_id_or_var flags TOK_OPEN rules TOK_CLOSE
prof->attachment = $2;
if ($2 && !($2[0] == '/' || strncmp($2, "@{", 2) == 0))
yyerror(_("Profile attachment must begin with a '/' or variable."));
- prof->flags = $3;
+ if ($3.name) {
+ if (strcmp($3.name, "xattrs") != 0)
+ yyerror(_("profile id: invalid conditional group %s=()"), $3.name);
+ free ($3.name);
+ $3.name = NULL;
+ prof->xattrs = $3;
+ }
+ prof->flags = $4;
if (force_complain && kernel_abi_version == 5)
/* newer abis encode force complain as part of the
* header
*/
- prof->flags.complain = 1;
+ prof->flags.mode = MODE_COMPLAIN;
post_process_file_entries(prof);
post_process_rule_entries(prof);
- PDEBUG("%s: flags='%s%s'\n",
- $2,
- prof->flags.complain ? "complain, " : "",
- prof->flags.audit ? "audit" : "");
+ prof->flags.debug(cerr);
+ /* restore previous blocks include cache */
+ delete g_includecache;
+ g_includecache = $<includecache>6;
$$ = prof;
};
@@ -369,6 +399,9 @@ profile: opt_profile_flag profile_base
else
PDEBUG("Matched: %s { ... }\n", $2->name);
+ if ($2->name[0] == '/')
+ pwarn(WARN_DEPRECATED, _("The use of file paths as profile names is deprecated. See man apparmor.d for more information\n"));
+
if ($2->name[0] != '/' && !($1 || $2->ns))
yyerror(_("Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."));
@@ -393,6 +426,12 @@ hat: hat_start profile_base
Profile *prof = $2;
if ($2)
PDEBUG("Matched: hat %s { ... }\n", prof->name);
+ /*
+ * It isn't clear what a xattrs match on a hat profile
+ * should do, disallow it for now.
+ */
+ if ($2->xattrs.list)
+ yyerror("hat profiles can't use xattrs matches");
prof->flags.hat = 1;
$$ = prof;
@@ -508,7 +547,7 @@ valuelist: valuelist TOK_VALUE
}
flags: { /* nothing */
- flagvals fv = { 0, 0, 0, 0 };
+ flagvals fv = { 0, MODE_UNSPECIFIED, 0, 0 };
$$ = fv;
};
@@ -529,7 +568,11 @@ flags: opt_flags TOK_OPENPAREN flagvals TOK_CLOSEPAREN
flagvals: flagvals flagval
{
- $1.complain = $1.complain || $2.complain;
+ if (merge_profile_mode($1.mode, $2.mode) == MODE_CONFLICT)
+ yyerror(_("Profile flag '%s' conflicts with '%s'"),
+ profile_mode_table[$1.mode],
+ profile_mode_table[$2.mode]);
+ $1.mode = merge_profile_mode($1.mode, $2.mode);
$1.audit = $1.audit || $2.audit;
$1.path = $1.path | $2.path;
if (($1.path & (PATH_CHROOT_REL | PATH_NS_REL)) ==
@@ -556,11 +599,13 @@ flagvals: flagval
flagval: TOK_VALUE
{
- flagvals fv = { 0, 0, 0, 0 };
+ flagvals fv = { 0, MODE_UNSPECIFIED, 0, 0 };
+ enum profile_mode mode;
+
if (strcmp($1, "debug") == 0) {
yyerror(_("Profile flag 'debug' is no longer valid."));
- } else if (strcmp($1, "complain") == 0) {
- fv.complain = 1;
+ } if ((mode = str_to_mode($1))) {
+ fv.mode = mode;
} else if (strcmp($1, "audit") == 0) {
fv.audit = 1;
} else if (strcmp($1, "chroot_relative") == 0) {
@@ -695,8 +740,10 @@ rules: rules opt_prefix network_rule
yyerror(_("Memory allocation error."));
list_for_each_safe($3, entry, tmp) {
- /* map to extended mediation if available */
- if (entry->family == AF_UNIX && kernel_supports_unix) {
+ /* map to extended mediation, let rule backend do
+ * downgrade if needed
+ */
+ if (entry->family == AF_UNIX) {
unix_rule *rule = new unix_rule(entry->type, $2.audit, $2.deny);
if (!rule)
yyerror(_("Memory allocation error."));
@@ -903,7 +950,7 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
else if (tmp < 0LL)
yyerror("RLIMIT '%s' invalid value %s\n", $4, $6);
if (!$7)
- pwarn(_("RLIMIT 'cpu' no units specified using default units of seconds\n"));
+ pwarn(WARN_MISSING, _("RLIMIT 'cpu' no units specified using default units of seconds\n"));
value = tmp;
break;
#ifdef RLIMIT_RTTIME
@@ -915,7 +962,7 @@ rules: rules TOK_SET TOK_RLIMIT TOK_ID TOK_LE TOK_VALUE opt_id TOK_END_OF_RULE
if (tmp < 0LL)
yyerror("RLIMIT '%s' invalid value %s %s\n", $4, $6, $7 ? $7 : "");
if (!$7)
- pwarn(_("RLIMIT 'rttime' no units specified using default units of microseconds\n"));
+ pwarn(WARN_MISSING, _("RLIMIT 'rttime' no units specified using default units of microseconds\n"));
value = tmp;
break;
#endif
@@ -1071,9 +1118,16 @@ rule: file_rule { $$ = $1; }
abi_rule: TOK_ABI TOK_ID TOK_END_OF_RULE
{
- pwarn(_("%s: Profile abi not supported, falling back to system abi.\n"), progname);
+ abi_features($2, true);
free($2);
- };
+ /* $$ = nothing, not used */
+ }
+ | TOK_ABI TOK_VALUE TOK_END_OF_RULE
+ {
+ abi_features($2, false);
+ free($2);
+ /* $$ = nothing, not used */
+ }
opt_exec_mode: { /* nothing */ $$ = EXEC_MODE_EMPTY; }
| TOK_UNSAFE { $$ = EXEC_MODE_UNSAFE; };
@@ -1192,6 +1246,15 @@ network_rule: TOK_NETWORK TOK_ID TOK_ID TOK_END_OF_RULE
$$ = entry;
}
+cond: TOK_CONDID
+ {
+ struct cond_entry *ent;
+ ent = new_cond_entry($1, 0, NULL);
+ if (!ent)
+ yyerror(_("Memory allocation error."));
+ $$ = ent;
+ }
+
cond: TOK_CONDID TOK_EQUALS TOK_VALUE
{
struct cond_entry *ent;
@@ -1506,9 +1569,8 @@ change_profile: TOK_CHANGE_PROFILE opt_exec_mode opt_id opt_named_transition TOK
if (exec_mode == EXEC_MODE_UNSAFE)
mode |= ALL_AA_EXEC_UNSAFE;
else if (exec_mode == EXEC_MODE_SAFE &&
- !kernel_supports_stacking &&
- warnflags & WARN_RULE_DOWNGRADED) {
- pwarn("downgrading change_profile safe rule to unsafe due to lack of necessary kernel support\n");
+ !features_supports_stacking) {
+ pwarn(WARN_RULE_DOWNGRADED, "downgrading change_profile safe rule to unsafe due to lack of necessary kernel support\n");
/**
* No need to do anything because 'unsafe' exec
* mode is the only supported mode of
@@ -1549,10 +1611,15 @@ capability: TOK_CAPABILITY caps TOK_END_OF_RULE
caps: { /* nothing */ $$ = 0; }
| caps TOK_ID
{
- int cap = name_to_capability($2);
+ int backmap, cap = name_to_capability($2);
if (cap == -1)
yyerror(_("Invalid capability %s."), $2);
free($2);
+ backmap = capability_backmap(cap);
+ if (backmap != NO_BACKMAP_CAP && !capability_in_kernel(cap)) {
+ /* TODO: special backmap warning */
+ cap = backmap;
+ }
$$ = $1 | CAP_TO_MASK(cap);
}
@@ -1568,13 +1635,11 @@ void vprintyyerror(const char *msg, va_list argptr)
if (profilename) {
PERROR(_("AppArmor parser error for %s%s%s at line %d: %s\n"),
profilename,
- current_filename ? " in " : "",
+ current_filename ? " in profile " : "",
current_filename ? current_filename : "",
current_lineno, buf);
} else {
- PERROR(_("AppArmor parser error,%s%s line %d: %s\n"),
- current_filename ? " in " : "",
- current_filename ? current_filename : "",
+ PERROR(_("AppArmor parser error at line %d: %s\n"),
current_lineno, buf);
}
}
@@ -1703,3 +1768,63 @@ mnt_rule *do_pivot_rule(struct cond_entry *old, char *root, char *transition)
return ent;
}
+
+static int abi_features_base(struct aa_features **features, char *filename, bool search)
+{
+ autofclose FILE *f = NULL;
+ struct stat my_stat;
+ char *fullpath = NULL;
+ bool cached;
+
+ if (search) {
+ if (strcmp(filename, "kernel") == 0)
+ return aa_features_new_from_kernel(features);
+ f = search_path(filename, &fullpath, &cached);
+ PDEBUG("abi lookup '%s' -> '%s' f %p cached %d\n", filename, fullpath, f, cached);
+ if (!f && cached) {
+ *features = NULL;
+ return 0;
+ }
+ } else {
+ f = fopen(filename, "r");
+ PDEBUG("abi relpath '%s' f %p\n", filename, f);
+ }
+
+ if (!f) {
+ yyerror(_("Could not open '%s': %m"),
+ fullpath ? fullpath: filename);
+ }
+
+ if (fstat(fileno(f), &my_stat))
+ yyerror(_("fstat failed for '%s': %m"), fullpath ? fullpath : filename);
+
+ if (S_ISREG(my_stat.st_mode)) {
+ return aa_features_new_from_file(features, fileno(f));
+ }
+
+ return -1;
+}
+
+static void abi_features(char *filename, bool search)
+{
+ struct aa_features *tmp_features;
+
+ if (abi_features_base(&tmp_features, filename, search) == -1) {
+ yyerror(_("failed to find features abi '%s': %m"), filename);
+ }
+ if (policy_features) {
+ if (tmp_features) {
+ if (!aa_features_is_equal(tmp_features, policy_features)) {
+ pwarn(WARN_ABI, _("%s: %s features abi '%s' differs from policy declared feature abi, using the features abi declared in policy\n"), progname, current_filename, filename);
+ }
+ aa_features_unref(tmp_features);
+ }
+ } else if (!tmp_features) {
+ /* skipped reinclude, but features not set */
+ yyerror(_("failed features abi not set but include cache skipped\n"));
+ } else {
+ /* first features abi declaration */
+ policy_features = tmp_features;
+ }
+
+};
diff --git a/parser/po/apparmor-parser.pot b/parser/po/apparmor-parser.pot
index 7cf146468f160b19f6db607840282cd6d3fa1aeb..df194e31bf48baf97fbd11fbcb69c0dfb5b614e2 100644
--- a/parser/po/apparmor-parser.pot
+++ b/parser/po/apparmor-parser.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: apparmor@lists.ubuntu.com\n"
-"POT-Creation-Date: 2020-10-14 03:35-0700\n"
+"POT-Creation-Date: 2020-10-14 04:04-0700\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -17,21 +17,21 @@ msgstr ""
"Content-Type: text/plain; charset=CHARSET\n"
"Content-Transfer-Encoding: 8bit\n"
-#: ../parser_include.c:113 ../parser_include.c:111 ../parser_include.c:114
+#: ../parser_include.c:113 ../parser_include.c:111 ../parser_include.c:96
msgid "Error: Out of memory.\n"
msgstr ""
-#: ../parser_include.c:123 ../parser_include.c:121 ../parser_include.c:124
+#: ../parser_include.c:123 ../parser_include.c:121 ../parser_include.c:106
#, c-format
msgid "Error: basedir %s is not a directory, skipping.\n"
msgstr ""
-#: ../parser_include.c:137 ../parser_include.c:140
+#: ../parser_include.c:137 ../parser_include.c:122
#, c-format
msgid "Error: Could not add directory %s to search path.\n"
msgstr ""
-#: ../parser_include.c:147 ../parser_include.c:151 ../parser_include.c:154
+#: ../parser_include.c:147 ../parser_include.c:151 ../parser_include.c:136
msgid "Error: Could not allocate memory.\n"
msgstr ""
@@ -124,25 +124,25 @@ msgstr ""
#: ../parser_interface.c:138 ../parser_interface.c:162
#: ../parser_interface.c:141 ../parser_interface.c:165
#: ../parser_interface.c:118 ../parser_interface.c:142
-#: ../parser_interface.c:122 ../parser_interface.c:146
+#: ../parser_interface.c:123 ../parser_interface.c:147
#, c-format
msgid "%s: ASSERT: Invalid option: %d\n"
msgstr ""
#: ../parser_interface.c:147 ../parser_interface.c:150
-#: ../parser_interface.c:127 ../parser_interface.c:131
+#: ../parser_interface.c:127 ../parser_interface.c:132
#, c-format
msgid "Addition succeeded for \"%s\".\n"
msgstr ""
#: ../parser_interface.c:151 ../parser_interface.c:154
-#: ../parser_interface.c:131 ../parser_interface.c:135
+#: ../parser_interface.c:131 ../parser_interface.c:136
#, c-format
msgid "Replacement succeeded for \"%s\".\n"
msgstr ""
#: ../parser_interface.c:155 ../parser_interface.c:158
-#: ../parser_interface.c:135 ../parser_interface.c:139
+#: ../parser_interface.c:135 ../parser_interface.c:140
#, c-format
msgid "Removal succeeded for \"%s\".\n"
msgstr ""
@@ -153,7 +153,7 @@ msgid "PANIC bad increment buffer %p pos %p ext %p size %d res %p\n"
msgstr ""
#: ../parser_interface.c:656 ../parser_interface.c:658
-#: ../parser_interface.c:446 ../parser_interface.c:448
+#: ../parser_interface.c:446 ../parser_interface.c:476
#, c-format
msgid "profile %s network rules not enforced\n"
msgstr ""
@@ -198,17 +198,17 @@ msgid "%s: Unable to write entire profile entry\n"
msgstr ""
#: ../parser_interface.c:839 ../parser_interface.c:831
-#: ../parser_interface.c:593 ../parser_interface.c:551
+#: ../parser_interface.c:593 ../parser_interface.c:579
#, c-format
msgid "%s: Unable to write entire profile entry to cache\n"
msgstr ""
-#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169 parser_lex.l:168
+#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169
#, c-format
msgid "Could not open '%s'"
msgstr ""
-#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173
+#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173 parser_lex.l:174
#, c-format
msgid "fstat failed for '%s'"
msgstr ""
@@ -223,7 +223,7 @@ msgstr ""
msgid "stat failed for '%s'"
msgstr ""
-#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139 parser_lex.l:138
+#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139
#, c-format
msgid "Could not open '%s' in '%s'"
msgstr ""
@@ -234,7 +234,7 @@ msgstr ""
msgid "Found unexpected character: '%s'"
msgstr ""
-#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428 parser_lex.l:477
+#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428 parser_lex.l:474
msgid "Variable declarations do not accept trailing commas"
msgstr ""
@@ -244,7 +244,6 @@ msgid "(network_mode) Found unexpected character: '%s'"
msgstr ""
#: ../parser_main.c:333 ../parser_common.c:61 ../parser_common.c:106
-#: ../parser_common.c:107
#, c-format
msgid "Warning from %s (%s%sline %d): %s"
msgstr ""
@@ -255,7 +254,7 @@ msgid "%s: Could not allocate memory for subdomainbase mount point\n"
msgstr ""
#: ../parser_main.c:577 ../parser_main.c:616 ../parser_main.c:479
-#: ../parser_main.c:1302
+#: ../parser_main.c:1444
#, c-format
msgid ""
"Warning: unable to find a suitable fs in %s, is it mounted?\n"
@@ -263,7 +262,7 @@ msgid ""
msgstr ""
#: ../parser_main.c:597 ../parser_main.c:635 ../parser_main.c:498
-#: ../parser_main.c:730
+#: ../parser_main.c:822
#, c-format
msgid ""
"%s: Sorry. You need root privileges to run this program.\n"
@@ -271,7 +270,7 @@ msgid ""
msgstr ""
#: ../parser_main.c:604 ../parser_main.c:642 ../parser_main.c:505
-#: ../parser_main.c:736
+#: ../parser_main.c:828
#, c-format
msgid ""
"%s: Warning! You've set this program setuid root.\n"
@@ -280,7 +279,7 @@ msgid ""
msgstr ""
#: ../parser_main.c:704 ../parser_main.c:813 ../parser_main.c:836
-#: ../parser_main.c:946 ../parser_main.c:860 ../parser_main.c:925
+#: ../parser_main.c:946 ../parser_main.c:860 ../parser_main.c:1038
#, c-format
msgid "Error: Could not read profile %s: %s.\n"
msgstr ""
@@ -302,36 +301,36 @@ msgstr ""
#: parser_yacc.y:1166 parser_yacc.y:1170 parser_yacc.y:1180 parser_yacc.y:1190
#: parser_yacc.y:1298 parser_yacc.y:1376 parser_yacc.y:1479 parser_yacc.y:1490
#: parser_yacc.y:1565 parser_yacc.y:1583 parser_yacc.y:1590 parser_yacc.y:1639
-#: ../network.c:314 ../af_unix.cc:203 ../parser_misc.c:729 parser_yacc.y:315
-#: parser_yacc.y:339 parser_yacc.y:493 parser_yacc.y:503 parser_yacc.y:614
-#: parser_yacc.y:695 parser_yacc.y:702 parser_yacc.y:1116 parser_yacc.y:1164
-#: parser_yacc.y:1200 parser_yacc.y:1204 parser_yacc.y:1214 parser_yacc.y:1224
-#: parser_yacc.y:1318 parser_yacc.y:1396 parser_yacc.y:1529 parser_yacc.y:1534
-#: parser_yacc.y:1608 parser_yacc.y:1626 parser_yacc.y:1633 parser_yacc.y:1682
-#: ../network.c:315 ../af_unix.cc:204
+#: ../network.c:314 ../af_unix.cc:203 ../parser_misc.c:215 ../parser_misc.c:939
+#: parser_yacc.y:343 parser_yacc.y:367 parser_yacc.y:533 parser_yacc.y:543
+#: parser_yacc.y:660 parser_yacc.y:741 parser_yacc.y:750 parser_yacc.y:1171
+#: parser_yacc.y:1219 parser_yacc.y:1255 parser_yacc.y:1264 parser_yacc.y:1268
+#: parser_yacc.y:1278 parser_yacc.y:1288 parser_yacc.y:1382 parser_yacc.y:1460
+#: parser_yacc.y:1592 parser_yacc.y:1597 parser_yacc.y:1674 parser_yacc.y:1692
+#: parser_yacc.y:1699 parser_yacc.y:1748 ../network.c:315 ../af_unix.cc:194
msgid "Memory allocation error."
msgstr ""
#: ../parser_main.c:740 ../parser_main.c:872 ../parser_main.c:757
-#: ../parser_main.c:866
+#: ../parser_main.c:975
#, c-format
msgid "Cached load succeeded for \"%s\".\n"
msgstr ""
#: ../parser_main.c:744 ../parser_main.c:876 ../parser_main.c:761
-#: ../parser_main.c:870
+#: ../parser_main.c:979
#, c-format
msgid "Cached reload succeeded for \"%s\".\n"
msgstr ""
#: ../parser_main.c:910 ../parser_main.c:1058 ../parser_main.c:967
-#: ../parser_main.c:1019
+#: ../parser_main.c:1132
#, c-format
msgid "%s: Errors found in file. Aborting.\n"
msgstr ""
#: ../parser_misc.c:426 ../parser_misc.c:597 ../parser_misc.c:339
-#: ../parser_misc.c:322
+#: ../parser_misc.c:532
msgid ""
"Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
"See the apparmor.d(5) manpage for details.\n"
@@ -339,17 +338,17 @@ msgstr ""
#: ../parser_misc.c:467 ../parser_misc.c:474 ../parser_misc.c:638
#: ../parser_misc.c:645 ../parser_misc.c:380 ../parser_misc.c:387
-#: ../parser_misc.c:363 ../parser_misc.c:370
+#: ../parser_misc.c:573 ../parser_misc.c:580
msgid "Conflict 'a' and 'w' perms are mutually exclusive."
msgstr ""
#: ../parser_misc.c:491 ../parser_misc.c:662 ../parser_misc.c:404
-#: ../parser_misc.c:387
+#: ../parser_misc.c:597
msgid "Exec qualifier 'i' invalid, conflicting qualifier already specified"
msgstr ""
#: ../parser_misc.c:502 ../parser_misc.c:673 ../parser_misc.c:415
-#: ../parser_misc.c:398
+#: ../parser_misc.c:608
#, c-format
msgid ""
"Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
@@ -358,26 +357,26 @@ msgstr ""
#: ../parser_misc.c:510 ../parser_misc.c:551 ../parser_misc.c:681
#: ../parser_misc.c:722 ../parser_misc.c:423 ../parser_misc.c:464
-#: ../parser_misc.c:406 ../parser_misc.c:447
+#: ../parser_misc.c:616 ../parser_misc.c:657
#, c-format
msgid "Exec qualifier '%c' invalid, conflicting qualifier already specified"
msgstr ""
#: ../parser_misc.c:537 ../parser_misc.c:545 ../parser_misc.c:708
#: ../parser_misc.c:716 ../parser_misc.c:450 ../parser_misc.c:458
-#: ../parser_misc.c:433 ../parser_misc.c:441
+#: ../parser_misc.c:643 ../parser_misc.c:651
#, c-format
msgid "Exec qualifier '%c%c' invalid, conflicting qualifier already specified"
msgstr ""
#: ../parser_misc.c:593 ../parser_misc.c:764 ../parser_misc.c:506
-#: ../parser_misc.c:489
+#: ../parser_misc.c:699
#, c-format
msgid "Internal: unexpected mode character '%c' in input"
msgstr ""
#: ../parser_misc.c:615 ../parser_misc.c:786 ../parser_misc.c:528
-#: ../parser_misc.c:511
+#: ../parser_misc.c:721
#, c-format
msgid "Internal error generated invalid perm 0x%llx\n"
msgstr ""
@@ -403,122 +402,122 @@ msgstr ""
msgid "Profile attachment must begin with a '/'."
msgstr ""
-#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348 parser_yacc.y:373
+#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348 parser_yacc.y:407
msgid ""
"Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."
msgstr ""
-#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384 parser_yacc.y:409
+#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384 parser_yacc.y:449
#, c-format
msgid "Failed to create alias %s -> %s\n"
msgstr ""
-#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506 parser_yacc.y:537
+#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506 parser_yacc.y:581
msgid "Profile flag chroot_relative conflicts with namespace_relative"
msgstr ""
-#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510 parser_yacc.y:541
+#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510 parser_yacc.y:585
msgid "Profile flag mediate_deleted conflicts with delegate_deleted"
msgstr ""
-#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513 parser_yacc.y:544
+#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513 parser_yacc.y:588
msgid "Profile flag attach_disconnected conflicts with no_attach_disconnected"
msgstr ""
-#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516 parser_yacc.y:547
+#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516 parser_yacc.y:591
msgid "Profile flag chroot_attach conflicts with chroot_no_attach"
msgstr ""
-#: parser_yacc.y:441 parser_yacc.y:484 parser_yacc.y:530 parser_yacc.y:561
+#: parser_yacc.y:441 parser_yacc.y:484 parser_yacc.y:530 parser_yacc.y:607
msgid "Profile flag 'debug' is no longer valid."
msgstr ""
-#: parser_yacc.y:463 parser_yacc.y:506 parser_yacc.y:552 parser_yacc.y:583
+#: parser_yacc.y:463 parser_yacc.y:506 parser_yacc.y:552 parser_yacc.y:629
#, c-format
msgid "Invalid profile flag: %s."
msgstr ""
#: parser_yacc.y:498 parser_yacc.y:520 parser_yacc.y:548 parser_yacc.y:594
-#: parser_yacc.y:627
+#: parser_yacc.y:673
msgid "Assert: `rule' returned NULL."
msgstr ""
#: parser_yacc.y:501 parser_yacc.y:546 parser_yacc.y:552 parser_yacc.y:584
-#: parser_yacc.y:598 parser_yacc.y:630 parser_yacc.y:631 parser_yacc.y:663
+#: parser_yacc.y:598 parser_yacc.y:630 parser_yacc.y:677 parser_yacc.y:709
msgid ""
"Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', "
"'p', or 'u'"
msgstr ""
-#: parser_yacc.y:524 parser_yacc.y:556 parser_yacc.y:602 parser_yacc.y:635
+#: parser_yacc.y:524 parser_yacc.y:556 parser_yacc.y:602 parser_yacc.y:681
msgid ""
"Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', 'c', or 'u'"
msgstr ""
-#: parser_yacc.y:549 parser_yacc.y:587 parser_yacc.y:633 parser_yacc.y:666
+#: parser_yacc.y:549 parser_yacc.y:587 parser_yacc.y:633 parser_yacc.y:712
msgid "Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'"
msgstr ""
#: parser_yacc.y:574 parser_yacc.y:612 parser_yacc.y:614 parser_yacc.y:660
-#: parser_yacc.y:693
+#: parser_yacc.y:739
msgid "Assert: `network_rule' return invalid protocol."
msgstr ""
-#: parser_yacc.y:649 parser_yacc.y:696 parser_yacc.y:786 parser_yacc.y:819
+#: parser_yacc.y:649 parser_yacc.y:696 parser_yacc.y:786 parser_yacc.y:867
msgid "Assert: `change_profile' returned NULL."
msgstr ""
-#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810 parser_yacc.y:857
+#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810 parser_yacc.y:905
msgid "Assert: 'hat rule' returned NULL."
msgstr ""
-#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819 parser_yacc.y:866
+#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819 parser_yacc.y:914
msgid "Assert: 'local_profile rule' returned NULL."
msgstr ""
-#: parser_yacc.y:824 parser_yacc.y:885 parser_yacc.y:992 parser_yacc.y:1029
+#: parser_yacc.y:824 parser_yacc.y:885 parser_yacc.y:992 parser_yacc.y:1077
#, c-format
msgid "Unset boolean variable %s used in if-expression"
msgstr ""
-#: parser_yacc.y:882 parser_yacc.y:986 parser_yacc.y:1092 parser_yacc.y:1126
+#: parser_yacc.y:882 parser_yacc.y:986 parser_yacc.y:1092 parser_yacc.y:1181
msgid "unsafe rule missing exec permissions"
msgstr ""
-#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060 parser_yacc.y:1093
+#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060 parser_yacc.y:1148
msgid "subset can only be used with link rules."
msgstr ""
-#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062 parser_yacc.y:1095
+#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062 parser_yacc.y:1150
msgid "link and exec perms conflict on a file rule using ->"
msgstr ""
-#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064 parser_yacc.y:1097
+#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064 parser_yacc.y:1152
msgid "link perms are not allowed on a named profile transition.\n"
msgstr ""
-#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109 parser_yacc.y:1143
+#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109 parser_yacc.y:1198
#, c-format
msgid "missing an end of line character? (entry: %s)"
msgstr ""
#: parser_yacc.y:975 parser_yacc.y:985 parser_yacc.y:1057 parser_yacc.y:1067
-#: parser_yacc.y:1145 parser_yacc.y:1155 parser_yacc.y:1179 parser_yacc.y:1189
+#: parser_yacc.y:1145 parser_yacc.y:1155 parser_yacc.y:1234 parser_yacc.y:1244
msgid "Invalid network entry."
msgstr ""
#: parser_yacc.y:1039 parser_yacc.y:1048 parser_yacc.y:1254 parser_yacc.y:1510
-#: parser_yacc.y:1554
+#: parser_yacc.y:1617
#, c-format
msgid "Invalid capability %s."
msgstr ""
-#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525 parser_yacc.y:1569
+#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525 parser_yacc.y:1637
#, c-format
msgid "AppArmor parser error for %s%s%s at line %d: %s\n"
msgstr ""
-#: parser_yacc.y:1072 parser_yacc.y:1275 parser_yacc.y:1531 parser_yacc.y:1575
+#: parser_yacc.y:1072 parser_yacc.y:1275 parser_yacc.y:1531
#, c-format
msgid "AppArmor parser error,%s%s line %d: %s\n"
msgstr ""
@@ -529,20 +528,20 @@ msgid "%s: Illegal open {, nesting groupings not allowed\n"
msgstr ""
#: ../parser_regex.c:265 ../parser_regex.c:274 ../parser_regex.c:278
-#: ../parser_regex.c:295
+#: ../parser_regex.c:306
#, c-format
msgid "%s: Regex grouping error: Invalid number of items between {}\n"
msgstr ""
#: ../parser_regex.c:271 ../parser_regex.c:280 ../parser_regex.c:284
-#: ../parser_regex.c:301
+#: ../parser_regex.c:312
#, c-format
msgid ""
"%s: Regex grouping error: Invalid close }, no matching open { detected\n"
msgstr ""
#: ../parser_regex.c:337 ../parser_regex.c:343 ../parser_regex.c:361
-#: ../parser_regex.c:392
+#: ../parser_regex.c:403
#, c-format
msgid ""
"%s: Regex grouping error: Unclosed grouping or character class, expecting "
@@ -555,19 +554,19 @@ msgid "%s: Internal buffer overflow detected, %d characters exceeded\n"
msgstr ""
#: ../parser_regex.c:355 ../parser_regex.c:361 ../parser_regex.c:377
-#: ../parser_regex.c:408
+#: ../parser_regex.c:419
#, c-format
msgid "%s: Unable to parse input line '%s'\n"
msgstr ""
#: ../parser_regex.c:397 ../parser_regex.c:405 ../parser_regex.c:421
-#: ../parser_regex.c:452
+#: ../parser_regex.c:487
#, c-format
msgid "%s: Invalid profile name '%s' - bad regular expression\n"
msgstr ""
#: ../parser_policy.c:202 ../parser_policy.c:402 ../parser_policy.c:375
-#: ../parser_policy.c:378
+#: ../parser_policy.c:383
#, c-format
msgid "ERROR merging rules for profile %s, failed to load\n"
msgstr ""
@@ -581,19 +580,19 @@ msgid ""
msgstr ""
#: ../parser_policy.c:279 ../parser_policy.c:359 ../parser_policy.c:332
-#: ../parser_policy.c:335
+#: ../parser_policy.c:340
#, c-format
msgid "ERROR processing regexs for profile %s, failed to load\n"
msgstr ""
#: ../parser_policy.c:306 ../parser_policy.c:389 ../parser_policy.c:362
-#: ../parser_policy.c:365
+#: ../parser_policy.c:370
#, c-format
msgid "ERROR expanding variables for profile %s, failed to load\n"
msgstr ""
#: ../parser_policy.c:390 ../parser_policy.c:382 ../parser_policy.c:355
-#: ../parser_policy.c:358
+#: ../parser_policy.c:363
#, c-format
msgid "ERROR adding hat access rule for profile %s\n"
msgstr ""
@@ -623,7 +622,7 @@ msgstr ""
msgid "%s: Errors found in combining rules postprocessing. Aborting.\n"
msgstr ""
-#: parser_lex.l:180 parser_lex.l:186
+#: parser_lex.l:180 parser_lex.l:186 parser_lex.l:187
#, c-format
msgid "Could not process include directory '%s' in '%s'"
msgstr ""
@@ -633,7 +632,8 @@ msgid "Feature buffer full."
msgstr ""
#: ../parser_main.c:1115 ../parser_main.c:1132 ../parser_main.c:1024
-#: ../parser_main.c:1041 ../parser_main.c:1218 ../parser_main.c:1240
+#: ../parser_main.c:1041 ../parser_main.c:1332 ../parser_main.c:1354
+#: ../parser_misc.c:280 ../parser_misc.c:299 ../parser_misc.c:308
msgid "Out of memory"
msgstr ""
@@ -662,11 +662,11 @@ msgstr ""
msgid "Internal error generated invalid DBus perm 0x%x\n"
msgstr ""
-#: parser_yacc.y:575 parser_yacc.y:621 parser_yacc.y:654
+#: parser_yacc.y:575 parser_yacc.y:621 parser_yacc.y:700
msgid "deny prefix not allowed"
msgstr ""
-#: parser_yacc.y:612 parser_yacc.y:658 parser_yacc.y:691
+#: parser_yacc.y:612 parser_yacc.y:658 parser_yacc.y:737
msgid "owner prefix not allowed"
msgstr ""
@@ -682,41 +682,41 @@ msgstr ""
msgid "owner prefix not allow on capability rules"
msgstr ""
-#: parser_yacc.y:1357 parser_yacc.y:1613 parser_yacc.y:1656
+#: parser_yacc.y:1357 parser_yacc.y:1613 parser_yacc.y:1722
#, c-format
msgid "invalid mount conditional %s%s"
msgstr ""
-#: parser_yacc.y:1374 parser_yacc.y:1628 parser_yacc.y:1671
+#: parser_yacc.y:1374 parser_yacc.y:1628 parser_yacc.y:1737
msgid "bad mount rule"
msgstr ""
-#: parser_yacc.y:1381 parser_yacc.y:1635 parser_yacc.y:1678
+#: parser_yacc.y:1381 parser_yacc.y:1635 parser_yacc.y:1744
msgid "mount point conditions not currently supported"
msgstr ""
-#: parser_yacc.y:1398 parser_yacc.y:1650 parser_yacc.y:1693
+#: parser_yacc.y:1398 parser_yacc.y:1650 parser_yacc.y:1759
#, c-format
msgid "invalid pivotroot conditional '%s'"
msgstr ""
-#: ../parser_regex.c:241 ../parser_regex.c:236 ../parser_regex.c:253
+#: ../parser_regex.c:241 ../parser_regex.c:236 ../parser_regex.c:264
#, c-format
msgid ""
"%s: Regex grouping error: Invalid close ], no matching open [ detected\n"
msgstr ""
-#: ../parser_regex.c:257 ../parser_regex.c:256 ../parser_regex.c:273
+#: ../parser_regex.c:257 ../parser_regex.c:256 ../parser_regex.c:284
#, c-format
msgid "%s: Regex grouping error: Exceeded maximum nesting of {}\n"
msgstr ""
-#: ../parser_policy.c:366 ../parser_policy.c:339 ../parser_policy.c:342
+#: ../parser_policy.c:366 ../parser_policy.c:339 ../parser_policy.c:347
#, c-format
msgid "ERROR processing policydb rules for profile %s, failed to load\n"
msgstr ""
-#: ../parser_policy.c:396 ../parser_policy.c:369 ../parser_policy.c:372
+#: ../parser_policy.c:396 ../parser_policy.c:369 ../parser_policy.c:377
#, c-format
msgid "ERROR replacing aliases for profile %s, failed to load\n"
msgstr ""
@@ -736,170 +736,244 @@ msgstr ""
msgid "Error: Could not read cache file '%s', skipping...\n"
msgstr ""
-#: ../parser_misc.c:575 ../parser_misc.c:558
+#: ../parser_misc.c:575 ../parser_misc.c:768
#, c-format
msgid "Internal: unexpected %s mode character '%c' in input"
msgstr ""
-#: ../parser_misc.c:599 ../parser_misc.c:582
+#: ../parser_misc.c:599 ../parser_misc.c:792
#, c-format
msgid "Internal error generated invalid %s perm 0x%x\n"
msgstr ""
-#: parser_yacc.y:703 parser_yacc.y:736
+#: parser_yacc.y:703 parser_yacc.y:784
msgid "owner prefix not allowed on mount rules"
msgstr ""
-#: parser_yacc.y:720 parser_yacc.y:753
+#: parser_yacc.y:720 parser_yacc.y:801
msgid "owner prefix not allowed on dbus rules"
msgstr ""
-#: parser_yacc.y:736 parser_yacc.y:769
+#: parser_yacc.y:736 parser_yacc.y:817
msgid "owner prefix not allowed on signal rules"
msgstr ""
-#: parser_yacc.y:752 parser_yacc.y:785
+#: parser_yacc.y:752 parser_yacc.y:833
msgid "owner prefix not allowed on ptrace rules"
msgstr ""
-#: parser_yacc.y:768 parser_yacc.y:801 parser_yacc.y:821
+#: parser_yacc.y:768 parser_yacc.y:849 parser_yacc.y:869
msgid "owner prefix not allowed on unix rules"
msgstr ""
-#: parser_yacc.y:794 parser_yacc.y:837
+#: parser_yacc.y:794 parser_yacc.y:885
msgid "owner prefix not allowed on capability rules"
msgstr ""
-#: parser_yacc.y:1293 parser_yacc.y:1313
+#: parser_yacc.y:1293 parser_yacc.y:1377
#, c-format
msgid "dbus rule: invalid conditional group %s=()"
msgstr ""
-#: parser_yacc.y:1371 parser_yacc.y:1391
+#: parser_yacc.y:1371 parser_yacc.y:1455
#, c-format
msgid "unix rule: invalid conditional group %s=()"
msgstr ""
-#: ../parser_regex.c:368 ../parser_regex.c:399
+#: ../parser_regex.c:368 ../parser_regex.c:410
#, c-format
msgid "%s: Regex error: trailing '\\' escape character\n"
msgstr ""
-#: ../parser_interface.c:496
+#: ../parser_common.c:112
+#, c-format
+msgid "%s from %s (%s%sline %d): %s"
+msgstr ""
+
+#: ../parser_common.c:113
+msgid "Warning converted to Error"
+msgstr ""
+
+#: ../parser_common.c:113
+msgid "Warning"
+msgstr ""
+
+#: ../parser_interface.c:524
#, c-format
msgid "Unable to open stdout - %s\n"
msgstr ""
-#: ../parser_interface.c:505
+#: ../parser_interface.c:533
#, c-format
msgid "Unable to open output file - %s\n"
msgstr ""
-#: parser_lex.l:337
+#: parser_lex.l:326
msgid "Failed to process filename\n"
msgstr ""
-#: parser_lex.l:723
+#: parser_lex.l:720
#, c-format
msgid "Lexer found unexpected character: '%s' (0x%x) in state: %s"
msgstr ""
-#: ../parser_main.c:806
+#: ../parser_main.c:915
#, c-format
msgid "Unable to print the cache directory: %m\n"
msgstr ""
-#: ../parser_main.c:842
+#: ../parser_main.c:951
#, c-format
msgid "Error: Could not load profile %s: %s\n"
msgstr ""
-#: ../parser_main.c:852
+#: ../parser_main.c:961
#, c-format
msgid "Error: Could not replace profile %s: %s\n"
msgstr ""
-#: ../parser_main.c:857
+#: ../parser_main.c:966
#, c-format
msgid "Error: Invalid load option specified: %d\n"
msgstr ""
-#: ../parser_main.c:964
+#: ../parser_main.c:1077
#, c-format
msgid "Could not get cachename for '%s'\n"
msgstr ""
-#: ../parser_main.c:1323
+#: ../parser_main.c:1434
+msgid "Kernel features abi not found"
+msgstr ""
+
+#: ../parser_main.c:1438
+msgid "Failed to add kernel capabilities to known capabilities set"
+msgstr ""
+
+#: ../parser_main.c:1465
#, c-format
msgid "Failed to clear cache files (%s): %s\n"
msgstr ""
-#: ../parser_main.c:1332
+#: ../parser_main.c:1474
msgid ""
"The --create-cache-dir option is deprecated. Please use --write-cache.\n"
msgstr ""
-#: ../parser_main.c:1337
+#: ../parser_main.c:1479
#, c-format
msgid "Failed setting up policy cache (%s): %s\n"
msgstr ""
-#: ../parser_misc.c:694
+#: ../parser_misc.c:904
#, c-format
msgid "Namespace not terminated: %s\n"
msgstr ""
-#: ../parser_misc.c:696
+#: ../parser_misc.c:906
#, c-format
msgid "Empty namespace: %s\n"
msgstr ""
-#: ../parser_misc.c:698
+#: ../parser_misc.c:908
#, c-format
msgid "Empty named transition profile name: %s\n"
msgstr ""
-#: ../parser_misc.c:700
+#: ../parser_misc.c:910
#, c-format
msgid "Unknown error while parsing label: %s\n"
msgstr ""
-#: parser_yacc.y:322
+#: parser_yacc.y:306
+msgid "Failed to setup default policy feature abi"
+msgstr ""
+
+#: parser_yacc.y:308
+#, c-format
+msgid ""
+"%s: File '%s' missing feature abi, falling back to default policy feature "
+"abi\n"
+msgstr ""
+
+#: parser_yacc.y:313
+msgid "Failed to add policy capabilities to known capabilities set"
+msgstr ""
+
+#: parser_yacc.y:350
msgid "Profile names must begin with a '/' or a namespace"
msgstr ""
-#: parser_yacc.y:344
+#: parser_yacc.y:372
msgid "Profile attachment must begin with a '/' or variable."
msgstr ""
-#: parser_yacc.y:906
-msgid "RLIMIT 'cpu' no units specified using default units of seconds\n"
+#: parser_yacc.y:375
+#, c-format
+msgid "profile id: invalid conditional group %s=()"
msgstr ""
-#: parser_yacc.y:918
+#: parser_yacc.y:404
msgid ""
-"RLIMIT 'rttime' no units specified using default units of microseconds\n"
+"The use of file paths as profile names is deprecated. See man apparmor.d for "
+"more information\n"
msgstr ""
-#: parser_yacc.y:1074
+#: parser_yacc.y:573
#, c-format
-msgid "%s: Profile abi not supported, falling back to system abi.\n"
+msgid "Profile flag '%s' conflicts with '%s'"
msgstr ""
-#: parser_yacc.y:1519
+#: parser_yacc.y:954
+msgid "RLIMIT 'cpu' no units specified using default units of seconds\n"
+msgstr ""
+
+#: parser_yacc.y:966
+msgid ""
+"RLIMIT 'rttime' no units specified using default units of microseconds\n"
+msgstr ""
+
+#: parser_yacc.y:1582
msgid "Exec condition is required when unsafe or safe keywords are present"
msgstr ""
-#: parser_yacc.y:1521
+#: parser_yacc.y:1584
msgid "Exec condition must begin with '/'."
msgstr ""
-#: ../parser_regex.c:98
+#: parser_yacc.y:1643
+#, c-format
+msgid "AppArmor parser error at line %d: %s\n"
+msgstr ""
+
+#: parser_yacc.y:1790
+#, c-format
+msgid "Could not open '%s': %m"
+msgstr ""
+
+#: parser_yacc.y:1795
+#, c-format
+msgid "fstat failed for '%s': %m"
+msgstr ""
+
+#: parser_yacc.y:1809
+#, c-format
+msgid "failed to find features abi '%s': %m"
+msgstr ""
+
+#: parser_yacc.y:1813
+#, c-format
+msgid ""
+"%s: %s features abi '%s' differs from policy declared feature abi, using the "
+"features abi declared in policy\n"
+msgstr ""
+
+#: ../parser_regex.c:98 ../parser_regex.c:238
#, c-format
msgid "%s: Invalid glob type %d\n"
msgstr ""
-#: ../parser_regex.c:615
+#: ../parser_regex.c:693
#, c-format
msgid "The current kernel does not support stacking of named transitions: %s\n"
msgstr ""
diff --git a/parser/po/bo.po b/parser/po/bo.po
new file mode 100644
index 0000000000000000000000000000000000000000..e6f1bb9c9749429011d713d47d173510c7571d69
--- /dev/null
+++ b/parser/po/bo.po
@@ -0,0 +1,741 @@
+# Tibetan translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-13 00:11-0700\n"
+"PO-Revision-Date: 2019-12-12 02:59+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Tibetan <bo@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-13 05:38+0000\n"
+"X-Generator: Launchpad (build c597c3229eb023b1e626162d5947141bf7befb13)\n"
+
+#: ../parser_include.c:113 ../parser_include.c:111
+msgid "Error: Out of memory.\n"
+msgstr ""
+
+#: ../parser_include.c:123 ../parser_include.c:121
+#, c-format
+msgid "Error: basedir %s is not a directory, skipping.\n"
+msgstr ""
+
+#: ../parser_include.c:137
+#, c-format
+msgid "Error: Could not add directory %s to search path.\n"
+msgstr ""
+
+#: ../parser_include.c:147 ../parser_include.c:151
+msgid "Error: Could not allocate memory.\n"
+msgstr ""
+
+#: ../parser_interface.c:69 ../parser_interface.c:72 ../parser_interface.c:49
+msgid "Bad write position\n"
+msgstr ""
+
+#: ../parser_interface.c:72 ../parser_interface.c:75 ../parser_interface.c:52
+msgid "Permission denied\n"
+msgstr ""
+
+#: ../parser_interface.c:75 ../parser_interface.c:78 ../parser_interface.c:55
+msgid "Out of memory\n"
+msgstr ""
+
+#: ../parser_interface.c:78 ../parser_interface.c:81 ../parser_interface.c:58
+msgid "Couldn't copy profile: Bad memory address\n"
+msgstr ""
+
+#: ../parser_interface.c:81 ../parser_interface.c:84 ../parser_interface.c:61
+msgid "Profile doesn't conform to protocol\n"
+msgstr ""
+
+#: ../parser_interface.c:84 ../parser_interface.c:87 ../parser_interface.c:64
+msgid "Profile does not match signature\n"
+msgstr ""
+
+#: ../parser_interface.c:87 ../parser_interface.c:90 ../parser_interface.c:67
+msgid "Profile version not supported by Apparmor module\n"
+msgstr ""
+
+#: ../parser_interface.c:90 ../parser_interface.c:93 ../parser_interface.c:70
+msgid "Profile already exists\n"
+msgstr ""
+
+#: ../parser_interface.c:93 ../parser_interface.c:96 ../parser_interface.c:73
+msgid "Profile doesn't exist\n"
+msgstr ""
+
+#: ../parser_interface.c:96 ../parser_interface.c:99 ../parser_interface.c:76
+msgid "Permission denied; attempted to load a profile while confined?\n"
+msgstr ""
+
+#: ../parser_interface.c:99 ../parser_interface.c:102 ../parser_interface.c:79
+#, c-format
+msgid "Unknown error (%d): %s\n"
+msgstr ""
+
+#: ../parser_interface.c:116 ../parser_interface.c:119
+#: ../parser_interface.c:96
+#, c-format
+msgid "%s: Unable to add \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:121 ../parser_interface.c:124
+#: ../parser_interface.c:101
+#, c-format
+msgid "%s: Unable to replace \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:126 ../parser_interface.c:129
+#: ../parser_interface.c:106
+#, c-format
+msgid "%s: Unable to remove \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:131 ../parser_interface.c:134
+#: ../parser_interface.c:111
+#, c-format
+msgid "%s: Unable to write to stdout\n"
+msgstr ""
+
+#: ../parser_interface.c:135 ../parser_interface.c:138
+#: ../parser_interface.c:115
+#, c-format
+msgid "%s: Unable to write to output file\n"
+msgstr ""
+
+#: ../parser_interface.c:138 ../parser_interface.c:162
+#: ../parser_interface.c:141 ../parser_interface.c:165
+#: ../parser_interface.c:118 ../parser_interface.c:142
+#, c-format
+msgid "%s: ASSERT: Invalid option: %d\n"
+msgstr ""
+
+#: ../parser_interface.c:147 ../parser_interface.c:150
+#: ../parser_interface.c:127
+#, c-format
+msgid "Addition succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:151 ../parser_interface.c:154
+#: ../parser_interface.c:131
+#, c-format
+msgid "Replacement succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:155 ../parser_interface.c:158
+#: ../parser_interface.c:135
+#, c-format
+msgid "Removal succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:251 ../parser_interface.c:254
+#, c-format
+msgid "PANIC bad increment buffer %p pos %p ext %p size %d res %p\n"
+msgstr ""
+
+#: ../parser_interface.c:656 ../parser_interface.c:658
+#: ../parser_interface.c:446
+#, c-format
+msgid "profile %s network rules not enforced\n"
+msgstr ""
+
+#: ../parser_interface.c:666
+msgid "Unknown pattern type\n"
+msgstr ""
+
+#: ../parser_interface.c:750 ../parser_interface.c:902
+#: ../parser_interface.c:743 ../parser_interface.c:894
+#: ../parser_interface.c:518 ../parser_interface.c:669
+#, c-format
+msgid "Unable to open %s - %s\n"
+msgstr ""
+
+#: ../parser_interface.c:776 ../parser_interface.c:768
+#: ../parser_interface.c:543
+#, c-format
+msgid "Memory Allocation Error: Unable to remove ^%s\n"
+msgstr ""
+
+#: ../parser_interface.c:789 ../parser_interface.c:781
+#: ../parser_interface.c:556
+#, c-format
+msgid "Memory Allocation Error: Unable to remove %s:%s."
+msgstr ""
+
+#: ../parser_interface.c:810 ../parser_interface.c:802
+msgid "unable to create work area\n"
+msgstr ""
+
+#: ../parser_interface.c:818 ../parser_interface.c:810
+#, c-format
+msgid "unable to serialize profile %s\n"
+msgstr ""
+
+#: ../parser_interface.c:829 ../parser_interface.c:916
+#: ../parser_interface.c:821 ../parser_interface.c:908
+#: ../parser_interface.c:582
+#, c-format
+msgid "%s: Unable to write entire profile entry\n"
+msgstr ""
+
+#: ../parser_interface.c:839 ../parser_interface.c:831
+#: ../parser_interface.c:593
+#, c-format
+msgid "%s: Unable to write entire profile entry to cache\n"
+msgstr ""
+
+#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169
+#, c-format
+msgid "Could not open '%s'"
+msgstr ""
+
+#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173
+#, c-format
+msgid "fstat failed for '%s'"
+msgstr ""
+
+#: parser_lex.l:121
+#, c-format
+msgid "opendir failed '%s'"
+msgstr ""
+
+#: parser_lex.l:152
+#, c-format
+msgid "stat failed for '%s'"
+msgstr ""
+
+#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139
+#, c-format
+msgid "Could not open '%s' in '%s'"
+msgstr ""
+
+#: parser_lex.l:284 parser_lex.l:322 parser_lex.l:362 parser_lex.l:399
+#: parser_lex.l:469 parser_lex.l:655 parser_lex.l:586 parser_lex.l:638
+#, c-format
+msgid "Found unexpected character: '%s'"
+msgstr ""
+
+#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428
+msgid "Variable declarations do not accept trailing commas"
+msgstr ""
+
+#: parser_lex.l:420
+#, c-format
+msgid "(network_mode) Found unexpected character: '%s'"
+msgstr ""
+
+#: ../parser_main.c:333 ../parser_common.c:61 ../parser_common.c:106
+#, c-format
+msgid "Warning from %s (%s%sline %d): %s"
+msgstr ""
+
+#: ../parser_main.c:531
+#, c-format
+msgid "%s: Could not allocate memory for subdomainbase mount point\n"
+msgstr ""
+
+#: ../parser_main.c:577 ../parser_main.c:616 ../parser_main.c:479
+#, c-format
+msgid ""
+"Warning: unable to find a suitable fs in %s, is it mounted?\n"
+"Use --subdomainfs to override.\n"
+msgstr ""
+
+#: ../parser_main.c:597 ../parser_main.c:635 ../parser_main.c:498
+#, c-format
+msgid ""
+"%s: Sorry. You need root privileges to run this program.\n"
+"\n"
+msgstr ""
+
+#: ../parser_main.c:604 ../parser_main.c:642 ../parser_main.c:505
+#, c-format
+msgid ""
+"%s: Warning! You've set this program setuid root.\n"
+"Anybody who can run this program can update your AppArmor profiles.\n"
+"\n"
+msgstr ""
+
+#: ../parser_main.c:704 ../parser_main.c:813 ../parser_main.c:836
+#: ../parser_main.c:946 ../parser_main.c:860
+#, c-format
+msgid "Error: Could not read profile %s: %s.\n"
+msgstr ""
+
+#: ../parser_main.c:718 ../parser_misc.c:270 parser_yacc.y:227
+#: parser_yacc.y:374 parser_yacc.y:386 parser_yacc.y:484 parser_yacc.y:586
+#: parser_yacc.y:624 parser_yacc.y:939 parser_yacc.y:948 parser_yacc.y:960
+#: parser_yacc.y:1008 parser_yacc.y:1019 parser_yacc.y:1101 parser_yacc.y:1119
+#: parser_yacc.y:1126 ../parser_main.c:850 ../parser_main.c:1015
+#: ../parser_main.c:1229 ../parser_main.c:1283 ../parser_misc.c:431
+#: parser_yacc.y:268 parser_yacc.y:416 parser_yacc.y:426 parser_yacc.y:537
+#: parser_yacc.y:626 parser_yacc.y:976 parser_yacc.y:1021 parser_yacc.y:1030
+#: parser_yacc.y:1042 parser_yacc.y:1078 parser_yacc.y:1082 parser_yacc.y:1092
+#: parser_yacc.y:1102 parser_yacc.y:1201 parser_yacc.y:1223 parser_yacc.y:1234
+#: parser_yacc.y:1309 parser_yacc.y:1327 parser_yacc.y:1334 parser_yacc.y:1385
+#: ../parser_main.c:735 ../parser_main.c:923 ../parser_main.c:1133
+#: ../parser_main.c:1187 parser_yacc.y:311 parser_yacc.y:462 parser_yacc.y:472
+#: parser_yacc.y:583 parser_yacc.y:662 parser_yacc.y:669 parser_yacc.y:1130
+#: parser_yacc.y:1166 parser_yacc.y:1170 parser_yacc.y:1180 parser_yacc.y:1190
+#: parser_yacc.y:1298 parser_yacc.y:1376 parser_yacc.y:1479 parser_yacc.y:1490
+#: parser_yacc.y:1565 parser_yacc.y:1583 parser_yacc.y:1590 parser_yacc.y:1639
+#: ../network.c:314 ../af_unix.cc:203
+msgid "Memory allocation error."
+msgstr ""
+
+#: ../parser_main.c:740 ../parser_main.c:872 ../parser_main.c:757
+#, c-format
+msgid "Cached load succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_main.c:744 ../parser_main.c:876 ../parser_main.c:761
+#, c-format
+msgid "Cached reload succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_main.c:910 ../parser_main.c:1058 ../parser_main.c:967
+#, c-format
+msgid "%s: Errors found in file. Aborting.\n"
+msgstr ""
+
+#: ../parser_misc.c:426 ../parser_misc.c:597 ../parser_misc.c:339
+msgid ""
+"Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
+"See the apparmor.d(5) manpage for details.\n"
+msgstr ""
+
+#: ../parser_misc.c:467 ../parser_misc.c:474 ../parser_misc.c:638
+#: ../parser_misc.c:645 ../parser_misc.c:380 ../parser_misc.c:387
+msgid "Conflict 'a' and 'w' perms are mutually exclusive."
+msgstr ""
+
+#: ../parser_misc.c:491 ../parser_misc.c:662 ../parser_misc.c:404
+msgid "Exec qualifier 'i' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:502 ../parser_misc.c:673 ../parser_misc.c:415
+#, c-format
+msgid ""
+"Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
+"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"
+msgstr ""
+
+#: ../parser_misc.c:510 ../parser_misc.c:551 ../parser_misc.c:681
+#: ../parser_misc.c:722 ../parser_misc.c:423 ../parser_misc.c:464
+#, c-format
+msgid "Exec qualifier '%c' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:537 ../parser_misc.c:545 ../parser_misc.c:708
+#: ../parser_misc.c:716 ../parser_misc.c:450 ../parser_misc.c:458
+#, c-format
+msgid ""
+"Exec qualifier '%c%c' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:593 ../parser_misc.c:764 ../parser_misc.c:506
+#, c-format
+msgid "Internal: unexpected mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:615 ../parser_misc.c:786 ../parser_misc.c:528
+#, c-format
+msgid "Internal error generated invalid perm 0x%llx\n"
+msgstr ""
+
+#: ../parser_misc.c:865 ../parser_symtab.c:561 ../parser_regex.c:626
+#: ../parser_variable.c:229
+#, c-format
+msgid "AppArmor parser error: %s\n"
+msgstr ""
+
+#: ../parser_merge.c:92 ../parser_merge.c:91 ../parser_merge.c:83
+msgid "Couldn't merge entries. Out of Memory\n"
+msgstr ""
+
+#: ../parser_merge.c:111 ../parser_merge.c:113 ../parser_merge.c:105
+#, c-format
+msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
+msgstr ""
+
+#: parser_yacc.y:236 parser_yacc.y:277 parser_yacc.y:320
+msgid "Profile attachment must begin with a '/'."
+msgstr ""
+
+#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348
+msgid ""
+"Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."
+msgstr ""
+
+#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384
+#, c-format
+msgid "Failed to create alias %s -> %s\n"
+msgstr ""
+
+#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506
+msgid "Profile flag chroot_relative conflicts with namespace_relative"
+msgstr ""
+
+#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510
+msgid "Profile flag mediate_deleted conflicts with delegate_deleted"
+msgstr ""
+
+#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513
+msgid ""
+"Profile flag attach_disconnected conflicts with no_attach_disconnected"
+msgstr ""
+
+#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516
+msgid "Profile flag chroot_attach conflicts with chroot_no_attach"
+msgstr ""
+
+#: parser_yacc.y:441 parser_yacc.y:484 parser_yacc.y:530
+msgid "Profile flag 'debug' is no longer valid."
+msgstr ""
+
+#: parser_yacc.y:463 parser_yacc.y:506 parser_yacc.y:552
+#, c-format
+msgid "Invalid profile flag: %s."
+msgstr ""
+
+#: parser_yacc.y:498 parser_yacc.y:520 parser_yacc.y:548 parser_yacc.y:594
+msgid "Assert: `rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:501 parser_yacc.y:546 parser_yacc.y:552 parser_yacc.y:584
+#: parser_yacc.y:598 parser_yacc.y:630
+msgid ""
+"Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', "
+"'p', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:524 parser_yacc.y:556 parser_yacc.y:602
+msgid ""
+"Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', 'c', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:549 parser_yacc.y:587 parser_yacc.y:633
+msgid "Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:574 parser_yacc.y:612 parser_yacc.y:614 parser_yacc.y:660
+msgid "Assert: `network_rule' return invalid protocol."
+msgstr ""
+
+#: parser_yacc.y:649 parser_yacc.y:696 parser_yacc.y:786
+msgid "Assert: `change_profile' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810
+msgid "Assert: 'hat rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819
+msgid "Assert: 'local_profile rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:824 parser_yacc.y:885 parser_yacc.y:992
+#, c-format
+msgid "Unset boolean variable %s used in if-expression"
+msgstr ""
+
+#: parser_yacc.y:882 parser_yacc.y:986 parser_yacc.y:1092
+msgid "unsafe rule missing exec permissions"
+msgstr ""
+
+#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060
+msgid "subset can only be used with link rules."
+msgstr ""
+
+#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062
+msgid "link and exec perms conflict on a file rule using ->"
+msgstr ""
+
+#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064
+msgid "link perms are not allowed on a named profile transition.\n"
+msgstr ""
+
+#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109
+#, c-format
+msgid "missing an end of line character? (entry: %s)"
+msgstr ""
+
+#: parser_yacc.y:975 parser_yacc.y:985 parser_yacc.y:1057 parser_yacc.y:1067
+#: parser_yacc.y:1145 parser_yacc.y:1155
+msgid "Invalid network entry."
+msgstr ""
+
+#: parser_yacc.y:1039 parser_yacc.y:1048 parser_yacc.y:1254 parser_yacc.y:1510
+#, c-format
+msgid "Invalid capability %s."
+msgstr ""
+
+#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525
+#, c-format
+msgid "AppArmor parser error for %s%s%s at line %d: %s\n"
+msgstr ""
+
+#: parser_yacc.y:1072 parser_yacc.y:1275 parser_yacc.y:1531
+#, c-format
+msgid "AppArmor parser error,%s%s line %d: %s\n"
+msgstr ""
+
+#: ../parser_regex.c:244
+#, c-format
+msgid "%s: Illegal open {, nesting groupings not allowed\n"
+msgstr ""
+
+#: ../parser_regex.c:265 ../parser_regex.c:274 ../parser_regex.c:278
+#, c-format
+msgid "%s: Regex grouping error: Invalid number of items between {}\n"
+msgstr ""
+
+#: ../parser_regex.c:271 ../parser_regex.c:280 ../parser_regex.c:284
+#, c-format
+msgid ""
+"%s: Regex grouping error: Invalid close }, no matching open { detected\n"
+msgstr ""
+
+#: ../parser_regex.c:337 ../parser_regex.c:343 ../parser_regex.c:361
+#, c-format
+msgid ""
+"%s: Regex grouping error: Unclosed grouping or character class, expecting "
+"close }\n"
+msgstr ""
+
+#: ../parser_regex.c:351 ../parser_regex.c:357
+#, c-format
+msgid "%s: Internal buffer overflow detected, %d characters exceeded\n"
+msgstr ""
+
+#: ../parser_regex.c:355 ../parser_regex.c:361 ../parser_regex.c:377
+#, c-format
+msgid "%s: Unable to parse input line '%s'\n"
+msgstr ""
+
+#: ../parser_regex.c:397 ../parser_regex.c:405 ../parser_regex.c:421
+#, c-format
+msgid "%s: Invalid profile name '%s' - bad regular expression\n"
+msgstr ""
+
+#: ../parser_policy.c:202 ../parser_policy.c:402 ../parser_policy.c:375
+#, c-format
+msgid "ERROR merging rules for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:234
+#, c-format
+msgid ""
+"ERROR profile %s contains policy elements not usable with this kernel:\n"
+"\t'*', '?', character ranges, and alternations are not allowed.\n"
+"\t'**' may only be used at the end of a rule.\n"
+msgstr ""
+
+#: ../parser_policy.c:279 ../parser_policy.c:359 ../parser_policy.c:332
+#, c-format
+msgid "ERROR processing regexs for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:306 ../parser_policy.c:389 ../parser_policy.c:362
+#, c-format
+msgid "ERROR expanding variables for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:390 ../parser_policy.c:382 ../parser_policy.c:355
+#, c-format
+msgid "ERROR adding hat access rule for profile %s\n"
+msgstr ""
+
+#: ../parser_policy.c:490 ../parser_policy.c:271
+#, c-format
+msgid "ERROR in profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:675
+#, c-format
+msgid "%s: Errors found during postprocessing. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:682 ../parser_policy.c:704
+#, c-format
+msgid "%s: Errors found during regex postprocess. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:689
+#, c-format
+msgid "%s: Errors found during postprocess. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:696
+#, c-format
+msgid "%s: Errors found in combining rules postprocessing. Aborting.\n"
+msgstr ""
+
+#: parser_lex.l:180 parser_lex.l:186
+#, c-format
+msgid "Could not process include directory '%s' in '%s'"
+msgstr ""
+
+#: ../parser_main.c:660 ../parser_main.c:523
+msgid "Feature buffer full."
+msgstr ""
+
+#: ../parser_main.c:1115 ../parser_main.c:1132 ../parser_main.c:1024
+#: ../parser_main.c:1041
+msgid "Out of memory"
+msgstr ""
+
+#: ../parser_main.c:1182 ../parser_main.c:1091
+#, c-format
+msgid "Can't create cache directory: %s\n"
+msgstr ""
+
+#: ../parser_main.c:1185 ../parser_main.c:1094
+#, c-format
+msgid "File in cache directory location: %s\n"
+msgstr ""
+
+#: ../parser_main.c:1188 ../parser_main.c:1097
+#, c-format
+msgid "Can't update cache directory: %s\n"
+msgstr ""
+
+#: ../parser_misc.c:833
+#, c-format
+msgid "Internal: unexpected DBus mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:857
+#, c-format
+msgid "Internal error generated invalid DBus perm 0x%x\n"
+msgstr ""
+
+#: parser_yacc.y:575 parser_yacc.y:621
+msgid "deny prefix not allowed"
+msgstr ""
+
+#: parser_yacc.y:612 parser_yacc.y:658
+msgid "owner prefix not allowed"
+msgstr ""
+
+#: parser_yacc.y:660
+msgid "owner prefix not allow on mount rules"
+msgstr ""
+
+#: parser_yacc.y:677
+msgid "owner prefix not allow on dbus rules"
+msgstr ""
+
+#: parser_yacc.y:704
+msgid "owner prefix not allow on capability rules"
+msgstr ""
+
+#: parser_yacc.y:1357 parser_yacc.y:1613
+#, c-format
+msgid "invalid mount conditional %s%s"
+msgstr ""
+
+#: parser_yacc.y:1374 parser_yacc.y:1628
+msgid "bad mount rule"
+msgstr ""
+
+#: parser_yacc.y:1381 parser_yacc.y:1635
+msgid "mount point conditions not currently supported"
+msgstr ""
+
+#: parser_yacc.y:1398 parser_yacc.y:1650
+#, c-format
+msgid "invalid pivotroot conditional '%s'"
+msgstr ""
+
+#: ../parser_regex.c:241 ../parser_regex.c:236
+#, c-format
+msgid ""
+"%s: Regex grouping error: Invalid close ], no matching open [ detected\n"
+msgstr ""
+
+#: ../parser_regex.c:257 ../parser_regex.c:256
+#, c-format
+msgid "%s: Regex grouping error: Exceeded maximum nesting of {}\n"
+msgstr ""
+
+#: ../parser_policy.c:366 ../parser_policy.c:339
+#, c-format
+msgid "ERROR processing policydb rules for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:396 ../parser_policy.c:369
+#, c-format
+msgid "ERROR replacing aliases for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_interface.c:635 ../parser_interface.c:638
+#, c-format
+msgid "%s: Unable to write %s\n"
+msgstr ""
+
+#: ../parser_main.c:721
+#, c-format
+msgid "Error: Could not read binary profile or cache file %s: %s.\n"
+msgstr ""
+
+#: ../parser_main.c:811
+#, c-format
+msgid "Error: Could not read cache file '%s', skipping...\n"
+msgstr ""
+
+#: ../parser_misc.c:575
+#, c-format
+msgid "Internal: unexpected %s mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:599
+#, c-format
+msgid "Internal error generated invalid %s perm 0x%x\n"
+msgstr ""
+
+#: parser_yacc.y:703
+msgid "owner prefix not allowed on mount rules"
+msgstr ""
+
+#: parser_yacc.y:720
+msgid "owner prefix not allowed on dbus rules"
+msgstr ""
+
+#: parser_yacc.y:736
+msgid "owner prefix not allowed on signal rules"
+msgstr ""
+
+#: parser_yacc.y:752
+msgid "owner prefix not allowed on ptrace rules"
+msgstr ""
+
+#: parser_yacc.y:768
+msgid "owner prefix not allowed on unix rules"
+msgstr ""
+
+#: parser_yacc.y:794
+msgid "owner prefix not allowed on capability rules"
+msgstr ""
+
+#: parser_yacc.y:1293
+#, c-format
+msgid "dbus rule: invalid conditional group %s=()"
+msgstr ""
+
+#: parser_yacc.y:1371
+#, c-format
+msgid "unix rule: invalid conditional group %s=()"
+msgstr ""
+
+#: ../parser_regex.c:368
+#, c-format
+msgid "%s: Regex error: trailing '\\' escape character\n"
+msgstr ""
diff --git a/parser/po/fa.po b/parser/po/fa.po
new file mode 100644
index 0000000000000000000000000000000000000000..600990df8074ec152772b9a3ea3e5a1e0f938559
--- /dev/null
+++ b/parser/po/fa.po
@@ -0,0 +1,741 @@
+# Persian translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-13 00:11-0700\n"
+"PO-Revision-Date: 2019-12-27 08:23+0000\n"
+"Last-Translator: VahidNameni <Unknown>\n"
+"Language-Team: Persian <fa@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-28 05:38+0000\n"
+"X-Generator: Launchpad (build bceb5ef013b87ef7aafe0755545ceb689ca7ac60)\n"
+
+#: ../parser_include.c:113 ../parser_include.c:111
+msgid "Error: Out of memory.\n"
+msgstr "خطا: خارج از ØاÙظه.\n"
+
+#: ../parser_include.c:123 ../parser_include.c:121
+#, c-format
+msgid "Error: basedir %s is not a directory, skipping.\n"
+msgstr ""
+
+#: ../parser_include.c:137
+#, c-format
+msgid "Error: Could not add directory %s to search path.\n"
+msgstr "خطا: امکان اضاÙÙ‡ کردن پوشه %s به مسیر جستجو نیست.\n"
+
+#: ../parser_include.c:147 ../parser_include.c:151
+msgid "Error: Could not allocate memory.\n"
+msgstr ""
+
+#: ../parser_interface.c:69 ../parser_interface.c:72 ../parser_interface.c:49
+msgid "Bad write position\n"
+msgstr ""
+
+#: ../parser_interface.c:72 ../parser_interface.c:75 ../parser_interface.c:52
+msgid "Permission denied\n"
+msgstr "مجوز صادر نگردید\n"
+
+#: ../parser_interface.c:75 ../parser_interface.c:78 ../parser_interface.c:55
+msgid "Out of memory\n"
+msgstr "خارج از ØاÙظه\n"
+
+#: ../parser_interface.c:78 ../parser_interface.c:81 ../parser_interface.c:58
+msgid "Couldn't copy profile: Bad memory address\n"
+msgstr ""
+
+#: ../parser_interface.c:81 ../parser_interface.c:84 ../parser_interface.c:61
+msgid "Profile doesn't conform to protocol\n"
+msgstr ""
+
+#: ../parser_interface.c:84 ../parser_interface.c:87 ../parser_interface.c:64
+msgid "Profile does not match signature\n"
+msgstr "نمایه با امضا مطابقت ندارد\n"
+
+#: ../parser_interface.c:87 ../parser_interface.c:90 ../parser_interface.c:67
+msgid "Profile version not supported by Apparmor module\n"
+msgstr ""
+
+#: ../parser_interface.c:90 ../parser_interface.c:93 ../parser_interface.c:70
+msgid "Profile already exists\n"
+msgstr ""
+
+#: ../parser_interface.c:93 ../parser_interface.c:96 ../parser_interface.c:73
+msgid "Profile doesn't exist\n"
+msgstr ""
+
+#: ../parser_interface.c:96 ../parser_interface.c:99 ../parser_interface.c:76
+msgid "Permission denied; attempted to load a profile while confined?\n"
+msgstr ""
+
+#: ../parser_interface.c:99 ../parser_interface.c:102 ../parser_interface.c:79
+#, c-format
+msgid "Unknown error (%d): %s\n"
+msgstr ""
+
+#: ../parser_interface.c:116 ../parser_interface.c:119
+#: ../parser_interface.c:96
+#, c-format
+msgid "%s: Unable to add \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:121 ../parser_interface.c:124
+#: ../parser_interface.c:101
+#, c-format
+msgid "%s: Unable to replace \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:126 ../parser_interface.c:129
+#: ../parser_interface.c:106
+#, c-format
+msgid "%s: Unable to remove \"%s\". "
+msgstr ""
+
+#: ../parser_interface.c:131 ../parser_interface.c:134
+#: ../parser_interface.c:111
+#, c-format
+msgid "%s: Unable to write to stdout\n"
+msgstr ""
+
+#: ../parser_interface.c:135 ../parser_interface.c:138
+#: ../parser_interface.c:115
+#, c-format
+msgid "%s: Unable to write to output file\n"
+msgstr ""
+
+#: ../parser_interface.c:138 ../parser_interface.c:162
+#: ../parser_interface.c:141 ../parser_interface.c:165
+#: ../parser_interface.c:118 ../parser_interface.c:142
+#, c-format
+msgid "%s: ASSERT: Invalid option: %d\n"
+msgstr ""
+
+#: ../parser_interface.c:147 ../parser_interface.c:150
+#: ../parser_interface.c:127
+#, c-format
+msgid "Addition succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:151 ../parser_interface.c:154
+#: ../parser_interface.c:131
+#, c-format
+msgid "Replacement succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:155 ../parser_interface.c:158
+#: ../parser_interface.c:135
+#, c-format
+msgid "Removal succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_interface.c:251 ../parser_interface.c:254
+#, c-format
+msgid "PANIC bad increment buffer %p pos %p ext %p size %d res %p\n"
+msgstr ""
+
+#: ../parser_interface.c:656 ../parser_interface.c:658
+#: ../parser_interface.c:446
+#, c-format
+msgid "profile %s network rules not enforced\n"
+msgstr ""
+
+#: ../parser_interface.c:666
+msgid "Unknown pattern type\n"
+msgstr ""
+
+#: ../parser_interface.c:750 ../parser_interface.c:902
+#: ../parser_interface.c:743 ../parser_interface.c:894
+#: ../parser_interface.c:518 ../parser_interface.c:669
+#, c-format
+msgid "Unable to open %s - %s\n"
+msgstr ""
+
+#: ../parser_interface.c:776 ../parser_interface.c:768
+#: ../parser_interface.c:543
+#, c-format
+msgid "Memory Allocation Error: Unable to remove ^%s\n"
+msgstr ""
+
+#: ../parser_interface.c:789 ../parser_interface.c:781
+#: ../parser_interface.c:556
+#, c-format
+msgid "Memory Allocation Error: Unable to remove %s:%s."
+msgstr ""
+
+#: ../parser_interface.c:810 ../parser_interface.c:802
+msgid "unable to create work area\n"
+msgstr ""
+
+#: ../parser_interface.c:818 ../parser_interface.c:810
+#, c-format
+msgid "unable to serialize profile %s\n"
+msgstr ""
+
+#: ../parser_interface.c:829 ../parser_interface.c:916
+#: ../parser_interface.c:821 ../parser_interface.c:908
+#: ../parser_interface.c:582
+#, c-format
+msgid "%s: Unable to write entire profile entry\n"
+msgstr ""
+
+#: ../parser_interface.c:839 ../parser_interface.c:831
+#: ../parser_interface.c:593
+#, c-format
+msgid "%s: Unable to write entire profile entry to cache\n"
+msgstr ""
+
+#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169
+#, c-format
+msgid "Could not open '%s'"
+msgstr ""
+
+#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173
+#, c-format
+msgid "fstat failed for '%s'"
+msgstr ""
+
+#: parser_lex.l:121
+#, c-format
+msgid "opendir failed '%s'"
+msgstr ""
+
+#: parser_lex.l:152
+#, c-format
+msgid "stat failed for '%s'"
+msgstr ""
+
+#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139
+#, c-format
+msgid "Could not open '%s' in '%s'"
+msgstr ""
+
+#: parser_lex.l:284 parser_lex.l:322 parser_lex.l:362 parser_lex.l:399
+#: parser_lex.l:469 parser_lex.l:655 parser_lex.l:586 parser_lex.l:638
+#, c-format
+msgid "Found unexpected character: '%s'"
+msgstr ""
+
+#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428
+msgid "Variable declarations do not accept trailing commas"
+msgstr ""
+
+#: parser_lex.l:420
+#, c-format
+msgid "(network_mode) Found unexpected character: '%s'"
+msgstr ""
+
+#: ../parser_main.c:333 ../parser_common.c:61 ../parser_common.c:106
+#, c-format
+msgid "Warning from %s (%s%sline %d): %s"
+msgstr ""
+
+#: ../parser_main.c:531
+#, c-format
+msgid "%s: Could not allocate memory for subdomainbase mount point\n"
+msgstr ""
+
+#: ../parser_main.c:577 ../parser_main.c:616 ../parser_main.c:479
+#, c-format
+msgid ""
+"Warning: unable to find a suitable fs in %s, is it mounted?\n"
+"Use --subdomainfs to override.\n"
+msgstr ""
+
+#: ../parser_main.c:597 ../parser_main.c:635 ../parser_main.c:498
+#, c-format
+msgid ""
+"%s: Sorry. You need root privileges to run this program.\n"
+"\n"
+msgstr ""
+
+#: ../parser_main.c:604 ../parser_main.c:642 ../parser_main.c:505
+#, c-format
+msgid ""
+"%s: Warning! You've set this program setuid root.\n"
+"Anybody who can run this program can update your AppArmor profiles.\n"
+"\n"
+msgstr ""
+
+#: ../parser_main.c:704 ../parser_main.c:813 ../parser_main.c:836
+#: ../parser_main.c:946 ../parser_main.c:860
+#, c-format
+msgid "Error: Could not read profile %s: %s.\n"
+msgstr ""
+
+#: ../parser_main.c:718 ../parser_misc.c:270 parser_yacc.y:227
+#: parser_yacc.y:374 parser_yacc.y:386 parser_yacc.y:484 parser_yacc.y:586
+#: parser_yacc.y:624 parser_yacc.y:939 parser_yacc.y:948 parser_yacc.y:960
+#: parser_yacc.y:1008 parser_yacc.y:1019 parser_yacc.y:1101 parser_yacc.y:1119
+#: parser_yacc.y:1126 ../parser_main.c:850 ../parser_main.c:1015
+#: ../parser_main.c:1229 ../parser_main.c:1283 ../parser_misc.c:431
+#: parser_yacc.y:268 parser_yacc.y:416 parser_yacc.y:426 parser_yacc.y:537
+#: parser_yacc.y:626 parser_yacc.y:976 parser_yacc.y:1021 parser_yacc.y:1030
+#: parser_yacc.y:1042 parser_yacc.y:1078 parser_yacc.y:1082 parser_yacc.y:1092
+#: parser_yacc.y:1102 parser_yacc.y:1201 parser_yacc.y:1223 parser_yacc.y:1234
+#: parser_yacc.y:1309 parser_yacc.y:1327 parser_yacc.y:1334 parser_yacc.y:1385
+#: ../parser_main.c:735 ../parser_main.c:923 ../parser_main.c:1133
+#: ../parser_main.c:1187 parser_yacc.y:311 parser_yacc.y:462 parser_yacc.y:472
+#: parser_yacc.y:583 parser_yacc.y:662 parser_yacc.y:669 parser_yacc.y:1130
+#: parser_yacc.y:1166 parser_yacc.y:1170 parser_yacc.y:1180 parser_yacc.y:1190
+#: parser_yacc.y:1298 parser_yacc.y:1376 parser_yacc.y:1479 parser_yacc.y:1490
+#: parser_yacc.y:1565 parser_yacc.y:1583 parser_yacc.y:1590 parser_yacc.y:1639
+#: ../network.c:314 ../af_unix.cc:203
+msgid "Memory allocation error."
+msgstr ""
+
+#: ../parser_main.c:740 ../parser_main.c:872 ../parser_main.c:757
+#, c-format
+msgid "Cached load succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_main.c:744 ../parser_main.c:876 ../parser_main.c:761
+#, c-format
+msgid "Cached reload succeeded for \"%s\".\n"
+msgstr ""
+
+#: ../parser_main.c:910 ../parser_main.c:1058 ../parser_main.c:967
+#, c-format
+msgid "%s: Errors found in file. Aborting.\n"
+msgstr ""
+
+#: ../parser_misc.c:426 ../parser_misc.c:597 ../parser_misc.c:339
+msgid ""
+"Uppercase qualifiers \"RWLIMX\" are deprecated, please convert to lowercase\n"
+"See the apparmor.d(5) manpage for details.\n"
+msgstr ""
+
+#: ../parser_misc.c:467 ../parser_misc.c:474 ../parser_misc.c:638
+#: ../parser_misc.c:645 ../parser_misc.c:380 ../parser_misc.c:387
+msgid "Conflict 'a' and 'w' perms are mutually exclusive."
+msgstr ""
+
+#: ../parser_misc.c:491 ../parser_misc.c:662 ../parser_misc.c:404
+msgid "Exec qualifier 'i' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:502 ../parser_misc.c:673 ../parser_misc.c:415
+#, c-format
+msgid ""
+"Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
+"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"
+msgstr ""
+
+#: ../parser_misc.c:510 ../parser_misc.c:551 ../parser_misc.c:681
+#: ../parser_misc.c:722 ../parser_misc.c:423 ../parser_misc.c:464
+#, c-format
+msgid "Exec qualifier '%c' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:537 ../parser_misc.c:545 ../parser_misc.c:708
+#: ../parser_misc.c:716 ../parser_misc.c:450 ../parser_misc.c:458
+#, c-format
+msgid ""
+"Exec qualifier '%c%c' invalid, conflicting qualifier already specified"
+msgstr ""
+
+#: ../parser_misc.c:593 ../parser_misc.c:764 ../parser_misc.c:506
+#, c-format
+msgid "Internal: unexpected mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:615 ../parser_misc.c:786 ../parser_misc.c:528
+#, c-format
+msgid "Internal error generated invalid perm 0x%llx\n"
+msgstr ""
+
+#: ../parser_misc.c:865 ../parser_symtab.c:561 ../parser_regex.c:626
+#: ../parser_variable.c:229
+#, c-format
+msgid "AppArmor parser error: %s\n"
+msgstr ""
+
+#: ../parser_merge.c:92 ../parser_merge.c:91 ../parser_merge.c:83
+msgid "Couldn't merge entries. Out of Memory\n"
+msgstr ""
+
+#: ../parser_merge.c:111 ../parser_merge.c:113 ../parser_merge.c:105
+#, c-format
+msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
+msgstr ""
+
+#: parser_yacc.y:236 parser_yacc.y:277 parser_yacc.y:320
+msgid "Profile attachment must begin with a '/'."
+msgstr ""
+
+#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348
+msgid ""
+"Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."
+msgstr ""
+
+#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384
+#, c-format
+msgid "Failed to create alias %s -> %s\n"
+msgstr ""
+
+#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506
+msgid "Profile flag chroot_relative conflicts with namespace_relative"
+msgstr ""
+
+#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510
+msgid "Profile flag mediate_deleted conflicts with delegate_deleted"
+msgstr ""
+
+#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513
+msgid ""
+"Profile flag attach_disconnected conflicts with no_attach_disconnected"
+msgstr ""
+
+#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516
+msgid "Profile flag chroot_attach conflicts with chroot_no_attach"
+msgstr ""
+
+#: parser_yacc.y:441 parser_yacc.y:484 parser_yacc.y:530
+msgid "Profile flag 'debug' is no longer valid."
+msgstr ""
+
+#: parser_yacc.y:463 parser_yacc.y:506 parser_yacc.y:552
+#, c-format
+msgid "Invalid profile flag: %s."
+msgstr ""
+
+#: parser_yacc.y:498 parser_yacc.y:520 parser_yacc.y:548 parser_yacc.y:594
+msgid "Assert: `rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:501 parser_yacc.y:546 parser_yacc.y:552 parser_yacc.y:584
+#: parser_yacc.y:598 parser_yacc.y:630
+msgid ""
+"Invalid mode, in deny rules 'x' must not be preceded by exec qualifier 'i', "
+"'p', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:524 parser_yacc.y:556 parser_yacc.y:602
+msgid ""
+"Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', 'c', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:549 parser_yacc.y:587 parser_yacc.y:633
+msgid "Invalid mode, 'x' must be preceded by exec qualifier 'i', 'p', or 'u'"
+msgstr ""
+
+#: parser_yacc.y:574 parser_yacc.y:612 parser_yacc.y:614 parser_yacc.y:660
+msgid "Assert: `network_rule' return invalid protocol."
+msgstr ""
+
+#: parser_yacc.y:649 parser_yacc.y:696 parser_yacc.y:786
+msgid "Assert: `change_profile' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810
+msgid "Assert: 'hat rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819
+msgid "Assert: 'local_profile rule' returned NULL."
+msgstr ""
+
+#: parser_yacc.y:824 parser_yacc.y:885 parser_yacc.y:992
+#, c-format
+msgid "Unset boolean variable %s used in if-expression"
+msgstr ""
+
+#: parser_yacc.y:882 parser_yacc.y:986 parser_yacc.y:1092
+msgid "unsafe rule missing exec permissions"
+msgstr ""
+
+#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060
+msgid "subset can only be used with link rules."
+msgstr ""
+
+#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062
+msgid "link and exec perms conflict on a file rule using ->"
+msgstr ""
+
+#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064
+msgid "link perms are not allowed on a named profile transition.\n"
+msgstr ""
+
+#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109
+#, c-format
+msgid "missing an end of line character? (entry: %s)"
+msgstr ""
+
+#: parser_yacc.y:975 parser_yacc.y:985 parser_yacc.y:1057 parser_yacc.y:1067
+#: parser_yacc.y:1145 parser_yacc.y:1155
+msgid "Invalid network entry."
+msgstr ""
+
+#: parser_yacc.y:1039 parser_yacc.y:1048 parser_yacc.y:1254 parser_yacc.y:1510
+#, c-format
+msgid "Invalid capability %s."
+msgstr ""
+
+#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525
+#, c-format
+msgid "AppArmor parser error for %s%s%s at line %d: %s\n"
+msgstr ""
+
+#: parser_yacc.y:1072 parser_yacc.y:1275 parser_yacc.y:1531
+#, c-format
+msgid "AppArmor parser error,%s%s line %d: %s\n"
+msgstr ""
+
+#: ../parser_regex.c:244
+#, c-format
+msgid "%s: Illegal open {, nesting groupings not allowed\n"
+msgstr ""
+
+#: ../parser_regex.c:265 ../parser_regex.c:274 ../parser_regex.c:278
+#, c-format
+msgid "%s: Regex grouping error: Invalid number of items between {}\n"
+msgstr ""
+
+#: ../parser_regex.c:271 ../parser_regex.c:280 ../parser_regex.c:284
+#, c-format
+msgid ""
+"%s: Regex grouping error: Invalid close }, no matching open { detected\n"
+msgstr ""
+
+#: ../parser_regex.c:337 ../parser_regex.c:343 ../parser_regex.c:361
+#, c-format
+msgid ""
+"%s: Regex grouping error: Unclosed grouping or character class, expecting "
+"close }\n"
+msgstr ""
+
+#: ../parser_regex.c:351 ../parser_regex.c:357
+#, c-format
+msgid "%s: Internal buffer overflow detected, %d characters exceeded\n"
+msgstr ""
+
+#: ../parser_regex.c:355 ../parser_regex.c:361 ../parser_regex.c:377
+#, c-format
+msgid "%s: Unable to parse input line '%s'\n"
+msgstr ""
+
+#: ../parser_regex.c:397 ../parser_regex.c:405 ../parser_regex.c:421
+#, c-format
+msgid "%s: Invalid profile name '%s' - bad regular expression\n"
+msgstr ""
+
+#: ../parser_policy.c:202 ../parser_policy.c:402 ../parser_policy.c:375
+#, c-format
+msgid "ERROR merging rules for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:234
+#, c-format
+msgid ""
+"ERROR profile %s contains policy elements not usable with this kernel:\n"
+"\t'*', '?', character ranges, and alternations are not allowed.\n"
+"\t'**' may only be used at the end of a rule.\n"
+msgstr ""
+
+#: ../parser_policy.c:279 ../parser_policy.c:359 ../parser_policy.c:332
+#, c-format
+msgid "ERROR processing regexs for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:306 ../parser_policy.c:389 ../parser_policy.c:362
+#, c-format
+msgid "ERROR expanding variables for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:390 ../parser_policy.c:382 ../parser_policy.c:355
+#, c-format
+msgid "ERROR adding hat access rule for profile %s\n"
+msgstr ""
+
+#: ../parser_policy.c:490 ../parser_policy.c:271
+#, c-format
+msgid "ERROR in profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:675
+#, c-format
+msgid "%s: Errors found during postprocessing. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:682 ../parser_policy.c:704
+#, c-format
+msgid "%s: Errors found during regex postprocess. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:689
+#, c-format
+msgid "%s: Errors found during postprocess. Aborting.\n"
+msgstr ""
+
+#: ../parser_policy.c:696
+#, c-format
+msgid "%s: Errors found in combining rules postprocessing. Aborting.\n"
+msgstr ""
+
+#: parser_lex.l:180 parser_lex.l:186
+#, c-format
+msgid "Could not process include directory '%s' in '%s'"
+msgstr ""
+
+#: ../parser_main.c:660 ../parser_main.c:523
+msgid "Feature buffer full."
+msgstr ""
+
+#: ../parser_main.c:1115 ../parser_main.c:1132 ../parser_main.c:1024
+#: ../parser_main.c:1041
+msgid "Out of memory"
+msgstr ""
+
+#: ../parser_main.c:1182 ../parser_main.c:1091
+#, c-format
+msgid "Can't create cache directory: %s\n"
+msgstr ""
+
+#: ../parser_main.c:1185 ../parser_main.c:1094
+#, c-format
+msgid "File in cache directory location: %s\n"
+msgstr ""
+
+#: ../parser_main.c:1188 ../parser_main.c:1097
+#, c-format
+msgid "Can't update cache directory: %s\n"
+msgstr ""
+
+#: ../parser_misc.c:833
+#, c-format
+msgid "Internal: unexpected DBus mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:857
+#, c-format
+msgid "Internal error generated invalid DBus perm 0x%x\n"
+msgstr ""
+
+#: parser_yacc.y:575 parser_yacc.y:621
+msgid "deny prefix not allowed"
+msgstr ""
+
+#: parser_yacc.y:612 parser_yacc.y:658
+msgid "owner prefix not allowed"
+msgstr ""
+
+#: parser_yacc.y:660
+msgid "owner prefix not allow on mount rules"
+msgstr ""
+
+#: parser_yacc.y:677
+msgid "owner prefix not allow on dbus rules"
+msgstr ""
+
+#: parser_yacc.y:704
+msgid "owner prefix not allow on capability rules"
+msgstr ""
+
+#: parser_yacc.y:1357 parser_yacc.y:1613
+#, c-format
+msgid "invalid mount conditional %s%s"
+msgstr ""
+
+#: parser_yacc.y:1374 parser_yacc.y:1628
+msgid "bad mount rule"
+msgstr ""
+
+#: parser_yacc.y:1381 parser_yacc.y:1635
+msgid "mount point conditions not currently supported"
+msgstr ""
+
+#: parser_yacc.y:1398 parser_yacc.y:1650
+#, c-format
+msgid "invalid pivotroot conditional '%s'"
+msgstr ""
+
+#: ../parser_regex.c:241 ../parser_regex.c:236
+#, c-format
+msgid ""
+"%s: Regex grouping error: Invalid close ], no matching open [ detected\n"
+msgstr ""
+
+#: ../parser_regex.c:257 ../parser_regex.c:256
+#, c-format
+msgid "%s: Regex grouping error: Exceeded maximum nesting of {}\n"
+msgstr ""
+
+#: ../parser_policy.c:366 ../parser_policy.c:339
+#, c-format
+msgid "ERROR processing policydb rules for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_policy.c:396 ../parser_policy.c:369
+#, c-format
+msgid "ERROR replacing aliases for profile %s, failed to load\n"
+msgstr ""
+
+#: ../parser_interface.c:635 ../parser_interface.c:638
+#, c-format
+msgid "%s: Unable to write %s\n"
+msgstr ""
+
+#: ../parser_main.c:721
+#, c-format
+msgid "Error: Could not read binary profile or cache file %s: %s.\n"
+msgstr ""
+
+#: ../parser_main.c:811
+#, c-format
+msgid "Error: Could not read cache file '%s', skipping...\n"
+msgstr ""
+
+#: ../parser_misc.c:575
+#, c-format
+msgid "Internal: unexpected %s mode character '%c' in input"
+msgstr ""
+
+#: ../parser_misc.c:599
+#, c-format
+msgid "Internal error generated invalid %s perm 0x%x\n"
+msgstr ""
+
+#: parser_yacc.y:703
+msgid "owner prefix not allowed on mount rules"
+msgstr ""
+
+#: parser_yacc.y:720
+msgid "owner prefix not allowed on dbus rules"
+msgstr ""
+
+#: parser_yacc.y:736
+msgid "owner prefix not allowed on signal rules"
+msgstr ""
+
+#: parser_yacc.y:752
+msgid "owner prefix not allowed on ptrace rules"
+msgstr ""
+
+#: parser_yacc.y:768
+msgid "owner prefix not allowed on unix rules"
+msgstr ""
+
+#: parser_yacc.y:794
+msgid "owner prefix not allowed on capability rules"
+msgstr ""
+
+#: parser_yacc.y:1293
+#, c-format
+msgid "dbus rule: invalid conditional group %s=()"
+msgstr ""
+
+#: parser_yacc.y:1371
+#, c-format
+msgid "unix rule: invalid conditional group %s=()"
+msgstr ""
+
+#: ../parser_regex.c:368
+#, c-format
+msgid "%s: Regex error: trailing '\\' escape character\n"
+msgstr ""
diff --git a/parser/po/ro.po b/parser/po/ro.po
index 4ff5c0641b76854902a530fdc2cd4848cd4342fb..0027106f2526bc21655257ed84491cd8c58b7e1d 100644
--- a/parser/po/ro.po
+++ b/parser/po/ro.po
@@ -9,14 +9,14 @@ msgstr ""
"Project-Id-Version: apparmor-parser\n"
"Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-13 00:11-0700\n"
-"PO-Revision-Date: 2013-11-15 03:59+0000\n"
-"Last-Translator: Stanciu-Lixandru Alec <Unknown>\n"
+"PO-Revision-Date: 2020-02-21 19:30+0000\n"
+"Last-Translator: Daniel Slavu <Unknown>\n"
"Language-Team: <ro@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-18 05:32+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2020-02-22 05:41+0000\n"
+"X-Generator: Launchpad (build 19413b719a8df7423ab1390528edadce9e0e4aca)\n"
"Language: ro\n"
#: ../parser_include.c:113 ../parser_include.c:111
@@ -51,7 +51,7 @@ msgstr "Memorie insuficientă\n"
#: ../parser_interface.c:78 ../parser_interface.c:81 ../parser_interface.c:58
msgid "Couldn't copy profile: Bad memory address\n"
-msgstr ""
+msgstr "Nu s-a putut copia profilul: Adresă de memorie necorespunzătoare\n"
#: ../parser_interface.c:81 ../parser_interface.c:84 ../parser_interface.c:61
msgid "Profile doesn't conform to protocol\n"
@@ -76,11 +76,13 @@ msgstr "Profilul nu există\n"
#: ../parser_interface.c:96 ../parser_interface.c:99 ../parser_interface.c:76
msgid "Permission denied; attempted to load a profile while confined?\n"
msgstr ""
+"Acces refuzat; ați încercat să încărcați un profil în timp ce sunteți "
+"limitat?\n"
#: ../parser_interface.c:99 ../parser_interface.c:102 ../parser_interface.c:79
#, c-format
msgid "Unknown error (%d): %s\n"
-msgstr ""
+msgstr "Eroare necunoscută (%d): %s\n"
#: ../parser_interface.c:116 ../parser_interface.c:119
#: ../parser_interface.c:96
@@ -110,7 +112,7 @@ msgstr "%s: Nu pot scrie la stdout\n"
#: ../parser_interface.c:115
#, c-format
msgid "%s: Unable to write to output file\n"
-msgstr ""
+msgstr "%s: Imposibil de scris în fișierul de ieșire\n"
#: ../parser_interface.c:138 ../parser_interface.c:162
#: ../parser_interface.c:141 ../parser_interface.c:165
@@ -147,11 +149,11 @@ msgstr ""
#: ../parser_interface.c:446
#, c-format
msgid "profile %s network rules not enforced\n"
-msgstr ""
+msgstr "profilul %s regulile de rețea nu sunt aplicate\n"
#: ../parser_interface.c:666
msgid "Unknown pattern type\n"
-msgstr ""
+msgstr "Tip de model necunoscut\n"
#: ../parser_interface.c:750 ../parser_interface.c:902
#: ../parser_interface.c:743 ../parser_interface.c:894
@@ -194,32 +196,32 @@ msgstr "%s: No pot scrie intregul profil\n"
#: ../parser_interface.c:593
#, c-format
msgid "%s: Unable to write entire profile entry to cache\n"
-msgstr ""
+msgstr "%s: Nu se poate scrie intrarea întregului profil în memoria cache\n"
#: parser_lex.l:100 parser_lex.l:163 parser_lex.l:169
#, c-format
msgid "Could not open '%s'"
-msgstr ""
+msgstr "Nu poate fi deschis '%s'"
#: parser_lex.l:104 parser_lex.l:167 parser_lex.l:173
#, c-format
msgid "fstat failed for '%s'"
-msgstr ""
+msgstr "fstat a eșuat pentru '%s'"
#: parser_lex.l:121
#, c-format
msgid "opendir failed '%s'"
-msgstr ""
+msgstr "opendir a eșuat '%s'"
#: parser_lex.l:152
#, c-format
msgid "stat failed for '%s'"
-msgstr ""
+msgstr "stat a eșuat pentru '%s'"
#: parser_lex.l:155 parser_lex.l:133 parser_lex.l:139
#, c-format
msgid "Could not open '%s' in '%s'"
-msgstr ""
+msgstr "Nu s-a putut deschide '%s' în '%s'"
#: parser_lex.l:284 parser_lex.l:322 parser_lex.l:362 parser_lex.l:399
#: parser_lex.l:469 parser_lex.l:655 parser_lex.l:586 parser_lex.l:638
@@ -229,7 +231,7 @@ msgstr "Am găsit un caracter neașteptat: '%s'"
#: parser_lex.l:386 parser_lex.l:418 parser_lex.l:428
msgid "Variable declarations do not accept trailing commas"
-msgstr ""
+msgstr "Declarațiile variabile nu acceptă virgule"
#: parser_lex.l:420
#, c-format
@@ -239,7 +241,7 @@ msgstr "(network_mode) Am găsit un caracter neașteptat: '%s'"
#: ../parser_main.c:333 ../parser_common.c:61 ../parser_common.c:106
#, c-format
msgid "Warning from %s (%s%sline %d): %s"
-msgstr ""
+msgstr "Avertisment din %s (%s%slinie %d): %s"
#: ../parser_main.c:531
#, c-format
@@ -307,12 +309,12 @@ msgstr "Eroare la alocarea memoriei."
#: ../parser_main.c:740 ../parser_main.c:872 ../parser_main.c:757
#, c-format
msgid "Cached load succeeded for \"%s\".\n"
-msgstr ""
+msgstr "Încărcarea în cache a reușit \"%s\".\n"
#: ../parser_main.c:744 ../parser_main.c:876 ../parser_main.c:761
#, c-format
msgid "Cached reload succeeded for \"%s\".\n"
-msgstr ""
+msgstr "Reîncărcarea în cache a reușit \"%s\".\n"
#: ../parser_main.c:910 ../parser_main.c:1058 ../parser_main.c:967
#, c-format
@@ -345,6 +347,9 @@ msgid ""
"Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"
msgstr ""
+"Calificatorul de execuție neconfigurat (%c%c) permite trecerea unor "
+"variabile de mediu periculoase la procesul neconfigurat; 'man 5 apparmor.d' "
+"pentru detalii.\n"
#: ../parser_misc.c:510 ../parser_misc.c:551 ../parser_misc.c:681
#: ../parser_misc.c:722 ../parser_misc.c:423 ../parser_misc.c:464
@@ -386,16 +391,18 @@ msgstr "Nu am putut uni intrările. Memorie insuficientă\n"
#: ../parser_merge.c:111 ../parser_merge.c:113 ../parser_merge.c:105
#, c-format
msgid "profile %s: has merged rule %s with conflicting x modifiers\n"
-msgstr ""
+msgstr "profilul %s: a combinat regula %s cu modificatorii x în conflict\n"
#: parser_yacc.y:236 parser_yacc.y:277 parser_yacc.y:320
msgid "Profile attachment must begin with a '/'."
-msgstr ""
+msgstr "Atașamentul la profil trebuie să înceapă cu a '/'."
#: parser_yacc.y:260 parser_yacc.y:302 parser_yacc.y:348
msgid ""
"Profile names must begin with a '/', namespace or keyword 'profile' or 'hat'."
msgstr ""
+"Numele profilului trebuie să înceapă cu un '/', spațiu de nume sau cuvinte "
+"cheie 'profile' sau 'hat'."
#: parser_yacc.y:296 parser_yacc.y:338 parser_yacc.y:384
#, c-format
@@ -405,19 +412,24 @@ msgstr "Nu am putut crea aliasul %s -> %s\n"
#: parser_yacc.y:417 parser_yacc.y:460 parser_yacc.y:506
msgid "Profile flag chroot_relative conflicts with namespace_relative"
msgstr ""
+"Indicatorul profilului chroot_relative intră în conflict cu "
+"relativul_spațiului de nume"
#: parser_yacc.y:421 parser_yacc.y:464 parser_yacc.y:510
msgid "Profile flag mediate_deleted conflicts with delegate_deleted"
msgstr ""
+"Indicatorul profilului mediază_ștergerea conflictelor cu delegatul_șters"
#: parser_yacc.y:424 parser_yacc.y:467 parser_yacc.y:513
msgid ""
"Profile flag attach_disconnected conflicts with no_attach_disconnected"
msgstr ""
+"Indicatorul profilului atașați_deconectarea conflictelor cu "
+"nu_atașa_deconectat"
#: parser_yacc.y:427 parser_yacc.y:470 parser_yacc.y:516
msgid "Profile flag chroot_attach conflicts with chroot_no_attach"
-msgstr ""
+msgstr "Indicatorul profilului chroot_attach în conflict cu chroot_no_attach"
#: parser_yacc.y:441 parser_yacc.y:484 parser_yacc.y:530
msgid "Profile flag 'debug' is no longer valid."
@@ -463,7 +475,7 @@ msgstr "Asețiune: `change_profile' a întors NULL."
#: parser_yacc.y:680 parser_yacc.y:720 parser_yacc.y:810
msgid "Assert: 'hat rule' returned NULL."
-msgstr ""
+msgstr "Afirma: 'hat rule' returnat NULL."
#: parser_yacc.y:689 parser_yacc.y:729 parser_yacc.y:819
msgid "Assert: 'local_profile rule' returned NULL."
@@ -481,15 +493,16 @@ msgstr "regulă nesigură fără permisiuni de execuție"
#: parser_yacc.y:901 parser_yacc.y:954 parser_yacc.y:1060
msgid "subset can only be used with link rules."
-msgstr ""
+msgstr "subsetul poate fi utilizat doar cu reguli de legătură."
#: parser_yacc.y:903 parser_yacc.y:956 parser_yacc.y:1062
msgid "link and exec perms conflict on a file rule using ->"
msgstr ""
+"conectează și execută conflictul de perms pe o regulă de fișier folosind ->"
#: parser_yacc.y:905 parser_yacc.y:958 parser_yacc.y:1064
msgid "link perms are not allowed on a named profile transition.\n"
-msgstr ""
+msgstr "legătura de perms nu sunt permise pe o tranziție de profil numită.\n"
#: parser_yacc.y:921 parser_yacc.y:1003 parser_yacc.y:1109
#, c-format
@@ -499,7 +512,7 @@ msgstr "lipsește un caracter de sfârșit de linie? (intrare: %s)"
#: parser_yacc.y:975 parser_yacc.y:985 parser_yacc.y:1057 parser_yacc.y:1067
#: parser_yacc.y:1145 parser_yacc.y:1155
msgid "Invalid network entry."
-msgstr ""
+msgstr "Intrare de rețea nevalidă."
#: parser_yacc.y:1039 parser_yacc.y:1048 parser_yacc.y:1254 parser_yacc.y:1510
#, c-format
@@ -509,12 +522,12 @@ msgstr "Capabilitate invalidă: %s."
#: parser_yacc.y:1066 parser_yacc.y:1269 parser_yacc.y:1525
#, c-format
msgid "AppArmor parser error for %s%s%s at line %d: %s\n"
-msgstr ""
+msgstr "Eroare analizor AppArmor pentru %s%s%s la linie %d: %s\n"
#: parser_yacc.y:1072 parser_yacc.y:1275 parser_yacc.y:1531
#, c-format
msgid "AppArmor parser error,%s%s line %d: %s\n"
-msgstr ""
+msgstr "Eroare analizor AppArmor,%s%s linia %d: %s\n"
#: ../parser_regex.c:244
#, c-format
@@ -559,7 +572,7 @@ msgstr "%s: Nu pot parsa linia '%s'\n"
#: ../parser_regex.c:397 ../parser_regex.c:405 ../parser_regex.c:421
#, c-format
msgid "%s: Invalid profile name '%s' - bad regular expression\n"
-msgstr ""
+msgstr "%s: Nume de profil nevalid '%s' - expresie regulată proastă\n"
#: ../parser_policy.c:202 ../parser_policy.c:402 ../parser_policy.c:375
#, c-format
@@ -594,7 +607,7 @@ msgstr ""
#: ../parser_policy.c:390 ../parser_policy.c:382 ../parser_policy.c:355
#, c-format
msgid "ERROR adding hat access rule for profile %s\n"
-msgstr ""
+msgstr "EROARE adăugând pălărie la regula de acces pentru profil %s\n"
#: ../parser_policy.c:490 ../parser_policy.c:271
#, c-format
@@ -627,36 +640,36 @@ msgstr ""
#: parser_lex.l:180 parser_lex.l:186
#, c-format
msgid "Could not process include directory '%s' in '%s'"
-msgstr ""
+msgstr "Imposibil de procesat directorul inclus '%s' în '%s'"
#: ../parser_main.c:660 ../parser_main.c:523
msgid "Feature buffer full."
-msgstr ""
+msgstr "Funcție tampon complet."
#: ../parser_main.c:1115 ../parser_main.c:1132 ../parser_main.c:1024
#: ../parser_main.c:1041
msgid "Out of memory"
-msgstr ""
+msgstr "Memorie insuficienta"
#: ../parser_main.c:1182 ../parser_main.c:1091
#, c-format
msgid "Can't create cache directory: %s\n"
-msgstr ""
+msgstr "Nu se poate crea directorul cache: %s\n"
#: ../parser_main.c:1185 ../parser_main.c:1094
#, c-format
msgid "File in cache directory location: %s\n"
-msgstr ""
+msgstr "Fișier în locația directorului cache: %s\n"
#: ../parser_main.c:1188 ../parser_main.c:1097
#, c-format
msgid "Can't update cache directory: %s\n"
-msgstr ""
+msgstr "Nu se poate actualiza directorul cache: %s\n"
#: ../parser_misc.c:833
#, c-format
msgid "Internal: unexpected DBus mode character '%c' in input"
-msgstr ""
+msgstr "Intern: caracterul neașteptat al modului DBus '%c' la intrare"
#: ../parser_misc.c:857
#, c-format
diff --git a/parser/po/sv.po b/parser/po/sv.po
index 2de994e874bb8f9f74d8dcdf0820c98975dc6d88..fa82cb572f0d654a01ac2cc8626236f712a68554 100644
--- a/parser/po/sv.po
+++ b/parser/po/sv.po
@@ -6,14 +6,14 @@ msgstr ""
"Project-Id-Version: apparmor-parser\n"
"Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-13 00:11-0700\n"
-"PO-Revision-Date: 2019-05-25 10:11+0000\n"
+"PO-Revision-Date: 2019-06-26 17:08+0000\n"
"Last-Translator: Jonatan Nyberg <Unknown>\n"
"Language-Team: Novell Language <language@novell.com>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-05-26 05:31+0000\n"
-"X-Generator: Launchpad (build 18968)\n"
+"X-Launchpad-Export-Date: 2019-06-27 04:33+0000\n"
+"X-Generator: Launchpad (build 18991)\n"
"Language: sv\n"
#: ../parser_include.c:113 ../parser_include.c:111
@@ -716,11 +716,13 @@ msgstr "%s: Regex-grupperingsfel: Överskred maximal kapsling av {}\n"
#, c-format
msgid "ERROR processing policydb rules for profile %s, failed to load\n"
msgstr ""
+"FEL vid behandling av policydb_regler för profil %s, misslyckades med att "
+"läsa in\n"
#: ../parser_policy.c:396 ../parser_policy.c:369
#, c-format
msgid "ERROR replacing aliases for profile %s, failed to load\n"
-msgstr ""
+msgstr "FEL vid byte av alias för profil %s, kunde inte läsa in\n"
#: ../parser_interface.c:635 ../parser_interface.c:638
#, c-format
@@ -784,4 +786,4 @@ msgstr "unix-regel: ogiltig villkorlig grupp %s=()"
#: ../parser_regex.c:368
#, c-format
msgid "%s: Regex error: trailing '\\' escape character\n"
-msgstr ""
+msgstr "%s: Regex-fel: efterföljande \"\\\" escape-tecken\n"
diff --git a/parser/policy_cache.c b/parser/policy_cache.c
index 2864eec85ee836091c21f69ea1b030334e008f13..341e0331f4199744463c69bf1498b7bd40ab7e07 100644
--- a/parser/policy_cache.c
+++ b/parser/policy_cache.c
@@ -46,15 +46,13 @@ bool valid_cached_file_version(const char *cachename)
}
size_t res = fread(buffer, 1, HEADER_STRING_SIZE + VERSION_STRING_SIZE, f);
if (res < HEADER_STRING_SIZE + VERSION_STRING_SIZE) {
- if (debug_cache)
- pwarn("%s: cache file '%s' invalid size\n", progname, cachename);
+ pwarn(WARN_DEBUG_CACHE, "%s: cache file '%s' invalid size\n", progname, cachename);
return false;
}
/* 12 byte header that is always the same and then 4 byte version # */
if (memcmp(buffer, header_string, HEADER_STRING_SIZE) != 0) {
- if (debug_cache)
- pwarn("%s: cache file '%s' has wrong header\n", progname, cachename);
+ pwarn(WARN_DEBUG_CACHE, "%s: cache file '%s' has wrong header\n", progname, cachename);
return false;
}
@@ -63,8 +61,7 @@ bool valid_cached_file_version(const char *cachename)
parser_abi_version,
kernel_abi_version));
if (memcmp(buffer + HEADER_STRING_SIZE, &version, VERSION_STRING_SIZE) != 0) {
- if (debug_cache)
- pwarn("%s: cache file '%s' has wrong version\n", progname, cachename);
+ pwarn(WARN_DEBUG_CACHE, "%s: cache file '%s' has wrong version\n", progname, cachename);
return false;
}
@@ -89,8 +86,7 @@ void update_mru_tstamp(FILE *file, const char *name)
if (tstamp_is_null(cache_tstamp))
return;
if (tstamp_cmp(stat_file.st_mtim, cache_tstamp) > 0) {
- if (debug_cache)
- pwarn("%s: file '%s' is newer than cache file\n", progname, name);
+ pwarn(WARN_DEBUG_CACHE, "%s: file '%s' is newer than cache file\n", progname, name);
mru_skip_cache = 1;
}
}
@@ -124,8 +120,7 @@ void valid_read_cache(const char *cachename)
} else {
if (!cond_clear_cache)
write_cache = 0;
- if (debug_cache)
- pwarn("%s: Invalid or missing cache file '%s' (%s)\n", progname, cachename, strerror(errno));
+ pwarn(WARN_DEBUG_CACHE, "%s: Invalid or missing cache file '%s' (%s)\n", progname, cachename, strerror(errno));
}
}
}
@@ -184,7 +179,7 @@ void install_cache(const char *cachetmpname, const char *cachename)
}
if (rename(cachetmpname, cachename) < 0) {
- pwarn("Warning failed to write cache: %s\n", cachename);
+ pwarn(WARN_CACHE, "Warning failed to write cache: %s\n", cachename);
unlink(cachetmpname);
}
else if (show_cache) {
diff --git a/parser/policydb.h b/parser/policydb.h
index 798f076c08b509ff3677931051cf4f3e0b51cc36..53b80090ccf43816f4f9ebbbb380eb4ca5d08cf5 100644
--- a/parser/policydb.h
+++ b/parser/policydb.h
@@ -32,7 +32,7 @@
#define AA_CLASS_NS_DOMAIN 8
#define AA_CLASS_PTRACE 9
#define AA_CLASS_SIGNAL 10
-
+#define AA_CLASS_NETV8 14
#define AA_CLASS_LABEL 16
/* defined in libapparmor's apparmor.h #define AA_CLASS_DBUS 32 */
diff --git a/debian/lib/apparmor/profile-load b/parser/profile-load
similarity index 100%
rename from debian/lib/apparmor/profile-load
rename to parser/profile-load
diff --git a/parser/profile.cc b/parser/profile.cc
index 74599679454262143b39f66b3599f030597639e6..a3b982affcb3afac8e65f3cd5ceb05fc3a77891d 100644
--- a/parser/profile.cc
+++ b/parser/profile.cc
@@ -18,6 +18,14 @@
#include <stdio.h>
#include <stdlib.h>
+const char *profile_mode_table[] = {
+ "",
+ "enforce",
+ "complain",
+ "kill",
+ "unconfined",
+};
+
bool deref_profileptr_lt::operator()(Profile * const &lhs, Profile * const &rhs) const
{
return *lhs < *rhs;
@@ -77,6 +85,7 @@ Profile::~Profile()
{
hat_table.clear();
free_cod_entries(entries);
+ free_cond_entry_list(xattrs);
for (RuleList::iterator i = rule_ents.begin(); i != rule_ents.end(); i++)
delete *i;
diff --git a/parser/profile.h b/parser/profile.h
index 7121c0a751901f6b812d25164b152465516cb890..f54467c07ecc81cd605cd8ccf22545a91b430d83 100644
--- a/parser/profile.h
+++ b/parser/profile.h
@@ -18,6 +18,7 @@
#include <string>
#include <iostream>
+#include "capability.h"
#include "parser.h"
#include "rule.h"
#include "libapparmor_re/aare_rules.h"
@@ -53,32 +54,92 @@ public:
void dump_profile_names(bool children);
};
+extern const char*profile_mode_table[];
+/* use profile_mode_packed to convert to the packed representation */
+enum profile_mode {
+ MODE_UNSPECIFIED = 0,
+ MODE_ENFORCE = 1,
+ MODE_COMPLAIN = 2,
+ MODE_KILL = 3,
+ MODE_UNCONFINED = 4,
+ MODE_CONFLICT = 5 /* greater than MODE_LAST */
+};
+#define MODE_LAST MODE_UNCONFINED
+
+static inline enum profile_mode operator++(enum profile_mode &mode)
+{
+ mode = (enum profile_mode)((int) mode + 1);
+ return mode;
+}
+
+static inline enum profile_mode merge_profile_mode(enum profile_mode l, enum profile_mode r)
+{
+ if (l == r || r == MODE_UNSPECIFIED)
+ return l;
+ else if (l == MODE_UNSPECIFIED)
+ return r;
+ return MODE_CONFLICT;
+}
+
+static inline uint32_t profile_mode_packed(enum profile_mode mode)
+{
+ /* kernel doesn't have an unspecified mode everything
+ * shifts down by 1
+ */
+ if ((uint32_t) mode)
+ return (uint32_t) mode - 1;
+ /* unspecified defaults to same as enforce */
+ return 0;
+}
+
+static inline void mode_dump(ostream &os, enum profile_mode mode)
+{
+ if (mode <= MODE_LAST)
+ os << profile_mode_table[(int) mode];
+ else
+ os << "unknown";
+}
+
+static inline enum profile_mode str_to_mode(const char *str)
+{
+ for (enum profile_mode i = MODE_ENFORCE; i <= MODE_LAST; ++i) {
+ if (strcmp(profile_mode_table[i], str) == 0)
+ return i;
+ }
+ return MODE_UNSPECIFIED;
+};
class flagvals {
public:
int hat;
- int complain;
+ enum profile_mode mode;
int audit;
int path;
- void dump(void)
+ ostream &dump(ostream &os)
{
- printf("Profile Mode:\t");
-
- if (complain)
- printf("Complain");
- else
- printf("Enforce");
-
+ os << "Mode: ";
+ mode_dump(os, mode);
if (audit)
- printf(", Audit");
+ os << ", Audit";
if (hat)
- printf(", Hat");
+ os << ", Hat";
- printf("\n");
+ os << "\n";
+
+ return os;
+ }
+ ostream &debug(ostream &os)
+ {
+#ifdef DEBUG
+ return dump(os);
+#else
+ return os;
+#endif
}
+
};
struct capabilities {
@@ -120,6 +181,8 @@ public:
size_t xmatch_size;
int xmatch_len;
+ struct cond_entry_list xattrs;
+
/* char *sub_name; */ /* subdomain name or NULL */
/* int default_deny; */ /* TRUE or FALSE */
int local;
@@ -151,11 +214,14 @@ public:
xmatch_size = 0;
xmatch_len = 0;
+ xattrs.list = NULL;
+ xattrs.name = NULL;
+
local = local_mode = local_audit = 0;
parent = NULL;
- flags = { 0, 0, 0, 0};
+ flags = { 0, MODE_UNSPECIFIED, 0, 0 };
rlimits = {0, {}};
std::fill(exec_table, exec_table + AA_EXEC_COUNT, (char *)NULL);
@@ -196,7 +262,7 @@ public:
printf("Local To:\t<NULL>\n");
}
- flags.dump();
+ flags.dump(cerr);
caps.dump();
net.dump();
diff --git a/parser/ptrace.cc b/parser/ptrace.cc
index bc7122b468f57838db4d4abd4fe713d371ffc295..d13a7fadefcfe8d8cb1b5589cd2af05df97fbb21 100644
--- a/parser/ptrace.cc
+++ b/parser/ptrace.cc
@@ -22,7 +22,6 @@
#include <iomanip>
#include <string>
-#include <iostream>
#include <sstream>
int parse_ptrace_mode(const char *str_mode, int *mode, int fail)
@@ -100,20 +99,9 @@ int ptrace_rule::expand_variables(void)
return expand_entry_variables(&peer_label);
}
-/* do we want to warn once/profile or just once per compile?? */
-static void warn_once(const char *name)
+void ptrace_rule::warn_once(const char *name)
{
- static const char *warned_name = NULL;
-
- if ((warnflags & WARN_RULE_NOT_ENFORCED) && warned_name != name) {
- cerr << "Warning from profile " << name << " (";
- if (current_filename)
- cerr << current_filename;
- else
- cerr << "stdin";
- cerr << ") ptrace rules not enforced\n";
- warned_name = name;
- }
+ rule_t::warn_once(name, "ptrace rules not enforced");
}
int ptrace_rule::gen_policy_re(Profile &prof)
@@ -128,7 +116,7 @@ int ptrace_rule::gen_policy_re(Profile &prof)
* the compile could be used on another kernel unchanged??
* Current caching doesn't support this but in the future maybe
*/
- if (!kernel_supports_ptrace) {
+ if (!features_supports_ptrace) {
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}
diff --git a/parser/ptrace.h b/parser/ptrace.h
index 315d9214b092ba75bc8f47f1f2d99298203c7867..8c320c076d68fe6adc5d0918f6cb751d7d0a0e73 100644
--- a/parser/ptrace.h
+++ b/parser/ptrace.h
@@ -47,6 +47,9 @@ public:
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
virtual void post_process(Profile &prof unused) { };
+
+protected:
+ virtual void warn_once(const char *name) override;
};
#endif /* __AA_PTRACE_H */
diff --git a/parser/rc.apparmor.functions b/parser/rc.apparmor.functions
index 8c1c57c5d7e6f5b2867e0d2a94c330541d182cc1..c11a5a9372db29d1e05a0375695c3dfa816e7ac9 100644
--- a/parser/rc.apparmor.functions
+++ b/parser/rc.apparmor.functions
@@ -1,7 +1,7 @@
#!/bin/sh
# ----------------------------------------------------------------------
# Copyright (c) 1999-2008 NOVELL (All rights reserved)
-# Copyright (c) 2009-2012 Canonical Ltd. (All rights reserved)
+# Copyright (c) 2009-2018 Canonical Ltd. (All rights reserved)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -31,77 +31,84 @@
# Some nice defines that we use
-CONFIG_DIR=/etc/apparmor
-MODULE=apparmor
-OLD_MODULE=subdomain
-if [ -f "${CONFIG_DIR}/${MODULE}.conf" ] ; then
- APPARMOR_CONF="${CONFIG_DIR}/${MODULE}.conf"
-elif [ -f "${CONFIG_DIR}/${OLD_MODULE}.conf" ] ; then
- APPARMOR_CONF="${CONFIG_DIR}/${OLD_MODULE}.conf"
-elif [ -f "/etc/immunix/subdomain.conf" ] ; then
- aa_log_warning_msg "/etc/immunix/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
- APPARMOR_CONF="/etc/immunix/subdomain.conf"
-elif [ -f "/etc/subdomain.conf" ] ; then
- aa_log_warning_msg "/etc/subdomain.conf is deprecated, use ${CONFIG_DIR}/subdomain.conf instead"
- APPARMOR_CONF="/etc/subdomain.conf"
-else
- aa_log_warning_msg "Unable to find config file in ${CONFIG_DIR}, installation problem?"
+PARSER=/sbin/apparmor_parser
+PARSER_OPTS=
+# Suppress warnings when booting in quiet mode
+if [ "${QUIET:-no}" = yes ] || [ "${quiet:-n}" = y ]; then
+ PARSER_OPTS="$PARSER_OPTS --quiet"
fi
-# Read configuration options from /etc/subdomain.conf, default is to
-# warn if subdomain won't load.
-SUBDOMAIN_MODULE_PANIC="warn"
-SUBDOMAIN_ENABLE_OWLSM="no"
-APPARMOR_ENABLE_AAEVENTD="no"
-
-if [ -f "${APPARMOR_CONF}" ] ; then
- #parse the conf file to see what we should do
- . "${APPARMOR_CONF}"
+if [ -d /etc/apparmor.d ] ; then
+ PROFILE_DIRS=/etc/apparmor.d
+else
+ aa_log_warning_msg "Unable to find profiles directory, installation problem?"
fi
-PARSER=/sbin/apparmor_parser
-
-# SUBDOMAIN_DIR and APPARMOR_DIR might be defined in subdomain.conf|apparmor.conf
-if [ -d "${APPARMOR_DIR}" ] ; then
- PROFILE_DIR=${APPARMOR_DIR}
-elif [ -d "${SUBDOMAIN_DIR}" ] ; then
- PROFILE_DIR=${SUBDOMAIN_DIR}
-elif [ -d /etc/apparmor.d ] ; then
- PROFILE_DIR=/etc/apparmor.d
-elif [ -d /etc/subdomain.d ] ; then
- PROFILE_DIR=/etc/subdomain.d
+# Eg. snapd policy might need this on some systems if loading policy
+# during early boot if not using the snapd unit file
+ADDITIONAL_PROFILE_DIR=
+if [ -n "$ADDITIONAL_PROFILE_DIR" ] && [ -d "$ADDITIONAL_PROFILE_DIR" ]; then
+ PROFILE_DIRS="$PROFILE_DIRS $ADDITIONAL_PROFILE_DIR"
fi
-ABSTRACTIONS="-I${PROFILE_DIR}"
-AA_EV_BIN=/usr/sbin/aa-eventd
-AA_EV_PIDFILE=/var/run/aa-eventd.pid
AA_STATUS=/usr/sbin/aa-status
-SD_EV_BIN=/usr/sbin/sd-event-dispatch.pl
-SD_EV_PIDFILE=/var/run/sd-event-dispatch.init.pid
-SD_STATUS=/usr/sbin/subdomain_status
SECURITYFS=/sys/kernel/security
-
-SUBDOMAINFS_MOUNTPOINT=$(grep subdomainfs /etc/fstab | \
- sed -e 's|^[[:space:]]*[^[:space:]]\+[[:space:]]\+\(/[^[:space:]]*\)[[:space:]]\+subdomainfs.*$|\1|' 2> /dev/null)
+SFS_MOUNTPOINT="${SECURITYFS}/apparmor"
# keep exit status from parser during profile load. 0 is good, 1 is bad
STATUS=0
# Test if the apparmor "module" is present.
is_apparmor_present() {
- local modules=$1
- shift
+ [ -d /sys/module/apparmor ]
+}
- while [ $# -gt 0 ] ; do
- modules="$modules|$1"
- shift
- done
+# Checks to see if the current container is capable of having internal AppArmor
+# profiles that should be loaded. Callers of this function should have already
+# verified that they're running inside of a container environment with
+# something like `systemd-detect-virt --container`.
+#
+# The only known container environments capable of supporting internal policy
+# are LXD and LXC environment.
+#
+# Returns 0 if the container environment is capable of having its own internal
+# policy and non-zero otherwise.
+#
+# IMPORTANT: This function will return 0 in the case of a non-LXD/non-LXC
+# system container technology being nested inside of a LXD/LXC container that
+# utilized an AppArmor namespace and profile stacking. The reason 0 will be
+# returned is because .ns_stacked will be "yes" and .ns_name will still match
+# "lx[dc]-*" since the nested system container technology will not have set up
+# a new AppArmor profile namespace. This will result in the nested system
+# container's boot process to experience failed policy loads but the boot
+# process should continue without any loss of functionality. This is an
+# unsupported configuration that cannot be properly handled by this function.
+is_container_with_internal_policy() {
+ # this function is sometimes called independently of
+ # is_apparmor_loaded(), so also define this here.
+ local ns_stacked_path="${SFS_MOUNTPOINT}/.ns_stacked"
+ local ns_name_path="${SFS_MOUNTPOINT}/.ns_name"
+ local ns_stacked
+ local ns_name
+
+ if ! [ -f "$ns_stacked_path" ] || ! [ -f "$ns_name_path" ]; then
+ return 1
+ fi
- # check for subdomainfs version of module
- grep -qE "^($modules)[[:space:]]" /proc/modules
+ read -r ns_stacked < "$ns_stacked_path"
+ if [ "$ns_stacked" != "yes" ]; then
+ return 1
+ fi
- [ $? -ne 0 -a -d /sys/module/apparmor ]
+ # LXD and LXC set up AppArmor namespaces starting with "lxd-" and
+ # "lxc-", respectively. Return non-zero for all other namespace
+ # identifiers.
+ read -r ns_name < "$ns_name_path"
+ if [ "${ns_name#lxd-*}" = "$ns_name" ] && \
+ [ "${ns_name#lxc-*}" = "$ns_name" ]; then
+ return 1
+ fi
- return $?
+ return 0
}
# This set of patterns to skip needs to be kept in sync with
@@ -110,56 +117,93 @@ is_apparmor_present() {
# returns 1 on verbose skip
# returns 2 on silent skip
skip_profile() {
- local profile=$1
- if [ "${profile%.rpmnew}" != "${profile}" -o \
- "${profile%.rpmsave}" != "${profile}" -o \
- "${profile%.orig}" != "${profile}" -o \
- "${profile%.rej}" != "${profile}" -o \
- -e "${PROFILE_DIR}/disable/`basename ${profile}`" -o \
- "${profile%\~}" != "${profile}" ] ; then
+ local profile="$1"
+ if [ "${profile%.rpmnew}" != "$profile" ] || \
+ [ "${profile%.rpmsave}" != "$profile" ] || \
+ [ "${profile%.orig}" != "$profile" ] || \
+ [ "${profile%.rej}" != "$profile" ] || \
+ [ "${profile%\~}" != "$profile" ] ; then
return 1
fi
# Silently ignore the dpkg, pacman, and xbps files
- if [ "${profile%.dpkg-new}" != "${profile}" -o \
- "${profile%.dpkg-old}" != "${profile}" -o \
- "${profile%.dpkg-dist}" != "${profile}" -o \
- "${profile%.dpkg-bak}" != "${profile}" -o \
- "${profile%.dpkg-remove}" != "${profile}" -o \
- "${profile%.pacsave}" != "${profile}" -o \
- "${profile%.pacnew}" != "${profile}" ] ; then
+ if [ "${profile%.dpkg-new}" != "$profile" ] || \
+ [ "${profile%.dpkg-old}" != "$profile" ] || \
+ [ "${profile%.dpkg-dist}" != "$profile" ] || \
+ [ "${profile%.dpkg-bak}" != "$profile" ] || \
+ [ "${profile%.dpkg-remove}" != "$profile" ] || \
+ [ "${profile%.pacsave}" != "$profile" ] || \
+ [ "${profile%.pacnew}" != "$profile" ] ; then
return 2
fi
- if echo "${profile}" | egrep -q '^.+\.new-[0-9\.]+_[0-9]+$'; then
+ if echo "$profile" | grep -E -q '^.+\.new-[0-9\.]+_[0-9]+$'; then
return 2
fi
return 0
}
-force_complain() {
- local profile=$1
+__parse_profiles_dir() {
+ local parser_cmd="$1"
+ local profile_dir="$2"
+ local status=0
- # if profile not in complain mode
- if ! egrep -q '^/.*[ \t]+flags[ \t]*=[ \t]*\([ \t]*complain[ \t]*\)[ \t]+\{' $profile ; then
- local link="${PROFILE_DIR}/force-complain/`basename ${profile}`"
- if [ -e "$link" ] ; then
- aa_log_warning_msg "found $link, forcing complain mode"
- return 0
- fi
+ if [ ! -d "$profile_dir" ]; then
+ aa_log_failure_msg "Profile directory not found: $profile_dir"
+ return 1
fi
- return 1
+ if [ -z "$(ls "$profile_dir"/)" ]; then
+ aa_log_failure_msg "No profiles found in $profile_dir"
+ return 1
+ fi
+
+ # Note: the parser automatically skips files that match skip_profile()
+ # when we pass it a directory, but not when we pass it an individual
+ # profile. So we need to use skip_profile only in the latter case,
+ # as long as the parser is in sync' with skip_profile().
+ "$PARSER" $PARSER_OPTS "$parser_cmd" -- "$profile_dir" || {
+ # FIXME: once the parser properly handles broken profiles
+ # (LP: #1377338), remove the following code and the
+ # skip_profile() function. For now, if the parser returns
+ # an error, just run it again separately on each profile.
+ for profile in "$profile_dir"/*; do
+ skip_profile "$profile"
+ skip=$?
+ if [ "$skip" -eq 2 ]; then
+ # Ignore skip status == 2 (silent skip)
+ continue
+ elif [ "$skip" -ne 0 ] ; then
+ aa_log_skipped_msg "$profile"
+ logger -t "AppArmor(init)" -p daemon.warn \
+ "Skipping profile $profile"
+ continue
+ fi
+ if [ ! -f "$profile" ] ; then
+ continue
+ fi
+ printf "%s\0" "$profile"
+ done | \
+ # Use xargs to parallelize calls to the parser over all CPUs
+ xargs -n1 -0r -P "$(getconf _NPROCESSORS_ONLN)" \
+ "$PARSER" $PARSER_OPTS "$parser_cmd" --
+ if [ $? -ne 0 ]; then
+ status=1
+ aa_log_failure_msg "At least one profile failed to load"
+ fi
+ }
+
+ return "$status"
}
parse_profiles() {
# get parser arg
case "$1" in
load)
- PARSER_ARGS="--add"
+ PARSER_CMD="--add"
PARSER_MSG="Loading AppArmor profiles "
;;
reload)
- PARSER_ARGS="--replace"
+ PARSER_CMD="--replace"
PARSER_MSG="Reloading AppArmor profiles "
;;
*)
@@ -175,47 +219,12 @@ parse_profiles() {
exit 1
fi
- if [ ! -d "$PROFILE_DIR" ]; then
- aa_log_failure_msg "Profile directory not found"
- aa_log_action_end 1
- exit 1
- fi
-
- if [ -z "$(ls $PROFILE_DIR/)" ]; then
- aa_log_failure_msg "No profiles found"
- aa_log_action_end 1
- return 1
- fi
-
- for profile in $PROFILE_DIR/*; do
- skip_profile "${profile}"
- skip=$?
- # Ignore skip status == 2 (silent skip)
- if [ "$skip" -eq 1 ] ; then
- aa_log_skipped_msg "$profile"
- logger -t "AppArmor(init)" -p daemon.warn "Skipping profile $profile"
- STATUS=2
- continue
- elif [ "$skip" -ne 0 ]; then
- continue
- fi
- if [ -f "${profile}" ] ; then
- COMPLAIN=""
- if force_complain "${profile}" ; then
- COMPLAIN="-C"
- fi
- $PARSER $ABSTRACTIONS $PARSER_ARGS $COMPLAIN "$profile" > /dev/null
- if [ $? -ne 0 ]; then
- aa_log_failure_msg "$profile failed to load"
- STATUS=1
- fi
- fi
+ for profile_dir in $PROFILE_DIRS; do
+ __parse_profiles_dir "$PARSER_CMD" "$profile_dir" || STATUS=$?
done
- if [ $STATUS -eq 2 ]; then
- STATUS=0
- fi
+
aa_log_action_end "$STATUS"
- return $STATUS
+ return "$STATUS"
}
profiles_names_list() {
@@ -225,44 +234,32 @@ profiles_names_list() {
exit 1
fi
- if [ ! -d "$PROFILE_DIR" ]; then
- aa_log_failure_msg "- Profile directory not found"
- exit 1
- fi
+ for profile_dir in $PROFILE_DIRS; do
+ if [ ! -d "$profile_dir" ]; then
+ aa_log_warning_msg "- Profile directory not found: $profile_dir"
+ continue
+ fi
- for profile in $PROFILE_DIR/*; do
- if skip_profile "${profile}" && [ -f "${profile}" ] ; then
- LIST_ADD=$($PARSER $ABSTRACTIONS -N "$profile" )
- if [ $? -eq 0 ]; then
- echo "$LIST_ADD"
+ for profile in "$profile_dir"/*; do
+ if skip_profile "$profile" && [ -f "$profile" ] ; then
+ LIST_ADD=$("$PARSER" -N "$profile" )
+ if [ $? -eq 0 ]; then
+ echo "$LIST_ADD"
+ fi
fi
- fi
+ done
done
}
failstop_system() {
level=$(runlevel | cut -d" " -f2)
- if [ $level -ne "1" ] ; then
+ if [ "$level" -ne "1" ] ; then
aa_log_failure_msg "- could not start AppArmor. Changing to runlevel 1"
telinit 1;
- return -1;
+ return 255;
fi
aa_log_failure_msg "- could not start AppArmor."
- return -1
-}
-
-module_panic() {
- # the module failed to load, determine what action should be taken
-
- case "$SUBDOMAIN_MODULE_PANIC" in
- "warn"|"WARN")
- return 1 ;;
- "panic"|"PANIC") failstop_system
- rc=$?
- return $rc ;;
- *) aa_log_failure_msg "- invalid AppArmor module fail option"
- return -1 ;;
- esac
+ return 255
}
is_apparmor_loaded() {
@@ -270,99 +267,39 @@ is_apparmor_loaded() {
mount_securityfs
fi
- mount_subdomainfs
-
- if [ -f "${SECURITYFS}/${MODULE}/profiles" ]; then
- SFS_MOUNTPOINT="${SECURITYFS}/${MODULE}"
- return 0
- fi
-
- if [ -f "${SECURITYFS}/${OLD_MODULE}/profiles" ]; then
- SFS_MOUNTPOINT="${SECURITYFS}/${OLD_MODULE}"
+ if [ -f "${SFS_MOUNTPOINT}/profiles" ]; then
return 0
fi
- if [ -f "${SUBDOMAINFS_MOUNTPOINT}/profiles" ]; then
- SFS_MOUNTPOINT=${SUBDOMAINFS_MOUNTPOINT}
- return 0
- fi
-
- # check for subdomainfs version of module
- is_apparmor_present apparmor subdomain
+ is_apparmor_present
return $?
}
is_securityfs_mounted() {
- test -d ${SECURITYFS} -a -d /sys/fs/cgroup/systemd || grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts
+ test -d "$SECURITYFS" -a -d /sys/fs/cgroup/systemd || grep -q securityfs /proc/filesystems && grep -q securityfs /proc/mounts
return $?
}
mount_securityfs() {
if grep -q securityfs /proc/filesystems ; then
- aa_action "Mounting securityfs on ${SECURITYFS}" \
- mount -t securityfs securityfs "${SECURITYFS}"
+ aa_action "Mounting securityfs on $SECURITYFS" \
+ mount -t securityfs securityfs "$SECURITYFS"
return $?
fi
return 0
}
-
-mount_subdomainfs() {
- # for backwords compatibility
- if grep -q subdomainfs /proc/filesystems && \
- ! grep -q subdomainfs /proc/mounts && \
- [ -n "${SUBDOMAINFS_MOUNTPOINT}" ]; then
- aa_action "Mounting subdomainfs on ${SUBDOMAINFS_MOUNTPOINT}" \
- mount "${SUBDOMAINFS_MOUNTPOINT}"
- return $?
- fi
- return 0
-}
-
-unmount_subdomainfs() {
- SUBDOMAINFS=$(grep subdomainfs /proc/mounts | cut -d" " -f2 2> /dev/null)
- if [ -n "${SUBDOMAINFS}" ]; then
- aa_action "Unmounting subdomainfs" umount ${SUBDOMAINFS}
- fi
-}
-
-load_module() {
- local rc=0
- if modinfo -F filename apparmor > /dev/null 2>&1 ; then
- MODULE=apparmor
- elif modinfo -F filename ${OLD_MODULE} > /dev/null 2>&1 ; then
- MODULE=${OLD_MODULE}
- fi
-
- if ! is_apparmor_present apparmor subdomain ; then
- aa_action "Loading AppArmor module" /sbin/modprobe -q $MODULE $1
- rc=$?
- if [ $rc -ne 0 ] ; then
- module_panic
- rc=$?
- if [ $rc -ne 0 ] ; then
- exit $rc
- fi
- fi
- fi
-
- if ! is_apparmor_loaded ; then
- return 1
- fi
-
- return $rc
-}
-
apparmor_start() {
aa_log_daemon_msg "Starting AppArmor"
- if ! is_apparmor_loaded ; then
- load_module
- rc=$?
- if [ $rc -ne 0 ] ; then
- aa_log_end_msg $rc
- return $rc
- fi
+ if ! is_apparmor_present ; then
+ aa_log_failure_msg "Starting AppArmor - failed, To enable AppArmor, ensure your kernel is configured with CONFIG_SECURITY_APPARMOR=y then add 'security=apparmor apparmor=1' to the kernel command line"
+ aa_log_end_msg 1
+ return 1
+ elif ! is_apparmor_loaded ; then
+ aa_log_failure_msg "Starting AppArmor - AppArmor control files aren't available under /sys/kernel/security/, please make sure securityfs is mounted."
+ aa_log_end_msg 1
+ return 1
fi
if [ ! -w "$SFS_MOUNTPOINT/.load" ] ; then
@@ -371,10 +308,8 @@ apparmor_start() {
return 1
fi
- configure_owlsm
-
# if there is anything in the profiles file don't load
- if ! read line < "$SFS_MOUNTPOINT/profiles"; then
+ if ! read -r line < "$SFS_MOUNTPOINT/profiles"; then
parse_profiles load
else
aa_log_skipped_msg ": already loaded with profiles."
@@ -386,7 +321,7 @@ apparmor_start() {
remove_profiles() {
- # removing profiles as we directly read from subdomainfs
+ # removing profiles as we directly read from apparmorfs
# doesn't work, since we are removing entries which screws up
# our position. Lets hope there are never enough profiles to
# overflow the variable
@@ -400,7 +335,7 @@ remove_profiles() {
return 1
fi
- if [ ! -x "${PARSER}" ] ; then
+ if [ ! -x "$PARSER" ] ; then
aa_log_failure_msg "Unable to execute AppArmor parser"
return 1
fi
@@ -410,14 +345,14 @@ remove_profiles() {
# the children
sed -e "s/ (\(enforce\|complain\))$//" "$SFS_MOUNTPOINT/profiles" | \
LC_COLLATE=C sort | grep -v // | {
- while read profile ; do
- echo -n "$profile" > "$SFS_MOUNTPOINT/.remove"
+ while read -r profile ; do
+ printf "%s" "$profile" > "$SFS_MOUNTPOINT/.remove"
rc=$?
- if [ ${rc} -ne 0 ] ; then
- retval=${rc}
+ if [ "$rc" -ne 0 ] ; then
+ retval=$rc
fi
done
- return ${retval}
+ return "$retval"
}
}
@@ -425,30 +360,18 @@ apparmor_stop() {
aa_log_daemon_msg "Unloading AppArmor profiles "
remove_profiles
rc=$?
- aa_log_end_msg $rc
- return $rc
+ aa_log_end_msg "$rc"
+ return "$rc"
}
apparmor_kill() {
- aa_log_daemon_msg "Unloading AppArmor modules "
if ! is_apparmor_loaded ; then
aa_log_failure_msg "AppArmor module is not loaded"
return 1
fi
- unmount_subdomainfs
- if is_apparmor_present apparmor ; then
- MODULE=apparmor
- elif is_apparmor_present subdomain ; then
- MODULE=subdomain
- else
- aa_log_failure_msg "AppArmor is builtin"
- return 1
- fi
- /sbin/modprobe -qr $MODULE
- rc=$?
- aa_log_end_msg $rc
- return $rc
+ aa_log_failure_msg "apparmor_kill() is no longer supported because AppArmor can't be built as a module"
+ return 1
}
__apparmor_restart() {
@@ -459,19 +382,18 @@ __apparmor_restart() {
aa_log_daemon_msg "Restarting AppArmor"
- configure_owlsm
parse_profiles reload
rc=$?
- aa_log_end_msg $rc
- return $rc
+ aa_log_end_msg "$rc"
+ return "$rc"
}
apparmor_restart() {
if ! is_apparmor_loaded ; then
apparmor_start
rc=$?
- return $rc
+ return "$rc"
fi
__apparmor_restart
@@ -487,25 +409,9 @@ apparmor_try_restart() {
return $?
}
-configure_owlsm () {
- if [ "${SUBDOMAIN_ENABLE_OWLSM}" = "yes" -a -f ${SFS_MOUNTPOINT}/control/owlsm ] ; then
- # Sigh, the "sh -c" is necessary for the SuSE aa_action
- # and it can't be abstracted out as a seperate function, as
- # that breaks under RedHat's action, which needs a
- # binary to invoke.
- aa_action "Enabling OWLSM extension" sh -c "echo -n \"1\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
- elif [ -f "${SFS_MOUNTPOINT}/control/owlsm" ] ; then
- aa_action "Disabling OWLSM extension" sh -c "echo -n \"0\" > \"${SFS_MOUNTPOINT}/control/owlsm\""
- fi
-}
-
apparmor_status () {
- if test -x ${AA_STATUS} ; then
- ${AA_STATUS} --verbose
- return $?
- fi
- if test -x ${SD_STATUS} ; then
- ${SD_STATUS} --verbose
+ if test -x "$AA_STATUS" ; then
+ "$AA_STATUS" --verbose
return $?
fi
if ! is_apparmor_loaded ; then
@@ -516,7 +422,7 @@ apparmor_status () {
rc=0
fi
echo "Install the apparmor-utils package to receive more detailed"
- echo "status information here (or examine ${SFS_MOUNTPOINT} directly)."
+ echo "status information here (or examine $SFS_MOUNTPOINT directly)."
- return $rc
+ return "$rc"
}
diff --git a/parser/rc.apparmor.slackware b/parser/rc.apparmor.slackware
index 0b474dac3fcb609233524b123a7bdfbcb1c4349b..64a527eddfa96042dcc7bea747ba28cf5c524281 100644
--- a/parser/rc.apparmor.slackware
+++ b/parser/rc.apparmor.slackware
@@ -53,6 +53,26 @@ aa_log_skipped_msg() {
echo ": Skipped."
}
+aa_log_action_start()
+{
+ echo "$@"
+}
+
+aa_log_action_end()
+{
+ printf ""
+}
+
+aa_log_daemon_msg()
+{
+ echo "$@"
+}
+
+aa_log_end_msg()
+{
+ printf ""
+}
+
usage() {
echo "Usage: $0 {start|stop|restart|try-restart|reload|force-reload|status|kill}"
}
diff --git a/parser/rule.cc b/parser/rule.cc
index 425c1be8a2c4736b13403a37c63937893bba23d9..d30fef28dd7423c9a588022ca2b1efc36e24c2e7 100644
--- a/parser/rule.cc
+++ b/parser/rule.cc
@@ -16,8 +16,16 @@
* Ltd.
*/
#include "rule.h"
+#include "parser.h"
+#include <iostream>
std::ostream &operator<<(std::ostream &os, rule_t &rule)
{
return rule.dump(os);
};
+
+/* do we want to warn once/profile or just once per compile?? */
+void rule_t::warn_once(const char *name, const char *msg)
+{
+ common_warn_once(name, msg, &warned_name);
+}
diff --git a/parser/rule.h b/parser/rule.h
index dcf9c7e2d7092cc9d6f5bdbe360c78ed42475c41..73e0175af8d26aa8b08c7e1eb8d8c33233dbee76 100644
--- a/parser/rule.h
+++ b/parser/rule.h
@@ -38,6 +38,13 @@ public:
virtual int expand_variables(void) = 0;
virtual int gen_policy_re(Profile &prof) = 0;
virtual void post_process(Profile &prof) = 0;
+
+protected:
+ const char *warned_name = NULL;
+ virtual void warn_once(const char *name, const char *msg);
+ virtual void warn_once(const char *name) = 0;
+
+
};
std::ostream &operator<<(std::ostream &os, rule_t &rule);
diff --git a/parser/signal.cc b/parser/signal.cc
index c823871d569db08ef75b27951575e6dcbfedbe27..a91ff23b6ef5fa0a885bc43f79ea1840469687b1 100644
--- a/parser/signal.cc
+++ b/parser/signal.cc
@@ -22,7 +22,6 @@
#include <iomanip>
#include <string>
-#include <iostream>
#include <sstream>
#include <map>
@@ -236,20 +235,9 @@ int signal_rule::expand_variables(void)
return expand_entry_variables(&peer_label);
}
-/* do we want to warn once/profile or just once per compile?? */
-static void warn_once(const char *name)
+void signal_rule::warn_once(const char *name)
{
- static const char *warned_name = NULL;
-
- if ((warnflags & WARN_RULE_NOT_ENFORCED) && warned_name != name) {
- cerr << "Warning from profile " << name << " (";
- if (current_filename)
- cerr << current_filename;
- else
- cerr << "stdin";
- cerr << ") signal rules not enforced\n";
- warned_name = name;
- }
+ rule_t::warn_once(name, "signal rules not enforced");
}
int signal_rule::gen_policy_re(Profile &prof)
@@ -264,7 +252,7 @@ int signal_rule::gen_policy_re(Profile &prof)
* it. We may want to switch this so that a compile could be
* used for full support on kernels that don't support the feature
*/
- if (!kernel_supports_signal) {
+ if (!features_supports_signal) {
warn_once(prof.name);
return RULE_NOT_SUPPORTED;
}
diff --git a/parser/signal.h b/parser/signal.h
index f79a3d02f3d7856a077242c60325616781d36714..b73aeb68a138de8db92626bf3bf72c2a1171907c 100644
--- a/parser/signal.h
+++ b/parser/signal.h
@@ -53,6 +53,9 @@ public:
virtual int expand_variables(void);
virtual int gen_policy_re(Profile &prof);
virtual void post_process(Profile &prof unused) { };
+
+protected:
+ virtual void warn_once(const char *name) override;
};
#endif /* __AA_SIGNAL_H */
diff --git a/parser/subdomain.conf b/parser/subdomain.conf
deleted file mode 100644
index 20e7cab91ae5e46b2ba50459755fdef60d785665..0000000000000000000000000000000000000000
--- a/parser/subdomain.conf
+++ /dev/null
@@ -1,53 +0,0 @@
-# subdomain.conf is a shared AppArmor configuration file that is sh sourcable.
-
-################## AppArmor init.d configuration ################
-
-# Move this to /etc/sysconfig/apparmor eventually
-## Path: System/AppArmor
-## Description: Enable the OWLSM extension to AppArmor
-## Type: yesno
-## Default: no
-#
-# Enable OWLSM extension to AppArmor?
-# OWLSM is an extension to AppArmor that prevents processes from
-# following symlinks they don't own and creating hardlinks to files they
-# don't own, in an attempt to prevent /tmp race attacks. However, OWLSM
-# can break some applications, so is disabled by default.
-SUBDOMAIN_ENABLE_OWLSM="no"
-
-## Path: System/AppArmor
-## Description: Enable the AppArmor event daemon for reporting
-## Type: yesno
-## Default: no
-#
-# Enable the AppArmor event daemon for reporting?
-APPARMOR_ENABLE_AAEVENTD="no"
-
-#SUBDOMAIN_MODULE_PANIC=XXX
-#This option controls how subdomain behaves when the init script attempts
-#to load the AppArmor module and fails. There are 4 options
-#warn - log a failure message. (default behavior)
-#build - attempt to build the AppArmor module is the module can't be loaded.
-# If successful
-# the module will be built for the running kernel and loaded.
-# If the build fails
-# a failure message is logged
-#panic - If the AppArmor module fails to load
-# a failure message will be logged
-# and the machine will drop to runlevel 1 (single user)
-#build-panic - If the AppArmor module fails to load
-# attempt to build the module
-# If building the module fails
-# panic (drop to runlevel 1)
-
-#SUBDOMAIN_MODULE_PANIC=warn
-
-################## subdomain_parser configuration ################
-
-#SUBDOMAIN_PATH=XXXX
-#This option specifies the include path that the subdomain_parser will
-#use by default. If no entry is specified /etc/subdomain.d is used by
-#default.
-
-#SUBDOMAIN_PATH=/etc/subdomain.d
-
diff --git a/parser/subdomain.conf.5.html b/parser/subdomain.conf.5.html
deleted file mode 100644
index d4b2ce8ea08fb7861ff9b6580886eeacd2d06fbd..0000000000000000000000000000000000000000
--- a/parser/subdomain.conf.5.html
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title></title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a>
- <ul>
- <li><a href="#SUBDOMAIN_PATH">SUBDOMAIN_PATH</a></li>
- <li><a href="#SUBDOMAIN_MODULE_PANIC">SUBDOMAIN_MODULE_PANIC</a></li>
- </ul>
- </li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>/etc/apparmor/subdomain.conf - configuration file for fine-tuning the behavior of the AppArmor security tool.</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p>The AppArmor security tool can be configured to have certain default behaviors based on configuration options set in subdomain.conf. There are two variables that can be set in subdomain.conf: <b>SUBDOMAIN_PATH</b>, and <b>SUBDOMAIN_MODULE_PANIC</b>.</p>
-
-<h2 id="SUBDOMAIN_PATH">SUBDOMAIN_PATH</h2>
-
-<p>This variable accepts a string (path), and is by default set to '/etc/apparmor.d/' This variable defines where the AppArmor security tool looks for its policy definitions (a.k.a. AppArmor profiles).</p>
-
-<h2 id="SUBDOMAIN_MODULE_PANIC">SUBDOMAIN_MODULE_PANIC</h2>
-
-<p>This variable accepts a string that is one of four values: <i>warn</i>, <i>build</i>, <i>panic</i>, or <i>build-panic</i>, and is set by default to <i>warn</i>.</p>
-
-<p>This setting controls the behavior of the AppArmor initscript if it cannot successfully load the AppArmor kernel module on startup. The four possible settings are:</p>
-
-<dl>
-
-<dt id="warn"><i>warn</i></dt>
-<dd>
-
-<p>Log a failure message (the default behavior).</p>
-
-</dd>
-<dt id="build"><i>build</i></dt>
-<dd>
-
-<p>Attempt to build the AppArmor module against the currently running kernel. If the compilation is successful, the module will be loaded and AppArmor started; if the compilation fails, a failure message is logged.</p>
-
-</dd>
-<dt id="panic"><i>panic</i></dt>
-<dd>
-
-<p>Log a failure message and drop to runlevel 1 (single user).</p>
-
-</dd>
-<dt id="build-panic"><i>build-panic</i></dt>
-<dd>
-
-<p>Attempt to build the module against the running kernel (like <i>build</i>) and if the compilation fails, drop to runlevel 1 (single user).</p>
-
-</dd>
-</dl>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p>Setting the initscript to recompile the module will fail on SUSE, as the module source is no longer installed by default. However, the module has been included with the SUSE kernel, so no rebuilding should be necessary.</p>
-
-<p>If you find any additional bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor_parser(8), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/parser/subdomain.conf.pod b/parser/subdomain.conf.pod
deleted file mode 100644
index b38f7488cb29918b66d742cb0ca9e783a125fceb..0000000000000000000000000000000000000000
--- a/parser/subdomain.conf.pod
+++ /dev/null
@@ -1,104 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (c) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
-# 2008, 2009
-# NOVELL (All rights reserved)
-#
-# Copyright (c) 2010 - 2012
-# Canonical Ltd. (All rights reserved)
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, contact Novell, Inc.
-# ----------------------------------------------------------------------
-
-
-=pod
-
-=head1 NAME
-
-/etc/apparmor/subdomain.conf - configuration file for fine-tuning the
-behavior of the AppArmor security tool.
-
-=head1 DESCRIPTION
-
-The AppArmor security tool can be configured to have
-certain default behaviors based on configuration options set
-in subdomain.conf. There are two variables that can be set in
-subdomain.conf: B<SUBDOMAIN_PATH>, and B<SUBDOMAIN_MODULE_PANIC>.
-
-=begin comment
-
-FIXME keep quiet about OWLSM support for now.
-
-=head2 SUBDOMAIN_ENABLE_OWLSM
-
-This veriable is a yes/no toggle and is by default set to I<no>.
-
-This variable determines whether the AppArmor initscript will enable
-or disable the OWLsm security extension to AppArmor when the AppArmor
-security tool is started. When enabled the OWLsm feature prevents programs
-from following symlinks in temporary directories that are not owned by
-the program's UID, and prevents processes from creating hardlinks to
-files not owned by their UID.
-
-=end comment
-
-=head2 SUBDOMAIN_PATH
-
-This variable accepts a string (path), and is by default set to
-'/etc/apparmor.d/' This variable defines where the AppArmor security
-tool looks for its policy definitions (a.k.a. AppArmor profiles).
-
-=head2 SUBDOMAIN_MODULE_PANIC
-
-This variable accepts a string that is one of four values: I<warn>,
-I<build>, I<panic>, or I<build-panic>, and is set by default to I<warn>.
-
-This setting controls the behavior of the AppArmor initscript if it
-cannot successfully load the AppArmor kernel module on startup. The four
-possible settings are:
-
-=over 4
-
-=item I<warn>
-
-Log a failure message (the default behavior).
-
-=item I<build>
-
-Attempt to build the AppArmor module against the currently running
-kernel. If the compilation is successful, the module will be loaded and
-AppArmor started; if the compilation fails, a failure message is logged.
-
-=item I<panic>
-
-Log a failure message and drop to runlevel 1 (single user).
-
-=item I<build-panic>
-
-Attempt to build the module against the running kernel (like I<build>)
-and if the compilation fails, drop to runlevel 1 (single user).
-
-=back
-
-=head1 BUGS
-
-Setting the initscript to recompile the module will fail on SUSE, as the
-module source is no longer installed by default. However, the module has
-been included with the SUSE kernel, so no rebuilding should be necessary.
-
-If you find any additional bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
-
-=head1 SEE ALSO
-
-apparmor(7), apparmor_parser(8), and
-L<https://wiki.apparmor.net>.
diff --git a/parser/techdoc.aux b/parser/techdoc.aux
index 018ca27399db004e086becd5d038f5b10169ff0b..6ac81354f5d4793cffa10e1d01decb857d6a4f81 100644
--- a/parser/techdoc.aux
+++ b/parser/techdoc.aux
@@ -17,49 +17,50 @@
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\citation{apparmor}
-\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{section.1}}
-\@writefile{toc}{\contentsline {section}{\numberline {2}Overview}{2}{section.2}}
+\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{section.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {2}Overview}{2}{section.2}\protected@file@percent }
\newlabel{sec:overview}{{2}{2}{Overview}{section.2}{}}
-\@writefile{toc}{\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}}
+\@writefile{toc}{\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}\protected@file@percent }
\newlabel{sec:model}{{3}{3}{The AppArmor Security Model}{section.3}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}\protected@file@percent }
\citation{ols06-pai}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}}
-\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces File Access Permissions in Profiles}}{7}{table.1}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}\protected@file@percent }
+\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces File Access Permissions in Profiles}}{7}{table.1}\protected@file@percent }
\newlabel{tab:permissions}{{1}{7}{File Access Permissions in Profiles}{table.1}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}\protected@file@percent }
\newlabel{sec:permissions}{{3.8}{7}{Profile Permissions}{subsection.3.8}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}\protected@file@percent }
\newlabel{sec:secure-exec}{{3.14}{9}{Secure Execution}{subsection.3.14}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}\protected@file@percent }
\newlabel{sec:merging}{{3.15}{10}{Exec Mode Merging in Profiles, Exact Matches}{subsection.3.15}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}\protected@file@percent }
\citation{dragon86}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}\protected@file@percent }
\newlabel{sec:association}{{3.19}{11}{Association of Profiles with Processes}{subsection.3.19}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}}
-\@writefile{toc}{\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}\protected@file@percent }
\newlabel{sec:walk-through}{{4}{12}{AppArmor Walk-Through}{section.4}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}}
-\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Globbing in File Access Rules. Alternation counts as an exact match in file access rules; all others count as wildcards (see Section\nobreakspace {}\ref {sec:merging}).}}{14}{table.2}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}\protected@file@percent }
+\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Globbing in File Access Rules. Alternation counts as an exact match in file access rules; all others count as wildcards (see Section\nobreakspace {}\ref {sec:merging}).}}{14}{table.2}\protected@file@percent }
\newlabel{tab:globbing}{{2}{14}{Globbing in File Access Rules. Alternation counts as an exact match in file access rules; all others count as wildcards (see Section~\ref {sec:merging})}{table.2}{}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}}
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}}
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}\protected@file@percent }
\bibcite{apparmor}{1}
\bibcite{ols06-pai}{2}
\bibcite{dragon86}{3}
+\gdef \@abspage@last{20}
diff --git a/parser/techdoc.log b/parser/techdoc.log
index 7f694c72ca2eda575a0b74b3d9d1414f174437ad..a9ee78c1b6edb2c039c25498299b044000f68bc0 100644
--- a/parser/techdoc.log
+++ b/parser/techdoc.log
@@ -1,471 +1,186 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.18 (TeX Live 2017/Debian) (preloaded format=pdflatex 2019.10.4) 7 DEC 2020 03:29
+This is pdfTeX, Version 3.141592653-2.6-1.40.22 (TeX Live 2022/dev/Debian) (preloaded format=pdflatex 2022.7.2) 21 NOV 2022 16:55
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
-**\def\fixedpdfdate{20201207112744+0000}\input techdoc.tex
-(./techdoc.tex (/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
-Document Class: article 2014/09/29 v1.4h Standard LaTeX document class
+**\def\fixedpdfdate{20221122005432+0000}\input techdoc.tex
+ (./techdoc.tex
+(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
+Document Class: article 2021/10/04 v1.4n Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size10.clo
-File: size10.clo 2014/09/29 v1.4h Standard LaTeX file (size option)
-)
-\c@part=\count79
-\c@section=\count80
-\c@subsection=\count81
-\c@subsubsection=\count82
-\c@paragraph=\count83
-\c@subparagraph=\count84
-\c@figure=\count85
-\c@table=\count86
-\abovecaptionskip=\skip41
-\belowcaptionskip=\skip42
-\bibindent=\dimen102
+File: size10.clo 2021/10/04 v1.4n Standard LaTeX file (size option)
+)
+\c@part=\count185
+\c@section=\count186
+\c@subsection=\count187
+\c@subsubsection=\count188
+\c@paragraph=\count189
+\c@subparagraph=\count190
+\c@figure=\count191
+\c@table=\count192
+\abovecaptionskip=\skip47
+\belowcaptionskip=\skip48
+\bibindent=\dimen138
)
(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
-Package: inputenc 2015/03/17 v1.2c Input encoding file
-\inpenc@prehook=\toks14
-\inpenc@posthook=\toks15
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/utf8.def
-File: utf8.def 2017/01/28 v1.1t UTF-8 support for inputenc
-Now handling font encoding OML ...
-... no UTF-8 mapping file for font encoding OML
-Now handling font encoding T1 ...
-... processing UTF-8 mapping file for font encoding T1
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/t1enc.dfu
-File: t1enc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
- defining Unicode char U+00A0 (decimal 160)
- defining Unicode char U+00A1 (decimal 161)
- defining Unicode char U+00A3 (decimal 163)
- defining Unicode char U+00AB (decimal 171)
- defining Unicode char U+00AD (decimal 173)
- defining Unicode char U+00BB (decimal 187)
- defining Unicode char U+00BF (decimal 191)
- defining Unicode char U+00C0 (decimal 192)
- defining Unicode char U+00C1 (decimal 193)
- defining Unicode char U+00C2 (decimal 194)
- defining Unicode char U+00C3 (decimal 195)
- defining Unicode char U+00C4 (decimal 196)
- defining Unicode char U+00C5 (decimal 197)
- defining Unicode char U+00C6 (decimal 198)
- defining Unicode char U+00C7 (decimal 199)
- defining Unicode char U+00C8 (decimal 200)
- defining Unicode char U+00C9 (decimal 201)
- defining Unicode char U+00CA (decimal 202)
- defining Unicode char U+00CB (decimal 203)
- defining Unicode char U+00CC (decimal 204)
- defining Unicode char U+00CD (decimal 205)
- defining Unicode char U+00CE (decimal 206)
- defining Unicode char U+00CF (decimal 207)
- defining Unicode char U+00D0 (decimal 208)
- defining Unicode char U+00D1 (decimal 209)
- defining Unicode char U+00D2 (decimal 210)
- defining Unicode char U+00D3 (decimal 211)
- defining Unicode char U+00D4 (decimal 212)
- defining Unicode char U+00D5 (decimal 213)
- defining Unicode char U+00D6 (decimal 214)
- defining Unicode char U+00D8 (decimal 216)
- defining Unicode char U+00D9 (decimal 217)
- defining Unicode char U+00DA (decimal 218)
- defining Unicode char U+00DB (decimal 219)
- defining Unicode char U+00DC (decimal 220)
- defining Unicode char U+00DD (decimal 221)
- defining Unicode char U+00DE (decimal 222)
- defining Unicode char U+00DF (decimal 223)
- defining Unicode char U+00E0 (decimal 224)
- defining Unicode char U+00E1 (decimal 225)
- defining Unicode char U+00E2 (decimal 226)
- defining Unicode char U+00E3 (decimal 227)
- defining Unicode char U+00E4 (decimal 228)
- defining Unicode char U+00E5 (decimal 229)
- defining Unicode char U+00E6 (decimal 230)
- defining Unicode char U+00E7 (decimal 231)
- defining Unicode char U+00E8 (decimal 232)
- defining Unicode char U+00E9 (decimal 233)
- defining Unicode char U+00EA (decimal 234)
- defining Unicode char U+00EB (decimal 235)
- defining Unicode char U+00EC (decimal 236)
- defining Unicode char U+00ED (decimal 237)
- defining Unicode char U+00EE (decimal 238)
- defining Unicode char U+00EF (decimal 239)
- defining Unicode char U+00F0 (decimal 240)
- defining Unicode char U+00F1 (decimal 241)
- defining Unicode char U+00F2 (decimal 242)
- defining Unicode char U+00F3 (decimal 243)
- defining Unicode char U+00F4 (decimal 244)
- defining Unicode char U+00F5 (decimal 245)
- defining Unicode char U+00F6 (decimal 246)
- defining Unicode char U+00F8 (decimal 248)
- defining Unicode char U+00F9 (decimal 249)
- defining Unicode char U+00FA (decimal 250)
- defining Unicode char U+00FB (decimal 251)
- defining Unicode char U+00FC (decimal 252)
- defining Unicode char U+00FD (decimal 253)
- defining Unicode char U+00FE (decimal 254)
- defining Unicode char U+00FF (decimal 255)
- defining Unicode char U+0100 (decimal 256)
- defining Unicode char U+0101 (decimal 257)
- defining Unicode char U+0102 (decimal 258)
- defining Unicode char U+0103 (decimal 259)
- defining Unicode char U+0104 (decimal 260)
- defining Unicode char U+0105 (decimal 261)
- defining Unicode char U+0106 (decimal 262)
- defining Unicode char U+0107 (decimal 263)
- defining Unicode char U+0108 (decimal 264)
- defining Unicode char U+0109 (decimal 265)
- defining Unicode char U+010A (decimal 266)
- defining Unicode char U+010B (decimal 267)
- defining Unicode char U+010C (decimal 268)
- defining Unicode char U+010D (decimal 269)
- defining Unicode char U+010E (decimal 270)
- defining Unicode char U+010F (decimal 271)
- defining Unicode char U+0110 (decimal 272)
- defining Unicode char U+0111 (decimal 273)
- defining Unicode char U+0112 (decimal 274)
- defining Unicode char U+0113 (decimal 275)
- defining Unicode char U+0114 (decimal 276)
- defining Unicode char U+0115 (decimal 277)
- defining Unicode char U+0116 (decimal 278)
- defining Unicode char U+0117 (decimal 279)
- defining Unicode char U+0118 (decimal 280)
- defining Unicode char U+0119 (decimal 281)
- defining Unicode char U+011A (decimal 282)
- defining Unicode char U+011B (decimal 283)
- defining Unicode char U+011C (decimal 284)
- defining Unicode char U+011D (decimal 285)
- defining Unicode char U+011E (decimal 286)
- defining Unicode char U+011F (decimal 287)
- defining Unicode char U+0120 (decimal 288)
- defining Unicode char U+0121 (decimal 289)
- defining Unicode char U+0122 (decimal 290)
- defining Unicode char U+0123 (decimal 291)
- defining Unicode char U+0124 (decimal 292)
- defining Unicode char U+0125 (decimal 293)
- defining Unicode char U+0128 (decimal 296)
- defining Unicode char U+0129 (decimal 297)
- defining Unicode char U+012A (decimal 298)
- defining Unicode char U+012B (decimal 299)
- defining Unicode char U+012C (decimal 300)
- defining Unicode char U+012D (decimal 301)
- defining Unicode char U+012E (decimal 302)
- defining Unicode char U+012F (decimal 303)
- defining Unicode char U+0130 (decimal 304)
- defining Unicode char U+0131 (decimal 305)
- defining Unicode char U+0132 (decimal 306)
- defining Unicode char U+0133 (decimal 307)
- defining Unicode char U+0134 (decimal 308)
- defining Unicode char U+0135 (decimal 309)
- defining Unicode char U+0136 (decimal 310)
- defining Unicode char U+0137 (decimal 311)
- defining Unicode char U+0139 (decimal 313)
- defining Unicode char U+013A (decimal 314)
- defining Unicode char U+013B (decimal 315)
- defining Unicode char U+013C (decimal 316)
- defining Unicode char U+013D (decimal 317)
- defining Unicode char U+013E (decimal 318)
- defining Unicode char U+0141 (decimal 321)
- defining Unicode char U+0142 (decimal 322)
- defining Unicode char U+0143 (decimal 323)
- defining Unicode char U+0144 (decimal 324)
- defining Unicode char U+0145 (decimal 325)
- defining Unicode char U+0146 (decimal 326)
- defining Unicode char U+0147 (decimal 327)
- defining Unicode char U+0148 (decimal 328)
- defining Unicode char U+014A (decimal 330)
- defining Unicode char U+014B (decimal 331)
- defining Unicode char U+014C (decimal 332)
- defining Unicode char U+014D (decimal 333)
- defining Unicode char U+014E (decimal 334)
- defining Unicode char U+014F (decimal 335)
- defining Unicode char U+0150 (decimal 336)
- defining Unicode char U+0151 (decimal 337)
- defining Unicode char U+0152 (decimal 338)
- defining Unicode char U+0153 (decimal 339)
- defining Unicode char U+0154 (decimal 340)
- defining Unicode char U+0155 (decimal 341)
- defining Unicode char U+0156 (decimal 342)
- defining Unicode char U+0157 (decimal 343)
- defining Unicode char U+0158 (decimal 344)
- defining Unicode char U+0159 (decimal 345)
- defining Unicode char U+015A (decimal 346)
- defining Unicode char U+015B (decimal 347)
- defining Unicode char U+015C (decimal 348)
- defining Unicode char U+015D (decimal 349)
- defining Unicode char U+015E (decimal 350)
- defining Unicode char U+015F (decimal 351)
- defining Unicode char U+0160 (decimal 352)
- defining Unicode char U+0161 (decimal 353)
- defining Unicode char U+0162 (decimal 354)
- defining Unicode char U+0163 (decimal 355)
- defining Unicode char U+0164 (decimal 356)
- defining Unicode char U+0165 (decimal 357)
- defining Unicode char U+0168 (decimal 360)
- defining Unicode char U+0169 (decimal 361)
- defining Unicode char U+016A (decimal 362)
- defining Unicode char U+016B (decimal 363)
- defining Unicode char U+016C (decimal 364)
- defining Unicode char U+016D (decimal 365)
- defining Unicode char U+016E (decimal 366)
- defining Unicode char U+016F (decimal 367)
- defining Unicode char U+0170 (decimal 368)
- defining Unicode char U+0171 (decimal 369)
- defining Unicode char U+0172 (decimal 370)
- defining Unicode char U+0173 (decimal 371)
- defining Unicode char U+0174 (decimal 372)
- defining Unicode char U+0175 (decimal 373)
- defining Unicode char U+0176 (decimal 374)
- defining Unicode char U+0177 (decimal 375)
- defining Unicode char U+0178 (decimal 376)
- defining Unicode char U+0179 (decimal 377)
- defining Unicode char U+017A (decimal 378)
- defining Unicode char U+017B (decimal 379)
- defining Unicode char U+017C (decimal 380)
- defining Unicode char U+017D (decimal 381)
- defining Unicode char U+017E (decimal 382)
- defining Unicode char U+01CD (decimal 461)
- defining Unicode char U+01CE (decimal 462)
- defining Unicode char U+01CF (decimal 463)
- defining Unicode char U+01D0 (decimal 464)
- defining Unicode char U+01D1 (decimal 465)
- defining Unicode char U+01D2 (decimal 466)
- defining Unicode char U+01D3 (decimal 467)
- defining Unicode char U+01D4 (decimal 468)
- defining Unicode char U+01E2 (decimal 482)
- defining Unicode char U+01E3 (decimal 483)
- defining Unicode char U+01E6 (decimal 486)
- defining Unicode char U+01E7 (decimal 487)
- defining Unicode char U+01E8 (decimal 488)
- defining Unicode char U+01E9 (decimal 489)
- defining Unicode char U+01EA (decimal 490)
- defining Unicode char U+01EB (decimal 491)
- defining Unicode char U+01F0 (decimal 496)
- defining Unicode char U+01F4 (decimal 500)
- defining Unicode char U+01F5 (decimal 501)
- defining Unicode char U+0218 (decimal 536)
- defining Unicode char U+0219 (decimal 537)
- defining Unicode char U+021A (decimal 538)
- defining Unicode char U+021B (decimal 539)
- defining Unicode char U+0232 (decimal 562)
- defining Unicode char U+0233 (decimal 563)
- defining Unicode char U+1E02 (decimal 7682)
- defining Unicode char U+1E03 (decimal 7683)
- defining Unicode char U+200C (decimal 8204)
- defining Unicode char U+2010 (decimal 8208)
- defining Unicode char U+2011 (decimal 8209)
- defining Unicode char U+2012 (decimal 8210)
- defining Unicode char U+2013 (decimal 8211)
- defining Unicode char U+2014 (decimal 8212)
- defining Unicode char U+2015 (decimal 8213)
- defining Unicode char U+2018 (decimal 8216)
- defining Unicode char U+2019 (decimal 8217)
- defining Unicode char U+201A (decimal 8218)
- defining Unicode char U+201C (decimal 8220)
- defining Unicode char U+201D (decimal 8221)
- defining Unicode char U+201E (decimal 8222)
- defining Unicode char U+2030 (decimal 8240)
- defining Unicode char U+2031 (decimal 8241)
- defining Unicode char U+2039 (decimal 8249)
- defining Unicode char U+203A (decimal 8250)
- defining Unicode char U+2423 (decimal 9251)
- defining Unicode char U+1E20 (decimal 7712)
- defining Unicode char U+1E21 (decimal 7713)
-)
-Now handling font encoding OT1 ...
-... processing UTF-8 mapping file for font encoding OT1
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/ot1enc.dfu
-File: ot1enc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
- defining Unicode char U+00A0 (decimal 160)
- defining Unicode char U+00A1 (decimal 161)
- defining Unicode char U+00A3 (decimal 163)
- defining Unicode char U+00AD (decimal 173)
- defining Unicode char U+00B8 (decimal 184)
- defining Unicode char U+00BF (decimal 191)
- defining Unicode char U+00C5 (decimal 197)
- defining Unicode char U+00C6 (decimal 198)
- defining Unicode char U+00D8 (decimal 216)
- defining Unicode char U+00DF (decimal 223)
- defining Unicode char U+00E6 (decimal 230)
- defining Unicode char U+00EC (decimal 236)
- defining Unicode char U+00ED (decimal 237)
- defining Unicode char U+00EE (decimal 238)
- defining Unicode char U+00EF (decimal 239)
- defining Unicode char U+00F8 (decimal 248)
- defining Unicode char U+0131 (decimal 305)
- defining Unicode char U+0141 (decimal 321)
- defining Unicode char U+0142 (decimal 322)
- defining Unicode char U+0152 (decimal 338)
- defining Unicode char U+0153 (decimal 339)
- defining Unicode char U+0174 (decimal 372)
- defining Unicode char U+0175 (decimal 373)
- defining Unicode char U+0176 (decimal 374)
- defining Unicode char U+0177 (decimal 375)
- defining Unicode char U+0218 (decimal 536)
- defining Unicode char U+0219 (decimal 537)
- defining Unicode char U+021A (decimal 538)
- defining Unicode char U+021B (decimal 539)
- defining Unicode char U+2013 (decimal 8211)
- defining Unicode char U+2014 (decimal 8212)
- defining Unicode char U+2018 (decimal 8216)
- defining Unicode char U+2019 (decimal 8217)
- defining Unicode char U+201C (decimal 8220)
- defining Unicode char U+201D (decimal 8221)
-)
-Now handling font encoding OMS ...
-... processing UTF-8 mapping file for font encoding OMS
-
-(/usr/share/texlive/texmf-dist/tex/latex/base/omsenc.dfu
-File: omsenc.dfu 2017/01/28 v1.1t UTF-8 support for inputenc
- defining Unicode char U+00A7 (decimal 167)
- defining Unicode char U+00B6 (decimal 182)
- defining Unicode char U+00B7 (decimal 183)
- defining Unicode char U+2020 (decimal 8224)
- defining Unicode char U+2021 (decimal 8225)
- defining Unicode char U+2022 (decimal 8226)
-)
-Now handling font encoding OMX ...
-... no UTF-8 mapping file for font encoding OMX
-Now handling font encoding U ...
-... no UTF-8 mapping file for font encoding U
- defining Unicode char U+00A9 (decimal 169)
- defining Unicode char U+00AA (decimal 170)
- defining Unicode char U+00AE (decimal 174)
- defining Unicode char U+00BA (decimal 186)
- defining Unicode char U+02C6 (decimal 710)
- defining Unicode char U+02DC (decimal 732)
- defining Unicode char U+200C (decimal 8204)
- defining Unicode char U+2026 (decimal 8230)
- defining Unicode char U+2122 (decimal 8482)
- defining Unicode char U+2423 (decimal 9251)
-))
+Package: inputenc 2021/02/14 v1.3d Input encoding file
+\inpenc@prehook=\toks16
+\inpenc@posthook=\toks17
+)
(/usr/share/texlive/texmf-dist/tex/latex/url/url.sty
-\Urlmuskip=\muskip10
+\Urlmuskip=\muskip16
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
)
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref.sty
-Package: hyperref 2018/02/06 v6.86b Hypertext links for LaTeX
-
-(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/hobsub-hyperref.sty
-Package: hobsub-hyperref 2016/05/16 v1.14 Bundle oberdiek, subset hyperref (HO)
+Package: hyperref 2021-06-07 v7.00m Hypertext links for LaTeX
+(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
+Package: ltxcmds 2020-05-10 v1.25 LaTeX kernel commands for general use (HO)
+)
+(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty
+Package: iftex 2020/03/06 v1.0d TeX engine tests
+)
+(/usr/share/texlive/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
+Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
+)
-(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/hobsub-generic.sty
-Package: hobsub-generic 2016/05/16 v1.14 Bundle oberdiek, subset generic (HO)
-Package: hobsub 2016/05/16 v1.14 Construct package bundles (HO)
-Package: infwarerr 2016/05/16 v1.4 Providing info/warning/error messages (HO)
-Package: ltxcmds 2016/05/16 v1.23 LaTeX kernel commands for general use (HO)
-Package: ifluatex 2016/05/16 v1.4 Provides the ifluatex switch (HO)
-Package ifluatex Info: LuaTeX not detected.
-Package: ifvtex 2016/05/16 v1.6 Detect VTeX and its facilities (HO)
-Package ifvtex Info: VTeX not detected.
-Package: intcalc 2016/05/16 v1.2 Expandable calculations with integers (HO)
-Package: ifpdf 2017/03/15 v3.2 Provides the ifpdf switch
-Package: etexcmds 2016/05/16 v1.6 Avoid name clashes with e-TeX commands (HO)
-Package etexcmds Info: Could not find \expanded.
-(etexcmds) That can mean that you are not using pdfTeX 1.50 or
-(etexcmds) that some package has redefined \expanded.
-(etexcmds) In the latter case, load this package earlier.
-Package: kvsetkeys 2016/05/16 v1.17 Key value parser (HO)
-Package: kvdefinekeys 2016/05/16 v1.4 Define keys (HO)
-Package: pdftexcmds 2018/01/21 v0.26 Utility functions of pdfTeX for LuaTeX (HO
-)
-Package pdftexcmds Info: LuaTeX not detected.
+(/usr/share/texlive/texmf-dist/tex/generic/infwarerr/infwarerr.sty
+Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
+)
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
-Package: pdfescape 2016/05/16 v1.14 Implements pdfTeX's escape features (HO)
-Package: bigintcalc 2016/05/16 v1.4 Expandable calculations on big integers (HO
-)
-Package: bitset 2016/05/16 v1.2 Handle bit-vector datatype (HO)
-Package: uniquecounter 2016/05/16 v1.3 Provide unlimited unique counter (HO)
-)
-Package hobsub Info: Skipping package `hobsub' (already loaded).
-Package: letltxmacro 2016/05/16 v1.5 Let assignment for LaTeX macros (HO)
-Package: hopatch 2016/05/16 v1.3 Wrapper for package hooks (HO)
-Package: xcolor-patch 2016/05/16 xcolor patch
-Package: atveryend 2016/05/16 v1.9 Hooks at the very end of document (HO)
-Package atveryend Info: \enddocument detected (standard20110627).
-Package: atbegshi 2016/06/09 v1.18 At begin shipout hook (HO)
-Package: refcount 2016/05/16 v3.5 Data extraction from label references (HO)
-Package: hycolor 2016/05/16 v1.8 Color options for hyperref/bookmark (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2014/10/28 v1.15 key=value parser (DPC)
-\KV@toks@=\toks16
+\KV@toks@=\toks18
+)
+(/usr/share/texlive/texmf-dist/tex/generic/kvsetkeys/kvsetkeys.sty
+Package: kvsetkeys 2019/12/15 v1.18 Key value parser (HO)
+)
+(/usr/share/texlive/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
+Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
+)
+(/usr/share/texlive/texmf-dist/tex/generic/pdfescape/pdfescape.sty
+Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
)
-(/usr/share/texlive/texmf-dist/tex/generic/ifxetex/ifxetex.sty
-Package: ifxetex 2010/09/12 v0.6 Provides ifxetex conditional
+(/usr/share/texlive/texmf-dist/tex/latex/hycolor/hycolor.sty
+Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
)
-(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/auxhook.sty
-Package: auxhook 2016/05/16 v1.4 Hooks for auxiliary files (HO)
+(/usr/share/texlive/texmf-dist/tex/latex/letltxmacro/letltxmacro.sty
+Package: letltxmacro 2019/12/03 v1.6 Let assignment for LaTeX macros (HO)
)
-(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/kvoptions.sty
-Package: kvoptions 2016/05/16 v3.12 Key value format for package options (HO)
+(/usr/share/texlive/texmf-dist/tex/latex/auxhook/auxhook.sty
+Package: auxhook 2019-12-17 v1.6 Hooks for auxiliary files (HO)
)
-\@linkdim=\dimen103
-\Hy@linkcounter=\count87
-\Hy@pagecounter=\count88
+(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty
+Package: kvoptions 2020-10-07 v3.14 Key value format for package options (HO)
+)
+\@linkdim=\dimen139
+\Hy@linkcounter=\count193
+\Hy@pagecounter=\count194
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/pd1enc.def
-File: pd1enc.def 2018/02/06 v6.86b Hyperref: PDFDocEncoding definition (HO)
+File: pd1enc.def 2021-06-07 v7.00m Hyperref: PDFDocEncoding definition (HO)
Now handling font encoding PD1 ...
... no UTF-8 mapping file for font encoding PD1
)
-\Hy@SavedSpaceFactor=\count89
+(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref-langpatches.def
+File: hyperref-langpatches.def 2021-06-07 v7.00m Hyperref: patches for babel la
+nguages
+)
+(/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty
+Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
+)
+(/usr/share/texlive/texmf-dist/tex/generic/etexcmds/etexcmds.sty
+Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
+)
+\Hy@SavedSpaceFactor=\count195
-(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/hyperref.cfg
-File: hyperref.cfg 2002/06/06 v1.2 hyperref configuration of TeXLive
-)
-Package hyperref Info: Hyper figures OFF on input line 4509.
-Package hyperref Info: Link nesting OFF on input line 4514.
-Package hyperref Info: Hyper index ON on input line 4517.
-Package hyperref Info: Plain pages OFF on input line 4524.
-Package hyperref Info: Backreferencing OFF on input line 4529.
+(/usr/share/texlive/texmf-dist/tex/latex/hyperref/puenc.def
+File: puenc.def 2021-06-07 v7.00m Hyperref: PDF Unicode definition (HO)
+Now handling font encoding PU ...
+... no UTF-8 mapping file for font encoding PU
+)
+Package hyperref Info: Hyper figures OFF on input line 4192.
+Package hyperref Info: Link nesting OFF on input line 4197.
+Package hyperref Info: Hyper index ON on input line 4200.
+Package hyperref Info: Plain pages OFF on input line 4207.
+Package hyperref Info: Backreferencing OFF on input line 4212.
Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
-Package hyperref Info: Bookmarks ON on input line 4762.
-\c@Hy@tempcnt=\count90
-LaTeX Info: Redefining \url on input line 5115.
-\XeTeXLinkMargin=\dimen104
-\Fld@menulength=\count91
-\Field@Width=\dimen105
-\Fld@charsize=\dimen106
-Package hyperref Info: Hyper figures OFF on input line 6369.
-Package hyperref Info: Link nesting OFF on input line 6374.
-Package hyperref Info: Hyper index ON on input line 6377.
-Package hyperref Info: backreferencing OFF on input line 6384.
-Package hyperref Info: Link coloring OFF on input line 6389.
-Package hyperref Info: Link coloring with OCG OFF on input line 6394.
-Package hyperref Info: PDF/A mode OFF on input line 6399.
-LaTeX Info: Redefining \ref on input line 6439.
-LaTeX Info: Redefining \pageref on input line 6443.
-\Hy@abspage=\count92
-\c@Item=\count93
-\c@Hfootnote=\count94
+Package hyperref Info: Bookmarks ON on input line 4445.
+\c@Hy@tempcnt=\count196
+LaTeX Info: Redefining \url on input line 4804.
+\XeTeXLinkMargin=\dimen140
+
+(/usr/share/texlive/texmf-dist/tex/generic/bitset/bitset.sty
+Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
+
+(/usr/share/texlive/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
+Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
+)
+))
+\Fld@menulength=\count197
+\Field@Width=\dimen141
+\Fld@charsize=\dimen142
+Package hyperref Info: Hyper figures OFF on input line 6076.
+Package hyperref Info: Link nesting OFF on input line 6081.
+Package hyperref Info: Hyper index ON on input line 6084.
+Package hyperref Info: backreferencing OFF on input line 6091.
+Package hyperref Info: Link coloring OFF on input line 6096.
+Package hyperref Info: Link coloring with OCG OFF on input line 6101.
+Package hyperref Info: PDF/A mode OFF on input line 6106.
+LaTeX Info: Redefining \ref on input line 6146.
+LaTeX Info: Redefining \pageref on input line 6150.
+
+(/usr/share/texlive/texmf-dist/tex/latex/base/atbegshi-ltx.sty
+Package: atbegshi-ltx 2021/01/10 v1.0c Emulation of the original atbegshi
+package with kernel methods
+)
+\Hy@abspage=\count198
+\c@Item=\count199
+\c@Hfootnote=\count266
)
Package hyperref Info: Driver: hpdftex.
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hpdftex.def
-File: hpdftex.def 2018/02/06 v6.86b Hyperref driver for pdfTeX
-\Fld@listcount=\count95
-\c@bookmark@seq@number=\count96
+File: hpdftex.def 2021-06-07 v7.00m Hyperref driver for pdfTeX
+
+(/usr/share/texlive/texmf-dist/tex/latex/base/atveryend-ltx.sty
+Package: atveryend-ltx 2020/08/19 v1.0a Emulation of the original atveryend pac
+kage
+with kernel methods
+)
+\Fld@listcount=\count267
+\c@bookmark@seq@number=\count268
-(/usr/share/texlive/texmf-dist/tex/latex/oberdiek/rerunfilecheck.sty
-Package: rerunfilecheck 2016/05/16 v1.8 Rerun checks for auxiliary files (HO)
+(/usr/share/texlive/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
+Package: rerunfilecheck 2019/12/05 v1.9 Rerun checks for auxiliary files (HO)
+
+(/usr/share/texlive/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
+Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
+)
Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
-82.
+86.
)
-\Hy@SectionHShift=\skip43
+\Hy@SectionHShift=\skip49
+)
+(/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
+File: l3backend-pdftex.def 2022-01-12 L3 backend support: PDF output (pdfTeX)
+\l__color_backend_stack_int=\count269
+\l__pdf_internal_box=\box50
)
(./techdoc.aux)
\openout1 = `techdoc.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 31.
LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 31.
+LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
-LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 31.
+LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 31.
+LaTeX Font Info: ... okay on input line 31.
+LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
@@ -473,15 +188,19 @@ LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 31.
LaTeX Font Info: ... okay on input line 31.
-\AtBeginShipoutBox=\box26
+LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 31.
+LaTeX Font Info: ... okay on input line 31.
Package hyperref Info: Link coloring OFF on input line 31.
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty
-Package: nameref 2016/05/21 v2.44 Cross-referencing by name of section
+Package: nameref 2021-04-02 v2.47 Cross-referencing by name of section
-(/usr/share/texlive/texmf-dist/tex/generic/oberdiek/gettitlestring.sty
-Package: gettitlestring 2016/05/16 v1.5 Cleanup title references (HO)
+(/usr/share/texlive/texmf-dist/tex/latex/refcount/refcount.sty
+Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
+)
+(/usr/share/texlive/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
+Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
)
-\c@section@level=\count97
+\c@section@level=\count270
)
LaTeX Info: Redefining \ref on input line 31.
LaTeX Info: Redefining \pageref on input line 31.
@@ -510,11 +229,11 @@ LaTeX Font Info: External font `cmex10' loaded for size
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}] [2] [3] [4] [5] [6] [7] [8
] [9] [10] [11] [12] [13]
-LaTeX Font Info: Try loading font information for OMS+cmr on input line 889.
-
+LaTeX Font Info: Trying to load font information for OMS+cmr on input line 8
+89.
(/usr/share/texlive/texmf-dist/tex/latex/base/omscmr.fd
-File: omscmr.fd 2014/09/29 v2.5h Standard LaTeX font definitions
+File: omscmr.fd 2019/12/16 v2.5j Standard LaTeX font definitions
)
LaTeX Font Info: Font shape `OMS/cmr/m/n' in size <10> not available
(Font) Font shape `OMS/cmsy/m/n' tried instead on input line 889.
@@ -525,25 +244,18 @@ Underfull \hbox (badness 1253) in paragraph at lines 1283--1285
w . novell . com / documentation /
[]
-Package atveryend Info: Empty hook `BeforeClearDocument' on input line 1302.
-[20]
-Package atveryend Info: Empty hook `AfterLastShipout' on input line 1302.
- (./techdoc.aux)
-Package atveryend Info: Executing hook `AtVeryEndDocument' on input line 1302.
-Package atveryend Info: Executing hook `AtEndAfterFileList' on input line 1302.
-
+[20] (./techdoc.aux)
Package rerunfilecheck Info: File `techdoc.out' has not changed.
-(rerunfilecheck) Checksum: 58F88F585BA9D4AF6AE29A9D5F8D557A;2172.
-Package atveryend Info: Empty hook `AtVeryVeryEnd' on input line 1302.
+(rerunfilecheck) Checksum: 7B3A8936EC7F2583BFC5DDA92F97A4A2;5538.
)
Here is how much of TeX's memory you used:
- 4686 strings out of 494847
- 67961 string characters out of 6179080
- 150399 words of memory out of 5000000
- 7944 multiletter control sequences out of 15000+600000
- 9521 words of font info for 35 fonts, out of 8000000 for 9000
- 61 hyphenation exceptions out of 8191
- 28i,8n,28p,336b,483s stack positions out of 5000i,500n,10000p,200000b,80000s
+ 7473 strings out of 480247
+ 118156 string characters out of 5896152
+ 416357 words of memory out of 5000000
+ 25296 multiletter control sequences out of 15000+600000
+ 475140 words of font info for 49 fonts, out of 8000000 for 9000
+ 16 hyphenation exceptions out of 8191
+ 60i,8n,63p,416b,507s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/shar
e/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx8.pfb></usr/share/texli
@@ -558,9 +270,9 @@ cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmti10
/usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt12.pfb></usr/s
hare/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt8.pfb></usr/share/te
xlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt9.pfb>
-Output written on techdoc.pdf (20 pages, 235502 bytes).
+Output written on techdoc.pdf (20 pages, 248501 bytes).
PDF statistics:
- 360 PDF objects out of 1000 (max. 8388607)
+ 375 PDF objects out of 1000 (max. 8388607)
318 compressed objects within 4 object streams
60 named destinations out of 1000 (max. 500000)
241 words of extra memory for PDF output out of 10000 (max. 10000000)
diff --git a/parser/techdoc.out b/parser/techdoc.out
index 4e155ad34f2011a7c08d01f0e9957b353aa5b39f..c95c05ffb0a38ffe6c5aec010ae78bee085a55ef 100644
--- a/parser/techdoc.out
+++ b/parser/techdoc.out
@@ -1,30 +1,30 @@
-\BOOKMARK [1][-]{section.1}{Introduction}{}% 1
-\BOOKMARK [1][-]{section.2}{Overview}{}% 2
-\BOOKMARK [1][-]{section.3}{The AppArmor Security Model}{}% 3
-\BOOKMARK [2][-]{subsection.3.1}{Symbolic Links}{section.3}% 4
-\BOOKMARK [2][-]{subsection.3.2}{Namespaces}{section.3}% 5
-\BOOKMARK [2][-]{subsection.3.3}{Disconnected Files and Pseudo File Systems}{section.3}% 6
-\BOOKMARK [2][-]{subsection.3.4}{Mount}{section.3}% 7
-\BOOKMARK [2][-]{subsection.3.5}{The Kernel NFS Daemon}{section.3}% 8
-\BOOKMARK [2][-]{subsection.3.6}{Why are the computed pathnames meaningful?}{section.3}% 9
-\BOOKMARK [2][-]{subsection.3.7}{Path Permission Checking}{section.3}% 10
-\BOOKMARK [2][-]{subsection.3.8}{Profile Permissions}{section.3}% 11
-\BOOKMARK [2][-]{subsection.3.9}{System Calls Taking File Handles, At System Calls}{section.3}% 12
-\BOOKMARK [2][-]{subsection.3.10}{File Descriptor Passing and Revalidation}{section.3}% 13
-\BOOKMARK [2][-]{subsection.3.11}{Deleted Files}{section.3}% 14
-\BOOKMARK [2][-]{subsection.3.12}{The access System Call}{section.3}% 15
-\BOOKMARK [2][-]{subsection.3.13}{The ptrace System Call}{section.3}% 16
-\BOOKMARK [2][-]{subsection.3.14}{Secure Execution}{section.3}% 17
-\BOOKMARK [2][-]{subsection.3.15}{Exec Mode Merging in Profiles, Exact Matches}{section.3}% 18
-\BOOKMARK [2][-]{subsection.3.16}{Capabilities}{section.3}% 19
-\BOOKMARK [2][-]{subsection.3.17}{The sysctl System Call and /proc/sys}{section.3}% 20
-\BOOKMARK [2][-]{subsection.3.18}{Subprofiles aka. Hats}{section.3}% 21
-\BOOKMARK [2][-]{subsection.3.19}{Association of Profiles with Processes}{section.3}% 22
-\BOOKMARK [2][-]{subsection.3.20}{Profile Loading, Replacement, and Removal}{section.3}% 23
-\BOOKMARK [1][-]{section.4}{AppArmor Walk-Through}{}% 24
-\BOOKMARK [2][-]{subsection.4.1}{Kernel Patches and Configuration}{section.4}% 25
-\BOOKMARK [2][-]{subsection.4.2}{The securityfs file system}{section.4}% 26
-\BOOKMARK [2][-]{subsection.4.3}{Profile Loading}{section.4}% 27
-\BOOKMARK [2][-]{subsection.4.4}{Anatomy of a Profile}{section.4}% 28
-\BOOKMARK [2][-]{subsection.4.5}{Logging}{section.4}% 29
-\BOOKMARK [2][-]{subsection.4.6}{Generating Profiles By Hand}{section.4}% 30
+\BOOKMARK [1][-]{section.1}{\376\377\000I\000n\000t\000r\000o\000d\000u\000c\000t\000i\000o\000n}{}% 1
+\BOOKMARK [1][-]{section.2}{\376\377\000O\000v\000e\000r\000v\000i\000e\000w}{}% 2
+\BOOKMARK [1][-]{section.3}{\376\377\000T\000h\000e\000\040\000A\000p\000p\000A\000r\000m\000o\000r\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000M\000o\000d\000e\000l}{}% 3
+\BOOKMARK [2][-]{subsection.3.1}{\376\377\000S\000y\000m\000b\000o\000l\000i\000c\000\040\000L\000i\000n\000k\000s}{section.3}% 4
+\BOOKMARK [2][-]{subsection.3.2}{\376\377\000N\000a\000m\000e\000s\000p\000a\000c\000e\000s}{section.3}% 5
+\BOOKMARK [2][-]{subsection.3.3}{\376\377\000D\000i\000s\000c\000o\000n\000n\000e\000c\000t\000e\000d\000\040\000F\000i\000l\000e\000s\000\040\000a\000n\000d\000\040\000P\000s\000e\000u\000d\000o\000\040\000F\000i\000l\000e\000\040\000S\000y\000s\000t\000e\000m\000s}{section.3}% 6
+\BOOKMARK [2][-]{subsection.3.4}{\376\377\000M\000o\000u\000n\000t}{section.3}% 7
+\BOOKMARK [2][-]{subsection.3.5}{\376\377\000T\000h\000e\000\040\000K\000e\000r\000n\000e\000l\000\040\000N\000F\000S\000\040\000D\000a\000e\000m\000o\000n}{section.3}% 8
+\BOOKMARK [2][-]{subsection.3.6}{\376\377\000W\000h\000y\000\040\000a\000r\000e\000\040\000t\000h\000e\000\040\000c\000o\000m\000p\000u\000t\000e\000d\000\040\000p\000a\000t\000h\000n\000a\000m\000e\000s\000\040\000m\000e\000a\000n\000i\000n\000g\000f\000u\000l\000?}{section.3}% 9
+\BOOKMARK [2][-]{subsection.3.7}{\376\377\000P\000a\000t\000h\000\040\000P\000e\000r\000m\000i\000s\000s\000i\000o\000n\000\040\000C\000h\000e\000c\000k\000i\000n\000g}{section.3}% 10
+\BOOKMARK [2][-]{subsection.3.8}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000P\000e\000r\000m\000i\000s\000s\000i\000o\000n\000s}{section.3}% 11
+\BOOKMARK [2][-]{subsection.3.9}{\376\377\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000s\000\040\000T\000a\000k\000i\000n\000g\000\040\000F\000i\000l\000e\000\040\000H\000a\000n\000d\000l\000e\000s\000,\000\040\000A\000t\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000s}{section.3}% 12
+\BOOKMARK [2][-]{subsection.3.10}{\376\377\000F\000i\000l\000e\000\040\000D\000e\000s\000c\000r\000i\000p\000t\000o\000r\000\040\000P\000a\000s\000s\000i\000n\000g\000\040\000a\000n\000d\000\040\000R\000e\000v\000a\000l\000i\000d\000a\000t\000i\000o\000n}{section.3}% 13
+\BOOKMARK [2][-]{subsection.3.11}{\376\377\000D\000e\000l\000e\000t\000e\000d\000\040\000F\000i\000l\000e\000s}{section.3}% 14
+\BOOKMARK [2][-]{subsection.3.12}{\376\377\000T\000h\000e\000\040\000a\000c\000c\000e\000s\000s\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l}{section.3}% 15
+\BOOKMARK [2][-]{subsection.3.13}{\376\377\000T\000h\000e\000\040\000p\000t\000r\000a\000c\000e\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l}{section.3}% 16
+\BOOKMARK [2][-]{subsection.3.14}{\376\377\000S\000e\000c\000u\000r\000e\000\040\000E\000x\000e\000c\000u\000t\000i\000o\000n}{section.3}% 17
+\BOOKMARK [2][-]{subsection.3.15}{\376\377\000E\000x\000e\000c\000\040\000M\000o\000d\000e\000\040\000M\000e\000r\000g\000i\000n\000g\000\040\000i\000n\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000,\000\040\000E\000x\000a\000c\000t\000\040\000M\000a\000t\000c\000h\000e\000s}{section.3}% 18
+\BOOKMARK [2][-]{subsection.3.16}{\376\377\000C\000a\000p\000a\000b\000i\000l\000i\000t\000i\000e\000s}{section.3}% 19
+\BOOKMARK [2][-]{subsection.3.17}{\376\377\000T\000h\000e\000\040\000s\000y\000s\000c\000t\000l\000\040\000S\000y\000s\000t\000e\000m\000\040\000C\000a\000l\000l\000\040\000a\000n\000d\000\040\000/\000p\000r\000o\000c\000/\000s\000y\000s}{section.3}% 20
+\BOOKMARK [2][-]{subsection.3.18}{\376\377\000S\000u\000b\000p\000r\000o\000f\000i\000l\000e\000s\000\040\000a\000k\000a\000.\000\040\000H\000a\000t\000s}{section.3}% 21
+\BOOKMARK [2][-]{subsection.3.19}{\376\377\000A\000s\000s\000o\000c\000i\000a\000t\000i\000o\000n\000\040\000o\000f\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000\040\000w\000i\000t\000h\000\040\000P\000r\000o\000c\000e\000s\000s\000e\000s}{section.3}% 22
+\BOOKMARK [2][-]{subsection.3.20}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000L\000o\000a\000d\000i\000n\000g\000,\000\040\000R\000e\000p\000l\000a\000c\000e\000m\000e\000n\000t\000,\000\040\000a\000n\000d\000\040\000R\000e\000m\000o\000v\000a\000l}{section.3}% 23
+\BOOKMARK [1][-]{section.4}{\376\377\000A\000p\000p\000A\000r\000m\000o\000r\000\040\000W\000a\000l\000k\000-\000T\000h\000r\000o\000u\000g\000h}{}% 24
+\BOOKMARK [2][-]{subsection.4.1}{\376\377\000K\000e\000r\000n\000e\000l\000\040\000P\000a\000t\000c\000h\000e\000s\000\040\000a\000n\000d\000\040\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n}{section.4}% 25
+\BOOKMARK [2][-]{subsection.4.2}{\376\377\000T\000h\000e\000\040\000s\000e\000c\000u\000r\000i\000t\000y\000f\000s\000\040\000f\000i\000l\000e\000\040\000s\000y\000s\000t\000e\000m}{section.4}% 26
+\BOOKMARK [2][-]{subsection.4.3}{\376\377\000P\000r\000o\000f\000i\000l\000e\000\040\000L\000o\000a\000d\000i\000n\000g}{section.4}% 27
+\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000n\000a\000t\000o\000m\000y\000\040\000o\000f\000\040\000a\000\040\000P\000r\000o\000f\000i\000l\000e}{section.4}% 28
+\BOOKMARK [2][-]{subsection.4.5}{\376\377\000L\000o\000g\000g\000i\000n\000g}{section.4}% 29
+\BOOKMARK [2][-]{subsection.4.6}{\376\377\000G\000e\000n\000e\000r\000a\000t\000i\000n\000g\000\040\000P\000r\000o\000f\000i\000l\000e\000s\000\040\000B\000y\000\040\000H\000a\000n\000d}{section.4}% 30
diff --git a/parser/techdoc.pdf b/parser/techdoc.pdf
index d1deb9746ef12d4382500ec75bea9b99d20d8ed0..c8bee638fa4a59bcb153bec9ba6cb8027db69fe2 100644
Binary files a/parser/techdoc.pdf and b/parser/techdoc.pdf differ
diff --git a/parser/techdoc.toc b/parser/techdoc.toc
index f0bfdb57b93e9477f97926532e40da40a842905a..92ef38e368bfda1a488ce17e21bd6ee3a64aa9e2 100644
--- a/parser/techdoc.toc
+++ b/parser/techdoc.toc
@@ -1,30 +1,30 @@
-\contentsline {section}{\numberline {1}Introduction}{2}{section.1}
-\contentsline {section}{\numberline {2}Overview}{2}{section.2}
-\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}
-\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}
-\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}
-\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}
-\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}
-\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}
-\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}
-\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}
-\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}
-\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}
-\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}
-\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}
-\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}
-\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}
-\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}
-\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}
-\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}
-\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}
-\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}
-\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}
-\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}
-\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}
-\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}
-\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}
-\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}
-\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}
-\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}
-\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}
+\contentsline {section}{\numberline {1}Introduction}{2}{section.1}%
+\contentsline {section}{\numberline {2}Overview}{2}{section.2}%
+\contentsline {section}{\numberline {3}The AppArmor Security Model}{3}{section.3}%
+\contentsline {subsection}{\numberline {3.1}Symbolic Links}{3}{subsection.3.1}%
+\contentsline {subsection}{\numberline {3.2}Namespaces}{4}{subsection.3.2}%
+\contentsline {subsection}{\numberline {3.3}Disconnected Files and Pseudo File Systems}{4}{subsection.3.3}%
+\contentsline {subsection}{\numberline {3.4}Mount}{5}{subsection.3.4}%
+\contentsline {subsection}{\numberline {3.5}The Kernel NFS Daemon}{5}{subsection.3.5}%
+\contentsline {subsection}{\numberline {3.6}Why are the computed pathnames meaningful?}{5}{subsection.3.6}%
+\contentsline {subsection}{\numberline {3.7}Path Permission Checking}{6}{subsection.3.7}%
+\contentsline {subsection}{\numberline {3.8}Profile Permissions}{7}{subsection.3.8}%
+\contentsline {subsection}{\numberline {3.9}System Calls Taking File Handles, At System Calls}{8}{subsection.3.9}%
+\contentsline {subsection}{\numberline {3.10}File Descriptor Passing and Revalidation}{8}{subsection.3.10}%
+\contentsline {subsection}{\numberline {3.11}Deleted Files}{8}{subsection.3.11}%
+\contentsline {subsection}{\numberline {3.12}The access System Call}{9}{subsection.3.12}%
+\contentsline {subsection}{\numberline {3.13}The ptrace System Call}{9}{subsection.3.13}%
+\contentsline {subsection}{\numberline {3.14}Secure Execution}{9}{subsection.3.14}%
+\contentsline {subsection}{\numberline {3.15}Exec Mode Merging in Profiles, Exact Matches}{10}{subsection.3.15}%
+\contentsline {subsection}{\numberline {3.16}Capabilities}{10}{subsection.3.16}%
+\contentsline {subsection}{\numberline {3.17}The sysctl System Call and /proc/sys}{10}{subsection.3.17}%
+\contentsline {subsection}{\numberline {3.18}Subprofiles aka. Hats}{10}{subsection.3.18}%
+\contentsline {subsection}{\numberline {3.19}Association of Profiles with Processes}{11}{subsection.3.19}%
+\contentsline {subsection}{\numberline {3.20}Profile Loading, Replacement, and Removal}{11}{subsection.3.20}%
+\contentsline {section}{\numberline {4}AppArmor Walk-Through}{12}{section.4}%
+\contentsline {subsection}{\numberline {4.1}Kernel Patches and Configuration}{12}{subsection.4.1}%
+\contentsline {subsection}{\numberline {4.2}The securityfs file system}{13}{subsection.4.2}%
+\contentsline {subsection}{\numberline {4.3}Profile Loading}{13}{subsection.4.3}%
+\contentsline {subsection}{\numberline {4.4}Anatomy of a Profile}{13}{subsection.4.4}%
+\contentsline {subsection}{\numberline {4.5}Logging}{15}{subsection.4.5}%
+\contentsline {subsection}{\numberline {4.6}Generating Profiles By Hand}{15}{subsection.4.6}%
diff --git a/parser/tst/Makefile b/parser/tst/Makefile
index be0ddf668afa2e7b908b69d7731db7a5d8605629..e1bc3fffb6f04c11f31bc587defc0089c128caf6 100644
--- a/parser/tst/Makefile
+++ b/parser/tst/Makefile
@@ -6,7 +6,7 @@ PARSER_BIN=apparmor_parser
PARSER=$(PARSER_DIR)/$(PARSER_BIN)
# parser.conf to use in tests. Note that some test scripts have the parser options hardcoded, so passing PARSER_ARGS=... is not enough to override it.
PARSER_ARGS=--config-file=./parser.conf
-PROVE_ARG=-f
+PROVE_ARG=-f --directives
ifeq ($(VERBOSE),1)
PROVE_ARG+=-v
@@ -17,8 +17,8 @@ endif
all: tests
-.PHONY: tests error_output gen_dbus gen_xtrans parser_sanity caching minimize equality valgrind
-tests: error_output caching minimize equality parser_sanity
+.PHONY: tests error_output gen_dbus gen_xtrans parser_sanity caching minimize equality dirtest valgrind
+tests: error_output caching minimize equality dirtest parser_sanity
GEN_TRANS_DIRS=simple_tests/generated_x/ simple_tests/generated_perms_leading/ simple_tests/generated_perms_safe/ simple_tests/generated_dbus
@@ -32,16 +32,7 @@ gen_dbus: $(GEN_TRANS_DIRS)
./gen-dbus.pl
error_output: $(PARSER)
- LANG=C $(PARSER) $(PARSER_ARGS) -S -I errors >/dev/null errors/okay.sd
- LANG=C $(PARSER) $(PARSER_ARGS) -S -I errors 2>&1 >/dev/null errors/single.sd | \
- grep -q "AppArmor parser error for errors/single.sd in errors/single.sd at line 3: Could not open 'failure'"
- LANG=C $(PARSER) $(PARSER_ARGS) -S -I errors 2>&1 >/dev/null errors/double.sd | \
- grep -q "AppArmor parser error for errors/double.sd in errors/includes/busted at line 66: Could not open 'does-not-exist'"
- LANG=C $(PARSER) $(PARSER_ARGS) -S -I errors 2>&1 >/dev/null errors/modefail.sd | \
- grep -q "AppArmor parser error for errors/modefail.sd in errors/modefail.sd at line 6: syntax error"
- LANG=C $(PARSER) $(PARSER_ARGS) -S -I errors 2>&1 >/dev/null errors/multi_include.sd | \
- grep -q "AppArmor parser error for errors/multi_include.sd in errors/multi_include.sd at line 12: Could not open 'failure'"
- @echo "Error Output: PASS"
+ LANG=C ./errors.py -p "$(PARSER)" $(PYTEST_ARG)
parser_sanity: $(PARSER) gen_xtrans gen_dbus
$(Q)LANG=C APPARMOR_PARSER="$(PARSER)" ${PROVE} ${PROVE_ARG} ${TESTS}
@@ -55,6 +46,9 @@ minimize: $(PARSER)
equality: $(PARSER)
LANG=C APPARMOR_PARSER="$(PARSER) $(PARSER_ARGS)" ./equality.sh
+dirtest: $(PARSER)
+ LANG=C APPARMOR_PARSER="$(PARSER) $(PARSER_ARGS)" ./dirtest.sh
+
valgrind: $(PARSER) gen_xtrans gen_dbus
LANG=C ./valgrind_simple.py -p "$(PARSER) $(PARSER_ARGS)" -v simple_tests
diff --git a/parser/tst/caching.py b/parser/tst/caching.py
index ad8a1be0ffc33137203ddc7806d57350d9cdff8b..72e73e4e38e9508132cd6a631d1e22fa585d11c0 100755
--- a/parser/tst/caching.py
+++ b/parser/tst/caching.py
@@ -140,7 +140,7 @@ class AAParserCachingCommon(testlib.AATestTemplate):
self.assertEqual(expected_output, features,
"features contents differ, expected:\n%s\nresult:\n%s" % (expected_output, features))
else:
- self.assertNotEquals(expected_output, features,
+ self.assertNotEqual(expected_output, features,
"features contents equal, expected:\n%s\nresult:\n%s" % (expected_output, features))
@@ -369,7 +369,7 @@ class AAParserCachingTests(AAParserCachingCommon):
# We check sizes here rather than whether the string monkey is
# in cache_contents because of the difficulty coercing cache
# file bytes into strings in python3
- self.assertNotEquals(orig_stat.st_size, stat.st_size, 'Expected cache file to be updated, size is not changed.')
+ self.assertNotEqual(orig_stat.st_size, stat.st_size, 'Expected cache file to be updated, size is not changed.')
self.assertEqual(os.stat(self.profile).st_mtime, stat.st_mtime)
def test_cache_writing_clears_all_files(self):
@@ -456,7 +456,7 @@ class AAParserCachingTests(AAParserCachingCommon):
self.run_cmd_check(cmd, expected_string='Replacement succeeded for')
stat = os.stat(self.cache_file)
- self.assertNotEquals(orig_stat.st_ino, stat.st_ino)
+ self.assertNotEqual(orig_stat.st_ino, stat.st_ino)
self._assertTimeStampEquals(profile_mtime, stat.st_mtime)
def test_abstraction_newer_rewrites_cache(self):
@@ -473,7 +473,7 @@ class AAParserCachingTests(AAParserCachingCommon):
self.run_cmd_check(cmd, expected_string='Replacement succeeded for')
stat = os.stat(self.cache_file)
- self.assertNotEquals(orig_stat.st_ino, stat.st_ino)
+ self.assertNotEqual(orig_stat.st_ino, stat.st_ino)
self._assertTimeStampEquals(abstraction_mtime, stat.st_mtime)
def test_parser_newer_uses_cache(self):
diff --git a/parser/tst/dirtest.sh b/parser/tst/dirtest.sh
new file mode 100755
index 0000000000000000000000000000000000000000..95c1083712f69f3231ca01a98dba077451f83a3d
--- /dev/null
+++ b/parser/tst/dirtest.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Copyright (c) 2022
+# Canonical, Ltd. (All rights reserved)
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact Canonical Ltd.
+#
+
+# simple test to ensure dir is being iterated as expected
+# yes this needs to be improved and reworked
+
+
+# passed in by Makefile
+#APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
+
+
+do_tst() {
+ local msg="$1"
+ local expected="$2"
+ local rc=0
+ shift 2
+ #global tmpdir
+
+ ${APPARMOR_PARSER} "$@" > "$tmpdir/out.unsorted" 2>/dev/null
+ rc=$?
+ LC_ALL=C sort "$tmpdir/out.unsorted" > "$tmpdir/out"
+ if [ $rc -ne 0 ] && [ "$expected" != "fail" ] ; then
+ echo "failed: expected \"$expected\" but parser returned error"
+ return 1
+ fi
+ if [ $rc -eq 0 ] && [ "$expected" = "fail" ] ; then
+ echo "succeeded unexpectedly: expected \"$expected\" but parser returned success"
+ return 1
+ fi
+ if ! diff -q "$tmpdir/out" dirtest/dirtest.out ; then
+ echo "failed: expected \"$expected\" but output comparison failed"
+ diff -u dirtest/dirtest.out "$tmpdir/out"
+ return 1
+ fi
+
+ return 0
+}
+
+tmpdir=$(mktemp -d "$tmpdir.XXXXXXXX")
+chmod 755 "$tmpdir"
+export tmpdir
+
+rc=0
+
+# pass - no parser errors and output matches
+# error - parser error and output matches
+# fail - comparison out parser output failed
+do_tst "good dir list" pass -N dirtest/gooddir/ || rc=1
+do_tst "bad link in dir" fail -N dirtest/badlink/ || rc=1
+do_tst "bad profile in dir" fail -N dirtest/badprofile/ || rc=1
+
+rm -rf "$tmpdir"
+
+if [ $rc -eq 0 ] ; then
+ echo "PASS"
+fi
+
+exit $rc
diff --git a/parser/tst/dirtest/badlink/bar b/parser/tst/dirtest/badlink/bar
new file mode 120000
index 0000000000000000000000000000000000000000..19102815663d23f8b75a47e7a01965dcdc96468c
--- /dev/null
+++ b/parser/tst/dirtest/badlink/bar
@@ -0,0 +1 @@
+foo
\ No newline at end of file
diff --git a/parser/tst/dirtest/badlink/good_link b/parser/tst/dirtest/badlink/good_link
new file mode 120000
index 0000000000000000000000000000000000000000..b00b53e5dedfa980147b3bc4bbcc5d69d2aada99
--- /dev/null
+++ b/parser/tst/dirtest/badlink/good_link
@@ -0,0 +1 @@
+../goodtarget
\ No newline at end of file
diff --git a/parser/tst/dirtest/badlink/profileA b/parser/tst/dirtest/badlink/profileA
new file mode 100644
index 0000000000000000000000000000000000000000..6e3c2a75e8e5ea32c321410479c65c8d704c6c08
--- /dev/null
+++ b/parser/tst/dirtest/badlink/profileA
@@ -0,0 +1,2 @@
+profile a_profile {
+}
diff --git a/parser/tst/dirtest/badlink/profileB b/parser/tst/dirtest/badlink/profileB
new file mode 100644
index 0000000000000000000000000000000000000000..0b5565a682c9596dc1b123ef4726f74c08b9e7e2
--- /dev/null
+++ b/parser/tst/dirtest/badlink/profileB
@@ -0,0 +1,2 @@
+profile b_profile {
+}
diff --git a/parser/tst/dirtest/badprofile/bad b/parser/tst/dirtest/badprofile/bad
new file mode 100644
index 0000000000000000000000000000000000000000..cd65ddcb67105e4b0edeea854d6c8aeb360d4d47
--- /dev/null
+++ b/parser/tst/dirtest/badprofile/bad
@@ -0,0 +1,3 @@
+profile bad_profile {
+ file
+}
diff --git a/parser/tst/dirtest/badprofile/good_link b/parser/tst/dirtest/badprofile/good_link
new file mode 120000
index 0000000000000000000000000000000000000000..b00b53e5dedfa980147b3bc4bbcc5d69d2aada99
--- /dev/null
+++ b/parser/tst/dirtest/badprofile/good_link
@@ -0,0 +1 @@
+../goodtarget
\ No newline at end of file
diff --git a/parser/tst/dirtest/badprofile/profileA b/parser/tst/dirtest/badprofile/profileA
new file mode 100644
index 0000000000000000000000000000000000000000..6e3c2a75e8e5ea32c321410479c65c8d704c6c08
--- /dev/null
+++ b/parser/tst/dirtest/badprofile/profileA
@@ -0,0 +1,2 @@
+profile a_profile {
+}
diff --git a/parser/tst/dirtest/badprofile/profileB b/parser/tst/dirtest/badprofile/profileB
new file mode 100644
index 0000000000000000000000000000000000000000..0b5565a682c9596dc1b123ef4726f74c08b9e7e2
--- /dev/null
+++ b/parser/tst/dirtest/badprofile/profileB
@@ -0,0 +1,2 @@
+profile b_profile {
+}
diff --git a/parser/tst/dirtest/dirtest.out b/parser/tst/dirtest/dirtest.out
new file mode 100644
index 0000000000000000000000000000000000000000..5b4cc30aa3cfd684b4954264b43eaadb394b4ba9
--- /dev/null
+++ b/parser/tst/dirtest/dirtest.out
@@ -0,0 +1,3 @@
+a_profile
+b_profile
+good_target
diff --git a/parser/tst/dirtest/gooddir/good_link b/parser/tst/dirtest/gooddir/good_link
new file mode 120000
index 0000000000000000000000000000000000000000..b00b53e5dedfa980147b3bc4bbcc5d69d2aada99
--- /dev/null
+++ b/parser/tst/dirtest/gooddir/good_link
@@ -0,0 +1 @@
+../goodtarget
\ No newline at end of file
diff --git a/parser/tst/dirtest/gooddir/profileA b/parser/tst/dirtest/gooddir/profileA
new file mode 100644
index 0000000000000000000000000000000000000000..6e3c2a75e8e5ea32c321410479c65c8d704c6c08
--- /dev/null
+++ b/parser/tst/dirtest/gooddir/profileA
@@ -0,0 +1,2 @@
+profile a_profile {
+}
diff --git a/parser/tst/dirtest/gooddir/profileB b/parser/tst/dirtest/gooddir/profileB
new file mode 100644
index 0000000000000000000000000000000000000000..0b5565a682c9596dc1b123ef4726f74c08b9e7e2
--- /dev/null
+++ b/parser/tst/dirtest/gooddir/profileB
@@ -0,0 +1,2 @@
+profile b_profile {
+}
diff --git a/parser/tst/dirtest/goodtarget b/parser/tst/dirtest/goodtarget
new file mode 100644
index 0000000000000000000000000000000000000000..04a0e795eaf92ad8c7c69e3a8d061f550feedc87
--- /dev/null
+++ b/parser/tst/dirtest/goodtarget
@@ -0,0 +1,2 @@
+profile good_target {
+}
diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh
index 029eec467374dcf01452fbba45418f86c2e20c79..5c5aa1d5e38c1781d2b3c3199c5a229467cb93ad 100755
--- a/parser/tst/equality.sh
+++ b/parser/tst/equality.sh
@@ -31,7 +31,7 @@ verbose="${VERBOSE:-}"
hash_binary_policy()
{
- printf %s "$1" | ${APPARMOR_PARSER} --features-file ${_SCRIPTDIR}/features_files/features.all -qS 2>/dev/null| md5sum | cut -d ' ' -f 1
+ printf %s "$1" | ${APPARMOR_PARSER} --features-file "${_SCRIPTDIR}/features_files/features.all" -qS 2>/dev/null| md5sum | cut -d ' ' -f 1
return $?
}
@@ -63,8 +63,7 @@ verify_binary()
fi
if [ -n "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
- good_hash=$(hash_binary_policy "$good_profile")
- if [ $? -ne 0 ]
+ if ! good_hash=$(hash_binary_policy "$good_profile")
then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
printf "\nERROR: Error hashing the following \"known-good\" profile:\n%s\n\n" \
@@ -75,8 +74,7 @@ verify_binary()
for profile in "$@"
do
- hash=$(hash_binary_policy "$profile")
- if [ $? -ne 0 ]
+ if ! hash=$(hash_binary_policy "$profile")
then
if [ -z "$verbose" ] ; then printf "Binary %s %s" "$t" "$desc" ; fi
printf "\nERROR: Error hashing the following profile:\n%s\n\n" \
@@ -265,6 +263,24 @@ verify_binary_equality "dbus minimization found in dbus abstractions" \
peer=(name=org.freedesktop.DBus),
dbus send bus=session, }"
+# verify slash filtering for dbus paths.
+verify_binary_equality "dbus slash filtering for paths" \
+ "/t { dbus (send, receive) path=/com/foo, dbus (send, receive) path=/com/bar, }" \
+ "/t { dbus (send, receive) path=/com///foo, dbus (send, receive) path=///com/bar, }" \
+ "/t { dbus (send, receive) path=/com//{foo,bar}, }" \
+ "/t { dbus (send, receive) path={//com/foo,/com//bar}, }" \
+ "@{FOO}=/foo
+ /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com/bar, }" \
+ "@{FOO}=/foo /bar
+ /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=/bar //foo
+ /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=//{bar,foo}
+ /t { dbus (send, receive) path=/com/@{FOO}, }" \
+ "@{FOO}=/foo
+ @{BAR}=bar
+ /t { dbus (send, receive) path=/com/@{FOO}, dbus (send, receive) path=/com//@{BAR}, }"
+
# Rules compatible with audit, deny, and audit deny
# note: change_profile does not support audit/allow/deny atm
for rule in "capability" "capability mac_admin" \
@@ -547,12 +563,90 @@ verify_binary_equality "set rlimit memlock <= 2GB" \
"/t { set rlimit memlock <= 2GB, }" \
"/t { set rlimit memlock <= $((2 * 1024)) MB, }" \
"/t { set rlimit memlock <= $((2 * 1024 * 1024)) KB, }" \
- "/t { set rlimit memlock <= $((2 * 1024 * 1024 * 1024)) , }" \
-
-if [ $fails -ne 0 -o $errors -ne 0 ]
+ "/t { set rlimit memlock <= $((2 * 1024 * 1024 * 1024)) , }"
+
+# Unfortunately we can not just compare an empty profile and hat to a
+# ie. "/t { ^test { /f r, }}"
+# to the second profile with the equivalent rule inserted manually
+# because policy write permission "w" actually expands to mutiple permissions
+# under the hood, and the parser is not adding those permissions
+# to the rules it auto generates
+# So we insert the rule with "append" permissions, and rely on the parser
+# merging permissions of rules.
+# If the parser isn't adding the rules "append" is not equivalent to
+# the "write" permission in the second profile and the test will fail.
+# If the parser is adding the change_hat proc attr rules then the
+# rules should merge and be equivalent.
+verify_binary_equality "change_hat rules automatically inserted"\
+ "/t { owner /proc/[0-9]*/attr/{apparmor/,}current a, ^test { owner /proc/[0-9]*/attr/{apparmor/,}current a, /f r, }}" \
+ "/t { owner /proc/[0-9]*/attr/{apparmor/,}current w, ^test { owner /proc/[0-9]*/attr/{apparmor/,}current w, /f r, }}"
+
+# verify slash filtering for unix socket address paths.
+# see https://bugs.launchpad.net/apparmor/+bug/1856738
+verify_binary_equality "unix rules addr conditional" \
+ "/t { unix bind addr=@/a/bar, }" \
+ "/t { unix bind addr=@/a//bar, }" \
+ "/t { unix bind addr=@//a/bar, }" \
+ "/t { unix bind addr=@/a///bar, }" \
+ "@{HOME}=/a/
+ /t { unix bind addr=@@{HOME}/bar, }" \
+ "@{HOME}=/a/
+ /t { unix bind addr=@//@{HOME}bar, }" \
+ "@{HOME}=/a/
+ /t { unix bind addr=@/@{HOME}/bar, }"
+
+verify_binary_equality "unix rules peer addr conditional" \
+ "/t { unix peer=(addr=@/a/bar), }" \
+ "/t { unix peer=(addr=@/a//bar), }" \
+ "/t { unix peer=(addr=@//a/bar), }" \
+ "/t { unix peer=(addr=@/a///bar), }" \
+ "@{HOME}=/a/
+ /t { unix peer=(addr=@@{HOME}/bar), }" \
+ "@{HOME}=/a/
+ /t { unix peer=(addr=@//@{HOME}bar), }" \
+ "@{HOME}=/a/
+ /t { unix peer=(addr=@/@{HOME}/bar), }"
+
+# verify slash filtering for mount rules
+verify_binary_equality "mount rules slash filtering" \
+ "/t { mount /dev/foo -> /mnt/bar, }" \
+ "/t { mount ///dev/foo -> /mnt/bar, }" \
+ "/t { mount /dev/foo -> /mnt//bar, }" \
+ "/t { mount /dev///foo -> ////mnt/bar, }" \
+ "@{MNT}=/mnt/
+ /t { mount /dev///foo -> @{MNT}/bar, }" \
+ "@{FOO}=/foo
+ /t { mount /dev//@{FOO} -> /mnt/bar, }"
+
+# verify slash filtering for link rules
+verify_binary_equality "link rules slash filtering" \
+ "/t { link /dev/foo -> /mnt/bar, }" \
+ "/t { link ///dev/foo -> /mnt/bar, }" \
+ "/t { link /dev/foo -> /mnt//bar, }" \
+ "/t { link /dev///foo -> ////mnt/bar, }" \
+ "@{BAR}=/mnt/
+ /t { link /dev///foo -> @{BAR}/bar, }" \
+ "@{FOO}=/dev/
+ /t { link @{FOO}//foo -> /mnt/bar, }" \
+ "@{FOO}=/dev/
+ @{BAR}=/mnt/
+ /t { link @{FOO}/foo -> @{BAR}/bar, }"
+
+verify_binary_equality "attachment slash filtering" \
+ "/t /bin/foo { }" \
+ "/t /bin//foo { }" \
+ "@{BAR}=/bin/
+ /t @{BAR}/foo { }" \
+ "@{FOO}=/foo
+ /t /bin/@{FOO} { }" \
+ "@{BAR}=/bin/
+ @{FOO}=/foo
+ /t @{BAR}/@{FOO} { }"
+
+if [ $fails -ne 0 ] || [ $errors -ne 0 ]
then
printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1
- exit $(($fails + $errors))
+ exit $((fails + errors))
fi
[ -z "${verbose}" ] && printf "\n"
diff --git a/parser/tst/errors.py b/parser/tst/errors.py
new file mode 100755
index 0000000000000000000000000000000000000000..e0ed9a62a5c483a009a8ed0340ae05bebce560b1
--- /dev/null
+++ b/parser/tst/errors.py
@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2013-2020 Canonical Ltd.
+# Authors: Steve Beattie <steve.beattie@canonical.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# Simple test script for checking for errors and warnings emitted by
+# the apparmor parser.
+#
+# ------------------------------------------------------------------
+
+from argparse import ArgumentParser
+import os
+import unittest
+import subprocess
+import testlib
+
+config = None
+
+class AAErrorTests(testlib.AATestTemplate):
+ def setUp(self):
+ self.maxDiff = None
+ self.cmd_prefix = [config.parser, '--config-file=./parser.conf', '-S', '-I', 'errors']
+
+ def _run_test(self, profile, message=None, is_error=True):
+ cmd = self.cmd_prefix + [profile]
+
+ (rc, out, outerr) = self._run_cmd(cmd, stdout=subprocess.DEVNULL)
+ report = "\nCommand: %s\nExit value:%s\nSTDERR\n%s" % (" ".join(cmd), rc, outerr)
+ if is_error:
+ self.assertNotEqual(rc, 0, report)
+ else:
+ self.assertEqual(rc, 0, report)
+
+ if message:
+ self.assertIn(message, outerr, report)
+
+ def test_okay(self):
+ self._run_test('errors/okay.sd', is_error=False)
+
+ def test_single(self):
+ self._run_test(
+ 'errors/single.sd',
+ "AppArmor parser error for errors/single.sd in profile errors/single.sd at line 3: Could not open 'failure'",
+ )
+
+ def test_double(self):
+ self._run_test(
+ 'errors/double.sd',
+ "AppArmor parser error for errors/double.sd in profile errors/includes/busted at line 66: Could not open 'does-not-exist'",
+ )
+
+ def test_modefail(self):
+ self._run_test(
+ 'errors/modefail.sd',
+ "AppArmor parser error for errors/modefail.sd in profile errors/modefail.sd at line 6: syntax error, unexpected TOK_ID, expecting TOK_MODE",
+ )
+
+ def test_multi_include(self):
+ self._run_test(
+ 'errors/multi_include.sd',
+ "AppArmor parser error for errors/multi_include.sd in profile errors/multi_include.sd at line 12: Could not open 'failure'",
+ )
+
+ def test_deprecation1(self):
+ self.cmd_prefix.extend(['--warn=deprecated'])
+ self._run_test(
+ 'errors/deprecation1.sd',
+ "Warning from errors/deprecation1.sd (errors/deprecation1.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information",
+ is_error=False
+ )
+
+ def test_deprecation2(self):
+ self.cmd_prefix.extend(['--warn=deprecated'])
+ self._run_test(
+ 'errors/deprecation2.sd',
+ "Warning from errors/deprecation2.sd (errors/deprecation2.sd line 6): The use of file paths as profile names is deprecated. See man apparmor.d for more information",
+ is_error=False
+ )
+
+
+def main():
+ rc = 0
+
+ global config
+ p = ArgumentParser()
+ p.add_argument('-p', '--parser', default=testlib.DEFAULT_PARSER, action="store", dest='parser',
+ help="Specify path of apparmor parser to use [default = %(default)s]")
+ p.add_argument('-v', '--verbose', action="store_true", dest="verbose")
+ config = p.parse_args()
+
+ verbosity = 1
+ if config.verbose:
+ verbosity = 2
+
+ test_suite = unittest.TestSuite()
+ test_suite.addTest(unittest.TestLoader().loadTestsFromTestCase(AAErrorTests))
+ try:
+ result = unittest.TextTestRunner(verbosity=verbosity).run(test_suite)
+ if not result.wasSuccessful():
+ rc = 1
+ except:
+ rc = 1
+
+ return rc
+
+
+if __name__ == "__main__":
+ exit(main())
diff --git a/parser/tst/errors/deprecation1.sd b/parser/tst/errors/deprecation1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d07b1c3e93c0d21f66b21ae9aa4f908f8a684135
--- /dev/null
+++ b/parser/tst/errors/deprecation1.sd
@@ -0,0 +1,6 @@
+# We are deprecating path based profile names in AppArmor 3.0 1
+# This should generate a deprecation warning 2
+ # 3
+/bin/foo { # 4
+ include <includes/base> # 5
+} # 6
diff --git a/parser/tst/errors/deprecation2.sd b/parser/tst/errors/deprecation2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2d88e2f1b51e1cad786e37d6f66529fdee1d0ff9
--- /dev/null
+++ b/parser/tst/errors/deprecation2.sd
@@ -0,0 +1,6 @@
+# We are deprecating path based profile names in AppArmor 3.0
+# This should generate a deprecation warning
+
+profile /bin/blah//foo /** {
+ include <includes/base>
+}
diff --git a/parser/tst/minimize.sh b/parser/tst/minimize.sh
index dc97fb4dc56dd8b1224017f4dc71caab6a3f048d..b653be38e3312c0a3b9895c7d9bb6547a61ea1e8 100755
--- a/parser/tst/minimize.sh
+++ b/parser/tst/minimize.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
@@ -78,7 +78,7 @@ APPARMOR_PARSER="${APPARMOR_PARSER:-../apparmor_parser}"
# {a} (0x 40030/0/0/0)
echo -n "Minimize profiles basic perms "
-if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -93,7 +93,7 @@ echo "ok"
# {9} (0x 12804a/0/2800a/0)
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles audit perms "
-if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -112,7 +112,7 @@ echo "ok"
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles deny perms "
-if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 6 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 6 ] ; then
echo "failed"
exit 1;
fi
@@ -130,7 +130,7 @@ echo "ok"
# {c} (0x 40030/0/0/0)
echo -n "Minimize profiles audit deny perms "
-if [ `echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 5 ] ; then
+if [ "$(echo "/t { /a r, /b w, /c a, /d l, /e k, /f m, audit deny /** w, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 5 ] ; then
echo "failed"
exit 1;
fi
@@ -162,7 +162,7 @@ echo "ok"
#
echo -n "Minimize profiles xtrans "
-if [ `echo "/t { /b px, /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 3 ] ; then
+if [ "$(echo "/t { /b px, /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 3 ] ; then
echo "failed"
exit 1;
fi
@@ -170,7 +170,7 @@ echo "ok"
# same test as above + audit
echo -n "Minimize profiles audit xtrans "
-if [ `echo "/t { /b px, audit /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 3 ] ; then
+if [ "$(echo "/t { /b px, audit /* Pixr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 3 ] ; then
echo "failed"
exit 1;
fi
@@ -183,7 +183,7 @@ echo "ok"
# {3} (0x 0/fe17f85/0/14005)
echo -n "Minimize profiles deny xtrans "
-if [ `echo "/t { /b px, deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 1 ] ; then
+if [ "$(echo "/t { /b px, deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 1 ] ; then
echo "failed"
exit 1;
fi
@@ -195,7 +195,7 @@ echo "ok"
# {3} (0x 0/fe17f85/0/0)
echo -n "Minimize profiles audit deny xtrans "
-if [ `echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep '^{.*} (.*)$' | wc -l` -ne 0 ] ; then
+if [ "$(echo "/t { /b px, audit deny /* xr, /a Cx -> foo, }" | ${APPARMOR_PARSER} -M features_files/features.nopolicydb -QT -O minimize -D dfa-states 2>&1 | grep -v '<==' | grep -c '^{.*} (.*)$')" -ne 0 ] ; then
echo "failed"
exit 1;
fi
diff --git a/parser/tst/simple_tests/abi/bad_1.sd b/parser/tst/simple_tests/abi/bad_1.sd
index 2743098410f9b39720163fb3395ef07c9a1146f9..1afbbe02f2792c74e79189a1d41899771ffc4d24 100644
--- a/parser/tst/simple_tests/abi/bad_1.sd
+++ b/parser/tst/simple_tests/abi/bad_1.sd
@@ -2,7 +2,7 @@
#=DESCRIPTION abi testing - abi relative path in quotes
#=EXRESULT FAIL
-abi "abi/4.19,
+abi "simple_tests/includes/abi/4.19,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/bad_6.sd b/parser/tst/simple_tests/abi/bad_6.sd
index eab0b1bde4b1f312d624e58dfc436e7c231551a5..c3031bccd1b9294026778e5f508e57f0cd77dd21 100644
--- a/parser/tst/simple_tests/abi/bad_6.sd
+++ b/parser/tst/simple_tests/abi/bad_6.sd
@@ -1,9 +1,9 @@
#
#=DESCRIPTION abi testing - abi path
#=EXRESULT FAIL
-#=TODO
+#=
-abi <abi/4.19,
+abi <includes/abi/4.19,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_1.sd b/parser/tst/simple_tests/abi/ok_1.sd
index 510e3171f0736e932c3abb659b312ca8e811c964..46c6b96a7c98002bc1d562f8d0800d8194a371cc 100644
--- a/parser/tst/simple_tests/abi/ok_1.sd
+++ b/parser/tst/simple_tests/abi/ok_1.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi "abi/4.19",
+abi "simple_tests/includes/abi/4.19",
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_10.sd b/parser/tst/simple_tests/abi/ok_10.sd
index 9a9dee5abe8befb1599d3196a7ddb15c34b18ef3..1daf84d85bcc6b224cdee83643bbbd6a3fed786f 100644
--- a/parser/tst/simple_tests/abi/ok_10.sd
+++ b/parser/tst/simple_tests/abi/ok_10.sd
@@ -4,7 +4,7 @@
#=TODO
#=DISABLED - results in "superfluous TODO", but fails after removing TODO
-abi < "abi/4.19">,
+abi < "includes/abi/4.19">,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_11.sd b/parser/tst/simple_tests/abi/ok_11.sd
index 301f26d4e3ea3410ffc401a68760262e8e897d39..a47cf6efa9faa94ff9ff679dc30bd08bb971beaa 100644
--- a/parser/tst/simple_tests/abi/ok_11.sd
+++ b/parser/tst/simple_tests/abi/ok_11.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#=DISABLED
-abi <"abi/4.19" >,
+abi <"includes/abi/4.19" >,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_12.sd b/parser/tst/simple_tests/abi/ok_12.sd
index 1433575a545ac4ad079cb42096b26e34c8b05be4..00a563f5c7d830f8850bc74d258ea99d0c1b7dee 100644
--- a/parser/tst/simple_tests/abi/ok_12.sd
+++ b/parser/tst/simple_tests/abi/ok_12.sd
@@ -4,7 +4,7 @@
#=TODO
#=DISABLED - results in "superfluous TODO", but fails after removing TODO
-abi < "abi/4.19" >,
+abi < "includes/abi/4.19" >,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_13.sd b/parser/tst/simple_tests/abi/ok_13.sd
index 80e5d9965ae2a0583dcd374d4296d97a7a7e5d39..6615b6c0a82f4b99df6ea81ac89b05636888df77 100644
--- a/parser/tst/simple_tests/abi/ok_13.sd
+++ b/parser/tst/simple_tests/abi/ok_13.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi <"abi/4.19 ubuntu">,
+abi <"includes/abi/4.19 ubuntu">,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_14.sd b/parser/tst/simple_tests/abi/ok_14.sd
index 7af6c0d7bf051ac9a2c4e8b33c1cc02969e558f9..007174675fee308f82d079ac4e43c2789e202f8b 100644
--- a/parser/tst/simple_tests/abi/ok_14.sd
+++ b/parser/tst/simple_tests/abi/ok_14.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi <abi/4.19> ,
+abi <includes/abi/4.19> ,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_15.sd b/parser/tst/simple_tests/abi/ok_15.sd
index 7233ae838fb6b145ae23d6d7cc2d13fe51a533e4..017c329c77879c01aaa383dbe07b153ccbe57253 100644
--- a/parser/tst/simple_tests/abi/ok_15.sd
+++ b/parser/tst/simple_tests/abi/ok_15.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi "abi/4.19" ,
+abi "simple_tests/includes/abi/4.19" ,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_16.sd b/parser/tst/simple_tests/abi/ok_16.sd
index 72ed19d07295561f7a83f4ea6e3ca1976fa0bc69..f312cc7537993305ae1fdcb98cb7040519be2971 100644
--- a/parser/tst/simple_tests/abi/ok_16.sd
+++ b/parser/tst/simple_tests/abi/ok_16.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi abi/4.19 ,
+abi simple_tests/includes/abi/4.19 ,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_17.sd b/parser/tst/simple_tests/abi/ok_17.sd
index f04b55f5972d04ff2a765e7666af10033623fda3..f39e76c4a02954b31b5e71c3bcf183eec9c58f03 100644
--- a/parser/tst/simple_tests/abi/ok_17.sd
+++ b/parser/tst/simple_tests/abi/ok_17.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi<abi/4.19>,
+abi<includes/abi/4.19>,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_18.sd b/parser/tst/simple_tests/abi/ok_18.sd
index 013434ae9bc6d7c95383150954ae8d1c156ba288..53d1a15990dfa557819d6027dcefee70f6c66bb5 100644
--- a/parser/tst/simple_tests/abi/ok_18.sd
+++ b/parser/tst/simple_tests/abi/ok_18.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi"abi/4.19",
+abi"simple_tests/includes/abi/4.19",
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_2.sd b/parser/tst/simple_tests/abi/ok_2.sd
index 29790dea042a0ea70f6daae97ade4fe198790a27..4162a06b605c94bf84b0f033bbfca0f17f77668d 100644
--- a/parser/tst/simple_tests/abi/ok_2.sd
+++ b/parser/tst/simple_tests/abi/ok_2.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi "abi/4.19 ubuntu",
+abi "simple_tests/includes/abi/4.19 ubuntu",
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_20.sd b/parser/tst/simple_tests/abi/ok_20.sd
index 2855bdc9f6b46e75bb451f414af4c73f819529cf..d4c38a9e09cab35fc0de19ce891d000b6d31d2cb 100644
--- a/parser/tst/simple_tests/abi/ok_20.sd
+++ b/parser/tst/simple_tests/abi/ok_20.sd
@@ -5,6 +5,6 @@
/does/not/exist {
- abi <abi/4.19>,
+ abi <includes/abi/4.19>,
}
diff --git a/parser/tst/simple_tests/abi/ok_21.sd b/parser/tst/simple_tests/abi/ok_21.sd
index 51c906d3768231fc727cbd7af294e1672de79285..dc6051f8d48f0bf8a810c0768651e2624cc2af43 100644
--- a/parser/tst/simple_tests/abi/ok_21.sd
+++ b/parser/tst/simple_tests/abi/ok_21.sd
@@ -5,6 +5,6 @@
/does/not/exist {
- abi "abi/4.19",
+ abi "simple_tests/includes/abi/4.19",
}
diff --git a/parser/tst/simple_tests/abi/ok_22.sd b/parser/tst/simple_tests/abi/ok_22.sd
index 9a0767f5982fb81b5b84626b867572ef9fa3dbe2..4233dce406b1efb84b818f9f595687fa48b9793c 100644
--- a/parser/tst/simple_tests/abi/ok_22.sd
+++ b/parser/tst/simple_tests/abi/ok_22.sd
@@ -5,6 +5,6 @@
/does/not/exist {
- abi abi/4.19,
+ abi simple_tests/includes/abi/4.19,
}
diff --git a/parser/tst/simple_tests/abi/ok_3.sd b/parser/tst/simple_tests/abi/ok_3.sd
index e72657557d60baf385b8a2434fa415512c92924a..f986a5a465db57a849b7a3b49abc79c80db3c789 100644
--- a/parser/tst/simple_tests/abi/ok_3.sd
+++ b/parser/tst/simple_tests/abi/ok_3.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi "/abi/4.19",
+abi "simple_tests/includes/abi/4.19",
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_4.sd b/parser/tst/simple_tests/abi/ok_4.sd
index afde289658f87781964f35d2c9040afd09efc476..f61f588641400b5917c4fee2479f380707985e6d 100644
--- a/parser/tst/simple_tests/abi/ok_4.sd
+++ b/parser/tst/simple_tests/abi/ok_4.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi "/abi/4.19 ubuntu",
+abi "simple_tests/includes/abi/4.19 ubuntu",
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_5.sd b/parser/tst/simple_tests/abi/ok_5.sd
index f71a8bbceecdd081a12f73c241a3f73514a00d33..a0cb32dd69bcdbeccb4c90a90d9392face7eff2b 100644
--- a/parser/tst/simple_tests/abi/ok_5.sd
+++ b/parser/tst/simple_tests/abi/ok_5.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi abi/4.19,
+abi simple_tests/includes/abi/4.19,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_6.sd b/parser/tst/simple_tests/abi/ok_6.sd
index 5e4ca2f672ddeb3ce3578b152e0b8b4d5b8a8083..5fd5e1897b90aafac376021f7a0d7032f78ff4da 100644
--- a/parser/tst/simple_tests/abi/ok_6.sd
+++ b/parser/tst/simple_tests/abi/ok_6.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi <abi/4.19>,
+abi <includes/abi/4.19>,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_7.sd b/parser/tst/simple_tests/abi/ok_7.sd
index e3ef9b82c4d47dd3c3ae0de3798aef166f7fe9bf..5eeff8b9a4b3158c5f2d6a86e3ea47b5174fdde5 100644
--- a/parser/tst/simple_tests/abi/ok_7.sd
+++ b/parser/tst/simple_tests/abi/ok_7.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi < abi/4.19>,
+abi < includes/abi/4.19>,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_8.sd b/parser/tst/simple_tests/abi/ok_8.sd
index e5f2d681ad494ebd2c61daf48da5f0dbb5d175e4..6cbf30b4dee630aa83353d0cd4ac6e61d9bbe323 100644
--- a/parser/tst/simple_tests/abi/ok_8.sd
+++ b/parser/tst/simple_tests/abi/ok_8.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi <abi/4.19 >,
+abi <includes/abi/4.19 >,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/abi/ok_9.sd b/parser/tst/simple_tests/abi/ok_9.sd
index fb00d0467a9e6bede8071bd3b0071b0bad028b65..f03aab87995c0524d55450e94b4b235d475f5ed1 100644
--- a/parser/tst/simple_tests/abi/ok_9.sd
+++ b/parser/tst/simple_tests/abi/ok_9.sd
@@ -3,7 +3,7 @@
#=EXRESULT PASS
#
-abi < abi/4.19 >,
+abi < includes/abi/4.19 >,
/does/not/exist {
}
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_61.sd b/parser/tst/simple_tests/bare_include_tests/ok_61.sd
index c62880741cbfdd2bb961d5e2bcb3ab49dc358d04..c506194999f9ed038f9940633032fce43d5becf4 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_61.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_61.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_62.sd b/parser/tst/simple_tests/bare_include_tests/ok_62.sd
index c33eb2bdf27172f7117a557dbba3ff4bce2ccdad..b6bc5e96ff20f659bb341a1ee0f72411c07da2f3 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_62.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_62.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_63.sd b/parser/tst/simple_tests/bare_include_tests/ok_63.sd
index 22e974dfd9556941abb78e3a0355aa7503a3879c..80ea6018f4f86869179b7294c8a0848da07c56f2 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_63.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_63.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_64.sd b/parser/tst/simple_tests/bare_include_tests/ok_64.sd
index 9220196419d98cb55947926325fa755174260956..b4a784ae4ec35087edb9ee092d89388533c0ea86 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_64.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_64.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - test some "odd" locations of include if existss
+#=DESCRIPTION include if exists testing - test some "odd" locations of include if exists
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_65.sd b/parser/tst/simple_tests/bare_include_tests/ok_65.sd
index 8309c36d1709efa101bb6e8c58f1d8fb6601cb84..3a82dfce49ed9265ebc460709ca3d2080e3073c3 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_65.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_65.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of a directory
+#=DESCRIPTION include if exists testing - basic include if exists of a directory
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_66.sd b/parser/tst/simple_tests/bare_include_tests/ok_66.sd
index c990a1041891c0afe123e803b7dcb98fd9a35ea3..c8b50920cedcefa62b288cd0dda2c753ae858669 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_66.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_66.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_67.sd b/parser/tst/simple_tests/bare_include_tests/ok_67.sd
index b04f08d880f97eb5895359f2660531794ec3ab27..da4a269654df58662f2927fdae60ecf54c047f29 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_67.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_67.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_68.sd b/parser/tst/simple_tests/bare_include_tests/ok_68.sd
index 261c1e493dc15f7542a7c49cd4746d684df60326..9c54772b89a9e3a346bbd579cf1904946c2d83eb 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_68.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_68.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_69.sd b/parser/tst/simple_tests/bare_include_tests/ok_69.sd
index e6b75fb4251783a4ea9da4913d7f96dffb9d7471..26812d506d8e59c84986a136b0fa2d0ef5742564 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_69.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_69.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - test some "odd" locations of include if existss
+#=DESCRIPTION include if exists testing - test some "odd" locations of include if exists
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_70.sd b/parser/tst/simple_tests/bare_include_tests/ok_70.sd
index 65c5e4f353bace946ecb8103f619b89c14b441ba..f9d31da536312d04057077922da583860ad1dc97 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_70.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_70.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of a directory
+#=DESCRIPTION include if exists testing - basic include if exists of a directory
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_76.sd b/parser/tst/simple_tests/bare_include_tests/ok_76.sd
index 47e064cfaada61ad7922423695dd50e4be179ff9..4f02cb32da0c2674583c5cf471806b96231d7c8e 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_76.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_76.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_77.sd b/parser/tst/simple_tests/bare_include_tests/ok_77.sd
index 7034d12722e435e614938df19d3c051be5d2c04a..d3522329ee4c9c08acb97422dcc5eca67ea28b36 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_77.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_77.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_78.sd b/parser/tst/simple_tests/bare_include_tests/ok_78.sd
index a119e0f39000127ff2146a9f79ba00a722c71177..c75ec57f5e1aac1c676d6f03bfe148c9deead827 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_78.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_78.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_79.sd b/parser/tst/simple_tests/bare_include_tests/ok_79.sd
index ca31498253c806d40554ce4b8415a2ca09b03a1f..97f8e8eae92c76a325aedfe4d45099a3294faf99 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_79.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_79.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_80.sd b/parser/tst/simple_tests/bare_include_tests/ok_80.sd
index ebb8d180ec1a32613da7e955f6b5ec5a1226a01c..c09beee5166edce4d92ddd4fbb288041966941af 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_80.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_80.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/ok_81.sd b/parser/tst/simple_tests/bare_include_tests/ok_81.sd
index 7b68ce5a4f22daed3c9c1dad7e531430be57e688..ad633083613a680142937d51747b7bd30e70bc0e 100644
--- a/parser/tst/simple_tests/bare_include_tests/ok_81.sd
+++ b/parser/tst/simple_tests/bare_include_tests/ok_81.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_bad_1.sd b/parser/tst/simple_tests/bare_include_tests/preamble_bad_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9781ddbf462c81de131655004e9930270cf1af2e
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_bad_1.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - non-existent keyword include in preamble
+#=EXRESULT FAIL
+
+include <includes-preamble/does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_1.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..86c9444f78ab24bf4cb5f7b04ec6d38283415b6b
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_1.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - keyword include in preamble
+#=EXRESULT PASS
+
+include <includes-preamble/vars>
+
+/bin/foo {
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_2.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8bacb1bfb86711d70bfc0e52d4d0aa9e6ca33745
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_2.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION old includes - keyword include directory in preamble
+#=EXRESULT PASS
+
+include <includes-preamble>
+
+/bin/foo {
+ /usr/bin/ls r,
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_3.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d86603ce10c8fc9c1cae275f2244fc8a3d38000d
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_3.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - keyword include if exists in preamble
+#=EXRESULT PASS
+
+include if exists <includes-preamble/vars>
+
+/bin/foo {
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_4.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c66373ab594916f5dc7d3d4830fe36dacbdca316
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_4.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION old includes - keyword include if exists directory in preamble
+#=EXRESULT PASS
+
+include if exists <includes-preamble>
+
+/bin/foo {
+ /usr/bin/ls r,
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_5.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..34908277c7803fba8c8f473a5bdc2415c1a241c8
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_5.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - keyword include if exists of non-existent file in preamble
+#=EXRESULT PASS
+
+include if exists <includes-preamble/does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/bare_include_tests/preamble_good_6.sd b/parser/tst/simple_tests/bare_include_tests/preamble_good_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4fd94f23dcc6b78f725a101c465f726a7ba2607f
--- /dev/null
+++ b/parser/tst/simple_tests/bare_include_tests/preamble_good_6.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - keyword include if exists of non-existent directory in preamble
+#=EXRESULT PASS
+
+include if exists <includes-preamble-does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/file/ok_link_audit_deny_owner_subset.sd b/parser/tst/simple_tests/file/ok_link_audit_deny_owner_subset.sd
new file mode 100644
index 0000000000000000000000000000000000000000..332cad201a55d601b575ecafefb5d477ed19eaf8
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_link_audit_deny_owner_subset.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION link access test with audit deny and owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+ audit deny owner link subset /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/file/ok_link_owner.sd b/parser/tst/simple_tests/file/ok_link_owner.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0c6b1ffbefca9fd04518d99d64f887db7f06a3ac
--- /dev/null
+++ b/parser/tst/simple_tests/file/ok_link_owner.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION simple link access test with owner restriction
+#=EXRESULT PASS
+#
+
+profile test {
+ owner link subset /alpha/beta -> /tmp/**,
+ /tmp/** r,
+}
+
diff --git a/parser/tst/simple_tests/include_tests/ok_61.sd b/parser/tst/simple_tests/include_tests/ok_61.sd
index 8e46f4bcfcd237b252991bb903558e6ed81e0a70..a456ecf5257939dedf1a5c1345e99aa4401b3ef1 100644
--- a/parser/tst/simple_tests/include_tests/ok_61.sd
+++ b/parser/tst/simple_tests/include_tests/ok_61.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_62.sd b/parser/tst/simple_tests/include_tests/ok_62.sd
index 248cef0bfea4415b212d72cfad358b62c81e2e80..6e8f7a4a6d39444c4009842a18636829769db2da 100644
--- a/parser/tst/simple_tests/include_tests/ok_62.sd
+++ b/parser/tst/simple_tests/include_tests/ok_62.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_63.sd b/parser/tst/simple_tests/include_tests/ok_63.sd
index 1d46999684d800ed00ee0e64749456ee2db17365..2de025f17d12fddd64a90f538d477bf2afb401cc 100644
--- a/parser/tst/simple_tests/include_tests/ok_63.sd
+++ b/parser/tst/simple_tests/include_tests/ok_63.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_64.sd b/parser/tst/simple_tests/include_tests/ok_64.sd
index a62d8c7c3057af9934f2f2c5902b5c601303f3e7..89010603543a3a29d31c278a6ce18b05da6f66f4 100644
--- a/parser/tst/simple_tests/include_tests/ok_64.sd
+++ b/parser/tst/simple_tests/include_tests/ok_64.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - test some "odd" locations of include if existss
+#=DESCRIPTION include if exists testing - test some "odd" locations of include if exists
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_65.sd b/parser/tst/simple_tests/include_tests/ok_65.sd
index 6a6ba6fbff42345d6cf1358d37afd54a908fb7a4..9957756f023ae9b1d818b5bf9433f41508353d05 100644
--- a/parser/tst/simple_tests/include_tests/ok_65.sd
+++ b/parser/tst/simple_tests/include_tests/ok_65.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of a directory
+#=DESCRIPTION include if exists testing - basic include if exists of a directory
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_66.sd b/parser/tst/simple_tests/include_tests/ok_66.sd
index 20c2f5fa6ccb36d293a6478d6f45fa8be5f99c70..0aecf192bd1abe2c12f69f3a7ab45af6043222c2 100644
--- a/parser/tst/simple_tests/include_tests/ok_66.sd
+++ b/parser/tst/simple_tests/include_tests/ok_66.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_67.sd b/parser/tst/simple_tests/include_tests/ok_67.sd
index 8e6f18325de093060b4be3a04109e48a7c9b7563..efd02c06922c4a1d562b1132687095136fe42734 100644
--- a/parser/tst/simple_tests/include_tests/ok_67.sd
+++ b/parser/tst/simple_tests/include_tests/ok_67.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_68.sd b/parser/tst/simple_tests/include_tests/ok_68.sd
index 5aa15300ee58deea8584d0c6ca6b53cadb6622be..0113e61e7db5cf34d10d398772ef91e2dfcc55c5 100644
--- a/parser/tst/simple_tests/include_tests/ok_68.sd
+++ b/parser/tst/simple_tests/include_tests/ok_68.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_69.sd b/parser/tst/simple_tests/include_tests/ok_69.sd
index 25cbf745101a48d632e4768efd80178d2840cfb2..856055554cfb64df8091e714b26555462ef714a2 100644
--- a/parser/tst/simple_tests/include_tests/ok_69.sd
+++ b/parser/tst/simple_tests/include_tests/ok_69.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - test some "odd" locations of include if existss
+#=DESCRIPTION include if exists testing - test some "odd" locations of include if exists
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_70.sd b/parser/tst/simple_tests/include_tests/ok_70.sd
index 017d9aab155825623a52b4007648de4c699af30e..f6b43434dd89d1a313065d8b313dc9446fe6b5c0 100644
--- a/parser/tst/simple_tests/include_tests/ok_70.sd
+++ b/parser/tst/simple_tests/include_tests/ok_70.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of a directory
+#=DESCRIPTION include if exists testing - basic include if exists of a directory
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_76.sd b/parser/tst/simple_tests/include_tests/ok_76.sd
index a8cb0adb056ac885cfe063cbab4b9f7385e7265e..6f0691206353f642accfe9afc345791a344ee5db 100644
--- a/parser/tst/simple_tests/include_tests/ok_76.sd
+++ b/parser/tst/simple_tests/include_tests/ok_76.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_77.sd b/parser/tst/simple_tests/include_tests/ok_77.sd
index ae18692120c7a5d84318f676416015f77df7791e..6c0a88de172924256d2090686efdfef5ac150b41 100644
--- a/parser/tst/simple_tests/include_tests/ok_77.sd
+++ b/parser/tst/simple_tests/include_tests/ok_77.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_78.sd b/parser/tst/simple_tests/include_tests/ok_78.sd
index 978a597775bd9e112870dfe3ed40cc4284f15b8a..f551b2f65f7a9f7655b6aca6726c8e218791ac85 100644
--- a/parser/tst/simple_tests/include_tests/ok_78.sd
+++ b/parser/tst/simple_tests/include_tests/ok_78.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_79.sd b/parser/tst/simple_tests/include_tests/ok_79.sd
index fa14a3e78c4ccfaca61000744e291dbe09fd49dd..bf0634e7f462d1a062e42bdf6ccd7efa1e1d1fae 100644
--- a/parser/tst/simple_tests/include_tests/ok_79.sd
+++ b/parser/tst/simple_tests/include_tests/ok_79.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_80.sd b/parser/tst/simple_tests/include_tests/ok_80.sd
index 9675e405f1e1429e4371acbc28d4b1edd3c58d58..fe0a02cda074001b946ff8896fdf376d16e1b521 100644
--- a/parser/tst/simple_tests/include_tests/ok_80.sd
+++ b/parser/tst/simple_tests/include_tests/ok_80.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/ok_81.sd b/parser/tst/simple_tests/include_tests/ok_81.sd
index cf9e05dc8ca433096adc70cd1e6843c41779fc98..c2a3f3b1abf93bfec0e810dcf5283f696a9b0e9d 100644
--- a/parser/tst/simple_tests/include_tests/ok_81.sd
+++ b/parser/tst/simple_tests/include_tests/ok_81.sd
@@ -1,5 +1,5 @@
#
-#=DESCRIPTION include if existss testing - basic include if exists of global and local include
+#=DESCRIPTION include if exists testing - basic include if exists of global and local include
#=EXRESULT PASS
#
/does/not/exist {
diff --git a/parser/tst/simple_tests/include_tests/preamble_bad_1.sd b/parser/tst/simple_tests/include_tests/preamble_bad_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bcadcec4328cdcc38386252de275d0a147a5afd3
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_bad_1.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - non-existent include in preamble
+#=EXRESULT FAIL
+
+#include <includes-preamble/does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_1.sd b/parser/tst/simple_tests/include_tests/preamble_good_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f7103b35fa00649cc8c87bc3cf39ff89c01d610d
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_1.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - include in preamble
+#=EXRESULT PASS
+
+#include <includes-preamble/vars>
+
+/bin/foo {
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_2.sd b/parser/tst/simple_tests/include_tests/preamble_good_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cfcd4bea2da0c9cf3494e740b2910acf251bf9f6
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_2.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION old includes - include directory in preamble
+#=EXRESULT PASS
+
+#include <includes-preamble>
+
+/bin/foo {
+ /usr/bin/ls r,
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_3.sd b/parser/tst/simple_tests/include_tests/preamble_good_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9c2345f7c07bef6727ec6d6c007889b53e9fa913
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_3.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - include if exists in preamble
+#=EXRESULT PASS
+
+#include if exists <includes-preamble/vars>
+
+/bin/foo {
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_4.sd b/parser/tst/simple_tests/include_tests/preamble_good_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ae46e003e9bde3fc5436dbb9e030bad1b50d4f13
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_4.sd
@@ -0,0 +1,9 @@
+#=DESCRIPTION old includes - include if exists directory in preamble
+#=EXRESULT PASS
+
+#include if exists <includes-preamble>
+
+/bin/foo {
+ /usr/bin/ls r,
+ @{FOO}/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_5.sd b/parser/tst/simple_tests/include_tests/preamble_good_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a91c3d433bb6fb5a6d961bd28fb6138f2c086c29
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_5.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - include if exists of non-existent file in preamble
+#=EXRESULT PASS
+
+#include if exists <includes-preamble/does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/preamble_good_6.sd b/parser/tst/simple_tests/include_tests/preamble_good_6.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9455a5883c7fa2804748b18ab3546dc42ceb8aee
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/preamble_good_6.sd
@@ -0,0 +1,8 @@
+#=DESCRIPTION old includes - include if exists of non-existent directory in preamble
+#=EXRESULT PASS
+
+#include if exists <includes-preamble-does-not-exist>
+
+/bin/foo {
+ /usr/some/other/thing r,
+}
diff --git a/parser/tst/simple_tests/include_tests/recursive_2.sd b/parser/tst/simple_tests/include_tests/recursive_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..56606b7abd25fdae01adaf60db39bdcb218813be
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/recursive_2.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION includes testing - recursive include should not fail
+#=EXRESULT PASS
+#
+/does/not/exist {
+ #include <includes/recursive.include>
+}
diff --git a/parser/tst/simple_tests/include_tests/recursive_3.sd b/parser/tst/simple_tests/include_tests/recursive_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..5c1763c3ba0a082515df5d858253710d5000414b
--- /dev/null
+++ b/parser/tst/simple_tests/include_tests/recursive_3.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION includes testing - recursive include should not fail
+#=EXRESULT PASS
+#
+
+#include <includes/recursive.preamble>
+
+/does/not/exist {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/includes/abi/4.19 b/parser/tst/simple_tests/includes/abi/4.19
new file mode 100644
index 0000000000000000000000000000000000000000..9f272e6a5d4e18c3c3b10dd72ee7e13ce388180c
--- /dev/null
+++ b/parser/tst/simple_tests/includes/abi/4.19
@@ -0,0 +1,78 @@
+query {label {multi_transaction {yes
+}
+data {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+dbus {mask {acquire send receive
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
+ptrace {mask {read trace
+}
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+network {af_unix {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+network_v8 {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {version {1.2
+}
+attach_conditions {xattr {yes
+}
+}
+computed_longest_left {yes
+}
+post_nnp_subset {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+stack {yes
+}
+change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+versions {v8 {yes
+}
+v7 {yes
+}
+v6 {yes
+}
+v5 {yes
+}
+}
+}
diff --git a/parser/tst/simple_tests/includes/abi/4.19 ubuntu b/parser/tst/simple_tests/includes/abi/4.19 ubuntu
new file mode 100644
index 0000000000000000000000000000000000000000..9f272e6a5d4e18c3c3b10dd72ee7e13ce388180c
--- /dev/null
+++ b/parser/tst/simple_tests/includes/abi/4.19 ubuntu
@@ -0,0 +1,78 @@
+query {label {multi_transaction {yes
+}
+data {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+dbus {mask {acquire send receive
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
+ptrace {mask {read trace
+}
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+network {af_unix {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+network_v8 {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {version {1.2
+}
+attach_conditions {xattr {yes
+}
+}
+computed_longest_left {yes
+}
+post_nnp_subset {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+stack {yes
+}
+change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+versions {v8 {yes
+}
+v7 {yes
+}
+v6 {yes
+}
+v5 {yes
+}
+}
+}
diff --git a/parser/tst/simple_tests/includes/recursive.include b/parser/tst/simple_tests/includes/recursive.include
new file mode 100644
index 0000000000000000000000000000000000000000..52c6e522fc423f7a066113a3bbdfb46e212821ac
--- /dev/null
+++ b/parser/tst/simple_tests/includes/recursive.include
@@ -0,0 +1,6 @@
+
+# helper for include_tests/recursive_2.sd
+
+ /foo rw,
+ #include <includes/recursive.include>
+ /no/such/path r,
diff --git a/parser/tst/simple_tests/includes/recursive.preamble b/parser/tst/simple_tests/includes/recursive.preamble
new file mode 100644
index 0000000000000000000000000000000000000000..89388eabf82677c89597f39195b701618307b731
--- /dev/null
+++ b/parser/tst/simple_tests/includes/recursive.preamble
@@ -0,0 +1,4 @@
+
+# helper for include_tests/recursive_3.sd
+
+#include <includes/recursive.preamble>
diff --git a/parser/tst/simple_tests/mount/bad_opt_25.sd b/parser/tst/simple_tests/mount/bad_opt_25.sd
new file mode 100644
index 0000000000000000000000000000000000000000..46596badd0d08c7920e1bc3d5eb1b6d950922585
--- /dev/null
+++ b/parser/tst/simple_tests/mount/bad_opt_25.sd
@@ -0,0 +1,6 @@
+#
+#=Description basic rule not allow unparen'ed options
+#=EXRESULT FAIL
+/usr/bin/foo {
+ mount options=ro,noexec /dev -> /mnt,
+}
diff --git a/parser/tst/simple_tests/mount/bad_opt_26.sd b/parser/tst/simple_tests/mount/bad_opt_26.sd
new file mode 100644
index 0000000000000000000000000000000000000000..b0704c71a1c87682149b0e358079ee5286e75c0f
--- /dev/null
+++ b/parser/tst/simple_tests/mount/bad_opt_26.sd
@@ -0,0 +1,6 @@
+#
+#=Description basic rule not allow unparen'ed options
+#=EXRESULT FAIL
+/usr/bin/foo {
+ mount options in ro,noexec /dev -> /mnt,
+}
diff --git a/parser/tst/simple_tests/mount/bad_opt_27.sd b/parser/tst/simple_tests/mount/bad_opt_27.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d830ac81d698d6b4996adbdc6c657a46b219aab1
--- /dev/null
+++ b/parser/tst/simple_tests/mount/bad_opt_27.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic rule not allow unparen'ed fstypes
+#=EXRESULT FAIL
+#=TODO
+/usr/bin/foo {
+ mount fstype=ext3,ext4 /dev -> /mnt,
+}
diff --git a/parser/tst/simple_tests/mount/bad_opt_28.sd b/parser/tst/simple_tests/mount/bad_opt_28.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8a0cf97aacbb2f68de6a7f486ab044d20e10db6b
--- /dev/null
+++ b/parser/tst/simple_tests/mount/bad_opt_28.sd
@@ -0,0 +1,6 @@
+#
+#=Description basic rule not allow unparen'ed fstypes
+#=EXRESULT FAIL
+/usr/bin/foo {
+ mount fstype in ext3,ext4 /dev -> /mnt,
+}
diff --git a/parser/tst/simple_tests/mount/ok_opt_combo_1.sd b/parser/tst/simple_tests/mount/ok_opt_combo_1.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ee132e65b70bdc38ac024e74ec9a77f5c25c3aa6
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_opt_combo_1.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule both fstypes and options
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(ro,noexec) fstype={procfs,sysfs} /dev -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/ok_opt_combo_2.sd b/parser/tst/simple_tests/mount/ok_opt_combo_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2c32fc8d052be20cce8a25b8412d46f19477a196
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_opt_combo_2.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule with both fstypes and options
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (ro,noexec) fstype={procfs,sysfs} /dev -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/ok_opt_combo_3.sd b/parser/tst/simple_tests/mount/ok_opt_combo_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eb926ff35c55abd91a5a5dce2fb34bd9261ec1a2
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_opt_combo_3.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule with both fstypes and options
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options=(ro,noexec) fstype in (procfs,sysfs) /dev -> /foo,
+}
diff --git a/parser/tst/simple_tests/mount/ok_opt_combo_4.sd b/parser/tst/simple_tests/mount/ok_opt_combo_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ee183f2b3cde029390dd9689b7eaeac41bf78150
--- /dev/null
+++ b/parser/tst/simple_tests/mount/ok_opt_combo_4.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic mount rule with both fstypes and options
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+ mount options in (ro,noexec) fstype in (procfs,sysfs) /dev -> /foo,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad30.sd b/parser/tst/simple_tests/profile/flags/flags_bad30.sd
new file mode 100644
index 0000000000000000000000000000000000000000..a1da892d4ec97569a87246b37a172ffaccf7659c
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad30.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad31.sd b/parser/tst/simple_tests/profile/flags/flags_bad31.sd
new file mode 100644
index 0000000000000000000000000000000000000000..bd1afa438b16f552cfea525727d86a471c2c1b56
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad31.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad32.sd b/parser/tst/simple_tests/profile/flags/flags_bad32.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c2f2b55ca08bb93b656e106a8c5a3232ffebe09b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad32.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad33.sd b/parser/tst/simple_tests/profile/flags/flags_bad33.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0ccbfb8860cdb74d19a0a1e77cdb673c55d985be
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad33.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad34.sd b/parser/tst/simple_tests/profile/flags/flags_bad34.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6ad4b95131bce68575c3a850b39fb86bbe963043
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad34.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad35.sd b/parser/tst/simple_tests/profile/flags/flags_bad35.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3b9e28664657b6ff78d70be2d83352f9689b00a5
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad35.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad36.sd b/parser/tst/simple_tests/profile/flags/flags_bad36.sd
new file mode 100644
index 0000000000000000000000000000000000000000..1d5d1c7e6ef26cb5a728dcdaee96dfed097c09b3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad36.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad37.sd b/parser/tst/simple_tests/profile/flags/flags_bad37.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d83b28f30411539fdf0a99630fa76eef65a7c3b8
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad37.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad38.sd b/parser/tst/simple_tests/profile/flags/flags_bad38.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7b977cfe2a7f33c197b8a06c3b53f52c65fad6d6
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad38.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad39.sd b/parser/tst/simple_tests/profile/flags/flags_bad39.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d27edf5f416fa7f02867d4692dc7333c2e8da673
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad39.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(unconfined, enforce) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad40.sd b/parser/tst/simple_tests/profile/flags/flags_bad40.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4811e7e57452701c9cbf087e4fb6ce571dc31d29
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad40.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(unconfined, complain) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad41.sd b/parser/tst/simple_tests/profile/flags/flags_bad41.sd
new file mode 100644
index 0000000000000000000000000000000000000000..d928cff17e6461b099c3b6b5a73bcafc1746f6d5
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad41.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(unconfined, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad42.sd b/parser/tst/simple_tests/profile/flags/flags_bad42.sd
new file mode 100644
index 0000000000000000000000000000000000000000..13510a8a2fbaa6446d191520ac9d785bede00cdc
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad42.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain, kill) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad43.sd b/parser/tst/simple_tests/profile/flags/flags_bad43.sd
new file mode 100644
index 0000000000000000000000000000000000000000..58f48eee21828d77b6e3470329061438f058e2e0
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad43.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad44.sd b/parser/tst/simple_tests/profile/flags/flags_bad44.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0ecd5be7ae2f8f214d5a79fb4db7df4f1cc73b34
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad44.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, kill, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad45.sd b/parser/tst/simple_tests/profile/flags/flags_bad45.sd
new file mode 100644
index 0000000000000000000000000000000000000000..f1acc523f3202fb4581c53d52aefce3139773ef6
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad45.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain, kill, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_bad46.sd b/parser/tst/simple_tests/profile/flags/flags_bad46.sd
new file mode 100644
index 0000000000000000000000000000000000000000..339f22bc1e66a3e9e09d2194aa01e7e72a9f0457
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_bad46.sd
@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION Ensure conflicting mode flags cause an error
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce, complain, kill, unconfined) {
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok11.sd b/parser/tst/simple_tests/profile/flags/flags_ok11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..cb67f18cc5a6199fdf298f6386c3323dbe7cd450
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok11.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok12.sd b/parser/tst/simple_tests/profile/flags/flags_ok12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..326e5c995ab99bfbe05702d4174d4737c89b963f
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok12.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok13.sd b/parser/tst/simple_tests/profile/flags/flags_ok13.sd
new file mode 100644
index 0000000000000000000000000000000000000000..8e10a0ccbccc92ba4947e260cf37da6b93433a1b
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok13.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok14.sd b/parser/tst/simple_tests/profile/flags/flags_ok14.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ec1fafa89c39afc31444c2c123fe70fffe7fe3e3
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok14.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(unconfined) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok15.sd b/parser/tst/simple_tests/profile/flags/flags_ok15.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c359cd3144e1c85fde3ea30686aa2da1a0aaa82a
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok15.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(enforce audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok16.sd b/parser/tst/simple_tests/profile/flags/flags_ok16.sd
new file mode 100644
index 0000000000000000000000000000000000000000..70e687917978b7ebe26ac2ae75c4a5d5836437f0
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok16.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(complain audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok17.sd b/parser/tst/simple_tests/profile/flags/flags_ok17.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3172a37e2aa76f54ce1e8c7094a9c99cbdf8e137
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok17.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(kill audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/profile/flags/flags_ok18.sd b/parser/tst/simple_tests/profile/flags/flags_ok18.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4a427352dd995c7bad83a95d9abf0177622e9f1c
--- /dev/null
+++ b/parser/tst/simple_tests/profile/flags/flags_ok18.sd
@@ -0,0 +1,12 @@
+#
+#=DESCRIPTION validate some uses of the profile flags.
+#=EXRESULT PASS
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist flags=(unconfined audit) {
+ #include <includes/base>
+
+ /usr/X11R6/lib/lib*so* r,
+ /does/not/exist r,
+}
diff --git a/parser/tst/simple_tests/rewrite/bad_alias_inside_profile.sd b/parser/tst/simple_tests/rewrite/bad_alias_inside_profile.sd
new file mode 100644
index 0000000000000000000000000000000000000000..6a882e39bdc57e041ccacf7f4e4eae4b622b1b18
--- /dev/null
+++ b/parser/tst/simple_tests/rewrite/bad_alias_inside_profile.sd
@@ -0,0 +1,6 @@
+#=DESCRIPTION alias definition inside a profile
+#=EXRESULT FAIL
+
+/bin/foo {
+ alias /tmp -> /var/tmp,
+}
diff --git a/parser/tst/simple_tests/unix/bad_attr_5.sd b/parser/tst/simple_tests/unix/bad_attr_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7ddb675cf2204c80067d53934ca8bae9b60c2bd8
--- /dev/null
+++ b/parser/tst/simple_tests/unix/bad_attr_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix getattr w/peer modifier
+#=EXRESULT FAIL
+
+profile a_profile {
+ unix getattr peer=(addr=auto),
+}
diff --git a/parser/tst/simple_tests/unix/bad_opt_5.sd b/parser/tst/simple_tests/unix/bad_opt_5.sd
new file mode 100644
index 0000000000000000000000000000000000000000..9ebc547d75059262b7d008b802ae7e76f3b15c4d
--- /dev/null
+++ b/parser/tst/simple_tests/unix/bad_opt_5.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix getopt w/peer addr test
+#=EXRESULT FAIL
+
+profile a_profile {
+ unix getopt peer=(addr=auto),
+}
diff --git a/parser/tst/simple_tests/unix/bad_peer_2.sd b/parser/tst/simple_tests/unix/bad_peer_2.sd
new file mode 100644
index 0000000000000000000000000000000000000000..114fb6be8a12ca3b94e0a011da0ee5e5523951d6
--- /dev/null
+++ b/parser/tst/simple_tests/unix/bad_peer_2.sd
@@ -0,0 +1,9 @@
+#
+#=Description unix rule with bad 'peer'
+#=EXRESULT FAIL
+#
+
+# path address must be none for anonymous or start with @ for abstract
+profile foo {
+ unix send peer(addr=auto),
+}
diff --git a/parser/tst/simple_tests/unix/bad_shutdown_3.sd b/parser/tst/simple_tests/unix/bad_shutdown_3.sd
new file mode 100644
index 0000000000000000000000000000000000000000..537963336847437c897ce448008f9ab599ec6ac9
--- /dev/null
+++ b/parser/tst/simple_tests/unix/bad_shutdown_3.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix shutdown w/peer test
+#=EXRESULT FAIL
+
+profile a_profile {
+ unix shutdown peer=(addr=auto),
+}
diff --git a/parser/tst/simple_tests/unix/ok_attr_7.sd b/parser/tst/simple_tests/unix/ok_attr_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..28788c4a9e231b8be4c3116fc954e743cbe12aa2
--- /dev/null
+++ b/parser/tst/simple_tests/unix/ok_attr_7.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix getattr w/addr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ unix getattr addr=auto,
+}
diff --git a/parser/tst/simple_tests/unix/ok_attr_8.sd b/parser/tst/simple_tests/unix/ok_attr_8.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4331480ebdf74a27bb98d86f456498a939ba0277
--- /dev/null
+++ b/parser/tst/simple_tests/unix/ok_attr_8.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix setattr w/addr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ unix setattr addr=auto,
+}
diff --git a/parser/tst/simple_tests/unix/ok_create_4.sd b/parser/tst/simple_tests/unix/ok_create_4.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e76a8ef24f1d2ffd61bf40bee031e0e031dd4d4b
--- /dev/null
+++ b/parser/tst/simple_tests/unix/ok_create_4.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix create w/addr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ unix create addr=auto,
+}
diff --git a/parser/tst/simple_tests/unix/ok_msg_20.sd b/parser/tst/simple_tests/unix/ok_msg_20.sd
new file mode 100644
index 0000000000000000000000000000000000000000..abfa19304ef7bb8f1b5cc465b2d7a7501e5c6bb8
--- /dev/null
+++ b/parser/tst/simple_tests/unix/ok_msg_20.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix msg test
+#=EXRESULT PASS
+
+profile a_profile {
+ unix (send) addr=auto,
+}
diff --git a/parser/tst/simple_tests/unix/ok_opt_7.sd b/parser/tst/simple_tests/unix/ok_opt_7.sd
new file mode 100644
index 0000000000000000000000000000000000000000..af3edbe49737ed09fe22e191996e11579e5a1c4d
--- /dev/null
+++ b/parser/tst/simple_tests/unix/ok_opt_7.sd
@@ -0,0 +1,7 @@
+#
+#=DESCRIPTION simple unix setopt w/addr acceptance test
+#=EXRESULT PASS
+
+profile a_profile {
+ unix setopt addr=auto,
+}
diff --git a/parser/tst/simple_tests/xattrs/bad_01.sd b/parser/tst/simple_tests/xattrs/bad_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..241dd13089693a0ae1cfd3238a42a757930a3d57
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/bad_01.sd
@@ -0,0 +1,7 @@
+#
+#=Description wrong conditional group
+#=EXRESULT FAIL
+#
+/usr/bin/xattrs-test peer=(myvalue=foo) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/bad_03.sd b/parser/tst/simple_tests/xattrs/bad_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..3e5f09a3a970abc9135ed0dcb508f3ec65c925c0
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/bad_03.sd
@@ -0,0 +1,7 @@
+#
+#=Description flags before xattrs
+#=EXRESULT FAIL
+#
+/usr/bin/xattrs-test flags=(complain) xattrs=(myvalue=foo) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/hats_01.sd b/parser/tst/simple_tests/xattrs/hats_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..42b8a0cbeac8ed5b3c5c2c4e9ba15e75112b3353
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/hats_01.sd
@@ -0,0 +1,10 @@
+#
+#=Description hat profile with xattrs
+#=EXRESULT FAIL
+#
+/usr/bin/xattrs-test {
+ ^hat xattrs=(myvalue=foo) {
+ /foo r,
+ }
+ /foo w,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_01.sd b/parser/tst/simple_tests/xattrs/ok_01.sd
new file mode 100644
index 0000000000000000000000000000000000000000..53bdfb31201061b695e5e508c14a420d4c6f4e0c
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_01.sd
@@ -0,0 +1,7 @@
+#
+#=Description basic xattr value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue=foo) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_02.sd b/parser/tst/simple_tests/xattrs/ok_02.sd
new file mode 100644
index 0000000000000000000000000000000000000000..eb10c17f6a968f688575ae9bba701abe5846d208
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_02.sd
@@ -0,0 +1,7 @@
+#
+#=Description xattrs with quoted value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_03.sd b/parser/tst/simple_tests/xattrs/ok_03.sd
new file mode 100644
index 0000000000000000000000000000000000000000..2cc5a44abfd3f2db0b0ca55990b2e08dd237979b
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_03.sd
@@ -0,0 +1,7 @@
+#
+#=Description match any value of an xattr
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue="*") {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_04.sd b/parser/tst/simple_tests/xattrs/ok_04.sd
new file mode 100644
index 0000000000000000000000000000000000000000..4015105108af1f41da196b2b394f42f28b33be5e
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_04.sd
@@ -0,0 +1,7 @@
+#
+#=Description key with '.' character
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(hello.world=foo) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_05.sd b/parser/tst/simple_tests/xattrs/ok_05.sd
new file mode 100644
index 0000000000000000000000000000000000000000..798e81f08a835e33c2aac4a45f18d5c945a28f3b
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_05.sd
@@ -0,0 +1,7 @@
+#
+#=Description multiple xattrs
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(hello.world=foo goodbye.word=bar) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_06.sd b/parser/tst/simple_tests/xattrs/ok_06.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c61b1063f4e5b50381836002fa93bc1de3782dd3
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_06.sd
@@ -0,0 +1,7 @@
+#
+#=Description xattrs then flags
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue=foo) flags=(audit, mediate_deleted) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_07.sd b/parser/tst/simple_tests/xattrs/ok_07.sd
new file mode 100644
index 0000000000000000000000000000000000000000..7ef7aab40032e65dec4eb6726c17995792e15bd3
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_07.sd
@@ -0,0 +1,8 @@
+#
+#=Description named profile
+#=EXRESULT PASS
+#
+
+profile xattrs-test /usr/bin/hi xattrs=(user.foo=* user.bar=*) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_08.sd b/parser/tst/simple_tests/xattrs/ok_08.sd
new file mode 100644
index 0000000000000000000000000000000000000000..94fa6c52de3467a63e61aa0613812663e079dce7
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_08.sd
@@ -0,0 +1,8 @@
+#
+#=Description named profile without path
+#=EXRESULT PASS
+#
+
+profile xattrs-test xattrs=(user.foo="bar") {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_09.sd b/parser/tst/simple_tests/xattrs/ok_09.sd
new file mode 100644
index 0000000000000000000000000000000000000000..c60feb491e2546e88d2d5e71b5df55539b765962
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_09.sd
@@ -0,0 +1,7 @@
+#
+#=Description profile with xattrs then flags
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue=foo) flags=(complain) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_10.sd b/parser/tst/simple_tests/xattrs/ok_10.sd
new file mode 100644
index 0000000000000000000000000000000000000000..ecebbd1be60594f27c7eb8066bf6e26d99d664d9
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_10.sd
@@ -0,0 +1,7 @@
+#
+#=Description no xattrs value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_11.sd b/parser/tst/simple_tests/xattrs/ok_11.sd
new file mode 100644
index 0000000000000000000000000000000000000000..0250c7808dfef10b976fd5984d28bbca1d7f2658
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_11.sd
@@ -0,0 +1,7 @@
+#
+#=Description multiple xattrs with no value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue myvalue2) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_12.sd b/parser/tst/simple_tests/xattrs/ok_12.sd
new file mode 100644
index 0000000000000000000000000000000000000000..810f99b0dacbcd30243f23ac94618cbdb73f1aae
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_12.sd
@@ -0,0 +1,7 @@
+#
+#=Description xattrs key followed by key value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(myvalue user.foo=bar) {
+ /foo r,
+}
diff --git a/parser/tst/simple_tests/xattrs/ok_13.sd b/parser/tst/simple_tests/xattrs/ok_13.sd
new file mode 100644
index 0000000000000000000000000000000000000000..e17e179424fc1549b060a753b4243b95cb91e5cb
--- /dev/null
+++ b/parser/tst/simple_tests/xattrs/ok_13.sd
@@ -0,0 +1,7 @@
+#
+#=Description xattrs key after key and value
+#=EXRESULT PASS
+#
+/usr/bin/xattrs-test xattrs=(user.foo=bar myvalue) {
+ /foo r,
+}
diff --git a/parser/tst/testlib.py b/parser/tst/testlib.py
index d15aa5eccd871426d6210d55985c397eda1eb76a..6b9318ef9f5c05e65b5bb31813590173f30e027e 100644
--- a/parser/tst/testlib.py
+++ b/parser/tst/testlib.py
@@ -75,7 +75,7 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
self.assertIn(expected_string, report, 'Expected message "%s", got: \n%s' % (expected_string, report))
return report
- def run_cmd(self, command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE,
+ def run_cmd(self, command, input=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE,
stdin=None, timeout=120):
'''Try to execute given command (array) and return its stdout, or
return a textual error if it failed.'''
@@ -83,11 +83,20 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
if self.debug:
print('\n===> Running command: \'%s\'' % (' '.join(command)))
+ (rc, out, outerr) = self._run_cmd(command, input, stderr, stdout, stdin, timeout)
+ report = out + outerr
+
+ return [rc, report]
+
+ def _run_cmd(self, command, input=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE,
+ stdin=None, timeout=120):
+ '''Try to execute given command (array) and return its rc, stdout, and stderr as a tuple'''
+
try:
sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr,
- close_fds=True, preexec_fn=subprocess_setup)
+ close_fds=True, preexec_fn=subprocess_setup, universal_newlines=True)
except OSError as e:
- return [127, str(e)]
+ return [127, str(e), '']
timeout_communicate = TimeoutFunction(sp.communicate, timeout)
out, outerr = (None, None)
@@ -96,19 +105,17 @@ class AATestTemplate(unittest.TestCase, metaclass=AANoCleanupMetaClass):
rc = sp.returncode
except TimeoutFunctionException as e:
sp.terminate()
- outerr = b'test timed out, killed'
+ outerr = 'test timed out, killed'
rc = TIMEOUT_ERROR_CODE
# Handle redirection of stdout
if out is None:
- out = b''
+ out = ''
# Handle redirection of stderr
if outerr is None:
- outerr = b''
+ outerr = ''
- report = out.decode('utf-8') + outerr.decode('utf-8')
-
- return [rc, report]
+ return (rc, out, outerr)
# Timeout handler using alarm() from John P. Speno's Pythonic Avocado
@@ -173,7 +180,7 @@ def read_features_dir(path):
if not os.path.exists(path) or not os.path.isdir(path):
return result
- for name in os.listdir(path):
+ for name in sorted(os.listdir(path)):
entry = os.path.join(path, name)
result += '%s {' % name
if os.path.isfile(entry):
@@ -197,5 +204,3 @@ def write_file(directory, file, contents):
with open(path, 'w+') as f:
f.write(contents)
return path
-
-
diff --git a/presentations/apparmor-opensuse-2018.odp b/presentations/apparmor-opensuse-2018.odp
new file mode 100644
index 0000000000000000000000000000000000000000..8dd65d33064cc692c2ed72110142a48fe7d364ff
Binary files /dev/null and b/presentations/apparmor-opensuse-2018.odp differ
diff --git a/profiles/Makefile b/profiles/Makefile
index ba47fc1665fcfd0fdc1b62261e54911188cd0c8e..f8fa10be3c1572c95297cbefe979d21e94c47b9d 100644
--- a/profiles/Makefile
+++ b/profiles/Makefile
@@ -41,7 +41,7 @@ ifdef USE_SYSTEM
LOGPROF?=aa-logprof
else
# PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
- PYTHON_DIST_BUILD_PATH = ../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
+ PYTHON_DIST_BUILD_PATH = ../libraries/libapparmor/swig/python/build/$$($(PYTHON) ../libraries/libapparmor/swig/python/test/buildpath.py)
LIBAPPARMOR_PATH=../libraries/libapparmor/src/.libs/
LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
PYTHONPATH=../utils/:$(PYTHON_DIST_BUILD_PATH)
@@ -82,7 +82,7 @@ local:
for profile in ${TOPLEVEL_PROFILES}; do \
fn=$$(basename $$profile); \
echo "# Site-specific additions and overrides for '$$fn'" > ${PROFILES_SOURCE}/local/$$fn; \
- grep "include[[:space:]]\\+<local/$$fn>" "$$profile" >/dev/null || { echo "$$profile doesn't contain #include <local/$$fn>" ; exit 1; } ; \
+ grep "include[[:space:]]\\+if[[:space:]]\\+exists[[:space:]]\\+<local/$$fn>" "$$profile" >/dev/null || { echo "$$profile doesn't contain include if exists <local/$$fn>" ; exit 1; } ; \
done; \
.PHONY: install
@@ -119,7 +119,7 @@ CHECK_PROFILES=$(filter-out ${IGNORE_FILES} ${SUBDIRS}, $(wildcard ${PROFILES_SO
CHECK_ABSTRACTIONS=$(shell find ${ABSTRACTIONS_SOURCE} -type f -print)
.PHONY: check
-check: check-parser check-logprof
+check: check-parser check-logprof check-abstractions.d
.PHONY: check-parser
check-parser: test-dependencies local
@@ -132,7 +132,7 @@ check-parser: test-dependencies local
@echo "*** Checking abstractions from ${ABSTRACTIONS_SOURCE} against apparmor_parser"
$(Q)for abstraction in ${CHECK_ABSTRACTIONS} ; do \
[ -n "${VERBOSE}" ] && echo "Testing $${abstraction}" ; \
- echo "#include <tunables/global> profile test { #include <$${abstraction}> }" \
+ echo "abi <abi/3.0>, #include <tunables/global> profile test { #include <$${abstraction}> }" \
| ${PARSER} --config-file=../parser/tst/parser.conf -S -b ${PWD}/apparmor.d -I ${PWD} > /dev/null \
|| exit 1; \
done
@@ -141,3 +141,13 @@ check-parser: test-dependencies local
check-logprof: test-dependencies local
@echo "*** Checking profiles from ${PROFILES_SOURCE} against logprof"
$(Q)${LOGPROF} -d ${PROFILES_SOURCE} -f /dev/null || exit 1
+
+.PHONY: check-abstractions.d
+check-abstractions.d:
+ @echo "*** Checking if all abstractions (with a few exceptions) contain include if exists <abstractions/*.d>"
+ $(Q)cd apparmor.d/abstractions && for file in * ; do \
+ test -d "$$file" && continue ; \
+ test "$$file" = 'ubuntu-browsers' && continue ; \
+ test "$$file" = 'ubuntu-helpers' && continue ; \
+ grep -q "^ include if exists <abstractions/$${file}.d>$$" $$file || { echo "$$file does not contain 'include if exists <abstractions/$${file}.d>'"; exit 1; } ; \
+ done
diff --git a/profiles/apparmor.d/abi/3.0 b/profiles/apparmor.d/abi/3.0
new file mode 100644
index 0000000000000000000000000000000000000000..4b60c425f89b375078a0dc75eef58c12c292b389
--- /dev/null
+++ b/profiles/apparmor.d/abi/3.0
@@ -0,0 +1,78 @@
+query {label {multi_transaction {yes
+}
+data {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+dbus {mask {acquire send receive
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
+ptrace {mask {read trace
+}
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+network {af_unix {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+network_v8 {af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {version {1.2
+}
+attach_conditions {xattr {yes
+}
+}
+computed_longest_left {yes
+}
+post_nnp_subset {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+stack {yes
+}
+change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+versions {v8 {yes
+}
+v7 {yes
+}
+v6 {yes
+}
+v5 {yes
+}
+}
+}
diff --git a/profiles/apparmor.d/abi/kernel-5.4-outoftree-network b/profiles/apparmor.d/abi/kernel-5.4-outoftree-network
new file mode 100644
index 0000000000000000000000000000000000000000..6d5e95b6e1d37713568d93ae67e3f145d97acc9f
--- /dev/null
+++ b/profiles/apparmor.d/abi/kernel-5.4-outoftree-network
@@ -0,0 +1,76 @@
+query {label {multi_transaction {yes
+}
+data {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+dbus {mask {acquire send receive
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
+ptrace {mask {read trace
+}
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+network {af_unix {yes
+}
+af_mask {unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp
+}
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {version {1.2
+}
+attach_conditions {xattr {yes
+}
+}
+computed_longest_left {yes
+}
+post_nnp_subset {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+stack {yes
+}
+change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+versions {v8 {yes
+}
+v7 {yes
+}
+v6 {yes
+}
+v5 {yes
+}
+}
+}
diff --git a/profiles/apparmor.d/abi/kernel-5.4-vanilla b/profiles/apparmor.d/abi/kernel-5.4-vanilla
new file mode 100644
index 0000000000000000000000000000000000000000..9fa0e8f54b4d487f811f6b462a557095af4676a8
--- /dev/null
+++ b/profiles/apparmor.d/abi/kernel-5.4-vanilla
@@ -0,0 +1,68 @@
+query {label {multi_transaction {yes
+}
+data {yes
+}
+perms {allow deny audit quiet
+}
+}
+}
+signal {mask {hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost
+}
+}
+ptrace {mask {read trace
+}
+}
+caps {mask {chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read
+}
+}
+rlimit {mask {cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime
+}
+}
+capability {0xffffff
+}
+namespaces {pivot_root {no
+}
+profile {yes
+}
+}
+mount {mask {mount umount pivot_root
+}
+}
+}
+file {mask {create read write exec append mmap_exec link lock
+}
+}
+domain {version {1.2
+}
+attach_conditions {xattr {yes
+}
+}
+computed_longest_left {yes
+}
+post_nnp_subset {yes
+}
+fix_binfmt_elf_mmap {yes
+}
+stack {yes
+}
+change_profile {yes
+}
+change_onexec {yes
+}
+change_hatv {yes
+}
+change_hat {yes
+}
+}
+policy {set_load {yes
+}
+versions {v8 {yes
+}
+v7 {yes
+}
+v6 {yes
+}
+v5 {yes
+}
+}
+}
diff --git a/profiles/apparmor.d/abstractions/X b/profiles/apparmor.d/abstractions/X
index d60ef27f7f972e393b9fb09e0f5e5f5ff0afd32f..ead10d9ad4f4d8358b09c936c4b83a92cdfa7207 100644
--- a/profiles/apparmor.d/abstractions/X
+++ b/profiles/apparmor.d/abstractions/X
@@ -10,21 +10,24 @@
#
# ------------------------------------------------------------------
- #include <abstractions/dri-common>
+ abi <abi/3.0>,
+
+ include <abstractions/dri-common>
# .ICEauthority files required for X authentication, per user
owner @{HOME}/.ICEauthority r,
+ owner @{run}/user/*/ICEauthority r,
# .Xauthority files required for X connections, per user
owner @{HOME}/.Xauthority r,
owner @{HOME}/.local/share/sddm/.Xauthority r,
- owner /{,var/}run/gdm{,3}/*/database r,
- owner /{,var/}run/lightdm/authority/[0-9]* r,
- owner /{,var/}run/lightdm/*/xauthority r,
- owner /{,var/}run/user/*/gdm/Xauthority r,
- owner /{,var/}run/user/*/X11/Xauthority r,
- owner /{,var/}run/user/*/xauth_* r,
+ owner @{run}/gdm{,3}/*/database r,
+ owner @{run}/lightdm/authority/[0-9]* r,
+ owner @{run}/lightdm/*/xauthority r,
+ owner @{run}/user/*/gdm/Xauthority r,
+ owner @{run}/user/*/X11/Xauthority r,
+ owner @{run}/user/*/xauth_* r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* rw,
@@ -57,5 +60,7 @@
/etc/X11/cursors/** r,
# Xwayland
- owner /run/user/*/.mutter-Xwaylandauth.* r,
+ owner @{run}/user/*/.mutter-Xwaylandauth.* r,
+ # Include additions to the abstraction
+ include if exists <abstractions/X.d>
diff --git a/profiles/apparmor.d/abstractions/apache2-common b/profiles/apparmor.d/abstractions/apache2-common
index 850dd89c838d10e4766f37984426628ad6a482d7..e6bcc5eb1b45d7bdc76f46f34a1a188524e72c11 100644
--- a/profiles/apparmor.d/abstractions/apache2-common
+++ b/profiles/apparmor.d/abstractions/apache2-common
@@ -2,8 +2,14 @@
# This file contains basic permissions for Apache and every vHost
- #include <abstractions/nameservice>
+ abi <abi/3.0>,
+ include <abstractions/nameservice>
+
+ # Allow other processes to read our /proc entries
+ ptrace (readby),
+ # Allow other processes to trace us by default
+ ptrace (tracedby),
# Allow unconfined processes to send us signals by default
signal (receive) peer=unconfined,
# Allow apache to send us signals by default
@@ -20,7 +26,7 @@
/usr/share/apache2/** r,
# changehat itself
- @{PROC}/@{pid}/attr/current rw,
+ @{PROC}/@{pid}/attr/{apparmor/,}current rw,
# htaccess files - for what ever it is worth
/**/.htaccess r,
@@ -28,7 +34,10 @@
/dev/urandom r,
# sasl-auth
- /run/saslauthd/mux rw,
+ @{run}/saslauthd/mux rw,
# OCSP stapling
- /var/log/apache2/stapling-cache rw,
+ @{run}/lock/apache2/stapling-cache* rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/apache2-common.d>
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/change_profile b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
index 30f6b70406dff56119b6ba9076dd0b30df192312..c2dfcba5d2b49bfe5527b6f77bcc6de0bb8f7689 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/change_profile
+++ b/profiles/apparmor.d/abstractions/apparmor_api/change_profile
@@ -6,6 +6,8 @@
#
# ------------------------------------------------------------------
-#include <abstractions/apparmor_api/introspect>
+abi <abi/3.0>,
-@{PROC}/@{tid}/attr/{current,exec} w,
+include <abstractions/apparmor_api/introspect>
+
+@{PROC}/@{tid}/attr/{apparmor/,}{current,exec} w,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/examine b/profiles/apparmor.d/abstractions/apparmor_api/examine
index 2f2ea15a4981d04f353feb54de05d49bff1a3c2e..655708bfaa0996e167023413dc362bbd5f6cfa7e 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/examine
+++ b/profiles/apparmor.d/abstractions/apparmor_api/examine
@@ -9,4 +9,6 @@
# Make sure to include at least tunables/proc and tunables/kernelvars
# when using this abstraction, if not tunables/global.
-@{PROC}/@{pids}/attr/{current,prev,exec} r,
+abi <abi/3.0>,
+
+@{PROC}/@{pids}/attr/{apparmor/,}{current,prev,exec} r,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint b/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
index b8ac54d1285c983e51f405b265b260535c32554b..d75970e5595818a73fd1c224b8e6d567cd246785 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
+++ b/profiles/apparmor.d/abstractions/apparmor_api/find_mountpoint
@@ -6,6 +6,8 @@
#
# ------------------------------------------------------------------
+abi <abi/3.0>,
+
#permissions needed for aa_find_mountpoint
# Make sure to include at least tunables/proc and tunables/kernelvars
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/introspect b/profiles/apparmor.d/abstractions/apparmor_api/introspect
index e110c84928cfca876eaed76aff68d04f94b6b174..b88da0a4762f13321b4955d54e5e15a7a0b1b53c 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/introspect
+++ b/profiles/apparmor.d/abstractions/apparmor_api/introspect
@@ -6,7 +6,9 @@
#
# ------------------------------------------------------------------
+abi <abi/3.0>,
+
# Make sure to include at least tunables/proc and tunables/kernelvars
# when using this abstraction, if not tunables/global.
-@{PROC}/@{tid}/attr/{current,prev,exec} r,
+@{PROC}/@{tid}/attr/{apparmor/,}{current,prev,exec} r,
diff --git a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
index a637d3cedb7cbcdf2f524c148982df6fad14a8b7..b91e3fa9f25bfec5a892439c89642a249b7d0462 100644
--- a/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
+++ b/profiles/apparmor.d/abstractions/apparmor_api/is_enabled
@@ -6,12 +6,15 @@
#
# ------------------------------------------------------------------
+abi <abi/3.0>,
+
# permissions needed for aa_is_enabled
# Make sure to include tunables/apparmorfs and tunables/global
# when using this abstraction
-#include <abstractions/apparmor_api/find_mountpoint>
+include <abstractions/apparmor_api/find_mountpoint>
@{sys}/module/apparmor/parameters/enabled r,
+@{sys}/module/apparmor/parameters/available r,
# TODO: add alternate apparmorfs interface for enabled
diff --git a/profiles/apparmor.d/abstractions/aspell b/profiles/apparmor.d/abstractions/aspell
index 954768924669b073de09aaa225ba7521aca1b91b..eff252bd35601acf7e2db71b1f8b9808fc20f359 100644
--- a/profiles/apparmor.d/abstractions/aspell
+++ b/profiles/apparmor.d/abstractions/aspell
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# aspell permissions
+ abi <abi/3.0>,
+
# per-user settings and dictionaries
owner @{HOME}/.aspell.*.{pws,prepl} rwk,
@@ -11,3 +13,6 @@
/usr/share/aspell/ r,
/usr/share/aspell/* r,
/var/lib/aspell/* r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/aspell.d>
diff --git a/profiles/apparmor.d/abstractions/audio b/profiles/apparmor.d/abstractions/audio
index f4dbaac30bc1764e363731c21e7bf56f4ead8cce..01493260d0488c9322e17918faccdf3466af1505 100644
--- a/profiles/apparmor.d/abstractions/audio
+++ b/profiles/apparmor.d/abstractions/audio
@@ -10,6 +10,7 @@
#
# ------------------------------------------------------------------
+abi <abi/3.0>,
/dev/admmidi* rw,
@@ -55,13 +56,15 @@ owner @{HOME}/.cache/event-sound-cache.* rwk,
# pulse
/etc/pulse/ r,
/etc/pulse/** r,
-/{run,dev}/shm/ r,
-owner /{run,dev}/shm/pulse-shm* rwk,
+/dev/shm/ r,
+@{run}/shm/ r,
+owner /dev/shm/pulse-shm* rwk,
+owner @{run}/shm/pulse-shm* rwk,
owner @{HOME}/.pulse-cookie rwk,
owner @{HOME}/.pulse/ rw,
owner @{HOME}/.pulse/* rwk,
-owner /{,var/}run/user/*/pulse/ rw,
-owner /{,var/}run/user/*/pulse/{native,pid} rwk,
+owner @{run}/user/*/pulse/ rw,
+owner @{run}/user/*/pulse/{native,pid} rwk,
owner @{HOME}/.config/pulse/*.conf r,
owner @{HOME}/.config/pulse/client.conf.d/{,*.conf} r,
owner @{HOME}/.config/pulse/cookie rwk,
@@ -81,3 +84,6 @@ owner @{HOME}/.local/share/openal/hrtf/{,**} r,
# wildmidi
/etc/wildmidi/wildmidi.cfg r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/audio.d>
diff --git a/profiles/apparmor.d/abstractions/authentication b/profiles/apparmor.d/abstractions/authentication
index 75771ecdcacae24249e9fed64dc3f2195ca37a7d..d5dbd83add23de876b73e8df9b674f2d0f74958a 100644
--- a/profiles/apparmor.d/abstractions/authentication
+++ b/profiles/apparmor.d/abstractions/authentication
@@ -2,7 +2,7 @@
#
# Copyright (C) 2002-2009 Novell/SUSE
# Copyright (C) 2009-2012 Canonical Ltd
-# Copyright (C) 2019 Christian Boltz
+# Copyright (C) 2019-2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,18 +10,19 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
# Some services need to perform authentication of users
# Such authentication almost certainly needs access to the local users
# databases containing passwords, PAM configuration files, PAM libraries
- /{usr/,}etc/nologin r,
- /{usr/,}etc/pam.d/* r,
- /{usr/,}etc/securetty r,
- /{usr/,}etc/security/* r,
- /{usr/,}etc/shadow r,
- /{usr/,}etc/gshadow r,
- /{usr/,}etc/pwdb.conf r,
+ @{etc_ro}/nologin r,
+ @{etc_ro}/pam.d/* r,
+ @{etc_ro}/securetty r,
+ @{etc_ro}/security/* r,
+ @{etc_ro}/shadow r,
+ @{etc_ro}/gshadow r,
+ @{etc_ro}/pwdb.conf r,
/{usr/,}lib{,32,64}/security/pam_filter/* mr,
/{usr/,}lib{,32,64}/security/pam_*.so mr,
@@ -31,22 +32,27 @@
/{usr/,}lib/@{multiarch}/security/ r,
# kerberos
- #include <abstractions/kerberosclient>
+ include <abstractions/kerberosclient>
# SuSE's pwdutils are different:
- /{usr/,}etc/default/passwd r,
- /{usr/,}etc/login.defs r,
+ @{etc_ro}/default/passwd r,
+ @{etc_ro}/login.defs r,
+ @{etc_ro}/login.defs.d/ r,
+ @{etc_ro}/login.defs.d/*.defs r,
# nis
- #include <abstractions/nis>
+ include <abstractions/nis>
# winbind
- #include <abstractions/winbind>
+ include <abstractions/winbind>
# likewise
- #include <abstractions/likewise>
+ include <abstractions/likewise>
# smbpass
- #include <abstractions/smbpass>
+ include <abstractions/smbpass>
# p11-kit (PKCS#11 modules configuration)
- #include <abstractions/p11-kit>
+ include <abstractions/p11-kit>
+
+ # Include additions to the abstraction
+ include if exists <abstractions/authentication.d>
diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
index fabb4273cf8535dee1a50c02e8ad315970553047..f36a5f86da754ac067a0fc23cc6cdc671b424c98 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -10,7 +10,9 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+ include <abstractions/crypto>
# (Note that the ldd profile has inlined this file; if you make
# modifications here, please consider including them in the ldd
@@ -26,10 +28,10 @@
# Allow access to the uuidd daemon (this daemon is a thin wrapper around
# time and getrandom()/{,u}random and, when available, runs under an
# unprivilged, dedicated user).
- /run/uuidd/request r,
- /etc/locale/** r,
- /etc/locale.alias r,
- /etc/localtime r,
+ @{run}/uuidd/request r,
+ @{etc_ro}/locale/** r,
+ @{etc_ro}/locale.alias r,
+ @{etc_ro}/localtime r,
/usr/share/locale-bundle/** r,
/usr/share/locale-langpack/** r,
/usr/share/locale/** r,
@@ -37,13 +39,13 @@
/usr/share/zoneinfo/ r,
/usr/share/zoneinfo/** r,
/usr/share/X11/locale/** r,
- /run/systemd/journal/dev-log w,
+ @{run}/systemd/journal/dev-log w,
# systemd native journal API (see sd_journal_print(4))
- /run/systemd/journal/socket w,
+ @{run}/systemd/journal/socket w,
# Nested containers and anything using systemd-cat need this. 'r' shouldn't
# be required but applications fail without it. journald doesn't leak
# anything when reading so this is ok.
- /run/systemd/journal/stdout rw,
+ @{run}/systemd/journal/stdout rw,
/usr/lib{,32,64}/locale/** mr,
/usr/lib{,32,64}/gconv/*.so mr,
@@ -52,14 +54,14 @@
/usr/lib/@{multiarch}/gconv/gconv-modules* mr,
# used by glibc when binding to ephemeral ports
- /etc/bindresvport.blacklist r,
+ @{etc_ro}/bindresvport.blacklist r,
# ld.so.cache and ld are used to load shared libraries; they are best
# available everywhere
- /etc/ld.so.cache mr,
- /etc/ld.so.conf r,
- /etc/ld.so.conf.d/{,*.conf} r,
- /etc/ld.so.preload r,
+ @{etc_ro}/ld.so.cache mr,
+ @{etc_ro}/ld.so.conf r,
+ @{etc_ro}/ld.so.conf.d/{,*.conf} r,
+ @{etc_ro}/ld.so.preload r,
/{usr/,}lib{,32,64}/ld{,32,64}-*.so mr,
/{usr/,}lib/@{multiarch}/ld{,32,64}-*.so mr,
/{usr/,}lib/tls/i686/{cmov,nosegneg}/ld-*.so mr,
@@ -74,6 +76,11 @@
/{usr/,}lib/tls/i686/{cmov,nosegneg}/*.so* mr,
/{usr/,}lib/i386-linux-gnu/tls/i686/{cmov,nosegneg}/*.so* mr,
+ # FIPS-140-2 versions of some crypto libraries need to access their
+ # associated integrity verification file, or they will abort.
+ /{usr/,}lib{,32,64}/.lib*.so*.hmac r,
+ /{usr/,}lib/@{multiarch}/.lib*.so*.hmac r,
+
# /dev/null is pretty harmless and frequently used
/dev/null rw,
# as is /dev/zero
@@ -94,6 +101,7 @@
@{PROC}/cpuinfo r,
@{sys}/devices/system/cpu/ r,
@{sys}/devices/system/cpu/online r,
+ @{sys}/devices/system/cpu/possible r,
# glibc's *printf protections read the maps file
@{PROC}/@{pid}/{maps,auxv,status} r,
@@ -165,3 +173,6 @@
owner @{HOMEDIRS}/.ecryptfs/*/.Private/ r,
owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/base.d>
diff --git a/profiles/apparmor.d/abstractions/bash b/profiles/apparmor.d/abstractions/bash
index e8dcd75cb5c552df9f55bac0e6c66a3590439f00..89c1cf1e4d257d55f7a6af5445d92382e64e9c29 100644
--- a/profiles/apparmor.d/abstractions/bash
+++ b/profiles/apparmor.d/abstractions/bash
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# user-specific bash files
@{HOMEDIRS} r,
@{HOME}/.bashrc r,
@@ -42,3 +44,6 @@
/etc/DIR_COLORS r,
/{usr/,}bin/ls mix,
/usr/bin/dircolors mix,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/bash.d>
diff --git a/profiles/apparmor.d/abstractions/consoles b/profiles/apparmor.d/abstractions/consoles
index d6c30be833ad1058f578094397d97035425ac89b..aabf3dd51e0f16b427aea3eb83043009c2b6a449 100644
--- a/profiles/apparmor.d/abstractions/consoles
+++ b/profiles/apparmor.d/abstractions/consoles
@@ -9,6 +9,7 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
# there are three common ways to refer to consoles
@@ -21,3 +22,6 @@
/dev/pts/[0-9]* rw,
/dev/pts/ r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/consoles.d>
diff --git a/profiles/apparmor.d/abstractions/crypto b/profiles/apparmor.d/abstractions/crypto
new file mode 100644
index 0000000000000000000000000000000000000000..83676003d56b48e312b4728a421aaea068561c18
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/crypto
@@ -0,0 +1,26 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+# Copyright (C) 2021 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ abi <abi/3.0>,
+
+ @{etc_ro}/gcrypt/random.conf r,
+ @{PROC}/sys/crypto/fips_enabled r,
+
+ # libgcrypt reads some flags from /proc
+ @{PROC}/sys/crypto/* r,
+
+ # crypto policies used by various libraries
+ /etc/crypto-policies/*/*.txt r,
+ /usr/share/crypto-policies/*/*.txt r,
+
+ include if exists <abstractions/crypto.d>
diff --git a/profiles/apparmor.d/abstractions/cups-client b/profiles/apparmor.d/abstractions/cups-client
index f38ac09792c4c42c08c79bbd7d786b85d2cae2dd..44f36e2b60583c8bd40d19d9d3676520c04ec909 100644
--- a/profiles/apparmor.d/abstractions/cups-client
+++ b/profiles/apparmor.d/abstractions/cups-client
@@ -9,10 +9,15 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# discoverable system configuration for non-local cupsd
/etc/cups/client.conf r,
# client should be able to talk the local cupsd
- /{,var/}run/cups/cups.sock rw,
+ @{run}/cups/cups.sock rw,
# client should be able to read user-specified cups configuration
owner @{HOME}/.cups/client.conf r,
owner @{HOME}/.cups/lpoptions r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/cups-client.d>
diff --git a/profiles/apparmor.d/abstractions/dbus b/profiles/apparmor.d/abstractions/dbus
index c670fc2d96bed7d7f8ccf48e2b3f9a69c5988904..b96ca09ac0af158fb8b9e46edfe3e58e3f55254b 100644
--- a/profiles/apparmor.d/abstractions/dbus
+++ b/profiles/apparmor.d/abstractions/dbus
@@ -9,8 +9,13 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# This abstraction grants full system bus access. Consider using the
# dbus-strict abstraction for fine-grained bus mediation.
- #include <abstractions/dbus-strict>
+ include <abstractions/dbus-strict>
dbus bus=system,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility b/profiles/apparmor.d/abstractions/dbus-accessibility
index 40a3308447ca7c48c87e589dbcb244865a385122..3c49a32ff8fbe44d5cb3873a38f11fd75c1758e6 100644
--- a/profiles/apparmor.d/abstractions/dbus-accessibility
+++ b/profiles/apparmor.d/abstractions/dbus-accessibility
@@ -9,8 +9,13 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# This abstraction grants full accessibility bus access. Consider using the
# dbus-accessibility-strict abstraction for fine-grained bus mediation.
- #include <abstractions/dbus-accessibility-strict>
+ include <abstractions/dbus-accessibility-strict>
dbus bus=accessibility,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus-accessibility.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-accessibility-strict b/profiles/apparmor.d/abstractions/dbus-accessibility-strict
index a853ce209701c6bdd3181e51d6b057ce59f8689d..8fe06ea63f7be8ccdeb3a857978f7602b83dc02d 100644
--- a/profiles/apparmor.d/abstractions/dbus-accessibility-strict
+++ b/profiles/apparmor.d/abstractions/dbus-accessibility-strict
@@ -9,9 +9,14 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
dbus send
bus=accessibility
path=/org/freedesktop/DBus
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus-accessibility-strict.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-network-manager-strict b/profiles/apparmor.d/abstractions/dbus-network-manager-strict
index 889a9a850a389d9cd5892134f7762b62c1fd4fcc..9930c80da3d6c915694423538dbf5b3aa55e75f3 100644
--- a/profiles/apparmor.d/abstractions/dbus-network-manager-strict
+++ b/profiles/apparmor.d/abstractions/dbus-network-manager-strict
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
dbus send
bus=system
path=/org/freedesktop/NetworkManager
@@ -42,4 +44,4 @@
member=GetSettings
peer=(name=org.freedesktop.NetworkManager),
- #include if exists <abstractions/dbus-network-manager-strict.d>
+ include if exists <abstractions/dbus-network-manager-strict.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-session b/profiles/apparmor.d/abstractions/dbus-session
index eb1ed91e446990bf3731a276fc193fc46798c99c..9b8b979e7909d84e6a5d56b5fe38ee8a84c0bc00 100644
--- a/profiles/apparmor.d/abstractions/dbus-session
+++ b/profiles/apparmor.d/abstractions/dbus-session
@@ -9,9 +9,14 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# This abstraction grants full session bus access. Consider using the
# dbus-session-strict abstraction for fine-grained bus mediation.
- #include <abstractions/dbus-session-strict>
+ include <abstractions/dbus-session-strict>
/usr/bin/dbus-launch ix,
dbus bus=session,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus-session.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-session-strict b/profiles/apparmor.d/abstractions/dbus-session-strict
index 1600554a615e8d85d3c16decdc6254800f874d7f..a301d45f6c3888d72bee3fdbde13095c9d4cf5e7 100644
--- a/profiles/apparmor.d/abstractions/dbus-session-strict
+++ b/profiles/apparmor.d/abstractions/dbus-session-strict
@@ -9,17 +9,18 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# unique per-machine identifier
/etc/machine-id r,
/var/lib/dbus/machine-id r,
- owner /run/user/*/bus rw,
unix (connect, receive, send)
type=stream
peer=(addr="@/tmp/dbus-*"),
# dbus with systemd and --enable-user-session
- owner /run/user/[0-9]*/bus rw,
+ owner @{run}/user/[0-9]*/bus rw,
dbus send
bus=session
@@ -27,3 +28,6 @@
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus-session-strict.d>
diff --git a/profiles/apparmor.d/abstractions/dbus-strict b/profiles/apparmor.d/abstractions/dbus-strict
index 01a426e46d5e5e5c0405bc1e8d266e99b9dda030..915195d2840385770132f8ad99a78ce5f9987d8e 100644
--- a/profiles/apparmor.d/abstractions/dbus-strict
+++ b/profiles/apparmor.d/abstractions/dbus-strict
@@ -9,7 +9,9 @@
#
# ------------------------------------------------------------------
- /{,var/}run/dbus/system_bus_socket rw,
+ abi <abi/3.0>,
+
+ @{run}/dbus/system_bus_socket rw,
dbus send
bus=system
@@ -17,3 +19,6 @@
interface=org.freedesktop.DBus
member={Hello,AddMatch,RemoveMatch,GetNameOwner,NameHasOwner,StartServiceByName}
peer=(name=org.freedesktop.DBus),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dbus-strict.d>
diff --git a/profiles/apparmor.d/abstractions/dconf b/profiles/apparmor.d/abstractions/dconf
index 7ef69783237642356d3a1338a3d171823f3933a7..fc3b3dbd44c2ff39428f2930096910cfd6628336 100644
--- a/profiles/apparmor.d/abstractions/dconf
+++ b/profiles/apparmor.d/abstractions/dconf
@@ -1,8 +1,13 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# permissions for querying dconf settings; granting write access should
# be specified in a specific application's profile.
/etc/dconf/** r,
- owner /{,var/}run/user/*/dconf/user r,
+ owner @{run}/user/*/dconf/user r,
owner @{HOME}/.config/dconf/user r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dconf.d>
diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common
index e1681d9a0ed892e1d653e675631cc7ed3564a6ce..35d3cb11acc4143f120eb2b6eb8618db72c5d1e7 100644
--- a/profiles/apparmor.d/abstractions/dovecot-common
+++ b/profiles/apparmor.d/abstractions/dovecot-common
@@ -9,6 +9,8 @@
# ------------------------------------------------------------------
# used with dovecot/*
+ abi <abi/3.0>,
+
capability setgid,
deny capability block_suspend,
@@ -16,4 +18,7 @@
# dovecot's master can send us signals
signal receive peer=dovecot,
- /{var/,}run/dovecot/config rw,
+ owner @{run}/dovecot/config rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dovecot-common.d>
diff --git a/profiles/apparmor.d/abstractions/dri-common b/profiles/apparmor.d/abstractions/dri-common
index b5e0a5c5b90f0d1c652dcae3a08e05c5fa5d0a63..cd9542b0b411288d8a48a447595e3a8f5abcd624 100644
--- a/profiles/apparmor.d/abstractions/dri-common
+++ b/profiles/apparmor.d/abstractions/dri-common
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This file contains common DRI-specific rules useful for GUI applications
# (needed by libdrm and similar).
@@ -12,3 +14,6 @@
/usr/share/drirc.d/{,*.conf} r,
owner @{HOME}/.drirc r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dri-common.d>
diff --git a/profiles/apparmor.d/abstractions/dri-enumerate b/profiles/apparmor.d/abstractions/dri-enumerate
index e101be5cb16837edfd9348b9112cda4a4a9d7da8..b5717cd2120de37ac69d87ac0c3bdfe2e20956e7 100644
--- a/profiles/apparmor.d/abstractions/dri-enumerate
+++ b/profiles/apparmor.d/abstractions/dri-enumerate
@@ -1,8 +1,13 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This file contains common DRI-specific rules useful for GUI applications that
# needs to enumerate graphic devices (as with drmParsePciDeviceInfo() from
# libdrm).
@{sys}/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/dri-enumerate.d>
diff --git a/profiles/apparmor.d/abstractions/enchant b/profiles/apparmor.d/abstractions/enchant
index 2a1bd05c5bae8752f48ca9f3bd7858fc01780403..e80373b2c5885f247f6d62a4bbe65675f0761f01 100644
--- a/profiles/apparmor.d/abstractions/enchant
+++ b/profiles/apparmor.d/abstractions/enchant
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# abstraction for Enchant spellchecking frontend
/usr/share/enchant/ r,
@@ -18,7 +20,7 @@
/usr/share/enchant-2/enchant.ordering r,
# aspell
- #include <abstractions/aspell>
+ include <abstractions/aspell>
/var/lib/dictionaries-common/aspell/ r,
/var/lib/dictionaries-common/aspell/* r,
@@ -57,3 +59,6 @@
# per-user dictionaries
owner @{HOME}/.config/enchant/ rw,
owner @{HOME}/.config/enchant/* rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/enchant.d>
diff --git a/profiles/apparmor.d/abstractions/exo-open b/profiles/apparmor.d/abstractions/exo-open
index 6b14afa58956869e297bff87ee3c4cce4e698bea..2ce38e5f0fbee744c71047781dab8ffba87c02e8 100644
--- a/profiles/apparmor.d/abstractions/exo-open
+++ b/profiles/apparmor.d/abstractions/exo-open
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via exo-open helper.
#
@@ -18,27 +20,27 @@
#
# # out-of-line child profile
# profile foo//exo-open {
-# #include <abstractions/exo-open>
+# include <abstractions/exo-open>
#
# # needed for ubuntu-* abstractions
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
-# #include <abstractions/ubuntu-browsers>
-# #include <abstractions/ubuntu-email>
+# include <abstractions/ubuntu-browsers>
+# include <abstractions/ubuntu-email>
#
# # Add if accesibility access is considered as required
# # (for message boxe in case exo-open fails)
-# #include <abstractions/dbus-accessibility>
+# include <abstractions/dbus-accessibility>
#
# # < add additional allowed applications here >
# }
- #include <abstractions/X>
- #include <abstractions/audio> # for alert messages
- #include <abstractions/base>
- #include <abstractions/dbus-session-strict>
- #include <abstractions/gnome>
+ include <abstractions/X>
+ include <abstractions/audio> # for alert messages
+ include <abstractions/base>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/gnome>
# Main executables
@@ -49,13 +51,6 @@
/{,usr/}bin/which rix,
- # Deny DBus
-
- # for GTK error message dialog, not required exo-open to work.
- deny dbus send
- bus=session
- path=/org/gtk/vfs/mounttracker,
-
# System files
/etc/xdg/{,xdg-*/}xfce4/helpers.rc r,
@@ -71,4 +66,4 @@
owner @{HOME}/.local/share/xfce4/helpers/*.desktop r,
# Include additions to the abstraction
- #include if exists <abstractions/exo-open.d>
+ include if exists <abstractions/exo-open.d>
diff --git a/profiles/apparmor.d/abstractions/fcitx b/profiles/apparmor.d/abstractions/fcitx
index 3d26cc9555cc6fb780136457160ddb1ef5d4ff5e..9321bfcd2aa28d7ed9d3a964b230f4a04b2e9257 100644
--- a/profiles/apparmor.d/abstractions/fcitx
+++ b/profiles/apparmor.d/abstractions/fcitx
@@ -9,5 +9,10 @@
#
# ------------------------------------------------------------------
- #include <abstractions/fcitx-strict>
+ abi <abi/3.0>,
+
+ include <abstractions/fcitx-strict>
dbus bus=fcitx,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/fcitx.d>
diff --git a/profiles/apparmor.d/abstractions/fcitx-strict b/profiles/apparmor.d/abstractions/fcitx-strict
index d77373417368b897ac007fad9e24428ef54e78ea..19d2191df2d6dd3c49d0e2819834451a97bd7c0c 100644
--- a/profiles/apparmor.d/abstractions/fcitx-strict
+++ b/profiles/apparmor.d/abstractions/fcitx-strict
@@ -9,7 +9,9 @@
#
# ------------------------------------------------------------------
- #include <abstractions/dbus-session-strict>
+ abi <abi/3.0>,
+
+ include <abstractions/dbus-session-strict>
dbus send
bus=fcitx
@@ -19,3 +21,6 @@
peer=(name=org.freedesktop.DBus),
owner @{HOME}/.config/fcitx/dbus/* r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/fcitx-strict.d>
diff --git a/profiles/apparmor.d/abstractions/fonts b/profiles/apparmor.d/abstractions/fonts
index 5d7b173e5dad8491e94d56800deffd8363eb9aaa..46324dbb55bd389e29643f04377d62ffdefc539f 100644
--- a/profiles/apparmor.d/abstractions/fonts
+++ b/profiles/apparmor.d/abstractions/fonts
@@ -10,6 +10,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/usr/share/AbiSuite/fonts/** r,
/usr/lib/xorg/modules/fonts/**.so* mr,
@@ -50,6 +52,8 @@
owner @{HOME}/.fonts.conf.d/** r,
owner @{HOME}/.config/fontconfig/ r,
owner @{HOME}/.config/fontconfig/** r,
+ owner @{HOME}/.Fontmatrix/Activated/ r,
+ owner @{HOME}/.Fontmatrix/Activated/** r,
/usr/local/share/fonts/ r,
/usr/local/share/fonts/** r,
@@ -59,3 +63,6 @@
# data files for LibThai
/usr/share/libthai/thbrk.tri r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/fonts.d>
diff --git a/profiles/apparmor.d/abstractions/freedesktop.org b/profiles/apparmor.d/abstractions/freedesktop.org
index ff9746738aff165990b920cf5feec700b70dc547..a3c9672fecddfd65fe1a453708e7a395789c4c3e 100644
--- a/profiles/apparmor.d/abstractions/freedesktop.org
+++ b/profiles/apparmor.d/abstractions/freedesktop.org
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# system configuration
@{system_share_dirs}/applications/{**,} r,
@{system_share_dirs}/icons/{**,} r,
@@ -26,3 +28,6 @@
owner @{user_share_dirs}/applications/{**,} r,
owner @{user_share_dirs}/icons/{**,} r,
owner @{user_share_dirs}/mime/{**,} r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/freedesktop.org.d>
diff --git a/profiles/apparmor.d/abstractions/gio-open b/profiles/apparmor.d/abstractions/gio-open
index ec6b18734bde375094a9e4afdb033a8d5933178e..fda1fb9e3de044d591c0f761de6cd93b29502d60 100644
--- a/profiles/apparmor.d/abstractions/gio-open
+++ b/profiles/apparmor.d/abstractions/gio-open
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gio helper.
#
@@ -18,20 +20,20 @@
#
# # out-of-line child profile
# profile foo//gio-open {
-# #include <abstractions/gio-open>
+# include <abstractions/gio-open>
#
# # needed for ubuntu-* abstractions
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
-# #include <abstractions/ubuntu-browsers>
-# #include <abstractions/ubuntu-email>
+# include <abstractions/ubuntu-browsers>
+# include <abstractions/ubuntu-email>
#
# # < add additional allowed applications here >
# }
- #include <abstractions/base>
- #include <abstractions/dbus-session-strict>
+ include <abstractions/base>
+ include <abstractions/dbus-session-strict>
# Main executables
@@ -54,4 +56,4 @@
owner @{PROC}/@{pid}/fd/ r,
# Include additions to the abstraction
- #include if exists <abstractions/gio-open.d>
+ include if exists <abstractions/gio-open.d>
diff --git a/profiles/apparmor.d/abstractions/gnome b/profiles/apparmor.d/abstractions/gnome
index 5bb2fc26da5060f6aaab1307bb91df90d5c74021..94f3da63054861b3fbd9247fdb5cc1ba0bb31092 100644
--- a/profiles/apparmor.d/abstractions/gnome
+++ b/profiles/apparmor.d/abstractions/gnome
@@ -9,13 +9,16 @@
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
-#include <abstractions/base>
-#include <abstractions/fonts>
-#include <abstractions/X>
-#include <abstractions/freedesktop.org>
-#include <abstractions/xdg-desktop>
-#include <abstractions/user-tmp>
-#include <abstractions/wayland>
+
+ abi <abi/3.0>,
+
+ include <abstractions/base>
+ include <abstractions/fonts>
+ include <abstractions/X>
+ include <abstractions/freedesktop.org>
+ include <abstractions/xdg-desktop>
+ include <abstractions/user-tmp>
+ include <abstractions/wayland>
# systemwide gtk defaults
/etc/gnome/gtkrc* r,
@@ -88,7 +91,7 @@
/usr/share/gvfs/remote-volume-monitors/ r,
/usr/share/gvfs/remote-volume-monitors/* r,
@{PROC}/@{pid}/mounts r,
- /run/mount/utab r,
+ @{run}/mount/utab r,
# printing
/etc/papersize r,
@@ -96,7 +99,7 @@
/usr/share/cups/charmaps/** r,
# holds MIT-MAGIC-COOKIE for gnome
- owner /{,var/}run/gdm/auth*/database r,
+ owner @{run}/gdm/auth*/database r,
# mime-types
/etc/gnome/defaults.list r,
@@ -109,3 +112,6 @@
unix (send, receive, connect)
type=stream
peer=(addr="@/dbus-vfs-daemon/socket-*"),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/gnome.d>
diff --git a/profiles/apparmor.d/abstractions/gnupg b/profiles/apparmor.d/abstractions/gnupg
index d04c920df1f1fa275502a20ba722982aac2a7e81..050f043542947cbcaba57cc7f70bee00cb9b5e3d 100644
--- a/profiles/apparmor.d/abstractions/gnupg
+++ b/profiles/apparmor.d/abstractions/gnupg
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# gnupg sub-process running permissions
+ abi <abi/3.0>,
+
# user configurations
owner @{HOME}/.gnupg/options r,
owner @{HOME}/.gnupg/pubring.gpg r,
@@ -9,3 +11,6 @@
owner @{HOME}/.gnupg/secring.gpg r,
owner @{HOME}/.gnupg/so/*.x86_64 mr,
owner @{HOME}/.gnupg/trustdb.gpg rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/gnupg.d>
diff --git a/profiles/apparmor.d/abstractions/gtk b/profiles/apparmor.d/abstractions/gtk
new file mode 100644
index 0000000000000000000000000000000000000000..26c388bcf69463689b18a317af3cb23479d9039a
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/gtk
@@ -0,0 +1,55 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ abi <abi/3.0>,
+
+ /usr/share/themes/{,**} r,
+
+ /usr/share/gtksourceview-[0-9]*/{,**} r,
+
+ /usr/share/gtk-2.0/ r,
+ /usr/share/gtk-2.0/gtkrc r,
+
+ /usr/share/gtk-{3,4}.0/ r,
+ /usr/share/gtk-{3,4}.0/settings.ini r,
+
+ /etc/gtk-2.0/ r,
+ /etc/gtk-2.0/gtkrc r,
+
+ /etc/gtk-{3,4}.0/ r,
+ /etc/gtk-{3,4}.0/*.conf r,
+
+ /etc/gtk/gtkrc r,
+
+ owner @{HOME}/.themes/{,**} r,
+ owner @{HOME}/.local/share/themes/{,**} r,
+
+ owner @{HOME}/.gtk r,
+ owner @{HOME}/.gtkrc r,
+ owner @{HOME}/.gtkrc-2.0 r,
+ owner @{HOME}/.gtk-bookmarks r,
+ owner @{HOME}/.config/gtkrc r,
+ owner @{HOME}/.config/gtkrc-2.0 r,
+ owner @{HOME}/.config/gtk-{3,4}.0/ rw,
+ owner @{HOME}/.config/gtk-{3,4}.0/settings.ini r,
+ owner @{HOME}/.config/gtk-{3,4}.0/bookmarks r,
+ owner @{HOME}/.config/gtk-{3,4}.0/gtk.css r,
+
+ # for gtk file dialog
+ owner @{HOME}/.config/gtk-2.0/ rw,
+ owner @{HOME}/.config/gtk-2.0/gtkfilechooser.ini* rw,
+
+ # .Xauthority file required for X connections
+ owner @{HOME}/.Xauthority r,
+
+ # Xsession errors file
+ owner @{HOME}/.xsession-errors w,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/gtk.d>
diff --git a/profiles/apparmor.d/abstractions/gvfs-open b/profiles/apparmor.d/abstractions/gvfs-open
index 397423daaea9e5cd7d31816fba149ca39c40a6bf..32653148a12c1156d6acae8abf4c0b8b119e7848 100644
--- a/profiles/apparmor.d/abstractions/gvfs-open
+++ b/profiles/apparmor.d/abstractions/gvfs-open
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via gvfs-open helper.
#
@@ -18,23 +20,23 @@
#
# # out-of-line child profile
# profile foo//gvfs-open {
-# #include <abstractions/gvfs-open>
+# include <abstractions/gvfs-open>
#
# # needed for ubuntu-* abstractions
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
-# #include <abstractions/ubuntu-browsers>
-# #include <abstractions/ubuntu-email>
+# include <abstractions/ubuntu-browsers>
+# include <abstractions/ubuntu-email>
#
# # < add additional allowed applications here >
# }
# ```
- #include <abstractions/base>
+ include <abstractions/base>
# gvfs-open is deprecated, it launches gio open <uri>
- #include <abstractions/gio-open>
+ include <abstractions/gio-open>
# Main executables
@@ -42,4 +44,4 @@
/{,usr/}bin/dash mr,
# Include additions to the abstraction
- #include if exists <abstractions/gvfs-open.d>
+ include if exists <abstractions/gvfs-open.d>
diff --git a/profiles/apparmor.d/abstractions/hosts_access b/profiles/apparmor.d/abstractions/hosts_access
index a4ffb022d306adad3b8637cfe09d5a38da8d2ef8..e5ea88c11eaca650f4c2f43a3e83323ca198d6bc 100644
--- a/profiles/apparmor.d/abstractions/hosts_access
+++ b/profiles/apparmor.d/abstractions/hosts_access
@@ -9,5 +9,9 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/etc/hosts.deny r,
/etc/hosts.allow r,
+
+ include if exists <abstractions/hosts_access.d>
diff --git a/profiles/apparmor.d/abstractions/ibus b/profiles/apparmor.d/abstractions/ibus
index c76fe3bfe94d453f5ad170d1628bcbd54b8b2584..a8b2bf182fda06b605d1b7993e2d02be3a375f7b 100644
--- a/profiles/apparmor.d/abstractions/ibus
+++ b/profiles/apparmor.d/abstractions/ibus
@@ -9,7 +9,21 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# abstraction for ibus input methods
owner @{HOME}/.config/ibus/ r,
owner @{HOME}/.config/ibus/bus/ rw,
owner @{HOME}/.config/ibus/bus/* rw,
+
+ # abstract path in ibus >= 1.5.22 uses $XDG_CACHE_HOME (ie, @{HOME}/.cache)
+ # This should use this, but due to LP: #1856738 we cannot
+ #unix (connect, receive, send)
+ # type=stream
+ # peer=(addr="@@{HOME}/.cache/ibus/dbus-*"),
+ unix (connect, receive, send)
+ type=stream
+ peer=(addr="@/home/*/.cache/ibus/dbus-*"),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ibus.d>
diff --git a/profiles/apparmor.d/abstractions/kde b/profiles/apparmor.d/abstractions/kde
index cad5c7db082cff3432b2cc05f49a72e9d31e932f..5514e63262592dc45cb3af0f8ab116cc72e1da5d 100644
--- a/profiles/apparmor.d/abstractions/kde
+++ b/profiles/apparmor.d/abstractions/kde
@@ -9,13 +9,15 @@
#
# ------------------------------------------------------------------
-#include <abstractions/base>
-#include <abstractions/fonts>
-#include <abstractions/X>
-#include <abstractions/freedesktop.org>
-#include <abstractions/xdg-desktop>
-#include <abstractions/user-tmp>
-#include <abstractions/qt5>
+abi <abi/3.0>,
+
+include <abstractions/base>
+include <abstractions/fonts>
+include <abstractions/X>
+include <abstractions/freedesktop.org>
+include <abstractions/xdg-desktop>
+include <abstractions/user-tmp>
+include <abstractions/qt5>
/etc/qt3/kstylerc r,
/etc/qt3/qt_plugins_3.3rc r,
@@ -39,8 +41,11 @@ owner @{HOME}/.config/Trolltech.conf rwk,
owner @{HOME}/.config/baloofilerc r, # indexing options (excludes, etc), used by KFileWidget
owner @{HOME}/.config/dolphinrc r, # settings used by KFileWidget
owner @{HOME}/.config/kde.org/libphonon.conf r, # for KNotifications::sendEvent()
+owner @{HOME}/.config/kdedefaults/kdeglobals r, # QPlatformThemeFactory::create() -> KDEPlasmaPlatformTheme.so
+owner @{HOME}/.config/kdedefaults/kwinrc r, # QStyleFactory::create() -> qt5/plugins/styles/breeze.so
owner @{HOME}/.config/kdeglobals r, # global settings, used by Breeze style, etc.
owner @{HOME}/.config/klanguageoverridesrc r, # per-application languages, for KDEPrivate::initializeLanguages() from libKF5XmlGui.so
+owner @{HOME}/.config/kwinrc r, # QStyleFactory::create() -> qt5/plugins/styles/breeze.so
owner @{HOME}/.config/trashrc r, # Used by KFileWidget
/usr/share/X11/XKeysymDB r,
@@ -75,3 +80,6 @@ owner @{HOME}/.config/trashrc r, # Used by KFileWidget
/usr/lib/@{multiarch}/qt4/lib*/lib*so* mr,
/usr/lib/@{multiarch}/qt4/plugins/** mr,
/usr/share/qt4/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/kde.d>
diff --git a/profiles/apparmor.d/abstractions/kde-globals-write b/profiles/apparmor.d/abstractions/kde-globals-write
index 5f878e845afea0b7482ed37d14b2f77bc67fea37..5db20a35894a0f65938f502871340bf5fb9a58ca 100644
--- a/profiles/apparmor.d/abstractions/kde-globals-write
+++ b/profiles/apparmor.d/abstractions/kde-globals-write
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Rules for changing KDE settings (for KFileDialog and other).
+ abi <abi/3.0>,
+
# User files
owner @{HOME}/.config/#[0-9]* rw,
@@ -8,3 +10,6 @@
owner @{HOME}/.config/kdeglobals.?????? rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/kdeglobals.lock rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/kde-globals-write.d>
diff --git a/profiles/apparmor.d/abstractions/kde-icon-cache-write b/profiles/apparmor.d/abstractions/kde-icon-cache-write
index d37fb3b8e7d186e2833943c1d17b3c47842a36ab..df3793e1a968a88b0da497d120f63c52a65f740f 100644
--- a/profiles/apparmor.d/abstractions/kde-icon-cache-write
+++ b/profiles/apparmor.d/abstractions/kde-icon-cache-write
@@ -1,7 +1,12 @@
# vim:syntax=apparmor
# Rules for writing KDE icon cache
+ abi <abi/3.0>,
+
# User files
owner @{HOME}/.cache/icon-cache.kcache rw, # for KIconLoader
+
+ # Include additions to the abstraction
+ include if exists <abstractions/kde-icon-cache-write.d>
diff --git a/profiles/apparmor.d/abstractions/kde-language-write b/profiles/apparmor.d/abstractions/kde-language-write
index 8e95399292c0e5602c27a3a9251ce45c00594708..1314d21c6afd281b7a1221fc7564f7053e2d4666 100644
--- a/profiles/apparmor.d/abstractions/kde-language-write
+++ b/profiles/apparmor.d/abstractions/kde-language-write
@@ -1,4 +1,7 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# Rules for changing per-application language settings on KDE. Some KDE
# applications have "Help -> Switch Application Language..." option, that needs
# write access to language settings file.
@@ -10,3 +13,6 @@
owner @{HOME}/.config/klanguageoverridesrc.?????? rwl -> @{HOME}/.config/#[0-9]*,
owner @{HOME}/.config/klanguageoverridesrc.lock rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/kde-language-write.d>
diff --git a/profiles/apparmor.d/abstractions/kde-open5 b/profiles/apparmor.d/abstractions/kde-open5
index 4fb651ea97fac6d4ab3c2be815de8b547a8cfe1d..5f4e0f75336217986afb9c890bb39b58d11bb8e0 100644
--- a/profiles/apparmor.d/abstractions/kde-open5
+++ b/profiles/apparmor.d/abstractions/kde-open5
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via kde-open5 helper.
#
@@ -18,40 +20,40 @@
#
# # out-of-line child profile
# profile foo//kde-open5 {
-# #include <abstractions/kde-open5>
+# include <abstractions/kde-open5>
#
# # needed for ubuntu-* abstractions
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
-# #include <abstractions/ubuntu-browsers>
-# #include <abstractions/ubuntu-email>
+# include <abstractions/ubuntu-browsers>
+# include <abstractions/ubuntu-email>
#
# # Add if accesibility access is considered as required
# # (for message boxe in case exo-open fails)
-# #include <abstractions/dbus-accessibility>
+# include <abstractions/dbus-accessibility>
#
# # Add if audio support for message box is
# # considered as required.
-# #include if exists <abstractions/gstreamer>
+# include if exists <abstractions/gstreamer>
#
# # < add additional allowed applications here >
# }
# ```
- #include <abstractions/audio> # for alert messages
- #include <abstractions/base>
- #include <abstractions/dbus-accessibility-strict>
- #include <abstractions/dbus-network-manager-strict>
- #include <abstractions/dbus-session-strict>
- #include <abstractions/dbus-strict>
- #include <abstractions/kde-icon-cache-write>
- #include <abstractions/kde>
- #include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
- #include <abstractions/openssl>
- #include <abstractions/qt5>
- #include <abstractions/recent-documents-write>
- #include <abstractions/X>
+ include <abstractions/audio> # for alert messages
+ include <abstractions/base>
+ include <abstractions/dbus-accessibility-strict>
+ include <abstractions/dbus-network-manager-strict>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/dbus-strict>
+ include <abstractions/kde-icon-cache-write>
+ include <abstractions/kde>
+ include <abstractions/nameservice> # for IceProcessMessages () from libICE.so (called by libQtCore.so)
+ include <abstractions/openssl>
+ include <abstractions/qt5>
+ include <abstractions/recent-documents-write>
+ include <abstractions/X>
# Main executables
@@ -96,9 +98,9 @@
# User files
owner /tmp/xauth-[0-9]*-_[0-9] r, # for libQt5XcbQpa.so
- owner /{,var/}run/user/[0-9]*/#[0-9]* rw, # for /run/user/1000/#13
- owner /{,var/}run/user/[0-9]*/kioclient*slave-socket lrw -> /{,var/}/run/user/[0-9]/#[0-9]*, # for KIO::Slave::holdSlave(QString const&, QUrl const&) () from libKF5KIOCore.so (not 100% sure)
+ owner @{run}/user/[0-9]*/#[0-9]* rw, # for /run/user/1000/#13
+ owner @{run}/user/[0-9]*/kioclient*slave-socket lrw -> @{run}/user/[0-9]/#[0-9]*, # for KIO::Slave::holdSlave(QString const&, QUrl const&) () from libKF5KIOCore.so (not 100% sure)
owner @{HOME}/.cache/kio_http/ rw,
# Include additions to the abstraction
- #include if exists <abstractions/kde-open5.d>
+ include if exists <abstractions/kde-open5.d>
diff --git a/profiles/apparmor.d/abstractions/kerberosclient b/profiles/apparmor.d/abstractions/kerberosclient
index 5b79e3d6bcbcf08579c7be4c601f3aa28c0e90da..386e8c118086efc022473d19fa5269f918803435 100644
--- a/profiles/apparmor.d/abstractions/kerberosclient
+++ b/profiles/apparmor.d/abstractions/kerberosclient
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# files required by kerberos client programs
/usr/lib{,32,64}/krb5/plugins/libkrb5/ r,
/usr/lib{,32,64}/krb5/plugins/libkrb5/* mr,
@@ -32,3 +34,6 @@
# credential caches
/tmp/krb5cc* r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/kerberosclient.d>
diff --git a/profiles/apparmor.d/abstractions/ldapclient b/profiles/apparmor.d/abstractions/ldapclient
index 0c527282f7a8320b9540e8d3fe5b29eeba8c0fb9..550963c43561b03a770055c67b9e437f63172202 100644
--- a/profiles/apparmor.d/abstractions/ldapclient
+++ b/profiles/apparmor.d/abstractions/ldapclient
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# files required by LDAP clients (e.g. nss_ldap/pam_ldap)
/etc/ldap.conf r,
/etc/ldap.secret r,
@@ -19,6 +21,9 @@
/usr/lib{,32,64}/sasl2/* r,
# local LDAP name service daemon
- /{,var/}run/nslcd/socket rw,
+ @{run}/nslcd/socket rw,
+
+ include <abstractions/ssl_certs>
- #include <abstractions/ssl_certs>
+ # Include additions to the abstraction
+ include if exists <abstractions/ldapclient.d>
diff --git a/profiles/apparmor.d/abstractions/libpam-systemd b/profiles/apparmor.d/abstractions/libpam-systemd
index 76ee86933de46e75f211c5b2e6f52b6e414fc3ca..b99765f98d201a00117e6c8fc3109a349ba2cf2a 100644
--- a/profiles/apparmor.d/abstractions/libpam-systemd
+++ b/profiles/apparmor.d/abstractions/libpam-systemd
@@ -9,7 +9,9 @@
#
# ------------------------------------------------------------------
-#include <abstractions/dbus-strict>
+ abi <abi/3.0>,
+
+include <abstractions/dbus-strict>
# libpam-systemd notifies systemd-logind about session logins/logouts
dbus send
@@ -17,3 +19,6 @@
path=/org/freedesktop/login1
interface=org.freedesktop.login1.Manager
member={CreateSession,ReleaseSession},
+
+ # Include additions to the abstraction
+ include if exists <abstractions/libpam-systemd.d>
diff --git a/profiles/apparmor.d/abstractions/likewise b/profiles/apparmor.d/abstractions/likewise
index 7482842a6468d843d5566eae4c27e3c17bb8eb9f..3cf9c92c6830cdb5edf54f4a6dc2895fc309e7d7 100644
--- a/profiles/apparmor.d/abstractions/likewise
+++ b/profiles/apparmor.d/abstractions/likewise
@@ -9,5 +9,10 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/tmp/.lwidentity/pipe rw,
/var/lib/likewise-open/lwidentity_privileged/pipe rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/likewise.d>
diff --git a/profiles/apparmor.d/abstractions/mdns b/profiles/apparmor.d/abstractions/mdns
index 14c31b8c5f917b7c1f3748beef44ad19a883d255..0e4a5dc010212c625aba1c7ff8f0062a097f497a 100644
--- a/profiles/apparmor.d/abstractions/mdns
+++ b/profiles/apparmor.d/abstractions/mdns
@@ -8,7 +8,12 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# mdnsd
/etc/mdns.allow r,
/etc/nss_mdns.conf r,
- /{,var/}run/mdnsd w,
+ @{run}/mdnsd w,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/mdns.d>
diff --git a/profiles/apparmor.d/abstractions/mesa b/profiles/apparmor.d/abstractions/mesa
index be699c77487d89cb19cd7c9d0bada314b8ee1907..381c12f6057e34e5e6fcc22a5210c9ffb5428a4b 100644
--- a/profiles/apparmor.d/abstractions/mesa
+++ b/profiles/apparmor.d/abstractions/mesa
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Rules for Mesa implementation of the OpenGL API
+ abi <abi/3.0>,
+
# System files
/dev/dri/ r, # libGLX_mesa.so calls drmGetDevice2()
@@ -8,10 +10,22 @@
# (src/intel/perf/gen_perf.c, load_oa_metrics())
@{PROC}/sys/dev/i915/perf_stream_paranoid r,
+ @{sys}/devices/pci[0-9]*/**/{revision,config} r,
+
# User files
owner @{HOME}/.cache/ w, # if user clears all caches
- owner @{HOME}/.cache/mesa_shader_cache/ w,
+ owner @{HOME}/.cache/mesa_shader_cache/ rw,
owner @{HOME}/.cache/mesa_shader_cache/index rw,
- owner @{HOME}/.cache/mesa_shader_cache/??/ w,
- owner @{HOME}/.cache/mesa_shader_cache/??/* rwk,
+ owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
+ owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
+ owner @{HOME}/.cache/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
+
+ # Fallback location when @{HOME}/.cache is not available
+ owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/ rw,
+ owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/index rw,
+ owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/ rw,
+ owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]* rw,
+ owner /tmp/Temp-[a-f0-9]*/mesa_shader_cache/[a-f0-9][a-f0-9]/[0-9a-f]*.tmp rwk,
+ # Include additions to the abstraction
+ include if exists <abstractions/mesa.d>
diff --git a/profiles/apparmor.d/abstractions/mir b/profiles/apparmor.d/abstractions/mir
index 16c57ec3322d7e66d83fb865843da00eb9437e1f..4ccc22ee97dfb2d6ca62998965a9beaeb8d2e653 100644
--- a/profiles/apparmor.d/abstractions/mir
+++ b/profiles/apparmor.d/abstractions/mir
@@ -9,9 +9,14 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# mir libraries sometimes do not have a lib prefix
# see LP: #1422521
/usr/lib/@{multiarch}/mir/*.so* mr,
/usr/lib/@{multiarch}/mir/**/*.so* mr,
# unprivileged mir socket for clients
+
+ # Include additions to the abstraction
+ include if exists <abstractions/mir.d>
diff --git a/profiles/apparmor.d/abstractions/mozc b/profiles/apparmor.d/abstractions/mozc
index f736bc26ed2ba8f8760e45c654574c6202ff3962..e7480c2e615937705a632a74b43f930cdddd2859 100644
--- a/profiles/apparmor.d/abstractions/mozc
+++ b/profiles/apparmor.d/abstractions/mozc
@@ -9,4 +9,9 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
unix (connect, receive, send) type=stream peer=(addr="@tmp/.mozc.*"),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/mozc.d>
diff --git a/profiles/apparmor.d/abstractions/mysql b/profiles/apparmor.d/abstractions/mysql
index fed759bb0b62e9d24f4aa97fa6bd0e5fd9b048bc..4feccb44bd78218e4a8d3ccffba1b68a96a70a39 100644
--- a/profiles/apparmor.d/abstractions/mysql
+++ b/profiles/apparmor.d/abstractions/mysql
@@ -9,7 +9,12 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/var/lib/mysql{,d}/mysql{,d}.sock rw,
- /{var/,}run/mysql{,d}/mysql{,d}.sock rw,
+ @{run}/mysql{,d}/mysql{,d}.sock rw,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/mysql.d>
diff --git a/profiles/apparmor.d/abstractions/nameservice b/profiles/apparmor.d/abstractions/nameservice
index a78a874d846817fee51665cee148594ce93cbd41..7f53f2eb639c26ed2c74da39dd53f9bd414ae8a5 100644
--- a/profiles/apparmor.d/abstractions/nameservice
+++ b/profiles/apparmor.d/abstractions/nameservice
@@ -9,31 +9,28 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# Many programs wish to perform nameservice-like operations, such as
# looking up users by name or id, groups by name or id, hosts by name
# or IP, etc. These operations may be performed through files, dns,
# NIS, NIS+, LDAP, hesiod, wins, etc. Allow them all here.
- /etc/group r,
- /etc/host.conf r,
- /etc/hosts r,
- /etc/nsswitch.conf r,
- /etc/gai.conf r,
- /etc/passwd r,
- /etc/protocols r,
+ @{etc_ro}/group r,
+ @{etc_ro}/host.conf r,
+ @{etc_ro}/hosts r,
+ @{etc_ro}/nsswitch.conf r,
+ @{etc_ro}/gai.conf r,
+ @{etc_ro}/passwd r,
+ @{etc_ro}/protocols r,
# libtirpc (used for NIS/YP login) needs this
- /etc/netconfig r,
+ @{etc_ro}/netconfig r,
# When using libnss-extrausers, the passwd and group files are merged from
# an alternate path
/var/lib/extrausers/group r,
/var/lib/extrausers/passwd r,
- # NSS records from systemd-userdbd.service
- @{run}/systemd/userdb/ r,
- @{run}/systemd/userdb/io.systemd.{NameServiceSwitch,Multiplexer,DynamicUser,Home} r,
- @{PROC}/sys/kernel/random/boot_id r,
-
# When using sssd, the passwd and group files are stored in an alternate path
# and the nss plugin also needs to talk to a pipe
/var/lib/sss/mc/group r,
@@ -41,56 +38,69 @@
/var/lib/sss/mc/passwd r,
/var/lib/sss/pipes/nss rw,
- /etc/resolv.conf r,
+ @{etc_ro}/resolv.conf r,
# On systems where /etc/resolv.conf is managed programmatically, it is
- # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
- /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
- /etc/resolvconf/run/resolv.conf r,
- /{,var/}run/systemd/resolve/stub-resolv.conf r,
-
- /etc/samba/lmhosts r,
- /etc/services r,
+ # a symlink to @{run}/(whatever program is managing it)/resolv.conf.
+ @{run}/{resolvconf,NetworkManager,systemd/resolve,connman,netconfig}/resolv.conf r,
+ @{etc_ro}/resolvconf/run/resolv.conf r,
+ @{run}/systemd/resolve/stub-resolv.conf r,
+ /mnt/wsl/resolv.conf r,
+
+ @{etc_ro}/samba/lmhosts r,
+ @{etc_ro}/services r,
# db backend
/var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
# to vast speed increases when working with network-based lookups.
- /{,var/}run/.nscd_socket rw,
- /{,var/}run/nscd/socket rw,
+ @{run}/.nscd_socket rw,
+ @{run}/nscd/socket rw,
/{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
- /{,var/}run/nscd/db* rmix,
+ @{run}/nscd/db* rmix,
# The nss libraries are sometimes used in addition to PAM; make sure
# they are available
/{usr/,}lib{,32,64}/libnss_*.so* mr,
/{usr/,}lib/@{multiarch}/libnss_*.so* mr,
- /etc/default/nss r,
+ @{etc_ro}/default/nss r,
# avahi-daemon is used for mdns4 resolution
- /{,var/}run/avahi-daemon/socket rw,
+ @{run}/avahi-daemon/socket rw,
# libnl-3-200 via libnss-gw-name
@{PROC}/@{pid}/net/psched r,
- /etc/libnl-*/classid r,
+ @{etc_ro}/libnl-*/classid r,
# nis
- #include <abstractions/nis>
+ include <abstractions/nis>
# ldap
- #include <abstractions/ldapclient>
+ include <abstractions/ldapclient>
# winbind
- #include <abstractions/winbind>
+ include <abstractions/winbind>
# likewise
- #include <abstractions/likewise>
+ include <abstractions/likewise>
# mdnsd
- #include <abstractions/mdns>
+ include <abstractions/mdns>
# kerberos
- #include <abstractions/kerberosclient>
+ include <abstractions/kerberosclient>
+
+ #libnss-systemd
+ include <abstractions/nss-systemd>
+
+ # Also allow lookups for systemd-exec's DynamicUsers via D-Bus
+ # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+ dbus send
+ bus=system
+ path="/org/freedesktop/systemd1"
+ interface="org.freedesktop.systemd1.Manager"
+ member="{GetDynamicUsers,LookupDynamicUserByName,LookupDynamicUserByUID}"
+ peer=(name="org.freedesktop.systemd1"),
# TCP/UDP network access
network inet stream,
@@ -104,3 +114,6 @@
# interface details
@{PROC}/@{pid}/net/route r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/nameservice.d>
diff --git a/profiles/apparmor.d/abstractions/nis b/profiles/apparmor.d/abstractions/nis
index 690e6796a379adece66afcc9559da3b3449b7017..1aea3f14d7278730b6585deaab10697a2becc2c6 100644
--- a/profiles/apparmor.d/abstractions/nis
+++ b/profiles/apparmor.d/abstractions/nis
@@ -8,8 +8,13 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# NIS rules
/var/yp/binding/* r,
# portmapper may ask root processes to do nis/ldap at low ports
capability net_bind_service,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/nis.d>
diff --git a/profiles/apparmor.d/abstractions/nss-systemd b/profiles/apparmor.d/abstractions/nss-systemd
new file mode 100644
index 0000000000000000000000000000000000000000..7116fdf1e0298c0779f05133d68abf497ae6ee1c
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/nss-systemd
@@ -0,0 +1,31 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2002-2009 Novell/SUSE
+# Copyright (C) 2009-2011 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+ abi <abi/3.0>,
+
+# libnss-systemd
+ #
+ # https://systemd.io/USER_GROUP_API/
+ # https://systemd.io/USER_RECORD/
+ # https://www.freedesktop.org/software/systemd/man/nss-systemd.html
+ #
+ # Allow User/Group lookups via common VarLink socket APIs. Applications need
+ # to either consult all of them or the io.systemd.Multiplexer frontend.
+ @{run}/systemd/userdb/ r,
+ @{run}/systemd/userdb/io.systemd.Multiplexer rw,
+ @{run}/systemd/userdb/io.systemd.DynamicUser rw, # systemd-exec users
+ @{run}/systemd/userdb/io.systemd.Home rw, # systemd-home dirs
+ @{run}/systemd/userdb/io.systemd.NameServiceSwitch rw, # UNIX/glibc NSS
+ @{run}/systemd/userdb/io.systemd.Machine rw, # systemd-machined
+
+ @{PROC}/sys/kernel/random/boot_id r,
+
+ include if exists <abstractions/nss-systemd.d>
diff --git a/profiles/apparmor.d/abstractions/nvidia b/profiles/apparmor.d/abstractions/nvidia
index b01ef8b55978bcd59dfb7985a59b960a23849bfb..b2d475f167f05bbb60c0ee6ffef4b166a962109c 100644
--- a/profiles/apparmor.d/abstractions/nvidia
+++ b/profiles/apparmor.d/abstractions/nvidia
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# nvidia access requirements
-
+
+ abi <abi/3.0>,
+
# configuration queries
capability ipc_lock,
@@ -26,3 +28,6 @@
owner @{HOME}/.nv/GLCache/** rwk,
unix (send, receive) type=dgram peer=(addr="@nvidia[0-9a-f]*"),
+
+ # Include additions to the abstraction
+ include if exists <abstractions/nvidia.d>
diff --git a/profiles/apparmor.d/abstractions/opencl b/profiles/apparmor.d/abstractions/opencl
index 32a21b2a53b34005708527e9cd3cb2b9118592af..58b353238a8c36fb75fd14b045c3114c31b88594 100644
--- a/profiles/apparmor.d/abstractions/opencl
+++ b/profiles/apparmor.d/abstractions/opencl
@@ -1,9 +1,15 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# OpenCL access requirements
# TODO: use conditionals to select allowed implementations
- #include <abstractions/opencl-intel>
- #include <abstractions/opencl-mesa>
- #include <abstractions/opencl-nvidia>
- #include <abstractions/opencl-pocl>
+ include <abstractions/opencl-intel>
+ include <abstractions/opencl-mesa>
+ include <abstractions/opencl-nvidia>
+ include <abstractions/opencl-pocl>
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl.d>
diff --git a/profiles/apparmor.d/abstractions/opencl-common b/profiles/apparmor.d/abstractions/opencl-common
index 0ad3d559ade5044bf34ba91f5729162a60408f84..a80b4ba2c612221f212740685c7bc844c65892e6 100644
--- a/profiles/apparmor.d/abstractions/opencl-common
+++ b/profiles/apparmor.d/abstractions/opencl-common
@@ -1,4 +1,7 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# implementation-independent OpenCL access requirements
# System files
@@ -8,3 +11,6 @@
@{sys}/devices/system/node/ r, # for clGetPlatformIDs() from libOpenCL.so
@{sys}/devices/system/node/node[0-9]*/meminfo r, # for clGetPlatformIDs() from libOpenCL.so
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl-common.d>
diff --git a/profiles/apparmor.d/abstractions/opencl-intel b/profiles/apparmor.d/abstractions/opencl-intel
index 353eeca29bb26375990690b9438728328855a571..4d04723306335a650c6894770247fa47f10e1ddd 100644
--- a/profiles/apparmor.d/abstractions/opencl-intel
+++ b/profiles/apparmor.d/abstractions/opencl-intel
@@ -1,13 +1,16 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# OpenCL access requirements for Intel implementation
- #include <abstractions/opencl-common>
+ include <abstractions/opencl-common>
# for libcl.so (libOpenCL.so -> beignet/libcl.so calls XOpenDisplay())
- #include <abstractions/X>
+ include <abstractions/X>
# for libOpenCL.so -> beignet/libcl.so -> libpciaccess.so
- #include <abstractions/dri-enumerate>
+ include <abstractions/dri-enumerate>
# System files
@@ -15,3 +18,6 @@
@{sys}/devices/pci[0-9]*/**/{class,config,resource,revision} r, # libcl.so -> libdrm_intel.so -> libpciaccess.so (move to dri-enumerate ?)
/usr/lib/@{multiarch}/beignet/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl-intel.d>
diff --git a/profiles/apparmor.d/abstractions/opencl-mesa b/profiles/apparmor.d/abstractions/opencl-mesa
index 9d7f82b279d52586374bdf3530cbab0c39e56258..a5cada61436dbf6549f39486afd564a85ca9d0b6 100644
--- a/profiles/apparmor.d/abstractions/opencl-mesa
+++ b/profiles/apparmor.d/abstractions/opencl-mesa
@@ -1,7 +1,10 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# OpenCL access requirements for Mesa implementation
- #include <abstractions/opencl-common>
+ include <abstractions/opencl-common>
# Additional libraries
@@ -18,3 +21,6 @@
owner @{HOME}/.cache/mesa_shader_cache/{,**} rw, # libMesaOpenCL.so -> pipe_nouveau.so
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl-mesa.d>
diff --git a/profiles/apparmor.d/abstractions/opencl-nvidia b/profiles/apparmor.d/abstractions/opencl-nvidia
index 8a4764ecbc292ffc6791065b2abf0ecf4895b457..bbd432b1448f6c7d797d9d07be1d583212bc5ba1 100644
--- a/profiles/apparmor.d/abstractions/opencl-nvidia
+++ b/profiles/apparmor.d/abstractions/opencl-nvidia
@@ -1,8 +1,11 @@
# vim:syntax=apparmor
+
+ abi <abi/3.0>,
+
# OpenCL access requirements for NVIDIA implementation
- #include <abstractions/nvidia>
- #include <abstractions/opencl-common>
+ include <abstractions/nvidia>
+ include <abstractions/opencl-common>
# Executables
@@ -28,3 +31,6 @@
owner @{HOME}/.nv/ComputeCache/** rw,
owner @{HOME}/.nv/ComputeCache/index rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl-nvidia.d>
diff --git a/profiles/apparmor.d/abstractions/opencl-pocl b/profiles/apparmor.d/abstractions/opencl-pocl
index 054689abcbf4ff84f4cea0ae44df95e6f9f9e842..8b93b0dc300ec2092f283d8ed28764bbe3c55f09 100644
--- a/profiles/apparmor.d/abstractions/opencl-pocl
+++ b/profiles/apparmor.d/abstractions/opencl-pocl
@@ -1,7 +1,9 @@
# vim:syntax=apparmor
# OpenCL access requirements for POCL implementation
- #include <abstractions/opencl-common>
+ abi <abi/3.0>,
+
+ include <abstractions/opencl-common>
# Executables
@@ -28,7 +30,7 @@
@{sys}/fs/cgroup/cpuset/cpuset.{cpus,mems} r, # libpocl.so -> libhwloc.so
@{sys}/kernel/mm/hugepages{/,/**} r, # libpocl.so -> libhwloc.so
/usr/share/pocl/** r,
- /{,var/}run/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so
+ @{run}/udev/data/*:* r, # libpocl.so -> hwloc_linux_block_class_fillinfos() from libhwloc.so
# User files
@@ -41,7 +43,7 @@
# Child profiles
profile opencl_pocl_ld {
- #include <abstractions/base>
+ include <abstractions/base>
# Main executables
@@ -54,7 +56,7 @@
}
profile opencl_pocl_clang {
- #include <abstractions/base>
+ include <abstractions/base>
# Main executables
@@ -74,3 +76,6 @@
owner @{HOME}/.cache/pocl/kcache/*/*/*/*/*.so{,.o} rw,
}
+
+ # Include additions to the abstraction
+ include if exists <abstractions/opencl-pocl.d>
diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl
index 697da7aebf5c49f6f4bd32fee673858b1e8dd51b..02eba39155033d2820682645c27b6e2c2c1dde22 100644
--- a/profiles/apparmor.d/abstractions/openssl
+++ b/profiles/apparmor.d/abstractions/openssl
@@ -8,7 +8,14 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/etc/ssl/openssl.cnf r,
+ /etc/ssl/{engdef,engines}.d/ r,
+ /etc/ssl/{engdef,engines}.d/*.cnf r,
/usr/share/ssl/openssl.cnf r,
@{PROC}/sys/crypto/fips_enabled r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/openssl.d>
diff --git a/profiles/apparmor.d/abstractions/orbit2 b/profiles/apparmor.d/abstractions/orbit2
index b8df9df6d6518405bbf9e5dd82615dc97bff4dc4..6e27461f5e713b171c40fc4667bef5f2729d8214 100644
--- a/profiles/apparmor.d/abstractions/orbit2
+++ b/profiles/apparmor.d/abstractions/orbit2
@@ -1,5 +1,10 @@
# vim:syntax=apparmor
# orbit2 permissions
+ abi <abi/3.0>,
+
# system library
/usr/lib/orbit-2.0/*.so mr,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/orbit2.d>
diff --git a/profiles/apparmor.d/abstractions/p11-kit b/profiles/apparmor.d/abstractions/p11-kit
index 84b7b11d66df615c1750849b65b66fae428e20c1..29696815e761665a9484a1c45af38504660062f6 100644
--- a/profiles/apparmor.d/abstractions/p11-kit
+++ b/profiles/apparmor.d/abstractions/p11-kit
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/etc/pkcs11/ r,
/etc/pkcs11/pkcs11.conf r,
/etc/pkcs11/modules/ r,
@@ -20,8 +22,11 @@
/usr/share/p11-kit/modules/* r,
# gnome-keyring pkcs11 module
- owner /{,var/}run/user/[0-9]*/keyring*/pkcs11 rw,
+ owner @{run}/user/[0-9]*/keyring*/pkcs11 rw,
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
# included in this abstraction.
+
+ # Include additions to the abstraction
+ include if exists <abstractions/p11-kit.d>
diff --git a/profiles/apparmor.d/abstractions/perl b/profiles/apparmor.d/abstractions/perl
index 0e20aeb5c0355e840345a4ec8fa5313ad21db6c2..39718535a65575c4cdc71ff346a965d6efb3c0f7 100644
--- a/profiles/apparmor.d/abstractions/perl
+++ b/profiles/apparmor.d/abstractions/perl
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# a few files typically required for perl scripts
/usr/bin/perl rmix,
/usr/bin/perl[0-9].[0-9].[0-9] rmix,
@@ -21,3 +23,6 @@
/usr/share/perl/** r,
/usr/share/perl5/** r,
/etc/perl/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/perl.d>
diff --git a/profiles/apparmor.d/abstractions/php b/profiles/apparmor.d/abstractions/php
index 4aba2415ca401236c3f23dd8e614c71fedc639a5..6bf0dc7981abbcd5bb61bff98d26f3a9e7c791c1 100644
--- a/profiles/apparmor.d/abstractions/php
+++ b/profiles/apparmor.d/abstractions/php
@@ -10,30 +10,34 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# shared snippets for config files
- /etc/php{,5,7}/**/ r,
- /etc/php{,5,7}/**.ini r,
+ /etc/php{,5,7,8}/** r,
# Xlibs
/usr/X11R6/lib{,32,64}/lib*.so* mr,
# php extensions
- /usr/lib{64,}/php{,5,7}/*/*.so mr,
+ /usr/lib{64,}/php{,5,7,8}/*/*.so mr,
# ICU (unicode support) data tables
/usr/share/icu/*/*.dat r,
# php session mmap socket
- /var/lib/php{,5,7}/session_mm_* rwlk,
+ /var/lib/php{,5,7,8}/session_mm_* rwlk,
# file based session handler
- /var/lib/php{,5,7}/sess_* rwlk,
- /var/lib/php{,5,7}/sessions/* rwlk,
+ /var/lib/php{,5,7,8}/sess_* rwlk,
+ /var/lib/php{,5,7,8}/sessions/* rwlk,
# php libraries
- /usr/share/php{,5,7}/ r,
- /usr/share/php{,5,7}/** mr,
+ /usr/share/php{,5,7,8}/ r,
+ /usr/share/php{,5,7,8}/** mr,
# MySQL extension
/usr/share/mysql/** r,
# Zend opcache
/tmp/.ZendSem.* rwlk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/php.d>
diff --git a/profiles/apparmor.d/abstractions/php-worker b/profiles/apparmor.d/abstractions/php-worker
new file mode 100644
index 0000000000000000000000000000000000000000..a476e4071d1483159ef3d8f184185c4628bbf239
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/php-worker
@@ -0,0 +1,22 @@
+# vim:syntax=apparmor
+
+# This file contains basic permissions for php-fpm workers
+
+ abi <abi/3.0>,
+
+ # load common libraries and their support files
+ include <abstractions/base>
+ # common php files and support files that php needs
+ include <abstractions/php>
+
+ signal (receive) peer=php-fpm,
+
+ # This is some php opcaching file
+ /tmp/.ZendSem.* rwk,
+
+ # I think this is adaptive memory management
+ /sys/devices/system/node/* r,
+ /sys/devices/system/node/*/meminfo r,
+ /sys/devices/system/node/ r,
+
+ include if exists <abstractions/php-worker.d>
diff --git a/profiles/apparmor.d/abstractions/php5 b/profiles/apparmor.d/abstractions/php5
index 9f5355f98362837dd083f7537847ee636bdcdbac..25f8001e8906bb05a8b0adfa622a7c55d7b6d03b 100644
--- a/profiles/apparmor.d/abstractions/php5
+++ b/profiles/apparmor.d/abstractions/php5
@@ -1,3 +1,8 @@
#backwards compatibility include, actual abstraction moved from php5 to php
-#include <abstractions/php>
+ abi <abi/3.0>,
+
+ include <abstractions/php>
+
+ # Include additions to the abstraction
+ include if exists <abstractions/php5.d>
diff --git a/profiles/apparmor.d/abstractions/postfix-common b/profiles/apparmor.d/abstractions/postfix-common
index b10f888f3a3aae8ed1fbfd12e0bacca67e410e62..68d4f7a82c40cf41fcdc9680a268f5b964db6b10 100644
--- a/profiles/apparmor.d/abstractions/postfix-common
+++ b/profiles/apparmor.d/abstractions/postfix-common
@@ -2,7 +2,7 @@
#
# Copyright (C) 2002-2005 Novell/SUSE
# Copyright (C) 2015-2018 Canonical, Ltd.
-# Copyright (C) 2020 Christian Boltz
+# Copyright (C) 2020-2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -11,21 +11,22 @@
# ------------------------------------------------------------------
# used with postfix/*
+ abi <abi/3.0>,
+
capability setuid,
capability setgid,
capability sys_chroot,
# postfix's master can send us signals
- signal receive peer=/usr/lib/postfix/master,
signal receive peer=postfix-master,
- unix (send, receive) peer=(label=/usr/lib/postfix/master),
unix (send, receive) peer=(label=postfix-master),
/etc/mailname r,
/etc/postfix/*.cf r,
/etc/postfix/*.db rk,
+ /etc/postfix/*.lmdb rk,
@{PROC}/net/if_inet6 r,
/usr/lib/postfix/*.so mr,
/usr/lib{,32,64}/sasl2/* mr,
@@ -37,3 +38,8 @@
/var/spool/postfix/etc/* r,
/var/spool/postfix/lib/lib*.so* mr,
/var/spool/postfix/lib/@{multiarch}/lib*.so* mr,
+
+ /etc/postfix/dynamicmaps.cf.d/ r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/postfix-common.d>
diff --git a/profiles/apparmor.d/abstractions/private-files b/profiles/apparmor.d/abstractions/private-files
index 09f6d9bdceb5a0c207287f0f4de0f0cdac107032..5f0504178339273f4222e9aa9ed6953b43f99d9d 100644
--- a/profiles/apparmor.d/abstractions/private-files
+++ b/profiles/apparmor.d/abstractions/private-files
@@ -2,6 +2,8 @@
# privacy-violations contains rules for common files that you want to
# explicitly deny access
+ abi <abi/3.0>,
+
# privacy violations (don't audit files under $HOME otherwise get a
# lot of false positives when reading contents of directories)
deny @{HOME}/.*history mrwkl,
@@ -45,3 +47,6 @@
deny @{HOME}/.zshenv mrk,
audit deny @{HOME}/.zshenv wl,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/private-files.d>
diff --git a/profiles/apparmor.d/abstractions/private-files-strict b/profiles/apparmor.d/abstractions/private-files-strict
index 31934318f3a2b3300f24424c0e0af08b0987ead9..b8ab40e0c8325fe462b37ee3f5c5dc00faf714b0 100644
--- a/profiles/apparmor.d/abstractions/private-files-strict
+++ b/profiles/apparmor.d/abstractions/private-files-strict
@@ -2,7 +2,9 @@
# privacy-violations-strict contains additional rules for sensitive
# files that you want to explicitly deny access
- #include <abstractions/private-files>
+ abi <abi/3.0>,
+
+ include <abstractions/private-files>
# potentially extremely sensitive files
audit deny @{HOME}/.aws/{,**} mrwkl,
@@ -12,7 +14,7 @@
audit deny @{HOME}/.gnome2/ w,
audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
# don't allow access to any gnome-keyring modules
- audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl,
+ audit deny @{run}/user/[0-9]*/keyring** mrwkl,
audit deny @{HOME}/.mozilla/{,**} mrwkl,
audit deny @{HOME}/.config/ w,
audit deny @{HOME}/.config/chromium/{,**} mrwkl,
@@ -22,4 +24,7 @@
audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
audit deny @{HOME}/.kde{,4}/share/apps/kmail{,2}/{,**} mrwkl,
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
+ audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
+ # Include additions to the abstraction
+ include if exists <abstractions/private-files-strict.d>
diff --git a/profiles/apparmor.d/abstractions/python b/profiles/apparmor.d/abstractions/python
index 925161c11418597e1f9520a7548fd66d65f55900..87f7f2b0725680afb1708c9c0de9c602b221a13f 100644
--- a/profiles/apparmor.d/abstractions/python
+++ b/profiles/apparmor.d/abstractions/python
@@ -10,18 +10,19 @@
#
# ------------------------------------------------------------------
- /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{pyc,so} mr,
- /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/**.{egg,py,pth} r,
- /usr/lib{,32,64}/python{2.[4-7],3.[0-9]}/{site,dist}-packages/ r,
- /usr/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr,
+ abi <abi/3.0>,
- /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{pyc,so} mr,
- /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/**.{egg,py,pth} r,
- /usr/local/lib{,32,64}/python{2.[4-7],3,3.[0-9]}/{site,dist}-packages/ r,
- /usr/local/lib{,32,64}/python3.[0-9]/lib-dynload/*.so mr,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{pyc,so,so.*[0-9]} mr,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/**.{egg,py,pth} r,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/ r,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/**/ r,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/*.dist-info/{METADATA,namespace_packages.txt} r,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/*.VERSION r,
+ /usr/{local/,}lib{,32,64}/python{2.[4-7],3,3.[0-9],3.1[0-9]}/{site,dist}-packages/*.egg-info/PKG-INFO r,
+ /usr/{local/,}lib{,32,64}/python3.{1,}[0-9]/lib-dynload/*.so mr,
# Site-wide configuration
- /etc/python{2.[4-7],3.[0-9]}/** r,
+ /etc/python{2.[4-7],3.[0-9],3.1[0-9]}/** r,
# shared python paths
/usr/share/{pyshared,pycentral,python-support}/** r,
@@ -34,4 +35,7 @@
/usr/lib/wx/python/*.pth r,
# python build configuration and headers
- /usr/include/python{2.[4-7],3.[0-9]}*/pyconfig.h r,
+ /usr/include/python{2.[4-7],3.[0-9],3.1[0-9]}*/pyconfig.h r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/python.d>
diff --git a/profiles/apparmor.d/abstractions/qt5 b/profiles/apparmor.d/abstractions/qt5
index 66a574bf723d5b9d2f8db0a50ca77bbc37e6fd2c..83dc00c4e8fda21787ed8c3152ba9a55e08ac7dc 100644
--- a/profiles/apparmor.d/abstractions/qt5
+++ b/profiles/apparmor.d/abstractions/qt5
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Common rules for Qt5-based applications
+ abi <abi/3.0>,
+
# Additional libraries
/usr/lib{,64,/@{multiarch}}/qt5/plugins/**.so mr,
@@ -20,3 +22,6 @@
owner @{HOME}/.config/QtProject.conf r, # common settings for QFileDialog, etc (application might need write access)
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* r, # for "platforminputcontexts" plugins
+
+ # Include additions to the abstraction
+ include if exists <abstractions/qt5.d>
diff --git a/profiles/apparmor.d/abstractions/qt5-compose-cache-write b/profiles/apparmor.d/abstractions/qt5-compose-cache-write
index 38cb234867009e2565a99ddfe039bf289d4d5021..5322ea031ecc59ffa10f4e2362f7fc93b881b44c 100644
--- a/profiles/apparmor.d/abstractions/qt5-compose-cache-write
+++ b/profiles/apparmor.d/abstractions/qt5-compose-cache-write
@@ -1,8 +1,13 @@
# vim:syntax=apparmor
# Allow writing cache for Qt5 "platforminputcontexts" plugins
+ abi <abi/3.0>,
+
# User files
owner @{HOME}/.cache/qt_compose_cache_{little,big}_endian_* rwl -> @{HOME}/.cache/#[0-9]*[0-9],
owner @{HOME}/.cache/#[0-9]*[0-9] rw, # QSaveFile (anonymous shared memory)
+
+ # Include additions to the abstraction
+ include if exists <abstractions/qt5-compose-cache-write.d>
diff --git a/profiles/apparmor.d/abstractions/qt5-settings-write b/profiles/apparmor.d/abstractions/qt5-settings-write
index 07d10972d2990b31a2f87307558a0ddaa636f792..327390ace9138e16f7f018a0615683f5145cd385 100644
--- a/profiles/apparmor.d/abstractions/qt5-settings-write
+++ b/profiles/apparmor.d/abstractions/qt5-settings-write
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Allow writing shared settings for Qt-based applications
+ abi <abi/3.0>,
+
# User files
owner @{HOME}/.config/#[0-9]*[0-9] rw,
@@ -9,3 +11,6 @@
owner @{HOME}/.config/QtProject.conf.?????? rwl -> @{HOME}/.config/#[0-9]*[0-9],
owner @{HOME}/.config/QtProject.conf.lock rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/qt5-settings-write.d>
diff --git a/profiles/apparmor.d/abstractions/recent-documents-write b/profiles/apparmor.d/abstractions/recent-documents-write
index d95febb8f22e7ade690ddef1df89b1ebf9a0c67b..02962e4c733af2fd59f1f10992c828187498ee95 100644
--- a/profiles/apparmor.d/abstractions/recent-documents-write
+++ b/profiles/apparmor.d/abstractions/recent-documents-write
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Allow updating recent documents
+ abi <abi/3.0>,
+
# User files
owner @{HOME}/.local/share/RecentDocuments/ rw,
@@ -8,3 +10,6 @@
owner @{HOME}/.local/share/RecentDocuments/*.desktop rwl -> @{HOME}/.local/share/RecentDocuments/#[0-9]*,
owner @{HOME}/.local/share/RecentDocuments/*.lock rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/recent-documents-write.d>
diff --git a/profiles/apparmor.d/abstractions/ruby b/profiles/apparmor.d/abstractions/ruby
index ff4ac9fac37517093c667f8b7266be86f3b21833..a71a2043b561d7b2b4cbf8838f5ae1bc0b1ba4a9 100644
--- a/profiles/apparmor.d/abstractions/ruby
+++ b/profiles/apparmor.d/abstractions/ruby
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/ r,
/usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/**.rb r,
/usr/lib{,32,64}/ruby/1.[89]{.[0-9],}/*-linux/**.so mr,
@@ -19,3 +21,6 @@
/usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/ r,
/usr/lib{,32,64}/ruby/gems/1.[89]{.[0-9],}/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ruby.d>
diff --git a/profiles/apparmor.d/abstractions/samba b/profiles/apparmor.d/abstractions/samba
index 1cab7309ee4df1d6678b24fa9202e9bc51b87a93..b5e167064ee7800a4728324dc1f2eee13e1f7409 100644
--- a/profiles/apparmor.d/abstractions/samba
+++ b/profiles/apparmor.d/abstractions/samba
@@ -9,8 +9,12 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/etc/samba/* r,
/usr/lib*/ldb/*.so mr,
+ /usr/lib*/ldb2/*.so mr,
+ /usr/lib*/ldb2/modules/ldb/*.so mr,
/usr/lib*/samba/ldb/*.so mr,
/usr/share/samba/*.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
@@ -20,8 +24,17 @@
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
/var/log/samba/* w,
- /{,var/}run/samba/ w,
- /{,var/}run/samba/*.tdb rw,
+ @{run}/{,lock/}samba/ w,
+ @{run}/{,lock/}samba/*.tdb rwk,
+ @{run}/{,lock/}samba/msg.{lock,sock}/ rwk,
+ @{run}/{,lock/}samba/msg.{lock,sock}/[0-9]* rwk,
+ /var/cache/samba/msg.lock/ rwk,
+ /var/cache/samba/msg.lock/[0-9]* rwk,
# required for clustering
/var/lib/ctdb/** rwk,
+
+ deny capability net_admin, # noisy setsockopt() calls from systemd
+
+ # Include additions to the abstraction
+ include if exists <abstractions/samba.d>
diff --git a/profiles/apparmor.d/abstractions/samba-rpcd b/profiles/apparmor.d/abstractions/samba-rpcd
new file mode 100644
index 0000000000000000000000000000000000000000..4c83091ad9dd90d989bb1c313ef026360a018d65
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/samba-rpcd
@@ -0,0 +1,30 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2022 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+# This file contains basic permissions for samba rpcd_xyz services
+
+ abi <abi/3.0>,
+
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/samba>
+
+ capability setgid,
+ capability setuid,
+
+ signal receive set=term peer=smbd,
+
+ @{PROC}/sys/kernel/core_pattern r,
+ owner @{PROC}/@{pid}/fd/ r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/samba-rpcd.d>
+
diff --git a/profiles/apparmor.d/abstractions/smbpass b/profiles/apparmor.d/abstractions/smbpass
index eb4cf26bbbf603cc8639c2c4c80f4bd7d6fa2601..89534d4646c8814e16c333f10fe8e53b1dc7e7df 100644
--- a/profiles/apparmor.d/abstractions/smbpass
+++ b/profiles/apparmor.d/abstractions/smbpass
@@ -9,5 +9,10 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# libpam-smbpass/pam_smbpass.so permissions
/var/lib/samba/*.[lt]db rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/smbpass.d>
diff --git a/profiles/apparmor.d/abstractions/snap_browsers b/profiles/apparmor.d/abstractions/snap_browsers
new file mode 100644
index 0000000000000000000000000000000000000000..06ca911a09c9f4ff0b486575e4f51f4351d9a35c
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/snap_browsers
@@ -0,0 +1,42 @@
+profile snap_browsers {
+ include if exists <abstractions/snap_browsers.d>
+ include <abstractions/base>
+ include <abstractions/dbus-session-strict>
+
+ /etc/passwd r,
+ /etc/nsswitch.conf r,
+ /etc/fstab r,
+
+ # noisy
+ deny owner /run/user/[0-9]*/gdm/Xauthority r, # not needed on Ubuntu
+
+ /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrix, # re-exec
+ /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/lib/snapd/info r,
+ /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/lib/snapd/snapd r,
+ /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/lib/snapd/snap-seccomp rPix,
+ /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/lib/snapd/snap-confine Pix,
+ /var/lib/snapd/system-key r,
+ /run/snapd.socket rw,
+
+ @{PROC}/version r,
+ @{PROC}/cmdline r,
+ @{PROC}/sys/net/core/somaxconn r,
+ @{PROC}/sys/kernel/seccomp/actions_avail r,
+ @{PROC}/sys/kernel/random/uuid r,
+ owner @{PROC}/@{pid}/cgroup r,
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{HOME}/.snap/auth.json r, # if exists, required
+
+ dbus send bus="session" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="StartTransientUnit" peer=(name="org.freedesktop.systemd1"),
+ dbus receive bus="session" path="/org/freedesktop/systemd1" interface="org.freedesktop.systemd1.Manager" member="JobRemoved",
+
+ /sys/kernel/security/apparmor/features/ r,
+
+ # allow launching official browser snaps.
+ /snap/chromium/[0-9]*/meta/{snap.yaml,hooks/} r,
+ /snap/firefox/[0-9]*/meta/{snap.yaml,hooks/} r,
+ /snap/opera/[0-9]*/meta/{snap.yaml,hooks/} r,
+
+ /var/lib/snapd/sequence/{chromium,firefox,opera}.json r,
+ # add other browsers here
+}
diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
index 789efc58020d98e0dc8041a43ccfbfb06acc2b65..56ab53c7b9c4f434146f7bc51eec278e2df73618 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -9,20 +9,19 @@
#
# ------------------------------------------------------------------
- /etc/ssl/ r,
- /etc/ssl/certs/ r,
- /etc/ssl/certs/* r,
- /etc/pki/trust/ r,
- /etc/pki/trust/* r,
- /etc/pki/trust/anchors/ r,
- /etc/pki/trust/anchors/** r,
- /usr/share/ca-certificates/ r,
- /usr/share/ca-certificates/** r,
+ abi <abi/3.0>,
+
+ /etc/ca-certificates/{,**} r,
+ /etc/{,libre}ssl/ r,
+ /etc/{,libre}ssl/cert.pem r,
+ /etc/{,libre}ssl/certs/{,**} r,
+ /{etc,usr/share}/pki/bl[ao]cklist/{,*} r,
+ /{etc,usr/share}/pki/trust/{,*} r,
+ /{etc,usr/share}/pki/trust/anchors/{,**} r,
+ /usr/share/ca-certificates/{,**} r,
/usr/share/ssl/certs/ca-bundle.crt r,
- /usr/local/share/ca-certificates/ r,
- /usr/local/share/ca-certificates/** r,
- /var/lib/ca-certificates/ r,
- /var/lib/ca-certificates/** r,
+ /usr/local/share/ca-certificates/{,**} r,
+ /var/lib/ca-certificates/{,**} r,
# acmetool
/var/lib/acme/certs/*/chain r,
@@ -42,3 +41,10 @@
/etc/certbot/archive/*/cert*.pem r,
/etc/certbot/archive/*/chain*.pem r,
/etc/certbot/archive/*/fullchain*.pem r,
+
+ # crypto policies used by various libraries
+ /etc/crypto-policies/*/*.txt r,
+ /usr/share/crypto-policies/*/*.txt r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ssl_certs.d>
diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
index 2de760b56d114b1c24f018b730bbf077f7b264b0..f310bb5a164dc65403bc411bdb69f49e5cbfb469 100644
--- a/profiles/apparmor.d/abstractions/ssl_keys
+++ b/profiles/apparmor.d/abstractions/ssl_keys
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# private ssl permissions
# Just include the whole /etc/ssl directory if we should have access to
@@ -28,3 +30,6 @@
/etc/letsencrypt/archive/*/privkey*.pem r,
/etc/certbot/archive/*/privkey*.pem r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ssl_keys.d>
diff --git a/profiles/apparmor.d/abstractions/svn-repositories b/profiles/apparmor.d/abstractions/svn-repositories
index 68ac5e0be5924dc2af478eb4f77404e7af749d8c..d518f1d0b8c25b34889c1fb5d8fb28f115c70e5e 100644
--- a/profiles/apparmor.d/abstractions/svn-repositories
+++ b/profiles/apparmor.d/abstractions/svn-repositories
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# This little snippet should abstract the read/write access to a repository.
# it is intended to be included in profiles for svnserve/apache2 and maybe
# some repository viewers like trac/viewvc
@@ -50,3 +52,6 @@
/tmp/apr* rwl,
/var/tmp/apr* rwl,
/tmp/report*.tmp rwl,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/svn-repositories.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
index fb820c5a56e5069462aec7779b429c800ba7c072..0d929ad61d1d21a004a1e594c344e071d34363bd 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
+++ b/profiles/apparmor.d/abstractions/ubuntu-bittorrent-clients
@@ -2,9 +2,11 @@
#
# abstraction for allowing graphical bittorrent clients in Ubuntu
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/azureus Cxr -> sanitized_helper,
/usr/bin/bitstormlite Cxr -> sanitized_helper,
@@ -15,3 +17,6 @@
/usr/bin/ktorrent Cxr -> sanitized_helper,
/usr/bin/qbittorrent Cxr -> sanitized_helper,
/usr/bin/transmission{,-gtk,-qt,-cli} Cxr -> sanitized_helper,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-bittorrent-clients.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers b/profiles/apparmor.d/abstractions/ubuntu-browsers
index d4438ad6a6f1d25f75b1d158e17a6ab4c17b0df9..c2c710a110fbf77c865fc5881e93bb6d1860b60e 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers
@@ -2,25 +2,23 @@
#
# abstraction for allowing access to graphical browsers in Ubuntu
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/arora Cx -> sanitized_helper,
- /usr/bin/conkeror Cx -> sanitized_helper,
/usr/bin/dillo Cx -> sanitized_helper,
/usr/bin/Dooble Cx -> sanitized_helper,
/usr/bin/epiphany Cx -> sanitized_helper,
/usr/bin/epiphany-browser Cx -> sanitized_helper,
/usr/bin/epiphany-webkit Cx -> sanitized_helper,
/usr/lib/fennec-*/fennec Cx -> sanitized_helper,
- /usr/bin/galeon Cx -> sanitized_helper,
/usr/bin/kazehakase Cx -> sanitized_helper,
/usr/bin/konqueror Cx -> sanitized_helper,
/usr/bin/midori Cx -> sanitized_helper,
/usr/bin/netsurf Cx -> sanitized_helper,
- /usr/bin/prism Cx -> sanitized_helper,
- /usr/bin/rekonq Cx -> sanitized_helper,
/usr/bin/seamonkey Cx -> sanitized_helper,
/usr/bin/sensible-browser Pixr,
@@ -40,3 +38,4 @@
/usr/lib/icecat-*/icecat Cx -> sanitized_helper,
/usr/bin/opera Cx -> sanitized_helper,
/opt/google/chrome{,-beta,-unstable}/google-chrome{,-beta,-unstable} Cx -> sanitized_helper,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/brave-browser{,-beta,-dev,-nightly} Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
new file mode 100644
index 0000000000000000000000000000000000000000..95724f1a4a735084005e8d97f362d90ad4d65cbc
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/chromium-browser
@@ -0,0 +1,26 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2020 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# Author: Jamie Strandboge <jamie@canonical.com>
+
+# For site-specific adjustments, please see:
+# /etc/apparmor.d/local/chromium-browser
+
+abi <abi/3.0>,
+
+include <abstractions/ubuntu-browsers.d/plugins-common>
+include <abstractions/ubuntu-browsers.d/mailto>
+include <abstractions/ubuntu-browsers.d/multimedia>
+include <abstractions/ubuntu-browsers.d/productivity>
+include <abstractions/ubuntu-browsers.d/java>
+include <abstractions/ubuntu-browsers.d/kde>
+include <abstractions/ubuntu-browsers.d/text-editors>
+include <abstractions/ubuntu-browsers.d/ubuntu-integration>
+include <abstractions/ubuntu-browsers.d/user-files>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
index 8193a5c9f4966136e4f257415a208dbe65b8e362..507d62a0a4d7b79d23ffcba5288f15b980d70143 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/java
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# Java plugin
owner @{HOME}/.java/deployment/deployment.properties k,
/etc/java-*/ r,
@@ -18,14 +20,14 @@
# unfortunate workarounds of the proprietary Javas, so have a separate
# profile.
profile browser_openjdk {
- #include <abstractions/base>
- #include <abstractions/fonts>
- #include <abstractions/gnome>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/ssl_certs>
- #include <abstractions/user-tmp>
- #include <abstractions/private-files-strict>
+ include <abstractions/base>
+ include <abstractions/fonts>
+ include <abstractions/gnome>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/ssl_certs>
+ include <abstractions/user-tmp>
+ include <abstractions/private-files-strict>
network inet stream,
network inet6 stream,
@@ -63,14 +65,14 @@
# Profile for commercial Javas. These need workarounds to work right (eg
# Sun's forcing of an executable stack (LP: #535247)).
profile browser_java {
- #include <abstractions/base>
- #include <abstractions/fonts>
- #include <abstractions/gnome>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/ssl_certs>
- #include <abstractions/user-tmp>
- #include <abstractions/private-files-strict>
+ include <abstractions/base>
+ include <abstractions/fonts>
+ include <abstractions/gnome>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/ssl_certs>
+ include <abstractions/user-tmp>
+ include <abstractions/private-files-strict>
network inet stream,
network inet6 stream,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
index 038952a8bf65a39dd13eadc8dd7e7da253af6fc0..bdac331e3542f35c15c1fd450cb8ee199e8b2caf 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/kde
@@ -1,7 +1,9 @@
# vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
- #include <abstractions/kde>
+ abi <abi/3.0>,
+
+ include <abstractions/kde>
/usr/bin/kde4-config Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
index 40236a7bd22796f671d61abe9b47e4915e867343..8d157098666998a7396922b417acca1a74280547 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/mailto
@@ -1,9 +1,11 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# for mailto:
- #include <abstractions/ubuntu-email>
- #include <abstractions/ubuntu-console-email>
+ include <abstractions/ubuntu-email>
+ include <abstractions/ubuntu-console-email>
# Terminals for using console applications. These abstractions should ideally
# have 'ix' to restrct access to what only firefox is allowed to do
- #include <abstractions/ubuntu-gnome-terminal>
+ include <abstractions/ubuntu-gnome-terminal>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
index 591d6b854a3017dd8ec8cef59d6b08f7c84a5669..f2eb23ef31ec4a26a180ac58978176fd885fc8e6 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/multimedia
@@ -1,9 +1,11 @@
# vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
- #include <abstractions/X>
+ abi <abi/3.0>,
+
+ include <abstractions/X>
# Pulseaudio
/usr/bin/pulseaudio Pixr,
@@ -13,10 +15,9 @@
/usr/bin/gimp* Cxr -> sanitized_helper,
/usr/bin/shotwell Cxr -> sanitized_helper,
/usr/bin/digikam Cxr -> sanitized_helper,
- /usr/bin/f-spot Cxr -> sanitized_helper,
/usr/bin/gwenview Cxr -> sanitized_helper,
- #include <abstractions/ubuntu-media-players>
+ include <abstractions/ubuntu-media-players>
owner @{HOME}/.adobe/ w,
owner @{HOME}/.adobe/** rw,
owner @{HOME}/.macromedia/ w,
@@ -25,18 +26,8 @@
/usr/bin/lpstat Cxr -> sanitized_helper,
/usr/bin/lpr Cxr -> sanitized_helper,
- # npviewer
- /usr/lib/nspluginwrapper/i386/linux/npviewer{,.bin} ixr,
- /var/lib/ r,
- /var/lib/**/*.so mr,
- /usr/bin/setarch ixr,
-
# Bittorrent clients
- #include <abstractions/ubuntu-bittorrent-clients>
-
- # Mozplugger
- /etc/mozpluggerrc r,
- /usr/bin/mozplugger-helper Cxr -> sanitized_helper,
+ include <abstractions/ubuntu-bittorrent-clients>
# Archivers
/usr/bin/ark Cxr -> sanitized_helper,
@@ -45,16 +36,10 @@
/usr/local/lib{,32,64}/*.so* mr,
# News feed readers
- #include <abstractions/ubuntu-feed-readers>
-
- # Googletalk
- /opt/google/talkplugin/*.so mr,
- /opt/google/talkplugin/lib/*.so mr,
- /opt/google/talkplugin/GoogleTalkPlugin ixr,
- owner @{HOME}/.config/google-googletalkplugin/** rw,
+ include <abstractions/ubuntu-feed-readers>
# If we allow the above, nvidia based systems will also need this
- #include <abstractions/nvidia>
+ include <abstractions/nvidia>
# Virus scanners
/usr/bin/clamscan Cx -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
index c928f92ccb10d607401bebb07f2492341f65f275..5d93b262efd55312f91178b14083f61ac04adb07 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/plugins-common
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
#
# Plugins/helpers
#
@@ -13,4 +15,4 @@
# Since all the ubuntu-browsers.d abstractions need this, just include it
# here
- #include <abstractions/ubuntu-helpers>
+ include <abstractions/ubuntu-helpers>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
index 2c898d130eac3388331a9b3e58db40cf9095c038..1fc67a84ad11c09dc80c06e952b7a1ec9196dd6f 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/productivity
@@ -1,7 +1,9 @@
# vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
# Openoffice.org
/usr/bin/ooffice Cxr -> sanitized_helper,
@@ -22,7 +24,3 @@
# PDFs
/usr/bin/evince Cxr -> sanitized_helper,
/usr/bin/okular Cxr -> sanitized_helper,
-
- owner @{HOME}/.adobe/** rw,
- /opt/Adobe/Reader9/bin/acroread Cxr -> sanitized_helper,
- /opt/Adobe/Reader9/** r,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
index bf5eb1d18dad19c9e4879cc83dc4fe0a098f8ad5..e04c6b80b6a51d09e4cf8a2492fd9a291dd37f01 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/text-editors
@@ -1,7 +1,9 @@
# vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
# Text editors (It's All Text [https://addons.mozilla.org/en-US/firefox/addon/4125])
/usr/bin/emacsclient.emacs-snapshot Cxr -> sanitized_helper,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
index 0cd0928eff8f8748692e03d83d95ac35f8faa166..cdbd47cd3ddda01e7a2e0f76cd94245bd303bd03 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration
@@ -1,16 +1,15 @@
# vim:syntax=apparmor
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
# Apport
/usr/bin/apport-bug Cx -> sanitized_helper,
# Package installation
/usr/bin/apturl Cxr -> sanitized_helper,
- /usr/bin/gnome-codec-install Cxr -> sanitized_helper,
- /usr/lib/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix,
- /usr/lib/@{multiarch}/gstreamer0.10/gstreamer-0.10/gst-plugin-scanner ix,
/usr/share/software-center/software-center Cxr -> sanitized_helper,
# Input Methods
@@ -29,10 +28,7 @@
/usr/lib/mozilla/kmozillahelper Cxr -> sanitized_helper,
# Exo-aware applications
- /usr/bin/exo-open ixr,
- /usr/lib/@{multiarch}/xfce4/exo-1/exo-helper-1 ixr,
- /etc/xdg/xdg-xubuntu/xfce4/helpers.rc r,
- /etc/xdg/xfce4/helpers.rc r,
+ include <abstractions/exo-open>
# unity webapps integration. Could go in its own abstraction
owner /run/user/*/dconf/user rw,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
index 0429c13fd3b26310b644034c6ddc31752f9550d8..c6a8eedddfad11fa2179a4e49e1814a13c234f9b 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/ubuntu-integration-xul
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# firefox-notify
- #include <abstractions/python>
+ include <abstractions/python>
/usr/bin/python2.[4567] ix,
/usr/share/xul-ext/notify/**/download_complete_notify.py ix,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
index ffe68245b0f7bb3b33cbcaa54b7719cee8b17e22..f045455286591cdead38476438e55fa82a331407 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
+++ b/profiles/apparmor.d/abstractions/ubuntu-browsers.d/user-files
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# Allow read to all files user has DAC access to and write access to all
# files owned by the user in $HOME.
@{HOME}/ r,
@@ -7,11 +9,12 @@
owner @{HOME}/** w,
# Do not allow read and/or write to particularly sensitive/problematic files
- #include <abstractions/private-files>
+ include <abstractions/private-files>
audit deny @{HOME}/.ssh/{,**} mrwkl,
audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
audit deny @{HOME}/.kde{,4}/{,share/,share/apps/} w,
audit deny @{HOME}/.kde{,4}/share/apps/kwallet/{,**} mrwkl,
+ audit deny @{HOME}/.local/share/kwalletd/{,**} mrwkl,
# Comment this out if using gpg plugin/addons
audit deny @{HOME}/.gnupg/{,**} mrwkl,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-browsers b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
index 554469e755cd3d7486806a6475ac573685aefa89..8f6687ae13ad1374f5425b05ad6ec41c62f45f0f 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-browsers
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-browsers
@@ -4,11 +4,13 @@
# typically also need a terminal, so when using this abstraction, should also
# do something like:
#
-# #include <abstractions/ubuntu-gnome-terminal>
+# include <abstractions/ubuntu-gnome-terminal>
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/elinks Cx -> sanitized_helper,
/usr/bin/links Cx -> sanitized_helper,
@@ -16,3 +18,6 @@
/usr/bin/netrik Cx -> sanitized_helper,
/usr/bin/w3m Cx -> sanitized_helper,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-console-browsers.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-console-email b/profiles/apparmor.d/abstractions/ubuntu-console-email
index f77c9bd6284e9293d1a3bd357a6c03065e9abe15..ee741fdfdd9f83773682c45dddb7e9ec2f450cf3 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-console-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-console-email
@@ -4,11 +4,13 @@
# typically also need a terminal, so when using this abstraction, should also
# do something like:
#
-# #include <abstractions/ubuntu-gnome-terminal>
+# include <abstractions/ubuntu-gnome-terminal>
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/alpine Cx -> sanitized_helper,
/usr/bin/citadel Cx -> sanitized_helper,
@@ -16,3 +18,6 @@
/usr/bin/elmo Cx -> sanitized_helper,
/usr/bin/mutt Cx -> sanitized_helper,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-console-email.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-email b/profiles/apparmor.d/abstractions/ubuntu-email
index 48e0c6f40f327af2e15250bdbea7a5b14c9926f4..45f02eba2a5d543c10ce391b0c1b084f113960ea 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-email
+++ b/profiles/apparmor.d/abstractions/ubuntu-email
@@ -2,9 +2,11 @@
#
# abstraction for allowing graphical email clients in Ubuntu
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/anjal Cx -> sanitized_helper,
/usr/bin/balsa Cx -> sanitized_helper,
@@ -22,3 +24,6 @@
/usr/bin/thunderbird Cx -> sanitized_helper, # used by gio-launch-desktop
/usr/lib/thunderbird*/thunderbird{,.sh,-bin} Cx -> sanitized_helper,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-email.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-feed-readers b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
index 85379e30059e01a2ecc5a3b984f3c2920c9f9eb7..e8b89b1d375fb6939f193afbc31e8dc1e5003946 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-feed-readers
+++ b/profiles/apparmor.d/abstractions/ubuntu-feed-readers
@@ -2,9 +2,14 @@
#
# abstraction for allowing graphical news feed readers in Ubuntu
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/akregator Cxr -> sanitized_helper,
/usr/bin/liferea-add-feed Cxr -> sanitized_helper,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-feed-readers.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
index 7604df1e7d353b26093b821d96bc53d2859c4a64..c6280b0ef31fd86a4bb5bb9a44632554047cc24a 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
+++ b/profiles/apparmor.d/abstractions/ubuntu-gnome-terminal
@@ -3,8 +3,13 @@
# for allowing access to gnome-terminal
#
- #include <abstractions/gnome>
+ abi <abi/3.0>,
+
+ include <abstractions/gnome>
# do not use ux or PUx here. Use at a minimum ix
/usr/bin/gnome-terminal ix,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-gnome-terminal.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-helpers b/profiles/apparmor.d/abstractions/ubuntu-helpers
index a1ab7bc049fd59b1dd0dd7556e978f1d311aca8b..b9a3b1c349ea5f8d1a3c02da8cbecad20a311862 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-helpers
+++ b/profiles/apparmor.d/abstractions/ubuntu-helpers
@@ -9,7 +9,7 @@
#
# Usage:
# Because this abstraction defines the sanitized_helper profile, it must only
-# be #included once. Therefore this abstraction should typically not be
+# be included once. Therefore this abstraction should typically not be
# included in other abstractions so as to avoid parser errors regarding
# multiple definitions.
#
@@ -31,17 +31,19 @@
# Use at your own risk. This profile was developed as an interim workaround for
# LP: #851986 until AppArmor utilizes proper environment filtering.
+ abi <abi/3.0>,
+
profile sanitized_helper {
- #include <abstractions/base>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/X>
# Allow all networking
network inet,
network inet6,
# Allow all DBus communications
- #include <abstractions/dbus-session-strict>
- #include <abstractions/dbus-strict>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/dbus-strict>
dbus,
# Needed for Google Chrome
@@ -70,8 +72,15 @@ profile sanitized_helper {
/opt/google/chrome{,-beta,-unstable}/chrome-sandbox PUxr,
/opt/google/chrome{,-beta,-unstable}/google-chrome Pixr,
/opt/google/chrome{,-beta,-unstable}/chrome Pixr,
+ /opt/google/chrome{,-beta,-unstable}/chrome_crashpad_handler Pixr,
/opt/google/chrome{,-beta,-unstable}/{,**/}lib*.so{,.*} m,
+ # The same is needed for Brave
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/chrome-sandbox PUxr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/brave-browser{,-beta,-dev,-nightly} Pixr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/brave Pixr,
+ /opt/brave.com/brave{,-beta,-dev,-nightly}/{,**/}lib*.so{,.*} m,
+
# Full access
/ r,
/** rwkl,
diff --git a/profiles/apparmor.d/abstractions/ubuntu-konsole b/profiles/apparmor.d/abstractions/ubuntu-konsole
index baa8fb395c8fe6235132b84c3b34af837ec33289..4ece2bd373e0d6c6edc9d98e253a5d57ec91643c 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-konsole
+++ b/profiles/apparmor.d/abstractions/ubuntu-konsole
@@ -3,8 +3,10 @@
# for allowing access to konsole
#
- #include <abstractions/consoles>
- #include <abstractions/kde>
+ abi <abi/3.0>,
+
+ include <abstractions/consoles>
+ include <abstractions/kde>
capability sys_ptrace,
@{PROC}/@{pid}/status r,
@{PROC}/@{pid}/stat r,
@@ -15,3 +17,6 @@
# do not use ux or Ux here. Use at a minimum ix
/usr/bin/konsole ix,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-konsole.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-media-players b/profiles/apparmor.d/abstractions/ubuntu-media-players
index 5918cb8c1369049d74a71a85e581a01da69c2aee..5fa48e75bb2f497ab4f8f0822dd226c2fea12e96 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-media-players
+++ b/profiles/apparmor.d/abstractions/ubuntu-media-players
@@ -2,9 +2,11 @@
#
# abstraction for allowing access to media players in Ubuntu
#
-# Users of this abstraction need to #include the ubuntu-helpers abstraction
+# Users of this abstraction need to include the ubuntu-helpers abstraction
# in the toplevel profile. Eg:
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
+
+ abi <abi/3.0>,
/usr/bin/amarok Cxr -> sanitized_helper,
/usr/bin/audacious2 Cxr -> sanitized_helper,
@@ -58,3 +60,6 @@
/etc/gnashpluginrc r,
owner @{HOME}/.gnash/ rw,
owner @{HOME}/.gnash/** rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-media-players.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-base b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
index 25e88b692351cb1a0e719cf68fc7bd41ef50dc4b..6e207b28725617840a93f2d1590c56d6c3cc5491 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-base
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-base
@@ -9,14 +9,16 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
#
# Rules common to applications running under Unity 7
#
-#include <abstractions/gnome>
+include <abstractions/gnome>
-#include <abstractions/dbus-session-strict>
-#include <abstractions/dbus-strict>
+include <abstractions/dbus-session-strict>
+include <abstractions/dbus-strict>
#
# Access required for connecting to/communication with Unity HUD
@@ -98,3 +100,6 @@
# Deny potentially dangerous access
#
deny dbus bus=session path=/com/canonical/[Uu]nity/[Dd]ebug**,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-unity7-base.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
index 52f6cd438a6f6464201c3e79e5434502d1429c34..eb2f070d39920c1de3a5ecab91ed1083e11af392 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-launcher
@@ -1,3 +1,5 @@
+ abi <abi/3.0>,
+
#
# Access required for connecting to/communicating with the Unity Launcher
#
@@ -5,3 +7,6 @@
bus=session
interface="com.canonical.Unity.LauncherEntry"
member="Update",
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-unity7-launcher.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
index 828592eef9fc014373adc1182206e0ba1059a044..21de3ff0d53a718b2e098d3743aa73b819820776 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
+++ b/profiles/apparmor.d/abstractions/ubuntu-unity7-messaging
@@ -1,3 +1,5 @@
+ abi <abi/3.0>,
+
#
# Access required for connecting to/communicating with the Unity messaging
# indicator
@@ -5,3 +7,6 @@
dbus (receive, send)
bus=session
path="/com/canonical/indicator/messages/*",
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-unity7-messaging.d>
diff --git a/profiles/apparmor.d/abstractions/ubuntu-xterm b/profiles/apparmor.d/abstractions/ubuntu-xterm
index a062cc72bd26920280cd3b99fe194b6b8f8bc9ba..07eacaba96d50cb25dfcfef3ad9ffa4ca009c3cf 100644
--- a/profiles/apparmor.d/abstractions/ubuntu-xterm
+++ b/profiles/apparmor.d/abstractions/ubuntu-xterm
@@ -3,7 +3,9 @@
# for allowing access to xterm
#
- #include <abstractions/consoles>
+ abi <abi/3.0>,
+
+ include <abstractions/consoles>
/dev/ptmx rw,
/{,var/}run/utmp r,
/etc/X11/app-defaults/XTerm r,
@@ -11,3 +13,6 @@
# do not use ux or Ux here. Use at a minimum ix
/usr/bin/xterm ix,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/ubuntu-xterm.d>
diff --git a/profiles/apparmor.d/abstractions/user-download b/profiles/apparmor.d/abstractions/user-download
index ea1043a3365518789b7c575f01850a918230590a..765402947354ce3095c1fcb085647e34811e9056 100644
--- a/profiles/apparmor.d/abstractions/user-download
+++ b/profiles/apparmor.d/abstractions/user-download
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# Description: Where common programs should allow users to download
# files
@@ -22,3 +24,6 @@
owner @{HOME}/@{XDG_DOWNLOAD_DIR}/* rwl,
owner "@{HOME}/My Downloads/" r,
owner "@{HOME}/My Downloads/**" rwl,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/user-download.d>
diff --git a/profiles/apparmor.d/abstractions/user-mail b/profiles/apparmor.d/abstractions/user-mail
index b799ffcac20e5c3a8af95678d68ceea6f01d8661..4156dfaacf6da27ec189cc4a9dc8e1168a8340c3 100644
--- a/profiles/apparmor.d/abstractions/user-mail
+++ b/profiles/apparmor.d/abstractions/user-mail
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# location of user mail, spool and mboxes
owner @{HOME}/[mM]ail/ r,
owner @{HOME}/[mM]ail/** rwl,
@@ -21,3 +23,6 @@
owner @{HOME}/.forward r,
owner @{HOME}/Maildir/ r,
owner @{HOME}/Maildir/** rwl,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/user-mail.d>
diff --git a/profiles/apparmor.d/abstractions/user-manpages b/profiles/apparmor.d/abstractions/user-manpages
index b7cc0cb8ee9311a2e72893bbf8f74938433d70bc..3178a4d60f35da53f96b0c0bcae18429655cb3aa 100644
--- a/profiles/apparmor.d/abstractions/user-manpages
+++ b/profiles/apparmor.d/abstractions/user-manpages
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# perhaps your configuration has users elsewhere, or you don't wish
# them to read their own manpages
owner @{HOME}/man/ r,
@@ -22,3 +24,6 @@
/usr/local/share/man/man?/** r,
/usr/{share,X11R6,local,kerberos}/man/** r,
/usr/man/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/user-manpages.d>
diff --git a/profiles/apparmor.d/abstractions/user-tmp b/profiles/apparmor.d/abstractions/user-tmp
index 63993d60d01c69ace8a795f2467350b3d943bd09..6d651c5dc4864bba4c329d4ab4afaa9d1a650f56 100644
--- a/profiles/apparmor.d/abstractions/user-tmp
+++ b/profiles/apparmor.d/abstractions/user-tmp
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# per-user tmp directories
owner @{HOME}/tmp/** rwkl,
owner @{HOME}/tmp/ rw,
@@ -18,3 +20,6 @@
/var/tmp/ rw,
owner /tmp/** rwkl,
/tmp/ rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/user-tmp.d>
diff --git a/profiles/apparmor.d/abstractions/user-write b/profiles/apparmor.d/abstractions/user-write
index c6ea29bdf2e7748368026eb26f6bbdd1d9e7e026..604b60b7a3ff8a0546be78b6535bae7a94b1052f 100644
--- a/profiles/apparmor.d/abstractions/user-write
+++ b/profiles/apparmor.d/abstractions/user-write
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# per-user write directories
owner @{HOME}/ r,
owner @{HOME}/@{XDG_DESKTOP_DIR}/ r,
@@ -19,3 +21,6 @@
owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwl,
owner @{HOME}/@{XDG_DOCUMENTS_DIR}/** rwl,
owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/** rwl,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/user-write.d>
diff --git a/profiles/apparmor.d/abstractions/video b/profiles/apparmor.d/abstractions/video
index 00a834681d272b991bc5038b54647654ff3b836a..e3cc30cc58036b14097536ea960495b90d4d641b 100644
--- a/profiles/apparmor.d/abstractions/video
+++ b/profiles/apparmor.d/abstractions/video
@@ -1,6 +1,11 @@
# vim:syntax=apparmor
# video device access
+ abi <abi/3.0>,
+
# System devices
- @{sys}/class/video4linux r,
+ @{sys}/class/video4linux/ r,
@{sys}/class/video4linux/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/video.d>
diff --git a/profiles/apparmor.d/abstractions/vulkan b/profiles/apparmor.d/abstractions/vulkan
index 04c8ec262a84ac4e877699e5e76be7b110307ca5..479a9dcb70e4e66ca6f1e343e357c4b8c970423d 100644
--- a/profiles/apparmor.d/abstractions/vulkan
+++ b/profiles/apparmor.d/abstractions/vulkan
@@ -1,6 +1,8 @@
# vim:syntax=apparmor
# Vulkan access requirements
+ abi <abi/3.0>,
+
# System files
/dev/dri/ r, # libvulkan_radeon.so, libvulkan_intel.so (Mesa)
/etc/glvnd/egl_vendor.d/{*,.json} r,
@@ -18,3 +20,6 @@
# User files
owner @{HOME}/.local/share/vulkan/implicit_layer.d/{,*.json} r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/vulkan.d>
diff --git a/profiles/apparmor.d/abstractions/wayland b/profiles/apparmor.d/abstractions/wayland
index f5290b28ce52c9536ab35e1f78718a7474158c12..2b73925a21e5c932bb265a7bc55a75eeeec4470a 100644
--- a/profiles/apparmor.d/abstractions/wayland
+++ b/profiles/apparmor.d/abstractions/wayland
@@ -9,6 +9,10 @@
#
# ------------------------------------------------------------------
- owner /var/run/user/*/weston-shared-* rw,
- owner /run/user/*/wayland-[0-9]* rw,
- owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
+ abi <abi/3.0>,
+
+ owner @{run}/user/*/wayland-[0-9]* rw,
+ owner @{run}/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/wayland.d>
diff --git a/profiles/apparmor.d/abstractions/web-data b/profiles/apparmor.d/abstractions/web-data
index 0baf29902f9cd096a941e0420ea12a2c4262e19d..8459eee354cf4f965cf0e496600f980c21c2c361 100644
--- a/profiles/apparmor.d/abstractions/web-data
+++ b/profiles/apparmor.d/abstractions/web-data
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/srv/www/htdocs/ r,
/srv/www/htdocs/** r,
# virtual hosting
@@ -23,3 +25,6 @@
/var/www/html/ r,
/var/www/html/** r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/web-data.d>
diff --git a/profiles/apparmor.d/abstractions/winbind b/profiles/apparmor.d/abstractions/winbind
index e982889eac29e67ca86354877b60b7b6b739890e..3503e5a00cdeaae89f3b3426d55f71ec0d5a0d0d 100644
--- a/profiles/apparmor.d/abstractions/winbind
+++ b/profiles/apparmor.d/abstractions/winbind
@@ -9,9 +9,12 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# pam_winbindd
/tmp/.winbindd/pipe rw,
- /var/{lib,run}/samba/winbindd_privileged/pipe rw,
+ /var/lib/samba/winbindd_privileged/pipe rw,
+ @{run}/samba/winbindd_privileged/pipe rw,
/etc/samba/smb.conf r,
/etc/samba/dhcp.conf r,
/usr/lib*/samba/valid.dat r,
@@ -19,3 +22,6 @@
/usr/lib*/samba/lowcase.dat r,
/usr/share/samba/codepages/{lowcase,upcase,valid}.dat r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/winbind.d>
diff --git a/profiles/apparmor.d/abstractions/wutmp b/profiles/apparmor.d/abstractions/wutmp
index d7509558aca4d6e207ba229189681b10ab31a6c9..46d33f795e36fed694f741a30991e4d92e1f0c40 100644
--- a/profiles/apparmor.d/abstractions/wutmp
+++ b/profiles/apparmor.d/abstractions/wutmp
@@ -9,8 +9,14 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# some services update wtmp, utmp, and lastlog with per-user
# connection information
/var/log/lastlog rwk,
- /var/log/wtmp wk,
- /{,var/}run/utmp rwk,
+ /var/log/wtmp rwk,
+ /var/log/btmp rwk,
+ @{run}/utmp rwk,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/wutmp.d>
diff --git a/profiles/apparmor.d/abstractions/xad b/profiles/apparmor.d/abstractions/xad
index 54b0f40e2872ef7545c3dce0556de2357b74e686..f5f6e720414cca2da8a82bf65fd694da00dea241 100644
--- a/profiles/apparmor.d/abstractions/xad
+++ b/profiles/apparmor.d/abstractions/xad
@@ -8,6 +8,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
/opt/novell/xad/lib/ r,
/opt/novell/xad/lib/lib*.so* mr,
/opt/novell/xad/lib/gss/*.so* mr,
@@ -23,3 +25,6 @@
/var/opt/novell/nici/* r,
/var/opt/novell/nici/*/ r,
/var/opt/novell/nici/*/* rw,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/xad.d>
diff --git a/profiles/apparmor.d/abstractions/xdg-desktop b/profiles/apparmor.d/abstractions/xdg-desktop
index bc8f6a00cf8f345dc09c89a405dd68732a13ae96..9f7f4ae2a2597cc90cd34814c38196eadfbbad0b 100644
--- a/profiles/apparmor.d/abstractions/xdg-desktop
+++ b/profiles/apparmor.d/abstractions/xdg-desktop
@@ -9,6 +9,8 @@
#
# ------------------------------------------------------------------
+ abi <abi/3.0>,
+
# Entries based on:
# http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
@@ -22,3 +24,6 @@
# fallbacks
/usr/share/ r,
/usr/local/share/ r,
+
+ # Include additions to the abstraction
+ include if exists <abstractions/xdg-desktop.d>
diff --git a/profiles/apparmor.d/abstractions/xdg-open b/profiles/apparmor.d/abstractions/xdg-open
index 531022e33f83cfbb2472b8972340552a2d49950c..aed2071046a1fb4980c3c479c6abd9a32bc53ec6 100644
--- a/profiles/apparmor.d/abstractions/xdg-open
+++ b/profiles/apparmor.d/abstractions/xdg-open
@@ -1,5 +1,7 @@
# vim:syntax=apparmor
+ abi <abi/3.0>,
+
# This abstraction is designed to be used in a child profile to limit what
# confined application can invoke via xdg-open helper. xdg-open abstraction
# will allow to use gio-open, kde-open5 and other helpers of the different
@@ -16,40 +18,40 @@
#
# # out-of-line child profile
# profile foo//xdg-open {
-# #include <abstractions/xdg-open>
+# include <abstractions/xdg-open>
#
# # Enable a11y support if considered required by
# # profile author for (rare) error message boxes.
-# #include <abstractions/dbus-accessibility>
+# include <abstractions/dbus-accessibility>
#
# # Enable gstreamer support if considered required by
# # profile author for (rare) error message boxes.
-# #include if exists <abstractions/gstreamer>
+# include if exists <abstractions/gstreamer>
#
# # needed for ubuntu-* abstractions
-# #include <abstractions/ubuntu-helpers>
+# include <abstractions/ubuntu-helpers>
#
# # Only allow to handle http[s]: and mailto: links
-# #include <abstractions/ubuntu-browsers>
-# #include <abstractions/ubuntu-email>
+# include <abstractions/ubuntu-browsers>
+# include <abstractions/ubuntu-email>
#
# # < add additional allowed applications here >
# }
# ```
- #include <abstractions/base>
+ include <abstractions/base>
# for openin with `exo-open`
- #include <abstractions/exo-open>
+ include <abstractions/exo-open>
# for opening with `gio open <uri>`
- #include <abstractions/gio-open>
+ include <abstractions/gio-open>
# for opening with gvfs-open (deprecated)
- #include <abstractions/gvfs-open>
+ include <abstractions/gvfs-open>
# for opening with kde-open5
- #include <abstractions/kde-open5>
+ include <abstractions/kde-open5>
# Main executables
@@ -81,4 +83,4 @@
owner @{HOME}/.local/share/applications/{,*.desktop} r,
# Include additions to the abstraction
- #include if exists <abstractions/xdg-open.d>
+ include if exists <abstractions/xdg-open.d>
diff --git a/profiles/apparmor.d/apache2.d/phpsysinfo b/profiles/apparmor.d/apache2.d/phpsysinfo
index af730910eebe98ccfa9c76bc78126dce2295e080..afd1ff34038b1369dcbae06de9744a5577d90366 100644
--- a/profiles/apparmor.d/apache2.d/phpsysinfo
+++ b/profiles/apparmor.d/apache2.d/phpsysinfo
@@ -1,12 +1,14 @@
# Last Modified: Fri Sep 11 13:27:22 2009
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
+ abi <abi/3.0>,
+
^phpsysinfo {
- #include <abstractions/apache2-common>
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/php5>
- #include <abstractions/python>
+ include <abstractions/apache2-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/php5>
+ include <abstractions/python>
/{,usr/}bin/dash ixr,
/{,usr/}bin/df ixr,
@@ -43,6 +45,6 @@
/var/lib/{misc,usbutils}/usb.ids r,
/var/log/apache2/access.log w,
/var/log/apache2/error.log w,
- /{,var/}run/utmp rk,
+ @{run}/utmp rk,
/usr/share/misc/pci.ids r,
}
diff --git a/profiles/apparmor.d/bin.ping b/profiles/apparmor.d/bin.ping
index e3d0e0362ddcea8226ded78e01de1af7f41db4df..149b802d6a46b189c9a3d872745d64c1f8425083 100644
--- a/profiles/apparmor.d/bin.ping
+++ b/profiles/apparmor.d/bin.ping
@@ -9,11 +9,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile ping /{usr/,}bin/{,iputils-}ping {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability net_raw,
capability setuid,
@@ -24,5 +26,5 @@ profile ping /{usr/,}bin/{,iputils-}ping {
/etc/modules.conf r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/bin.ping>
+ include if exists <local/bin.ping>
}
diff --git a/profiles/apparmor.d/local/README b/profiles/apparmor.d/local/README
index a3cf2e49a5a7eee190da39a35bbc24bf2d52d3b7..b2db5c1860acaec677e9e2cb36f0e976ef28d2e2 100644
--- a/profiles/apparmor.d/local/README
+++ b/profiles/apparmor.d/local/README
@@ -12,7 +12,7 @@
# it is appropriate for your site.
#
# For example, if the shipped /etc/apparmor.d/usr.sbin.smbd profile has:
-# #include <local/usr.sbin.smbd>
+# include <local/usr.sbin.smbd>
#
# then an administrator can adjust /etc/apparmor.d/local/usr.sbin.smbd to
# contain any additional paths to be allowed, such as:
diff --git a/profiles/apparmor.d/lsb_release b/profiles/apparmor.d/lsb_release
index 5c05ba4db3b414bf72aedd9a559b2098b6e71e84..ad8b998fcf4a77672ea9a454a9132ebeb9274c95 100644
--- a/profiles/apparmor.d/lsb_release
+++ b/profiles/apparmor.d/lsb_release
@@ -4,19 +4,21 @@
# is invoked from other confined applications, but not when it is used
# in regular (unconfined) shell scripts or run directly by the user.
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
# Do not attach to /usr/bin/lsb_release by default
profile lsb_release {
- #include <abstractions/base>
- #include <abstractions/python>
+ include <abstractions/base>
+ include <abstractions/python>
owner @{PROC}/@{pid}/fd/ r,
/dev/tty rw,
/usr/bin/lsb_release r,
- /usr/bin/python3.[0-9] mr,
+ /usr/bin/python3.{1,}[0-9] mr,
/etc/debian_version r,
/etc/default/apport r,
@@ -46,5 +48,5 @@ profile lsb_release {
deny /tmp/gtalkplugin.log w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/lsb_release>
+ include if exists <local/lsb_release>
}
diff --git a/profiles/apparmor.d/nvidia_modprobe b/profiles/apparmor.d/nvidia_modprobe
index 2c29b9970c56f0d6f6c8e0501c59e6a28105d47f..2502c49d457b0d2d34de6c63c9568c326f8fce2e 100644
--- a/profiles/apparmor.d/nvidia_modprobe
+++ b/profiles/apparmor.d/nvidia_modprobe
@@ -1,9 +1,11 @@
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile nvidia_modprobe {
- #include <abstractions/base>
+ include <abstractions/base>
# Capabilities
@@ -35,7 +37,7 @@ profile nvidia_modprobe {
# Child profiles
profile kmod {
- #include <abstractions/base>
+ include <abstractions/base>
# Capabilities
@@ -60,6 +62,6 @@ profile nvidia_modprobe {
}
# Site-specific additions and overrides. See local/README for details.
- #include <local/nvidia_modprobe>
+ include if exists <local/nvidia_modprobe>
}
diff --git a/profiles/apparmor.d/php-fpm b/profiles/apparmor.d/php-fpm
new file mode 100644
index 0000000000000000000000000000000000000000..0dcc8c7df6bfafad70f81e5088f4b21bbd3b6662
--- /dev/null
+++ b/profiles/apparmor.d/php-fpm
@@ -0,0 +1,59 @@
+# vim: ft=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
+ # load common libraries and their support files
+ include <abstractions/base>
+ # resolve hostnames/usernames
+ include <abstractions/nameservice>
+ # common php files and support files that php needs
+ include <abstractions/php>
+ # read openssl configuration
+ include <abstractions/openssl>
+ # read the system certificates
+ include <abstractions/ssl_certs>
+
+ capability net_admin,
+ # change user/group of a pool
+ capability setuid,
+ capability setgid,
+ # change ownership of the socket so that we can launch with a different user/group as the socket will be owned by
+ capability chown,
+ # we want to be able to kill our child processes
+ capability kill,
+ # to provide sockets with acls different than root
+ capability dac_override,
+
+ # we need write access here to move it into a different apparmor sub profile
+ @{PROC}/@{pid}/attr/{apparmor/,}current rw,
+
+ # the main log file
+ /var/log/php*-fpm.log rw,
+
+ # we need to be able to create all sockets
+ @{run}/php{,-fpm}/php*-fpm.pid rw,
+ @{run}/php*-fpm.pid rw,
+ @{run}/php{,-fpm}/php*-fpm.sock rwlk,
+
+ # to reload
+ /usr/sbin/php-fpm* rix,
+
+ # no idea why php tries to open / read/write
+ deny / rw,
+
+ # allow sending signals to our subprocesses
+ signal (send) peer=php-fpm//*,
+
+ # allow switching processes to those subprofiles
+ change_profile -> php-fpm//*,
+
+ # load all files from this directory
+ # store your configurations per pool in this dir
+ include if exists <php-fpm.d>
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/php-fpm>
+}
diff --git a/profiles/apparmor.d/samba-bgqd b/profiles/apparmor.d/samba-bgqd
new file mode 100644
index 0000000000000000000000000000000000000000..c205c2614dd10cab03618ebba4c052126c835fe4
--- /dev/null
+++ b/profiles/apparmor.d/samba-bgqd
@@ -0,0 +1,24 @@
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile samba-bgqd /usr/lib*/samba/{,samba/}samba-bgqd {
+ include <abstractions/base>
+ include <abstractions/cups-client>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/samba>
+
+ signal receive set=term peer=smbd,
+
+ @{PROC}/sys/kernel/core_pattern r,
+ owner @{PROC}/@{pid}/fd/ r,
+
+ @{run}/samba/samba-bgqd.pid wk,
+
+ /usr/lib*/samba/{,samba/}samba-bgqd mr,
+ /var/cache/samba/printing/*.tdb rwk,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/samba-bgqd>
+}
diff --git a/profiles/apparmor.d/samba-dcerpcd b/profiles/apparmor.d/samba-dcerpcd
new file mode 100644
index 0000000000000000000000000000000000000000..c186441ee699ddfad3c50ce51175df7f9ba18ee3
--- /dev/null
+++ b/profiles/apparmor.d/samba-dcerpcd
@@ -0,0 +1,32 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2022 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {
+ include <abstractions/samba-rpcd>
+
+ @{run}/samba/samba-dcerpcd.pid wk,
+
+ /usr/lib*/samba/{,samba/}samba-dcerpcd mr,
+
+ /usr/lib*/samba/ r,
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} Px -> samba-rpcd,
+ /usr/lib*/samba/{,samba/}rpcd_classic Px -> samba-rpcd-classic,
+ /usr/lib*/samba/{,samba/}rpcd_spoolss Px -> samba-rpcd-spoolss,
+
+ @{run}/samba/ncalrpc/ rw,
+ @{run}/samba/ncalrpc/** rw,
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/samba-dcerpcd>
+}
diff --git a/profiles/apparmor.d/samba-rpcd b/profiles/apparmor.d/samba-rpcd
new file mode 100644
index 0000000000000000000000000000000000000000..76bc3662a5694f78572f66b79860c9562ad97454
--- /dev/null
+++ b/profiles/apparmor.d/samba-rpcd
@@ -0,0 +1,24 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2022 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile samba-rpcd /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} {
+ include <abstractions/samba-rpcd>
+ /usr/lib*/samba/{,samba/}rpcd_{mdssvc,epmapper,rpcecho,fsrvp,lsad,winreg} mr,
+
+ @{run}/samba/ncalrpc/np/winreg wr,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/samba-rpcd>
+}
diff --git a/profiles/apparmor.d/samba-rpcd-classic b/profiles/apparmor.d/samba-rpcd-classic
new file mode 100644
index 0000000000000000000000000000000000000000..84a61f31206008de57720a16743a60243e70f137
--- /dev/null
+++ b/profiles/apparmor.d/samba-rpcd-classic
@@ -0,0 +1,24 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2022 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile samba-rpcd-classic /usr/lib*/samba/{,samba/}rpcd_classic {
+ include <abstractions/samba-rpcd>
+ include <abstractions/wutmp>
+
+ /usr/lib*/samba/{,samba/}rpcd_classic mr,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/samba-rpcd-classic>
+}
diff --git a/profiles/apparmor.d/samba-rpcd-spoolss b/profiles/apparmor.d/samba-rpcd-spoolss
new file mode 100644
index 0000000000000000000000000000000000000000..a86873dd3272062a7ad21e396772dea73bad907a
--- /dev/null
+++ b/profiles/apparmor.d/samba-rpcd-spoolss
@@ -0,0 +1,32 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2022 SUSE LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile samba-rpcd-spoolss /usr/lib*/samba/{,samba/}rpcd_spoolss {
+ include <abstractions/samba-rpcd>
+
+ /usr/lib*/samba/{,samba/}rpcd_spoolss mr,
+ /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+ /var/cache/samba/printing/ w,
+ /var/cache/samba/printing/*.tdb rwk,
+ @{run}/samba/samba-bgqd.pid rk,
+
+ /dev/urandom rw,
+
+ @{run}/samba/ncalrpc/ rw,
+ @{run}/samba/ncalrpc/** rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/samba-rpcd-spoolss>
+}
diff --git a/profiles/apparmor.d/sbin.klogd b/profiles/apparmor.d/sbin.klogd
index f2ab87ca27b41f96bfda1a1290bf6839c20c1a55..cd0cfbb20bc4f092e0f002e1a9caeb9c28bd7d8a 100644
--- a/profiles/apparmor.d/sbin.klogd
+++ b/profiles/apparmor.d/sbin.klogd
@@ -9,10 +9,12 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile klogd /{usr/,}{bin,sbin}/klogd {
- #include <abstractions/base>
+ include <abstractions/base>
capability sys_admin, # for backward compatibility with kernel <= 2.6.37
capability syslog,
@@ -26,10 +28,10 @@ profile klogd /{usr/,}{bin,sbin}/klogd {
/{usr/,}{bin,sbin}/klogd rmix,
/var/log/boot.msg rwl,
- /{,var/}run/klogd.pid krwl,
- /{,var/}run/klogd/klogd.pid krwl,
- /{,var/}run/klogd/kmsg r,
+ @{run}/klogd.pid krwl,
+ @{run}/klogd/klogd.pid krwl,
+ @{run}/klogd/kmsg r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/sbin.klogd>
+ include if exists <local/sbin.klogd>
}
diff --git a/profiles/apparmor.d/sbin.syslog-ng b/profiles/apparmor.d/sbin.syslog-ng
index d67e6374c57bddb75130d05edc4d176d3c8823ed..5ae85875b234670800ac2d34719a679e8673bcef 100644
--- a/profiles/apparmor.d/sbin.syslog-ng
+++ b/profiles/apparmor.d/sbin.syslog-ng
@@ -10,18 +10,21 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
#define this to be where syslog-ng is chrooted
@{CHROOT_BASE}=""
profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/mysql>
- #include <abstractions/openssl>
- #include <abstractions/python>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/mysql>
+ include <abstractions/openssl>
+ include <abstractions/python>
+ include <abstractions/hosts_access>
capability chown,
capability dac_override,
@@ -45,8 +48,6 @@ profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
/etc/syslog-ng/conf.d/ r,
/etc/syslog-ng/conf.d/* r,
@{PROC}/kmsg r,
- /etc/hosts.deny r,
- /etc/hosts.allow r,
/{usr/,}{bin,sbin}/syslog-ng mr,
@{sys}/devices/system/cpu/online r,
/usr/share/syslog-ng/** r,
@@ -55,14 +56,15 @@ profile syslog-ng /{usr/,}{bin,sbin}/syslog-ng {
@{CHROOT_BASE}/var/lib/*/dev/log w,
@{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
@{CHROOT_BASE}/var/log/** w,
- @{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
- @{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
+ @{CHROOT_BASE}/@{run}/syslog-ng.pid krw,
+ @{CHROOT_BASE}/@{run}/syslog-ng.ctl rw,
/{var,var/run,run}/log/journal/ r,
/{var,var/run,run}/log/journal/*/ r,
/{var,var/run,run}/log/journal/*/*.journal r,
- /{var/,}run/syslog-ng.ctl a,
- /{var/,}run/syslog-ng/additional-log-sockets.conf r,
+ /{var,var/run,run}/log/journal/*.journal r,
+ @{run}/syslog-ng.ctl a,
+ @{run}/syslog-ng/additional-log-sockets.conf r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/sbin.syslog-ng>
+ include if exists <local/sbin.syslog-ng>
}
diff --git a/profiles/apparmor.d/sbin.syslogd b/profiles/apparmor.d/sbin.syslogd
index d8f65d65f42ad2440423e5188e2a2dfcd6cd0783..eec1ba57150eb35b4320b2022f59c182ec9a4138 100644
--- a/profiles/apparmor.d/sbin.syslogd
+++ b/profiles/apparmor.d/sbin.syslogd
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile syslogd /{usr/,}{bin,sbin}/syslogd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/consoles>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/consoles>
capability sys_tty_config,
capability dac_override,
@@ -28,16 +30,20 @@ profile syslogd /{usr/,}{bin,sbin}/syslogd {
/dev/log wl,
/var/lib/*/dev/log wl,
+ /proc/kmsg r,
/dev/tty* w,
/dev/xconsole rw,
/etc/syslog.conf r,
+ /etc/syslog.d/ r,
+ /etc/syslog.d/* r,
/{usr/,}{bin,sbin}/syslogd rmix,
/var/log/** rw,
- /{,var/}run/syslogd.pid krwl,
- /{,var/}run/utmp rw,
+ @{run}/syslog.pid krwl,
+ @{run}/syslogd.pid krwl,
+ @{run}/utmp rw,
/var/spool/compaq/nic/messages_fifo rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/sbin.syslogd>
+ include if exists <local/sbin.syslogd>
}
diff --git a/profiles/apparmor.d/tunables/apparmorfs b/profiles/apparmor.d/tunables/apparmorfs
index 8df867592b6e5108ff60c886f887d79422571520..2028097f5ab5495d76eb7de9c5c89562c74df89f 100644
--- a/profiles/apparmor.d/tunables/apparmorfs
+++ b/profiles/apparmor.d/tunables/apparmorfs
@@ -6,6 +6,6 @@
#
# ------------------------------------------------------------------
-#include <tunables/securityfs>
+include <tunables/securityfs>
@{apparmorfs}=@{securityfs}/apparmor/
diff --git a/profiles/apparmor.d/tunables/etc b/profiles/apparmor.d/tunables/etc
new file mode 100644
index 0000000000000000000000000000000000000000..c144621dfa61aff096b7ebf29d7466aa5bf97d60
--- /dev/null
+++ b/profiles/apparmor.d/tunables/etc
@@ -0,0 +1,25 @@
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2020 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# @{etc_ro} contains a space-separated list of the system configuration directories.
+# Traditionally this means /etc/, but when using a read-only / filesystem and/or
+# with the goal of having only user-modified config files in /etc/, directories
+# like /usr/etc/ get introduced for storing the default config.
+
+# @{etc_ro} contains read-only directories with configuration files.
+# Do not use @{etc_ro} in rules that allow write access.
+@{etc_ro}=/etc/ /usr/etc/
+
+# @{etc_rw} contains directories where writing to configuration files is allowed.
+@{etc_rw}=/etc/
+
+# Also, include files in tunables/etc.d/ for site-specific adjustments to
+# @{etc_ro} and @{etc_rw}.
+include if exists <tunables/etc.d>
diff --git a/profiles/apparmor.d/tunables/global b/profiles/apparmor.d/tunables/global
index 3b6f99cc7b8fc02a77345496acc62d773bbbec7d..3dd4bfdb1746816ce7ceebe8d70130645dc9ebda 100644
--- a/profiles/apparmor.d/tunables/global
+++ b/profiles/apparmor.d/tunables/global
@@ -12,11 +12,12 @@
# All the tunables definitions that should be available to every profile
# should be included here
-#include <tunables/home>
-#include <tunables/multiarch>
-#include <tunables/proc>
-#include <tunables/alias>
-#include <tunables/kernelvars>
-#include <tunables/xdg-user-dirs>
-#include <tunables/share>
-#include <tunables/run>
+include <tunables/home>
+include <tunables/multiarch>
+include <tunables/proc>
+include <tunables/alias>
+include <tunables/kernelvars>
+include <tunables/xdg-user-dirs>
+include <tunables/share>
+include <tunables/etc>
+include <tunables/run>
diff --git a/profiles/apparmor.d/tunables/home b/profiles/apparmor.d/tunables/home
index 550ccd5d771f13d23433600c882a2c2e2268c190..4df34b55fa76e47cb6e4b845ee7507bee744b866 100644
--- a/profiles/apparmor.d/tunables/home
+++ b/profiles/apparmor.d/tunables/home
@@ -22,4 +22,4 @@
# Also, include files in tunables/home.d for site-specific adjustments to
# @{HOMEDIRS}.
-#include <tunables/home.d>
+include <tunables/home.d>
diff --git a/profiles/apparmor.d/tunables/multiarch b/profiles/apparmor.d/tunables/multiarch
index c54082e0214bce36952a999542e4da94719c16e2..32fd1aa105ecbb26c7fea9ddc9c2c2bdd3cb0fb0 100644
--- a/profiles/apparmor.d/tunables/multiarch
+++ b/profiles/apparmor.d/tunables/multiarch
@@ -14,4 +14,4 @@
# Also, include files in tunables/multiarch.d for site and packaging
# specific adjustments to @{multiarch}.
-#include <tunables/multiarch.d>
+include <tunables/multiarch.d>
diff --git a/profiles/apparmor.d/tunables/xdg-user-dirs b/profiles/apparmor.d/tunables/xdg-user-dirs
index fcaf8d40ddc95fb7854f85e68815addcc3f70d5f..9488f96a29eebd3d507cbe098764203e1a4d7cc4 100644
--- a/profiles/apparmor.d/tunables/xdg-user-dirs
+++ b/profiles/apparmor.d/tunables/xdg-user-dirs
@@ -21,4 +21,4 @@
# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
# to the various XDG directories
-#include <tunables/xdg-user-dirs.d>
+include <tunables/xdg-user-dirs.d>
diff --git a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2 b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
index eace90c4866175c0e87e5957532f2a0e7b0c52cb..7126bdc7644a182bb0a46278b71fbea1500eca7f 100644
--- a/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
+++ b/profiles/apparmor.d/usr.lib.apache2.mpm-prefork.apache2
@@ -1,6 +1,8 @@
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/apache2/mpm-prefork/apache2 {
# This profile is completely permissive.
@@ -39,8 +41,8 @@
# </Directory>
#
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability chown,
capability kill,
@@ -54,8 +56,8 @@
^DEFAULT_URI {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
/ rw,
/** mrwlkix,
@@ -63,7 +65,7 @@
}
^HANDLING_UNTRUSTED_INPUT {
- #include <abstractions/nameservice>
+ include <abstractions/nameservice>
/ rw,
/** mrwlkix,
@@ -73,8 +75,8 @@
# This directory contains web application
# package-specific apparmor files.
- #include <apache2.d>
+ include <apache2.d>
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.apache2.mpm-prefork.apache2>
+ include if exists <local/usr.lib.apache2.mpm-prefork.apache2>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.anvil b/profiles/apparmor.d/usr.lib.dovecot.anvil
index 5b0fba6b22798dd3297bfb7d787fa415e119bb10..ac78bc9da7d9feabeeb329c0c02f8e65d80b5f46 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.anvil
+++ b/profiles/apparmor.d/usr.lib.dovecot.anvil
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,21 +9,23 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/anvil {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-anvil /usr/lib/dovecot/anvil {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
capability setuid,
capability sys_chroot,
unix (receive, send) type=stream peer=(label=dovecot),
- /run/dovecot/anvil rw,
- /run/dovecot/anvil-auth-penalty rw,
+ @{run}/dovecot/anvil rw,
+ @{run}/dovecot/anvil-auth-penalty rw,
/usr/lib/dovecot/anvil mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.anvil>
+ include if exists <local/usr.lib.dovecot.anvil>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.auth b/profiles/apparmor.d/usr.lib.dovecot.auth
index 2545ede7f5f53f05390d911033dff59fc5644c2c..9a53247b3dc65d8f75188929b6346508c95ce78f 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.auth
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013-2018 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
# Copyright (C) 2014 Christian Wittmer
#
# This program is free software; you can redistribute it and/or
@@ -10,16 +10,18 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/auth {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/mysql>
- #include <abstractions/nameservice>
- #include <abstractions/openssl>
- #include <abstractions/wutmp>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-auth /usr/lib/dovecot/auth {
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/mysql>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/wutmp>
+ include <abstractions/dovecot-common>
capability audit_write,
capability dac_override,
@@ -41,17 +43,17 @@
/var/tmp/sieve_* rw,
/var/tmp/smtp_* rw,
- /run/dovecot/auth-master rw,
- /run/dovecot/auth-userdb rw,
- /run/dovecot/auth-worker rw,
- /run/dovecot/login/login rw,
- /{var/,}run/dovecot/auth-token-secret.dat{,.tmp} rw,
- /{var/,}run/dovecot/old-stats-user w,
- /{var/,}run/dovecot/stats-user rw,
- /{var/,}run/dovecot/anvil-auth-penalty rw,
+ @{run}/dovecot/auth-master rw,
+ @{run}/dovecot/auth-userdb rw,
+ @{run}/dovecot/auth-worker rw,
+ @{run}/dovecot/login/login rw,
+ @{run}/dovecot/auth-token-secret.dat{,.tmp} rw,
+ @{run}/dovecot/old-stats-user w,
+ @{run}/dovecot/stats-user rw,
+ @{run}/dovecot/anvil-auth-penalty rw,
/var/spool/postfix/private/auth rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.auth>
+ include if exists <local/usr.lib.dovecot.auth>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
index 936867551b09fbbb72edcc1795b5693e504455f6..94ddfdb18f5013b2cf6900dd277cd41ab6ce0343 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.config
+++ b/profiles/apparmor.d/usr.lib.dovecot.config
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013-2018 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/config {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
- #include <abstractions/ssl_keys>
+include <tunables/global>
+
+profile dovecot-config /usr/lib/dovecot/config {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
+ include <abstractions/ssl_keys>
capability dac_read_search,
capability dac_override,
@@ -28,5 +30,5 @@
/var/lib/dovecot/ssl-parameters.dat r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.config>
+ include if exists <local/usr.lib.dovecot.config>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.deliver b/profiles/apparmor.d/usr.lib.dovecot.deliver
index dcfcdbe92ba74599c32ab6bae30a04986fa12c95..2df23a0f886d29a21b46c7e7b9856ae6d2f03f10 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.deliver
+++ b/profiles/apparmor.d/usr.lib.dovecot.deliver
@@ -2,7 +2,7 @@
#
# Copyright (C) 2009 Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
# Copyright (C) 2009-2014 Canonical Ltd.
-# Copyright (C) 2011-2013 Christian Boltz
+# Copyright (C) 2011-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -11,13 +11,15 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/deliver {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-deliver /usr/lib/dovecot/deliver {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
capability setuid,
@@ -33,5 +35,5 @@
/usr/lib/dovecot/deliver mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.deliver>
+ include if exists <local/usr.lib.dovecot.deliver>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dict b/profiles/apparmor.d/usr.lib.dovecot.dict
index 5eb947689c4565a4efe843548ffc43148ff36ab4..d0edd88e0e4a148ce97e4f3896d9363d4c9059e2 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dict
+++ b/profiles/apparmor.d/usr.lib.dovecot.dict
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,14 +9,16 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/dict {
- #include <abstractions/base>
- #include <abstractions/mysql>
- #include <abstractions/nameservice>
- #include <abstractions/openssl>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-dict /usr/lib/dovecot/dict {
+ include <abstractions/base>
+ include <abstractions/mysql>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/dovecot-common>
capability setuid,
@@ -28,5 +30,5 @@
/usr/lib/dovecot/dict mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.dict>
+ include if exists <local/usr.lib.dovecot.dict>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
index 041e46bcd110f3326c4e83035382d23e272bd913..779bcce2384cc8ef96f58e1c8da6412e6d9e5a2c 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2013 Canonical Ltd.
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,24 +10,26 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/dovecot-auth {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/wutmp>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-dovecot-auth /usr/lib/dovecot/dovecot-auth {
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/wutmp>
+ include <abstractions/dovecot-common>
capability chown,
capability dac_override,
@{PROC}/@{pid}/mounts r,
/usr/lib/dovecot/dovecot-auth mr,
- /{,var/}run/dovecot/** rw,
+ @{run}/dovecot/** rw,
# required for postfix+dovecot integration
/var/spool/postfix/private/dovecot-auth w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.dovecot-auth>
+ include if exists <local/usr.lib.dovecot.dovecot-auth>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
index b0450dfc1260a049dc9b9f3ab041a65a408e7efd..c9d3fe4b14881857dba38189f1faea0da0ab90be 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013-2016 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-dovecot-lda /usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
capability setuid,
@@ -23,10 +25,10 @@
@{DOVECOT_MAILSTORE}/** rwkl,
/etc/dovecot/** r,
- /proc/*/mounts r,
+ @{PROC}/*/mounts r,
owner /tmp/dovecot.lda.* rw,
- /{var/,}run/dovecot/mounts r,
- /run/dovecot/auth-userdb rw,
+ @{run}/dovecot/mounts r,
+ @{run}/dovecot/auth-userdb rw,
/usr/bin/doveconf mrix,
/usr/lib/dovecot/dovecot-lda mrix,
/usr/{bin,sbin}/sendmail Cx -> sendmail,
@@ -34,26 +36,25 @@
/usr/share/dovecot/protocols.d/** r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.dovecot-lda>
+ include if exists <local/usr.lib.dovecot.dovecot-lda>
profile sendmail /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
# this profile is based on the usr.sbin.sendmail profile in extras
# and should support both postfix' and sendmail's sendmail binary
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
+ include <abstractions/postfix-common>
+ include <abstractions/hosts_access>
capability sys_ptrace,
/etc/aliases rw, # newaliases is a symlink to sendmail, so it's
/etc/aliases.db rw, # actually the same binary
/etc/fstab r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/mail/* r,
/etc/mail/statistics rw,
/etc/mtab r,
@@ -62,8 +63,8 @@
/etc/sendmail.cf r,
/etc/sendmail.cw r,
/etc/shells r,
- /proc/loadavg r,
- /proc/net/if_inet6 r,
+ @{PROC}/loadavg r,
+ @{PROC}/net/if_inet6 r,
/root/.forward r,
/root/dead.letter w,
/usr/bin/procmail Px,
@@ -77,9 +78,9 @@
/usr/{bin,sbin}/sendmail mrix,
/usr/{bin,sbin}/sendmail.postfix mrix,
/usr/{bin,sbin}/sendmail.sendmail mrix,
- /{var/,}run/sendmail.pid rwl,
- /{var/,}run/sm-client.pid rwl,
- /{var/,}run/utmp rw,
+ @{run}/sendmail.pid rwl,
+ @{run}/sm-client.pid rwl,
+ @{run}/utmp rw,
/var/spool/clientmqueue/* rwl,
/var/spool/mail/* rwl,
/var/spool/mqueue/* rwl,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
index db3f9e9d8841dda9e4a8f79a11063f85df0c52fc..90b55bd41496d599c3bd69cdce05abae7f7e0505 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2010 Canonical Ltd.
-# Copyright (C) 2011-2013 Christian Boltz
+# Copyright (C) 2011-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,13 +10,15 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/imap {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-imap /usr/lib/dovecot/imap {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
capability setuid,
deny capability block_suspend,
@@ -33,14 +35,15 @@
/etc/dovecot/conf.d/** r,
owner /tmp/dovecot.imap.* rw,
- @{PROC}/@{pid}/attr/current rw,
+ @{PROC}/@{pid}/attr/{apparmor/,}current rw,
+ @{PROC}/@{pid}/stat r,
/usr/bin/doveconf rix,
/usr/lib/dovecot/imap mrix,
/usr/share/dovecot/** r,
- /run/dovecot/login/imap rw,
- /{,var/}run/dovecot/auth-master rw,
- /{,var/}run/dovecot/mounts r,
+ @{run}/dovecot/login/imap rw,
+ @{run}/dovecot/auth-master rw,
+ @{run}/dovecot/mounts r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.imap>
+ include if exists <local/usr.lib.dovecot.imap>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap-login b/profiles/apparmor.d/usr.lib.dovecot.imap-login
index 9b7ed743a7441cdd6ad5c255a83421b8c70e797d..fccde842e58b3c92260142cc96b8b641a860101c 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap-login
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2011 Canonical Ltd.
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,12 +10,14 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-/usr/lib/dovecot/imap-login {
- #include <abstractions/base>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
- #include <abstractions/dovecot-common>
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile dovecot-imap-login /usr/lib/dovecot/imap-login {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+ include <abstractions/openssl>
capability setuid,
capability sys_chroot,
@@ -25,11 +27,11 @@
network unix stream,
/usr/lib/dovecot/imap-login mr,
- /{,var/}run/dovecot/anvil rw,
- /{,var/}run/dovecot/login-master-notify* rw,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ @{run}/dovecot/anvil rw,
+ @{run}/dovecot/login-master-notify* rw,
+ @{run}/dovecot/login/ r,
+ @{run}/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.imap-login>
+ include if exists <local/usr.lib.dovecot.imap-login>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.lmtp b/profiles/apparmor.d/usr.lib.dovecot.lmtp
index 5ae6e61a9e5202242b5cc6dc93bb563a5eabcbfc..ad26eff3e5198e3e004c7876e89af431769f7d03 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,16 +9,18 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/lmtp {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
- #include <abstractions/openssl>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-lmtp /usr/lib/dovecot/lmtp {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
+ include <abstractions/openssl>
+ include <abstractions/ssl_certs>
+ include <abstractions/ssl_keys>
capability dac_override,
capability dac_read_search,
@@ -28,12 +30,14 @@
@{DOVECOT_MAILSTORE}/** rwkl,
@{HOME}/.dovecot.svbin r,
- @{PROC}/@{pid}/attr/current rw,
- /proc/*/mounts r,
+ @{PROC}/@{pid}/attr/{apparmor/,}current rw,
+ owner @{PROC}/@{pid}/io r,
+ owner @{PROC}/@{pid}/stat r,
+ @{PROC}/*/mounts r,
/tmp/dovecot.lmtp.* rw,
/usr/lib/dovecot/lmtp mr,
- /{var/,}run/dovecot/mounts r,
+ @{run}/dovecot/mounts r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.lmtp>
+ include if exists <local/usr.lib.dovecot.lmtp>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.log b/profiles/apparmor.d/usr.lib.dovecot.log
index 31086063b05d662f8050974236a1d71147a7e917..1cc1224b2aa2470dd66625acf96ec857298e297e 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.log
+++ b/profiles/apparmor.d/usr.lib.dovecot.log
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,14 +9,16 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/log flags=(attach_disconnected) {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-log /usr/lib/dovecot/log flags=(attach_disconnected) {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
/usr/lib/dovecot/log mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.log>
+ include if exists <local/usr.lib.dovecot.log>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
index 8ce9faed1943a184c6258a23ee5f3596e268ca57..beaa66edf8c1f1f9a99d54c18510ba5f7e38acb4 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
# Copyright (C) 2014 Christian Wittmer
#
# This program is free software; you can redistribute it and/or
@@ -10,12 +10,14 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/managesieve {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-managesieve /usr/lib/dovecot/managesieve {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
capability setuid,
@@ -30,5 +32,5 @@
/usr/lib/dovecot/managesieve mrix,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.managesieve>
+ include if exists <local/usr.lib.dovecot.managesieve>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
index 4504fd958a0a9385f321449d91bcb64f9bf5f76b..5181578147bfa44acd843ca67f26e32f6f5200ef 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -2,7 +2,7 @@
#
# Copyright (c) 2009 Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
# Copyright (C) 2009-2011 Canonical Ltd.
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
# Copyright (C) 2014 Christian Wittmer
#
# This program is free software; you can redistribute it and/or
@@ -12,13 +12,14 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/managesieve-login {
- #include <abstractions/base>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-managesieve-login /usr/lib/dovecot/managesieve-login {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+ include <abstractions/openssl>
capability setuid,
capability sys_chroot,
@@ -28,10 +29,10 @@
network unix stream,
/usr/lib/dovecot/managesieve-login mr,
- /{,var/}run/dovecot/login-master-notify* rw,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ @{run}/dovecot/login-master-notify* rw,
+ @{run}/dovecot/login/ r,
+ @{run}/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.managesieve-login>
+ include if exists <local/usr.lib.dovecot.managesieve-login>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3 b/profiles/apparmor.d/usr.lib.dovecot.pop3
index ae3d73ac2594c531399ee7ae979224777171802f..ed010ddafd1feff739d8c8c0fb85209db3967ed2 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2010 Canonical Ltd.
-# Copyright (C) 2011-2013 Christian Boltz
+# Copyright (C) 2011-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,13 +10,15 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
-#include <tunables/dovecot>
+abi <abi/3.0>,
-/usr/lib/dovecot/pop3 {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+include <tunables/dovecot>
+
+profile dovecot-pop3 /usr/lib/dovecot/pop3 {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/dovecot-common>
capability setuid,
@@ -24,8 +26,9 @@
@{DOVECOT_MAILSTORE}/** rwkl,
@{HOME} r, # ???
+ @{PROC}/@{pid}/stat r,
/usr/lib/dovecot/pop3 mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.pop3>
+ include if exists <local/usr.lib.dovecot.pop3>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.pop3-login b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
index 7d6cbed0a0c54a90c7a82cf4b5d19197ba5a1fb0..2bcc3fec43dde5c52fb53e9aa4eb9e4a3ca83be7 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2011 Canonical Ltd.
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,26 +10,28 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/pop3-login {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-pop3-login /usr/lib/dovecot/pop3-login {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+ include <abstractions/openssl>
capability setuid,
capability sys_chroot,
+ network inet stream,
+ network inet6 stream,
network unix stream,
/usr/lib/dovecot/pop3-login mr,
- /{,var/}run/dovecot/anvil rw,
- /{,var/}run/dovecot/login-master-notify* rw,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ @{run}/dovecot/anvil rw,
+ @{run}/dovecot/login-master-notify* rw,
+ @{run}/dovecot/login/ r,
+ @{run}/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.pop3-login>
+ include if exists <local/usr.lib.dovecot.pop3-login>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.script-login b/profiles/apparmor.d/usr.lib.dovecot.script-login
index 3b0468957ae9c53f7f7df917f59df8c5d07f0620..aca2275811ac821c207b255376494287b7128821 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.script-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.script-login
@@ -10,12 +10,14 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile dovecot-script-login /usr/lib/dovecot/script-login {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+ include <abstractions/nameservice>
capability setuid,
@@ -28,6 +30,5 @@ profile dovecot-script-login /usr/lib/dovecot/script-login {
# and then to create the profile for the script.
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.script-login>
+ include if exists <local/usr.lib.dovecot.script-login>
}
-
diff --git a/profiles/apparmor.d/usr.lib.dovecot.ssl-params b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
index b6cb8dcedd0c11e9898ca41d5c9e50ff612c3e20..64a1eba806542b0e0a148aa9c43db80d4a5f35a4 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.ssl-params
+++ b/profiles/apparmor.d/usr.lib.dovecot.ssl-params
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2013 Christian Boltz
+# Copyright (C) 2013-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,18 +9,20 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/ssl-params {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
+include <tunables/global>
- /run/dovecot/ssl-params rw,
- /run/dovecot/login/ssl-params rw,
+profile dovecot-ssl-params /usr/lib/dovecot/ssl-params {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+
+ @{run}/dovecot/ssl-params rw,
+ @{run}/dovecot/login/ssl-params rw,
/usr/lib/dovecot/ssl-params mr,
/var/lib/dovecot/ssl-parameters.dat rw,
/var/lib/dovecot/ssl-parameters.dat.tmp rwk,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.ssl-params>
+ include if exists <local/usr.lib.dovecot.ssl-params>
}
diff --git a/profiles/apparmor.d/usr.lib.dovecot.stats b/profiles/apparmor.d/usr.lib.dovecot.stats
index 151e4ed6372f041c7b21b63df4a92f9e616c1731..37e77406548edba194b9e86d155990cd6d051814 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.stats
+++ b/profiles/apparmor.d/usr.lib.dovecot.stats
@@ -1,6 +1,6 @@
# ------------------------------------------------------------------
#
-# Copyright (C) 2018 Christian Boltz
+# Copyright (C) 2018-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,17 +9,23 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
-/usr/lib/dovecot/stats {
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
+include <tunables/global>
+
+profile dovecot-stats /usr/lib/dovecot/stats {
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
capability setuid,
capability sys_chroot,
+ # for metrics end-point (Prometheus)
+ network inet stream,
+ network inet6 stream,
+
/usr/lib/dovecot/stats mr,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.lib.dovecot.stats>
+ include if exists <local/usr.lib.dovecot.stats>
}
diff --git a/profiles/apparmor.d/usr.sbin.apache2 b/profiles/apparmor.d/usr.sbin.apache2
index 8fcdf5802ae5e988604e7c65190c3c09f3ba90e0..6c9ae7b4195222a84ca8d5654afa3f946c2c9554 100644
--- a/profiles/apparmor.d/usr.sbin.apache2
+++ b/profiles/apparmor.d/usr.sbin.apache2
@@ -1,6 +1,8 @@
# Author: Marc Deslauriers <marc.deslauriers@ubuntu.com>
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
# This profile is completely permissive.
@@ -26,7 +28,7 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
# the "apache2-common" abstraction:
#
# ^example.com {
- # #include <abstractions/apache2-common>
+ # include <abstractions/apache2-common>
# /var/www/html/ r,
# /var/www/html/** r,
# /var/log/apache2/*.log w,
@@ -67,8 +69,8 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
# </Location>
#
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
# Send signals to all hats.
signal (send) peer=@{profile_name}//*,
@@ -85,15 +87,15 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
^DEFAULT_URI flags=(attach_disconnected) {
- #include <abstractions/base>
- #include <abstractions/apache2-common>
+ include <abstractions/base>
+ include <abstractions/apache2-common>
/ rw,
/** mrwlkix,
}
^HANDLING_UNTRUSTED_INPUT flags=(attach_disconnected) {
- #include <abstractions/apache2-common>
+ include <abstractions/apache2-common>
/ rw,
/** mrwlkix,
@@ -102,8 +104,8 @@ profile apache2 /usr/{bin,sbin}/apache2 flags=(attach_disconnected) {
# This directory contains web application
# package-specific apparmor files.
- #include <apache2.d>
+ include <apache2.d>
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.apache2>
+ include if exists <local/usr.sbin.apache2>
}
diff --git a/profiles/apparmor.d/usr.sbin.avahi-daemon b/profiles/apparmor.d/usr.sbin.avahi-daemon
index a56d4a11af2c3cbc38b8233f95891235cc5736cd..010b3858c6d86716c45213044fbb991efd2f254d 100644
--- a/profiles/apparmor.d/usr.sbin.avahi-daemon
+++ b/profiles/apparmor.d/usr.sbin.avahi-daemon
@@ -1,9 +1,11 @@
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile avahi-daemon /usr/{bin,sbin}/avahi-daemon {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/dbus>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/dbus>
+ include <abstractions/nameservice>
capability chown,
capability dac_override,
@@ -20,14 +22,17 @@ profile avahi-daemon /usr/{bin,sbin}/avahi-daemon {
/etc/avahi/services/ r,
/etc/avahi/services/*.service r,
@{PROC}/@{pid}/fd/ r,
+ @{PROC}/1/environ r,
+ @{PROC}/cmdline r,
+ @{PROC}/sys/kernel/osrelease r,
/usr/{bin,sbin}/avahi-daemon mr,
/usr/share/avahi/introspection/*.introspect r,
/usr/share/dbus-1/interfaces/org.freedesktop.Avahi.*.xml r,
- /{,var/}run/avahi-daemon/ w,
- /{,var/}run/avahi-daemon/pid krw,
- /{,var/}run/avahi-daemon/socket w,
- /{,var/}run/systemd/notify w,
+ @{run}/avahi-daemon/ w,
+ @{run}/avahi-daemon/pid krw,
+ @{run}/avahi-daemon/socket w,
+ @{run}/systemd/notify w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.avahi-daemon>
+ include if exists <local/usr.sbin.avahi-daemon>
}
diff --git a/profiles/apparmor.d/usr.sbin.dnsmasq b/profiles/apparmor.d/usr.sbin.dnsmasq
index 88f09913f2055f2271f6d06d962418c7b59da02c..9a5ca0b78453dffd31b81d1a9717626ab163ab6d 100644
--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -9,19 +9,15 @@
#
# ------------------------------------------------------------------
-@{TFTP_DIR}=/var/tftp /srv/tftpboot
+abi <abi/3.0>,
-#include <tunables/global>
+@{TFTP_DIR}=/var/tftp /srv/tftp /srv/tftpboot
-# This profile has the name "/usr/sbin/dnsmasq", but attaches to both /usr/bin/dnsmasq and /usr/sbin/dnsmasq.
-# We are sorry for the confusion ;-) but this trick is needed to support distributions with merged bin and sbin
-# while not breaking the libvirtd profile that has rules with peer=/usr/sbin/dnsmasq
-# Future versions of AppArmor (> 2.13.x) will have "dnsmasq" as profile name.
-
-profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
- #include <abstractions/base>
- #include <abstractions/dbus>
- #include <abstractions/nameservice>
+include <tunables/global>
+profile dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
+ include <abstractions/base>
+ include <abstractions/dbus>
+ include <abstractions/nameservice>
capability chown,
capability net_bind_service,
@@ -34,10 +30,8 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
network inet6 raw,
signal (receive) peer=/usr/{bin,sbin}/libvirtd,
- signal (receive) peer=/usr/sbin/libvirtd,
signal (receive) peer=libvirtd,
ptrace (readby) peer=/usr/{bin,sbin}/libvirtd,
- ptrace (readby) peer=/usr/sbin/libvirtd,
ptrace (readby) peer=libvirtd,
owner /dev/tty rw,
@@ -54,6 +48,8 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/etc/NetworkManager/dnsmasq.d/* r,
/etc/NetworkManager/dnsmasq-shared.d/ r,
/etc/NetworkManager/dnsmasq-shared.d/* r,
+ /etc/dnsmasq-conf.conf r,
+ /etc/dnsmasq-resolv.conf r,
/usr/{bin,sbin}/dnsmasq mr,
@@ -62,10 +58,10 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/usr/share/dnsmasq{-base,}/ r,
/usr/share/dnsmasq{-base,}/* r,
- /{,var/}run/*dnsmasq*.pid w,
- /{,var/}run/dnsmasq-forwarders.conf r,
- /{,var/}run/dnsmasq/ r,
- /{,var/}run/dnsmasq/* rw,
+ @{run}/*dnsmasq*.pid w,
+ @{run}/dnsmasq-forwarders.conf r,
+ @{run}/dnsmasq/ r,
+ @{run}/dnsmasq/* rw,
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
@@ -84,19 +80,19 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/var/lib/libvirt/dnsmasq/* r,
# libvirt pid files for dnsmasq
- /{,var/}run/libvirt/network/ r,
- /{,var/}run/libvirt/network/*.pid rw,
+ @{run}/libvirt/network/ r,
+ @{run}/libvirt/network/*.pid rw,
# libvirt lease helper
/usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
/usr/libexec/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
# lxc-net pid and lease files
- /{,var/}run/lxc/dnsmasq.pid rw,
+ @{run}/lxc/dnsmasq.pid rw,
/var/lib/misc/dnsmasq.*.leases rw,
# lxd-bridge pid and lease files
- /{,var/}run/lxd-bridge/dnsmasq.pid rw,
+ @{run}/lxd-bridge/dnsmasq.pid rw,
/var/lib/lxd-bridge/dnsmasq.*.leases rw,
/var/lib/lxd/networks/*/dnsmasq.* r,
/var/lib/lxd/networks/*/dnsmasq.leases rw,
@@ -104,25 +100,34 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
# NetworkManager integration
/var/lib/NetworkManager/dnsmasq-*.leases rw,
- /{,var/}run/nm-dns-dnsmasq.conf r,
- /{,var/}run/nm-dnsmasq-*.pid rw,
- /{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,
- /{,var/}run/NetworkManager/dnsmasq.conf r,
- /{,var/}run/NetworkManager/dnsmasq.pid w,
- /{,var/}run/NetworkManager/NetworkManager.pid w,
+ @{run}/nm-dns-dnsmasq.conf r,
+ @{run}/nm-dnsmasq-*.pid rw,
+ @{run}/sendsigs.omit.d/*dnsmasq.pid w,
+ @{run}/NetworkManager/dnsmasq.conf r,
+ @{run}/NetworkManager/dnsmasq.pid w,
+ @{run}/NetworkManager/NetworkManager.pid w,
+
+ # dnsname plugin in podman
+ @{run}/containers/cni/dnsname/*/dnsmasq.conf r,
+ @{run}/containers/cni/dnsname/*/addnhosts r,
+ @{run}/containers/cni/dnsname/*/pidfile rw,
+ owner @{run}/user/*/containers/cni/dnsname/*/dnsmasq.conf r,
+ owner @{run}/user/*/containers/cni/dnsname/*/addnhosts r,
+ owner @{run}/user/*/containers/cni/dnsname/*/pidfile rw,
profile libvirt_leaseshelper {
- #include <abstractions/base>
+ include <abstractions/base>
/etc/libnl-3/classid r,
- /usr/lib{,64}/libvirt/libvirt_leaseshelper m,
- /usr/libexec/libvirt_leaseshelper m,
+ /usr/lib{,64}/libvirt/libvirt_leaseshelper mr,
+ /usr/libexec/libvirt_leaseshelper mr,
owner @{PROC}/@{pid}/net/psched r,
owner @{PROC}/@{pid}/status r,
@{sys}/devices/system/cpu/ r,
+ @{sys}/devices/system/cpu/possible r,
@{sys}/devices/system/node/ r,
@{sys}/devices/system/node/*/meminfo r,
@@ -130,9 +135,9 @@ profile /usr/sbin/dnsmasq /usr/{bin,sbin}/dnsmasq flags=(attach_disconnected) {
/var/lib/libvirt/dnsmasq/*.leases rw,
/var/lib/libvirt/dnsmasq/*.status* rw,
- /{,var/}run/leaseshelper.pid rwk,
+ @{run}/leaseshelper.pid rwk,
}
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.dnsmasq>
+ include if exists <local/usr.sbin.dnsmasq>
}
diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
index ec3296aa70f295928a8a1a7d92cbda0303b8abd5..daa95ba5d4227cbe2bf4194c321145c0e210db38 100644
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -1,7 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2009-2013 Canonical Ltd.
-# Copyright (C) 2011-2013 Christian Boltz
+# Copyright (C) 2011-2020 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,16 +10,18 @@
# ------------------------------------------------------------------
# vim: ft=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/dovecot-common>
- #include <abstractions/mysql>
- #include <abstractions/nameservice>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/dovecot-common>
+ include <abstractions/mysql>
+ include <abstractions/nameservice>
+ include <abstractions/ssl_certs>
+ include <abstractions/ssl_keys>
capability chown,
capability dac_override,
@@ -31,10 +33,11 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
capability sys_chroot,
capability sys_resource,
- signal send set=(int,quit,term,kill) peer=/usr/lib/dovecot/*,
- signal send set=(int,quit,term,kill) peer=dovecot-*,
+ signal send peer=/usr/lib/dovecot/*,
+ signal send peer=dovecot-*,
unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil),
+ unix (receive, send) type=stream peer=(label=dovecot-anvil),
/etc/dovecot/** r,
/etc/mtab r,
@@ -68,10 +71,10 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
/var/lib/dovecot/* rwkl,
/var/spool/postfix/private/auth w,
/var/spool/postfix/private/dovecot-lmtp w,
- /{,var/}run/dovecot/ rw,
- /{,var/}run/dovecot/** rw,
- link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,
+ @{run}/dovecot/ rw,
+ @{run}/dovecot/** rw,
+ link @{run}/dovecot/** -> /var/lib/dovecot/**,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.dovecot>
+ include if exists <local/usr.sbin.dovecot>
}
diff --git a/profiles/apparmor.d/usr.sbin.identd b/profiles/apparmor.d/usr.sbin.identd
index 553fff27a85a13e1442019b4cc1025db5739edba..8dc869dc05e97f553992efff99003abfa6e3c34a 100644
--- a/profiles/apparmor.d/usr.sbin.identd
+++ b/profiles/apparmor.d/usr.sbin.identd
@@ -9,11 +9,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile identd /usr/{bin,sbin}/identd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
@@ -24,10 +26,10 @@ profile identd /usr/{bin,sbin}/identd {
/usr/{bin,sbin}/identd rmix,
@{PROC}/net/tcp r,
@{PROC}/net/tcp6 r,
- /{,var/}run/identd.pid w,
- /{,var/}run/identd/ w,
- /{,var/}run/identd/identd.pid w,
+ @{run}/identd.pid w,
+ @{run}/identd/ w,
+ @{run}/identd/identd.pid w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.identd>
+ include if exists <local/usr.sbin.identd>
}
diff --git a/profiles/apparmor.d/usr.sbin.mdnsd b/profiles/apparmor.d/usr.sbin.mdnsd
index c41ed1fefebba54d709c19966ca8ef2dc87a01a9..af934cbf6452f07e613f288847ea4786ae537f53 100644
--- a/profiles/apparmor.d/usr.sbin.mdnsd
+++ b/profiles/apparmor.d/usr.sbin.mdnsd
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile mdnsd /usr/{bin,sbin}/mdnsd {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
@@ -28,9 +30,9 @@ profile mdnsd /usr/{bin,sbin}/mdnsd {
@{PROC}/net/ r,
@{PROC}/net/unix r,
- /{,var/}run/mdnsd lw,
- /{,var/}run/mdnsd.pid w,
+ @{run}/mdnsd lw,
+ @{run}/mdnsd.pid w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.mdnsd>
+ include if exists <local/usr.sbin.mdnsd>
}
diff --git a/profiles/apparmor.d/usr.sbin.nmbd b/profiles/apparmor.d/usr.sbin.nmbd
index 5a4d31b6949aac85a3287bb01609935a354605c6..1c8c1a9e9a570ef02a49c22390d19f2d9e1ed439 100644
--- a/profiles/apparmor.d/usr.sbin.nmbd
+++ b/profiles/apparmor.d/usr.sbin.nmbd
@@ -1,9 +1,11 @@
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile nmbd /usr/{bin,sbin}/nmbd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/samba>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/samba>
capability net_bind_service,
@@ -24,12 +26,11 @@ profile nmbd /usr/{bin,sbin}/nmbd {
/var/{cache,lib}/samba/unexpected rw,
/var/cache/samba/msg/ rw,
/var/cache/samba/msg/* w,
- /var/cache/samba/msg.lock/{,*} rwk,
- /{,var/}run/nmbd.pid rwk,
- /{,var/}run/samba/** rwk,
- /{,var/}run/systemd/notify w,
+ @{run}/nmbd.pid rwk,
+ @{run}/samba/** rwk,
+ @{run}/systemd/notify w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.nmbd>
+ include if exists <local/usr.sbin.nmbd>
}
diff --git a/profiles/apparmor.d/usr.sbin.nscd b/profiles/apparmor.d/usr.sbin.nscd
index 5ab666987d77d18625dc64c3610c8d6568a73242..80f97098863467fce8c3313f7b706ee17884bed5 100644
--- a/profiles/apparmor.d/usr.sbin.nscd
+++ b/profiles/apparmor.d/usr.sbin.nscd
@@ -9,27 +9,30 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile nscd /usr/{bin,sbin}/nscd {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/ssl_certs>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/ssl_certs>
deny capability block_suspend,
capability net_bind_service,
capability setgid,
capability setuid,
+ /etc/machine-id r,
/etc/netgroup r,
/etc/nscd.conf r,
/usr/{bin,sbin}/nscd rmix,
- /{,var/}run/.nscd_socket wl,
- /{,var/}run/nscd/ rw,
- /{,var/}run/nscd/db* rwl,
- /{,var/}run/nscd/socket wl,
- /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
- /{,var/}run/{nscd/,}nscd.pid rwl,
+ @{run}/.nscd_socket wl,
+ @{run}/nscd/ rw,
+ @{run}/nscd/db* rwl,
+ @{run}/nscd/socket wl,
+ /{var/cache,var/db,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+ @{run}/{nscd/,}nscd.pid rwl,
/var/lib/libvirt/dnsmasq/ r,
/var/lib/libvirt/dnsmasq/*.status r,
/var/log/nscd.log rw,
@@ -39,5 +42,5 @@ profile nscd /usr/{bin,sbin}/nscd {
@{PROC}/@{pid}/mounts r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.nscd>
+ include if exists <local/usr.sbin.nscd>
}
diff --git a/profiles/apparmor.d/usr.sbin.ntpd b/profiles/apparmor.d/usr.sbin.ntpd
index 2279465e8dc2642565a5dee1c811345f1adc243f..062adf4d6ecbdac9278ffe5b762f0649c858dd0d 100644
--- a/profiles/apparmor.d/usr.sbin.ntpd
+++ b/profiles/apparmor.d/usr.sbin.ntpd
@@ -9,13 +9,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
-#include <tunables/ntpd>
+abi <abi/3.0>,
+
+include <tunables/global>
+include <tunables/ntpd>
profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/openssl>
- #include <abstractions/xad>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/ssl_certs>
+ include <abstractions/xad>
capability dac_override,
capability ipc_lock,
@@ -52,17 +55,17 @@ profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
/var/lib/ntp/etc/* r,
/var/lib/ntp/ntp.drift rw,
/var/lib/ntp/ntp.drift.TEMP rw,
- /var/lib/ntp/{,var/}run/ntp/ntpd.pid w,
+ /var/lib/ntp@{run}/ntp/ntpd.pid w,
/var/log/ntp w,
/var/log/ntp.log w,
/var/log/ntpstats/clockstats* lrw,
/var/log/ntpstats/loopstats* lrw,
/var/log/ntpstats/peerstats* lrw,
/var/opt/novell/xad/rpc/xadsd rw,
- /{,var/}run/nscd/services r,
- /{,var/}run/ntpd.pid w,
- /{,var/}run/ntp/ntpd.pid w,
- /{,var/}run/ntpd.sock rwl,
+ @{run}/nscd/services r,
+ @{run}/ntpd.pid w,
+ @{run}/ntp/ntpd.pid w,
+ @{run}/ntpd.sock rwl,
/var/tmp/ntp* rwl,
@{PROC}/@{pid}/net/if_inet6 r,
@@ -73,5 +76,5 @@ profile ntpd /usr/{bin,sbin}/{,open}ntpd flags=(attach_disconnected) {
@{NTPD_DEVICE} rw,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.ntpd>
+ include if exists <local/usr.sbin.ntpd>
}
diff --git a/profiles/apparmor.d/usr.sbin.smbd b/profiles/apparmor.d/usr.sbin.smbd
index f46e80e2b20810947df0dcbea71d822dbd6c3f42..be516275e28285cbde89f0307222588015f0f362 100644
--- a/profiles/apparmor.d/usr.sbin.smbd
+++ b/profiles/apparmor.d/usr.sbin.smbd
@@ -1,14 +1,17 @@
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile smbd /usr/{bin,sbin}/smbd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/cups-client>
- #include <abstractions/nameservice>
- #include <abstractions/samba>
- #include <abstractions/user-tmp>
- #include <abstractions/wutmp>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/cups-client>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/samba>
+ include <abstractions/user-tmp>
+ include <abstractions/wutmp>
capability audit_write,
capability dac_override,
@@ -22,6 +25,8 @@ profile smbd /usr/{bin,sbin}/smbd {
capability sys_resource,
capability sys_tty_config,
+ signal send set=term peer=samba-bgqd,
+
/etc/mtab r,
/etc/netgroup r,
/etc/printcap r,
@@ -33,28 +38,35 @@ profile smbd /usr/{bin,sbin}/smbd {
/usr/lib*/samba/charset/*.so mr,
/usr/lib*/samba/gensec/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
+ /usr/lib*/samba/{,samba/}samba-bgqd Px -> samba-bgqd,
+ /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/lib*/samba/{lowcase,upcase,valid}.dat r,
/usr/lib/@{multiarch}/samba/*.so{,.[0-9]*} mr,
/usr/lib/@{multiarch}/samba/**/ r,
/usr/lib/@{multiarch}/samba/**/*.so{,.[0-9]*} mr,
+ /usr/share/samba/** r,
/usr/{bin,sbin}/smbd mr,
/usr/{bin,sbin}/smbldap-useradd Px,
/var/cache/samba/** rwk,
/var/{cache,lib}/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
/var/lib/sss/pubconf/kdcinfo.* r,
- /{,var/}run/dbus/system_bus_socket rw,
- /{,var/}run/smbd.pid rwk,
- /{,var/}run/samba/** rk,
- /{,var/}run/samba/ncalrpc/ rw,
- /{,var/}run/samba/ncalrpc/** rw,
- /{,var/}run/samba/smbd.pid rw,
- /{,var/}run/samba/msg.lock/ rw,
- /{,var/}run/samba/msg.lock/[0-9]* rwk,
+ @{run}/dbus/system_bus_socket rw,
+ @{run}/smbd.pid rwk,
+ @{run}/samba/** rk,
+ @{run}/samba/ncalrpc/ rw,
+ @{run}/samba/ncalrpc/** rw,
+ @{run}/samba/smbd.pid rw,
/var/spool/samba/** rw,
@{HOMEDIRS}/** lrwk,
+ /var/lib/samba/usershares/{,**} lrwk,
+
+ # Permissions for all configured shares (file autogenerated by
+ # update-apparmor-samba-profile on service startup on Debian and openSUSE)
+ include if exists <samba/smbd-shares>
+ include if exists <local/usr.sbin.smbd-shares>
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.smbd>
+ include if exists <local/usr.sbin.smbd>
}
diff --git a/profiles/apparmor.d/usr.sbin.smbldap-useradd b/profiles/apparmor.d/usr.sbin.smbldap-useradd
index 35c0e2dcdf5c9c35ed9341b595a15dd6465b9086..c89f9d7b631d30510ff9f149a8bad16c42c3f250 100644
--- a/profiles/apparmor.d/usr.sbin.smbldap-useradd
+++ b/profiles/apparmor.d/usr.sbin.smbldap-useradd
@@ -1,11 +1,14 @@
# Last Modified: Tue Jan 3 00:17:40 2012
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
profile smbldap-useradd /usr/{bin,sbin}/smbldap-useradd {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
/dev/tty rw,
/{,usr/}bin/bash ix,
@@ -18,11 +21,11 @@ profile smbldap-useradd /usr/{bin,sbin}/smbldap-useradd {
/var/log/samba/log.smbd w,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.smbldap-useradd>
+ include if exists <local/usr.sbin.smbldap-useradd>
profile /etc/init.d/nscd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability sys_ptrace,
diff --git a/profiles/apparmor.d/usr.sbin.traceroute b/profiles/apparmor.d/usr.sbin.traceroute
index 2c08027f4f2ec1035982bb0c79afa3ef720a8c30..926ccdafe6d1da0d35258903b432f17994e7df01 100644
--- a/profiles/apparmor.d/usr.sbin.traceroute
+++ b/profiles/apparmor.d/usr.sbin.traceroute
@@ -9,11 +9,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile traceroute /usr/{{bin,sbin}/traceroute,bin/linux-traceroute,bin/traceroute.db} {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
deny capability net_admin, # noisy setsockopt() calls
capability net_raw,
@@ -26,5 +28,5 @@ profile traceroute /usr/{{bin,sbin}/traceroute,bin/linux-traceroute,bin/tracerou
@{PROC}/sys/net/ipv4/{tcp_ecn,tcp_sack,tcp_timestamps,tcp_window_scaling} r,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.traceroute>
+ include if exists <local/usr.sbin.traceroute>
}
diff --git a/profiles/apparmor.d/usr.sbin.winbindd b/profiles/apparmor.d/usr.sbin.winbindd
index 0313ec9844d06e083b3fb9db7f5a80ba8e54be00..adc3a010d87d7c74154dcf934858f65287279c4d 100644
--- a/profiles/apparmor.d/usr.sbin.winbindd
+++ b/profiles/apparmor.d/usr.sbin.winbindd
@@ -1,9 +1,11 @@
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile winbindd /usr/{bin,sbin}/winbindd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/samba>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/samba>
deny capability block_suspend,
@@ -24,16 +26,17 @@ profile winbindd /usr/{bin,sbin}/winbindd {
/usr/lib*/samba/idmap/*.so mr,
/usr/lib*/samba/nss_info/*.so mr,
/usr/lib*/samba/pdb/*.so mr,
+ /usr/lib*/samba/{,samba/}samba-dcerpcd Px -> samba-dcerpcd,
/usr/{bin,sbin}/winbindd mr,
/var/cache/krb5rcache/* rwk,
/var/cache/samba/*.tdb rwk,
/var/log/samba/log.winbindd rw,
- /{var/,}run/samba/winbindd.pid rwk,
- /{var/,}run/samba/winbindd/ rw,
- /{var/,}run/samba/winbindd/pipe w,
- /{var/,}run/user/*/krb5cc/* rwk,
+ @{run}/{samba/,}winbindd.pid rwk,
+ @{run}/samba/winbindd/ rw,
+ @{run}/samba/winbindd/pipe w,
+ @{run}/user/*/krb5cc/* rwk,
# Site-specific additions and overrides. See local/README for details.
- #include <local/usr.sbin.winbindd>
+ include if exists <local/usr.sbin.winbindd>
}
diff --git a/profiles/apparmor/profiles/extras/README b/profiles/apparmor/profiles/extras/README
index af3f892a2be9477a8430352db1023ae622ed933d..fc0c1b1be82f55b08ef15e6b1ec0c915a254fe00 100644
--- a/profiles/apparmor/profiles/extras/README
+++ b/profiles/apparmor/profiles/extras/README
@@ -30,7 +30,7 @@ work for your situation, then run commands such as the following:
# aa-enforce /etc/apparmor.d/*postfix*
# aa-enforce /etc/apparmor.d/usr.sbin.post*
- # aa-enforce /etc/apparmor.d/usr.bin.procmail
+ # aa-enforce /etc/apparmor.d/usr.bin.procmail
# aa-enforce /etc/apparmor.d/usr.sbin.sendmail
You may use the aa-unconfined tool to make sure your profiles are
@@ -38,8 +38,11 @@ working as you expect.
Feedback on these unsupported profiles is welcomed; any
contributions for this directory should be clearly licensed
--- we recommend using the GPL. Please mail suggestions or
-modifications to the apparmor@lists.ubuntu.com mail list:
-https://lists.ubuntu.com/mailman/listinfo/apparmor
+-- we recommend using the GPL. Please submit bug reports to the
+AppArmor issue tracker at https://gitlab.com/apparmor/apparmor/-/issues
+Please submit proposed changes as a merge request at
+https://gitlab.com/apparmor/apparmor/merge_requests
+Alternately, you may contact us via the apparmor@lists.ubuntu.com
+mailing list: https://lists.ubuntu.com/mailman/listinfo/apparmor
Thanks
diff --git a/profiles/apparmor/profiles/extras/bin.netstat b/profiles/apparmor/profiles/extras/bin.netstat
index 1a0550c52d98e86798abf6717bed791676d049a4..fd8d15606260c3f20b87ac65b4c6b4cfebd13c2e 100644
--- a/profiles/apparmor/profiles/extras/bin.netstat
+++ b/profiles/apparmor/profiles/extras/bin.netstat
@@ -13,12 +13,14 @@
# give evolution access to significant chunks of /proc
#
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile netstat /{usr/,}bin/netstat {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability dac_override,
capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
index 87129ff424aaf66234746530d346084089e4e49b..7ba4b38ea77bc7fd4282496e26263abab1d4dd56 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.logrotate
@@ -11,12 +11,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
/etc/cron.daily/logrotate {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/nameservice>
capability chown,
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
index 8be50a4d5778362f9449aeedf89e50f8fb1f5a0f..2b551dfdfcb4a4941a45d3c4a2e8de35829e1d44 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.slocate.cron
@@ -12,10 +12,12 @@
# that it can traverse the whole filesystem.
#
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
/etc/cron.daily/slocate.cron {
- #include <abstractions/base>
+ include <abstractions/base>
/{usr/,}bin/bash mixr,
/dev/tty wr ,
/etc/cron.daily/slocate.cron r ,
diff --git a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
index 21fa1d30473e0404f67649826644c6f08a3501c9..fa0b956179ba364a3ab901e20539f6589762f075 100644
--- a/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
+++ b/profiles/apparmor/profiles/extras/etc.cron.daily.tmpwatch
@@ -8,10 +8,12 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
/etc/cron.daily/tmpwatch {
- #include <abstractions/base>
+ include <abstractions/base>
/etc/cron.daily/tmpwatch r,
/tmp r,
/tmp/** rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil b/profiles/apparmor/profiles/extras/postfix-anvil
similarity index 75%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
rename to profiles/apparmor/profiles/extras/postfix-anvil
index bcc2a1ef0e880122017dafd895f8571638b286f9..2aec872869afa7fcb65c1aa7cf01961907d9bfb5 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.anvil
+++ b/profiles/apparmor/profiles/extras/postfix-anvil
@@ -9,20 +9,18 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
-profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+include <tunables/global>
- capability setgid,
- capability setuid,
+profile postfix-anvil /usr/lib/postfix/{bin/,sbin/,}anvil {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}anvil mrix,
/etc/postfix/main.cf r,
/{var/spool/postfix/,}private/anvil rw,
/{var/spool/postfix/,}pid/unix.anvil rwk,
- @{PROC}/net/if_inet6 r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce b/profiles/apparmor/profiles/extras/postfix-bounce
similarity index 88%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
rename to profiles/apparmor/profiles/extras/postfix-bounce
index 150807a10b721e521ddf31bb022fbdecc40ceec5..f57b3ac36f79abf462fbb5e32244cd1867a4cc91 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.bounce
+++ b/profiles/apparmor/profiles/extras/postfix-bounce
@@ -10,15 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
-profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+include <tunables/global>
- capability setgid,
- capability setuid,
+profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}bounce mrix,
@@ -26,10 +25,12 @@ profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}active/[0-9A-F]/* rwk,
/{var/spool/postfix/,}active/[0-9A-F]/ rwl,
+ /{var/spool/postfix/,}active/[0-9A-F]* rwkl,
/{var/spool/postfix/,}bounce/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}bounce/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}bounce/[0-9A-F]/* rwk,
/{var/spool/postfix/,}bounce/[0-9A-F]/ rwl,
+ /{var/spool/postfix/,}bounce/[0-9A-F]* rwkl,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwkl,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}defer/[0-9A-F]/* rwkl,
@@ -42,10 +43,8 @@ profile postfix-bounce /usr/lib/postfix/{bin/,sbin/,}bounce {
/{var/spool/postfix/,}trace/[0-9A-F]/ rwl,
/{var/spool/postfix/,}trace/[0-9A-F]* rwk,
/{var/spool/postfix/,}public/cleanup w,
+
/{var/spool/postfix/,}pid/unix.bounce rwk,
/{var/spool/postfix/,}pid/unix.defer rwk,
/{var/spool/postfix/,}pid/unix.trace rwk,
-
- /etc/postfix/main.cf r,
- @{PROC}/net/if_inet6 r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup b/profiles/apparmor/profiles/extras/postfix-cleanup
similarity index 90%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
rename to profiles/apparmor/profiles/extras/postfix-cleanup
index d249de2fa78233fa35a41698cc10e5d5656312f6..e277f14cc4927f7f8ab07578bf5a3affb4bd25ee 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.cleanup
+++ b/profiles/apparmor/profiles/extras/postfix-cleanup
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-cleanup /usr/lib/postfix/{bin/,sbin/,}cleanup {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
capability net_bind_service,
capability dac_read_search,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.discard b/profiles/apparmor/profiles/extras/postfix-discard
similarity index 88%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.discard
rename to profiles/apparmor/profiles/extras/postfix-discard
index 230136e03e476edf4f02469a2cf1aa46cd1d8731..fbfe784f8684d616289cce4b5955419614b24452 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.discard
+++ b/profiles/apparmor/profiles/extras/postfix-discard
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-discard /usr/lib/postfix/{bin/,sbin/,}discard {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}discard mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.dnsblog b/profiles/apparmor/profiles/extras/postfix-dnsblog
similarity index 88%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.dnsblog
rename to profiles/apparmor/profiles/extras/postfix-dnsblog
index d089a009b94c00fd1c5e6e5192ab8129fd56c51f..f8ce329b15cf758f37cba0031934dc8d356b5e74 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.dnsblog
+++ b/profiles/apparmor/profiles/extras/postfix-dnsblog
@@ -9,10 +9,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-dnsblog /usr/lib/postfix/{bin/,sbin/,}dnsblog {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}dnsblog mrix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.error b/profiles/apparmor/profiles/extras/postfix-error
similarity index 80%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.error
rename to profiles/apparmor/profiles/extras/postfix-error
index 7284b77e2e31f14bf25639f2aeb0c2fd46852ee1..4719f897314a60212c822e957ab9a689ffdc9443 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.error
+++ b/profiles/apparmor/profiles/extras/postfix-error
@@ -10,16 +10,17 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-error /usr/lib/postfix/{bin/,sbin/,}error {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}error mrix,
- @{PROC}/sys/kernel/ngroups_max r,
owner /var/spool/postfix/active/* rwk,
/var/spool/postfix/pid/unix.error rwk,
/var/spool/postfix/pid/unix.retry rwk,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.flush b/profiles/apparmor/profiles/extras/postfix-flush
similarity index 80%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.flush
rename to profiles/apparmor/profiles/extras/postfix-flush
index 70ee4e5b90dc26037b3d058f98a8cd9cbc6e76ee..f8395519de2ec822c0222c7c165e33a3de8308ff 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.flush
+++ b/profiles/apparmor/profiles/extras/postfix-flush
@@ -2,6 +2,7 @@
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2018 Canonical, Ltd.
+# Copyright (C) 2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,15 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
-profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+include <tunables/global>
- capability setgid,
- capability setuid,
+profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}flush mrix,
@@ -26,6 +26,7 @@ profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
/{var/spool/postfix/,}deferred/[0-9A-F]/[0-9A-F]* rwl,
/{var/spool/postfix/,}deferred/[0-9A-F]/ rwl,
/{var/spool/postfix/,}flush/ rwl,
+ /{var/spool/postfix/,}flush/* w, # filename is based on hostname
/{var/spool/postfix/,}flush/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}flush/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}flush/[0-9A-F]/ rwl,
@@ -34,10 +35,8 @@ profile postfix-flush /usr/lib/postfix/{bin/,sbin/,}flush {
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}incoming/[0-9A-F]/ rwl,
/{var/spool/postfix/,}public/qmgr w,
- /{var/spool/postfix/,}pid/unix.flush rw,
+ /{var/spool/postfix/,}pid/unix.flush rwk,
/etc/mtab r,
- /etc/postfix/main.cf r,
- /etc/postfix/virtual.db r,
@{HOME}/.forward r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp b/profiles/apparmor/profiles/extras/postfix-lmtp
similarity index 80%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
rename to profiles/apparmor/profiles/extras/postfix-lmtp
index df1d169ec1968a5c4ebeaf8c337874a767bb6a0d..d133d6459aa3462b16dafdd558f55b2399c650b7 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.lmtp
+++ b/profiles/apparmor/profiles/extras/postfix-lmtp
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-lmtp /usr/lib/postfix/{bin/,sbin/,}lmtp {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}lmtp mrix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.local b/profiles/apparmor/profiles/extras/postfix-local
similarity index 74%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.local
rename to profiles/apparmor/profiles/extras/postfix-local
index 25a96ebc6875b8a62b57bb4f569d2b7fcb8c6840..292e617afb473dde035f2daa8d14221a0662ac10 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.local
+++ b/profiles/apparmor/profiles/extras/postfix-local
@@ -2,6 +2,7 @@
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2018 Canonical, Ltd.
+# Copyright (C) 2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,14 +10,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+ abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
- #include <abstractions/user-mail>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/nameservice>
+ include <abstractions/user-mail>
+ include <abstractions/postfix-common>
/usr/bin/procmail Px,
@@ -29,9 +32,9 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
/{usr/,}bin/date mixr,
/dev/tty rw,
- /etc/{postfix/,}aliases.db rk,
- # mailman on SuSE is configed to have its own alias file
- /var/lib/mailman/data/aliases.db rk,
+ /etc/aliases.{lm,}db rk,
+ # mailman on SuSE is configured to have its own alias file
+ /var/lib/mailman/data/aliases.{lm,}db rk,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* rw,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rw,
/{var/spool/postfix/,}active/[0-9A-F]/ rw,
@@ -39,9 +42,6 @@ profile postfix-local /usr/lib/postfix/{bin/,sbin/,}local {
/{var/spool/postfix/,}pid/unix.local rwk,
/{var/spool/postfix/,}private/{bounce,defer,flush,lmtp,local,rewrite} rw,
/{var/spool/postfix/,}public/{cleanup,flush} rw,
- /etc/postfix/virtual.db r,
- /etc/postfix/lists.db r,
-
# deliver mail
/var/mail/* wk,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.master b/profiles/apparmor/profiles/extras/postfix-master
similarity index 90%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.master
rename to profiles/apparmor/profiles/extras/postfix-master
index 74d2f5277f098a05d5833d6e6bd8b3c09d2cf1a9..59a227e046f45c0bd80356b947f2375919ffeb0b 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.master
+++ b/profiles/apparmor/profiles/extras/postfix-master
@@ -10,23 +10,23 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-master /usr/lib/postfix/{bin/,sbin/,}master {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
capability net_bind_service,
capability kill,
capability dac_override,
capability dac_read_search,
- signal send peer=/usr/lib/postfix/*,
signal send peer=postfix-*,
signal peer=@{profile_name},
- unix (send receive) type=stream peer=(label=/usr/lib/postfix/*),
unix (send receive) type=stream peer=(label=postfix-*),
/etc/postfix/master.cf r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr b/profiles/apparmor/profiles/extras/postfix-nqmgr
similarity index 92%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
rename to profiles/apparmor/profiles/extras/postfix-nqmgr
index d5b5cc83008219a1cabf91b8c2682e6c4f937aef..717c9add659dc8e59e337e38121086970b0aa26e 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.nqmgr
+++ b/profiles/apparmor/profiles/extras/postfix-nqmgr
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}nqmgr mrix,
@@ -43,5 +45,4 @@ profile postfix-nqmgr /usr/lib/postfix/{bin/,sbin/,}nqmgr {
/{var/spool/postfix/,}private/local w,
/{var/spool/postfix/,}public/flush w,
/{var/spool/postfix/,}public/qmgr r,
- /etc/postfix/main.cf r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr b/profiles/apparmor/profiles/extras/postfix-oqmgr
similarity index 78%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
rename to profiles/apparmor/profiles/extras/postfix-oqmgr
index b8e766e34f008d97401cea32e6d97c508cb1ccc2..625e92966ff50d9bcff51ada117edd52a1172ab0 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.oqmgr
+++ b/profiles/apparmor/profiles/extras/postfix-oqmgr
@@ -10,12 +10,14 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-oqmgr /usr/lib/postfix/{bin/,sbin/,}oqmgr {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}oqmgr mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup b/profiles/apparmor/profiles/extras/postfix-pickup
similarity index 83%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
rename to profiles/apparmor/profiles/extras/postfix-pickup
index 8cfc2e4ad737f5b6446dc359e5f130f112c8158e..33b1e5ca0d74a89ba13c32177fc6b8772a5cff8a 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.pickup
+++ b/profiles/apparmor/profiles/extras/postfix-pickup
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-pickup /usr/lib/postfix/{bin/,sbin/,}pickup {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}pickup mrix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe b/profiles/apparmor/profiles/extras/postfix-pipe
similarity index 83%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.pipe
rename to profiles/apparmor/profiles/extras/postfix-pipe
index 0db3d5fb22ed1eed21ad740ecfebcc111da14633..dbc0867f5c726c0ff0d2f9c4e992508fae270c68 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.pipe
+++ b/profiles/apparmor/profiles/extras/postfix-pipe
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-pipe /usr/lib/postfix/{bin/,sbin/,}pipe {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}pipe mrix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.postscreen b/profiles/apparmor/profiles/extras/postfix-postscreen
similarity index 87%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.postscreen
rename to profiles/apparmor/profiles/extras/postfix-postscreen
index 9fd26d17d5d01c0473249295fff02eacfea64e03..46d9c05588e3bac4ba64315f86906ca613473f77 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.postscreen
+++ b/profiles/apparmor/profiles/extras/postfix-postscreen
@@ -8,10 +8,12 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-postscreen /usr/lib/postfix/{bin/,sbin/,}postscreen {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/lib/postfix/{bin/,sbin/,}postscreen mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap b/profiles/apparmor/profiles/extras/postfix-proxymap
similarity index 69%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
rename to profiles/apparmor/profiles/extras/postfix-proxymap
index 15c57ea2e4262f873c8379956bf46702366b19c2..b3b44e076a50adbd1b2c092f1617789ead970052 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.proxymap
+++ b/profiles/apparmor/profiles/extras/postfix-proxymap
@@ -10,19 +10,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
-profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/openssl>
- #include <abstractions/postfix-common>
+include <tunables/global>
- capability setgid,
- capability setuid,
+profile postfix-proxymap /usr/lib/postfix/{bin/,sbin/,}proxymap {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/openssl>
+ include <abstractions/postfix-common>
- /etc/postfix/main.cf r,
- @{PROC}/net/if_inet6 r,
/etc/my.cnf r,
/usr/lib/postfix/{bin/,sbin/,}proxymap mrix,
/{var/spool/postfix/,}private/proxymap rw,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr b/profiles/apparmor/profiles/extras/postfix-qmgr
similarity index 92%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
rename to profiles/apparmor/profiles/extras/postfix-qmgr
index b7216e6e6003f352fcb9dce8010e1181edb8f18b..e02d3a1d9ca9674be4a11752c46b74ea2d946d9c 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmgr
+++ b/profiles/apparmor/profiles/extras/postfix-qmgr
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}qmgr mrix,
@@ -23,6 +25,7 @@ profile postfix-qmgr /usr/lib/postfix/{bin/,sbin/,}qmgr {
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}active/[0-9A-F]/ rwl,
/{var/spool/postfix/,}active/[0-9A-F]* rwlk,
+ /{var/spool/postfix/,}bounce/[0-9A-F]* w,
/{var/spool/postfix/,}defer/ r,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* rwl,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd b/profiles/apparmor/profiles/extras/postfix-qmqpd
similarity index 77%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
rename to profiles/apparmor/profiles/extras/postfix-qmqpd
index 74565a431f17b2f89490b98259b9d1090d20a6b5..ecd64cab58080919a945afbb8effdc854a8bb32d 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.qmqpd
+++ b/profiles/apparmor/profiles/extras/postfix-qmqpd
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-qmqpd /usr/lib/postfix/{bin/,sbin/,}qmqpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}qmqpd mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.scache b/profiles/apparmor/profiles/extras/postfix-scache
similarity index 78%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.scache
rename to profiles/apparmor/profiles/extras/postfix-scache
index a1f2117dea6d71d585786f2dba004b0185057842..a584f837eae7531bc14252d0a71570ba83ba993f 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.scache
+++ b/profiles/apparmor/profiles/extras/postfix-scache
@@ -11,14 +11,14 @@
# vim:syntax=apparmor
# Last Modified: Tue May 31 09:46:20 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-scache /usr/lib/postfix/{bin/,sbin/,}scache {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}scache mrix,
-
- /{,var/}run/nscd/group r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.showq b/profiles/apparmor/profiles/extras/postfix-showq
similarity index 87%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.showq
rename to profiles/apparmor/profiles/extras/postfix-showq
index 1fc08769e647a488165e4569d6c4c3410b83dfce..473ccdcd3b1565353a61796a797ac0e0fc60e1fb 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.showq
+++ b/profiles/apparmor/profiles/extras/postfix-showq
@@ -2,6 +2,7 @@
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2018 Canonical, Ltd.
+# Copyright (C) 2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -9,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}showq mrix,
@@ -22,6 +25,7 @@ profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/* r,
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ r,
/{var/spool/postfix/,}active/[0-9A-F]/ r,
+ /{var/spool/postfix/,}active/[0-9A-F]* r,
/{var/spool/postfix/,}defer/ r,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/* r,
/{var/spool/postfix/,}defer/[0-9A-F]/[0-9A-F]/ r,
@@ -39,6 +43,7 @@ profile postfix-showq /usr/lib/postfix/{bin/,sbin/,}showq {
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ r,
/{var/spool/postfix/,}incoming/[0-9A-F]/ r,
/{var/spool/postfix/,}maildrop/ r,
+ /{var/spool/postfix/,}maildrop/[0-9A-F]*[0-9A-F] r,
/{var/spool/postfix/,}maildrop/[0-9A-F]/ r,
/{var/spool/postfix/,}pid/unix.showq rwk,
owner /{var/spool/postfix,}/defer/[0-9A-F]/[0-9A-F]* r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp b/profiles/apparmor/profiles/extras/postfix-smtp
similarity index 86%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
rename to profiles/apparmor/profiles/extras/postfix-smtp
index bb15514be4906743559181ff74a48dab1d6bc55d..a0ca402100b5033626095fe7f13b8889b0528066 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtp
+++ b/profiles/apparmor/profiles/extras/postfix-smtp
@@ -10,13 +10,15 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
- #include <abstractions/openssl>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
+ include <abstractions/openssl>
capability dac_override,
capability dac_read_search,
@@ -28,6 +30,7 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
/{var/spool/postfix/,}active/[0-9A-F]/[0-9A-F]/ rwl,
/{var/spool/postfix/,}active/[0-9A-F]/* rwk,
/{var/spool/postfix/,}active/[0-9A-F]/ rwl,
+ /{var/spool/postfix/,}active/[0-9A-F]* rwlk,
/{var/spool/postfix/,}private/anvil w,
/{var/spool/postfix/,}private/bounce w,
/{var/spool/postfix/,}private/defer w,
@@ -41,7 +44,5 @@ profile postfix-smtp /usr/lib/postfix/{bin/,sbin/,}smtp {
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/prng_exch rw,
/usr/share/ssl/certs/ca-bundle.crt r,
- /etc/postfix/virtual.db r,
- /etc/postfix/sasl_passwd.db r,
/etc/mtab r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd b/profiles/apparmor/profiles/extras/postfix-smtpd
similarity index 69%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
rename to profiles/apparmor/profiles/extras/postfix-smtpd
index 599cad92dd96c389cd99d24a959409263f1dc7c9..1676d2ab98a02520529df25797c08c3fa252f331 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.smtpd
+++ b/profiles/apparmor/profiles/extras/postfix-smtpd
@@ -2,7 +2,7 @@
#
# Copyright (C) 2002-2006 Novell/SUSE
# Copyright (C) 2018 Canonical, Ltd.
-# Copyright (C) 2019 Christian Boltz
+# Copyright (C) 2019-2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -10,31 +10,30 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
- #include <abstractions/openssl>
- #include <abstractions/ssl_certs>
- #include <abstractions/ssl_keys>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
+ include <abstractions/openssl>
+ include <abstractions/ssl_certs>
+ include <abstractions/ssl_keys>
capability dac_override,
capability dac_read_search,
- capability setgid,
- capability setuid,
/usr/lib/postfix/{bin/,sbin/,}smtpd mrix,
/usr/sbin/postdrop rPx,
/dev/urandom r,
- /etc/aliases.db rk,
+ /etc/aliases.{lm,}db rk,
# mailman on SuSE is configured to have its own alias db
- /var/lib/mailman/data/aliases.db rk,
+ /var/lib/mailman/data/aliases.{lm,}db rk,
/etc/mtab r,
/etc/fstab r,
- /etc/postfix/*.db r,
/etc/postfix/*.regexp r,
/etc/postfix/{ssl/,}*.pem r,
/etc/postfix/smtpd_scache.dir r,
@@ -42,11 +41,6 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
/etc/postfix/main.cf r,
/etc/postfix/prng_exch rw,
- /usr/lib64/sasl2/ mr,
- /usr/lib64/sasl2/* mr,
- /usr/lib/sasl2/ mr,
- /usr/lib/sasl2/* mr,
-
/usr/share/ssl/certs/ca-bundle.crt r,
/{var/spool/postfix/,}incoming/* rw,
@@ -58,6 +52,4 @@ profile postfix-smtpd /usr/lib/postfix/{bin/,sbin/,}smtpd {
/{var/spool/postfix/,}public/cleanup rw,
/{,var/}run/sasl2/mux w,
-
- @{PROC}/net/if_inet6 r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn b/profiles/apparmor/profiles/extras/postfix-spawn
similarity index 77%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
rename to profiles/apparmor/profiles/extras/postfix-spawn
index 6e1fb181f8b1bf7ce8e2269fc9aeb3dadfb9ad1b..86db87f218057542b7e2cf86391419ef1f77f5a9 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.spawn
+++ b/profiles/apparmor/profiles/extras/postfix-spawn
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-spawn /usr/lib/postfix/{bin/,sbin/,}spawn {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}spawn mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr b/profiles/apparmor/profiles/extras/postfix-tlsmgr
similarity index 85%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
rename to profiles/apparmor/profiles/extras/postfix-tlsmgr
index 4a4b9866b7b7ed956b48022ed795ba2eee91b789..743391e2c225503d4c12fc30bd1537bfad228ea8 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.tlsmgr
+++ b/profiles/apparmor/profiles/extras/postfix-tlsmgr
@@ -10,12 +10,14 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-tlsmgr /usr/lib/postfix/{bin/,sbin/,}tlsmgr {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}tlsmgr mrix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite
similarity index 73%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
rename to profiles/apparmor/profiles/extras/postfix-trivial-rewrite
index 1cac03bb271323a709517f722caa8ff11476b032..27c12c8316e725cdb4a4dd5087a3cd1ab8ff8ac6 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.trivial-rewrite
+++ b/profiles/apparmor/profiles/extras/postfix-trivial-rewrite
@@ -10,20 +10,19 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-trivial-rewrite /usr/lib/postfix/{bin/,sbin/,}trivial-rewrite {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
capability dac_read_search,
/usr/lib/postfix/{bin/,sbin/,}trivial-rewrite mrix,
- /etc/postfix/relocated.db r,
- /etc/postfix/transport.db r,
- /etc/postfix/virtual.db r,
/etc/{m,fs}tab r,
/var/spool/postfix/pid/unix.rewrite rw,
/{var/spool/postfix/,}private/rewrite rw,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.verify b/profiles/apparmor/profiles/extras/postfix-verify
similarity index 78%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.verify
rename to profiles/apparmor/profiles/extras/postfix-verify
index b29955c68f2b93a0e5afbb97fd7b008a8ba74fe8..d7d629d1dce466a4eab668ea3e72a01cbc685596 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.verify
+++ b/profiles/apparmor/profiles/extras/postfix-verify
@@ -9,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile postfix-verify /usr/lib/postfix/{bin/,sbin/,}verify {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}verify mrix,
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual b/profiles/apparmor/profiles/extras/postfix-virtual
similarity index 78%
rename from profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
rename to profiles/apparmor/profiles/extras/postfix-virtual
index 6c71e6760026d799905d4651961394d9329e3830..d477f1d4e8ac728d5c9905351ca6d8ea010acf81 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.postfix.virtual
+++ b/profiles/apparmor/profiles/extras/postfix-virtual
@@ -9,15 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
-profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+include <tunables/global>
- capability setgid,
- capability setuid,
+profile postfix-virtual /usr/lib/postfix/{bin/,sbin/,}virtual {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
/usr/lib/postfix/{bin/,sbin/,}virtual mrix,
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient b/profiles/apparmor/profiles/extras/sbin.dhclient
index 40406aea3a7f76023ce34660dd6e7438272570c3..02d67dd31c08ccacad6016036cc89133a108ef5e 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient
@@ -19,18 +19,23 @@
# /usr/bin/vmstat mrix,
# /usr/bin/w mrix,
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile dhclient /{usr/,}sbin/dhclient {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/openssl>
+ include <abstractions/nameservice>
capability net_raw,
network packet packet,
network packet raw,
+ signal (send,receive) set=(term) peer=NetworkManager,
+
/{usr/,}sbin/dhclient mrix,
/{usr/,}bin/bash mrix,
@@ -43,24 +48,29 @@ profile dhclient /{usr/,}sbin/dhclient {
@{PROC}/interrupts r,
@{PROC}/@{pid}/net/dev r,
@{PROC}/rtc r,
+
+ # dhcliet wants to update its threads with functional names
+ # see lp1918410
+ owner @{PROC}/@{pid}/task/[0-9]*/comm rw,
+
# following rule shouldn't work, self is a symlink
@{PROC}/self/status r,
/{usr/,}sbin/arp mrix,
- /usr/bin/dig mrix,
- /usr/bin/uptime mrix,
- /usr/bin/vmstat mrix,
- /usr/bin/w mrix,
- /usr/lib/nm-dhcp-helper rix,
- /var/lib/dhcp/dhclient.leases rw,
- /var/lib/dhcp/dhclient-*.leases rw,
- /var/lib/dhcp6/dhclient.leases rw,
- /var/lib/NetworkManager/dhclient-*.conf r,
- /var/lib/NetworkManager/dhclient-*.lease rw,
+ /{usr/,}bin/dig mrix,
+ /{usr/,}bin/uptime mrix,
+ /{usr/,}bin/vmstat mrix,
+ /{usr/,}bin/w mrix,
+ /usr/lib/{NetworkManager/,}nm-dhcp-helper rix,
+ /var/lib/dhclient/dhclient{6,}.leases* rw,
+ /var/lib/dhcp/dhclient*.leases rw,
+ /var/lib/dhcp{6,}/dhclient.leases rw,
+ /var/lib/NetworkManager/dhclient{6,}-*.conf r,
+ /var/lib/NetworkManager/dhclient{6,}-*.lease rw,
/var/log/lastlog r,
/var/log/messages r,
/var/log/wtmp r,
- /{,var/}run/dhclient.pid rw,
- /{,var/}run/dhclient-*.pid rw,
+ /{,var/}run/dhclient{6,}.pid rw,
+ /{,var/}run/dhclient{6,}{-,.}*.pid rw,
/var/spool r,
/var/spool/mail r,
@@ -77,4 +87,5 @@ profile dhclient /{usr/,}sbin/dhclient {
/var/lib/dhcp/* rw,
/{,var/}run/nm-dhclient-*.conf r,
+ include if exists <local/sbin.dhclient>
}
diff --git a/profiles/apparmor/profiles/extras/sbin.dhclient-script b/profiles/apparmor/profiles/extras/sbin.dhclient-script
index 631f168bead540f65c99074d3df2404e6ee48a73..d972b609324cdb16ab404fe6ef1599d59e0ee88e 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhclient-script
+++ b/profiles/apparmor/profiles/extras/sbin.dhclient-script
@@ -1,21 +1,31 @@
# Last Modified: Tue Jan 25 16:48:30 2011
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
# dhclient-script will call plugins from /etc/netconfig.d, so this
# will need to be extended on a per-site basis.
profile dhclient-script /{usr/,}sbin/dhclient-script {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ /{usr/,}bin/dash rix,
/{usr/,}bin/bash rix,
/{usr/,}bin/grep rix,
/{usr/,}bin/sleep rix,
/{usr/,}bin/touch rix,
+ /{usr/,}bin/run-parts rix,
+ /{usr/,}bin/logger rix,
/dev/.sysconfig/network/** r,
/etc/netconfig.d/* mrix,
/etc/sysconfig/network/** r,
+ /etc/dhcp/{**,} r,
/{usr/,}sbin/dhclient-script r,
/{usr/,}sbin/ip rix,
+ /{usr/,}sbin/resolvconf rPUx,
+
+ include if exists <local/sbin.dhclient-script>
}
diff --git a/profiles/apparmor/profiles/extras/sbin.dhcpcd b/profiles/apparmor/profiles/extras/sbin.dhcpcd
index 3ae27f31731cbcdca323ea93af40b423db39903f..53b3b3567cfc48a3a35151d18e8ca2e725b47335 100644
--- a/profiles/apparmor/profiles/extras/sbin.dhcpcd
+++ b/profiles/apparmor/profiles/extras/sbin.dhcpcd
@@ -16,11 +16,13 @@
#
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile dhcpcd /{usr/,}sbin/dhcpcd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability net_raw,
capability net_admin,
diff --git a/profiles/apparmor/profiles/extras/sbin.portmap b/profiles/apparmor/profiles/extras/sbin.portmap
index 44bc1c76b7c10c716241cebca96b5ee45841c841..0d5b2393642006b999d05695893d6124695ec6b0 100644
--- a/profiles/apparmor/profiles/extras/sbin.portmap
+++ b/profiles/apparmor/profiles/extras/sbin.portmap
@@ -8,18 +8,19 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile portmap /{usr/,}sbin/portmap {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/hosts_access>
capability net_bind_service,
capability setuid,
capability setgid,
/etc/bindresvport.blacklist r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/{usr/,}sbin/portmap rmix,
}
diff --git a/profiles/apparmor/profiles/extras/sbin.resmgrd b/profiles/apparmor/profiles/extras/sbin.resmgrd
index 5a8abf5b7e7a6dc0277437deff332cf746b3f89d..c794cacae25bf7d092ad1a034bf16f6e37f8453f 100644
--- a/profiles/apparmor/profiles/extras/sbin.resmgrd
+++ b/profiles/apparmor/profiles/extras/sbin.resmgrd
@@ -10,11 +10,13 @@
# vim:syntax=apparmor
# Last Modified: Mon Mar 13 15:55:30 2006
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile resmgrd /{usr/,}sbin/resmgrd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability fowner,
capability chown,
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.lockd b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
index ad867098d47e375e82ceb5651b1f5feadb2f0c6c..8a198a279bfb00af1c2a1dcfd591363adc6f7048 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.lockd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.lockd
@@ -8,9 +8,11 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile rpc.lockd /{usr/,}sbin/rpc.lockd {
- #include <abstractions/base>
+ include <abstractions/base>
/{usr/,}sbin/rpc.lockd rmix,
}
diff --git a/profiles/apparmor/profiles/extras/sbin.rpc.statd b/profiles/apparmor/profiles/extras/sbin.rpc.statd
index 82298e46677af8528c493d35ee5ae4b4169498b7..58300d1d46bd1dcfa5e5fd959cc0c7da7635197f 100644
--- a/profiles/apparmor/profiles/extras/sbin.rpc.statd
+++ b/profiles/apparmor/profiles/extras/sbin.rpc.statd
@@ -8,22 +8,49 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
profile rpc.statd /{usr/,}sbin/rpc.statd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/hosts_access>
+ include <abstractions/nameservice>
+
+ # needed to sanely drop privileges
+ capability setgid,
+ capability setuid,
+
+ # changes ownership of pidfile
+ capability chown,
+
+ # needed to drop capabilities
+ capability setpcap,
+
+ owner @{PROC}/@{pid}/fd/ r,
+ @{PROC}/fs/lockd/nlm_end_grace w,
+ @{PROC}/sys/fs/nfs/** r,
+ @{PROC}/sys/fs/nfs/nsm_local_state w,
+
+ /etc/netconfig r,
+ /etc/nfs.conf rk,
+ /etc/nfs.conf.d/ r,
+ /etc/nfs.conf.d/* rk,
/etc/rpc r,
- /{usr/,}sbin/rpc.statd rmix,
- /sm rw,
- /sm.bak rw,
- /state rw,
+ /{usr/,}sbin/rpc.statd mrix,
+ /{usr/,}sbin/sm-notify mrix,
+ /var/lib/nfs/sm/ r,
/var/lib/nfs/sm/* rw,
- /var/lib/nfs/statd rw,
- /var/lib/nfs/statd/sm r,
+ /var/lib/nfs/sm.bak/ r,
+ /var/lib/nfs/statd/ rw,
+ /var/lib/nfs/statd/sm/ r,
/var/lib/nfs/statd/sm/* rwl,
/var/lib/nfs/statd/state rw,
- /var/lib/nfs/statd/sm.bak r,
+ /var/lib/nfs/statd/sm.bak/ r,
/var/lib/nfs/statd/sm.bak/* rwl,
- /{,var/}run/rpc.statd.pid w,
+ /var/lib/nfs/state rwk,
+ /var/lib/nfs/state.new rwl,
+ @{run}/rpc.statd.pid w,
+ @{run}/rpcbind.sock rw,
+ @{run}/sm-notify.pid w,
}
diff --git a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
index 3154f282ce865437a940b188714d22faf6c9c942..1173b8d06a602a1e5f51b00ee716e02b8f03132a 100644
--- a/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
+++ b/profiles/apparmor/profiles/extras/usr.NX.bin.nxclient
@@ -9,15 +9,17 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/NX/bin/nxclient {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/kde>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/kde>
+ include <abstractions/X>
/{usr/,}bin/bash mix,
/usr/bin/cut mix,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.acroread b/profiles/apparmor/profiles/extras/usr.bin.acroread
index b563102c3f74e153fd9975a60f98a5f1b38d7859..f24f0a64ac095659443b1347a5ec18a50c51cdfd 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.acroread
+++ b/profiles/apparmor/profiles/extras/usr.bin.acroread
@@ -10,17 +10,19 @@
# vim:syntax=apparmor
# Last Modified: Wed Aug 24 16:21:32 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/X11R6/bin/acroread {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/fonts>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/gnome>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/fonts>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/gnome>
+ include <abstractions/X>
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.apropos b/profiles/apparmor/profiles/extras/usr.bin.apropos
index a6c0fbe188a34fb3f4ef2664565848a8b05d0e61..292cd6de9bce1491d1fa17eebb4baf19664e5371 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.apropos
+++ b/profiles/apparmor/profiles/extras/usr.bin.apropos
@@ -8,12 +8,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/apropos {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
/{usr/,}bin/basename mixr,
/{usr/,}bin/bash mixr,
/{usr/,}bin/grep mixr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.chromium-browser b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
new file mode 100644
index 0000000000000000000000000000000000000000..b47b6f72175442f07d4b9e4da12d1590c978d7a6
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/usr.bin.chromium-browser
@@ -0,0 +1,342 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2020 Canonical Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# Author: Jamie Strandboge <jamie@canonical.com>
+
+abi <abi/3.0>,
+
+#include <tunables/global>
+
+@{chromium} = chromium{,-browser}
+
+# We need 'flags=(attach_disconnected)' in newer chromium versions
+profile chromium_browser /usr/lib/@{chromium}/@{chromium} flags=(attach_disconnected) {
+ include <abstractions/audio>
+ include <abstractions/cups-client>
+ include <abstractions/dbus-session>
+ include <abstractions/dbus-strict>
+ include <abstractions/gnome>
+ include <abstractions/ibus>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
+
+ # This include specifies which ubuntu-browsers.d abstractions to use. Eg, if
+ # you want access to productivity applications, adjust the following file
+ # accordingly.
+ include if exists <abstractions/ubuntu-browsers.d/chromium-browser>
+
+ capability sys_admin,
+ capability sys_chroot,
+ capability sys_ptrace,
+
+ # UPower
+ # Not sure why these are needed, so deny for now
+ deny dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower
+ interface=org.freedesktop.DBus.Properties
+ member=Get
+ peer=(label=unconfined),
+ deny dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower/devices/*
+ interface=org.freedesktop.DBus.Properties
+ member=Get
+ peer=(label=unconfined),
+ deny dbus (send)
+ bus=system
+ path=/org/freedesktop/UPower
+ interface=org.freedesktop.UPower
+ member={EnumerateDevices,GetDisplayDevice}
+ peer=(label=unconfined),
+
+ # ???
+ deny dbus (send)
+ bus=system
+ path=/org/freedesktop/hostname1
+ interface=org.freedesktop.DBus.Properties
+ member=GetAll
+ peer=(label=unconfined),
+
+ # Networking
+ network inet stream,
+ network inet6 stream,
+ @{PROC}/[0-9]*/net/if_inet6 r,
+ @{PROC}/[0-9]*/net/ipv6_route r,
+
+ # Should maybe be in abstractions
+ /etc/mime.types r,
+ /etc/mailcap r,
+ /etc/mtab r,
+ /etc/xdg/xubuntu/applications/defaults.list r,
+ owner @{HOME}/.local/share/applications/defaults.list r,
+ owner @{HOME}/.local/share/applications/mimeinfo.cache r,
+ /tmp/.X[0-9]*-lock r,
+
+ @{PROC}/self/exe ixr,
+ @{PROC}/[0-9]*/fd/ r,
+ @{PROC}/vmstat r,
+ @{PROC}/ r,
+ @{PROC}/[0-9]*/task/[0-9]*/stat r,
+ owner @{PROC}/[0-9]*/cmdline r,
+ owner @{PROC}/[0-9]*/io r,
+ owner @{PROC}/[0-9]*/setgroups w,
+ owner @{PROC}/[0-9]*/{uid,gid}_map w,
+ @{PROC}/[0-9]*/smaps r,
+ @{PROC}/[0-9]*/stat r,
+ @{PROC}/[0-9]*/statm r,
+ owner @{PROC}/[0-9]*/task/[0-9]*/status r,
+ deny @{PROC}/[0-9]*/oom_{,score_}adj w,
+ @{PROC}/sys/kernel/yama/ptrace_scope r,
+ @{PROC}/sys/net/ipv4/tcp_fastopen r,
+
+ # Newer chromium needs these now
+ /etc/udev/udev.conf r,
+ # Chromium appears to want all "uevent" files under /sys/devices/
+ /sys/devices/**/uevent r,
+ /sys/devices/system/cpu/cpufreq/policy*/cpuinfo_max_freq r,
+ /sys/devices/system/cpu/cpu*/cpufreq/cpuinfo_max_freq r,
+ /sys/devices/system/node/node*/meminfo r,
+ /sys/devices/pci[0-9]*/**/class r,
+ /sys/devices/pci[0-9]*/**/config r,
+ /sys/devices/pci[0-9]*/**/device r,
+ /sys/devices/pci[0-9]*/**/irq r,
+ /sys/devices/pci[0-9]*/**/resource r,
+ /sys/devices/pci[0-9]*/**/revision r,
+ /sys/devices/pci[0-9]*/**/subsystem_device r,
+ /sys/devices/pci[0-9]*/**/subsystem_vendor r,
+ /sys/devices/pci[0-9]*/**/vendor r,
+ /sys/devices/pci[0-9]*/**/removable r,
+ /sys/devices/pci[0-9]*/**/block/**/size r,
+ /sys/devices/virtual/block/**/removable r,
+ /sys/devices/virtual/block/**/size r,
+ /sys/devices/virtual/tty/tty*/active r,
+ # This is requested, but doesn't seem to actually be needed so deny for now
+ deny /run/udev/data/** r,
+
+ # Needed for the crash reporter
+ owner @{PROC}/[0-9]*/auxv r,
+
+ # chromium mmaps all kinds of things for speed.
+ /etc/passwd m,
+ /usr/share/fonts/truetype/**/*.tt[cf] m,
+ /usr/share/fonts/**/*.pfb m,
+ /usr/share/mime/mime.cache m,
+ /usr/share/icons/**/*.cache m,
+ owner /{dev,run}/shm/pulse-shm* m,
+ owner @{HOME}/.local/share/mime/mime.cache m,
+ owner /tmp/** m,
+
+ @{PROC}/sys/kernel/shmmax r,
+ owner /{dev,run}/shm/{,.}org.chromium.* mrw,
+ owner /{,var/}run/shm/shmfd-* mrw,
+
+ /usr/lib/@{chromium}/*.pak mr,
+ /usr/lib/@{chromium}/locales/* mr,
+
+ # Noisy
+ deny /usr/lib/@{chromium}/** w,
+ deny /var/cache/fontconfig/ w,
+
+ # Allow ptracing ourselves and our helpers
+ ptrace (trace) peer=@{profile_name},
+ ptrace (trace) peer=@{profile_name}//lsb_release,
+ ptrace (trace) peer=@{profile_name}//xdgsettings,
+
+ # Make browsing directories work
+ / r,
+ /**/ r,
+
+ # Allow access to documentation and other files the user may want to look
+ # at in /usr
+ /usr/{include,share,src}** r,
+
+ # Default profile allows downloads to ~/Downloads and uploads from ~/Public
+ owner @{HOME}/ r,
+ owner @{HOME}/Public/ r,
+ owner @{HOME}/Public/* r,
+ owner @{HOME}/Downloads/ r,
+ owner @{HOME}/Downloads/* rw,
+
+ # For migration
+ owner @{HOME}/.mozilla/firefox/profiles.ini r,
+ owner @{HOME}/.mozilla/firefox/*/prefs.js r,
+
+ # Helpers
+ /usr/bin/xdg-open ixr,
+ /usr/bin/gnome-open ixr,
+ /usr/bin/gvfs-open ixr,
+ /usr/bin/kdialog ixr,
+ # TODO: xfce
+
+ # Importing firefox settings (requires 'r' access to @{HOME}/.mozilla/**
+ # which is provided by abstractions/ubuntu-browsers.d/user-files).
+ /etc/firefox/profile/bookmarks.html r,
+ owner @{HOME}/.mozilla/** k,
+
+ # Chromium Policies
+ /etc/@{chromium}/policies/** r,
+
+ # Chromium configuration
+ owner @{HOME}/.pki/nssdb/* rwk,
+ owner @{HOME}/.cache/chromium/ rw,
+ owner @{HOME}/.cache/chromium/** rw,
+ owner @{HOME}/.cache/chromium/Cache/* mr,
+ owner @{HOME}/.config/chromium/ rw,
+ owner @{HOME}/.config/chromium/** rwk,
+ owner @{HOME}/.config/chromium/**/Cache/* mr,
+ owner @{HOME}/.config/chromium/Dictionaries/*.bdic mr,
+ owner @{HOME}/.config/chromium/**/Dictionaries/*.bdic mr,
+
+ # Allow transitions to ourself and our sandbox
+ /usr/lib/@{chromium}/@{chromium} ix,
+ /usr/lib/@{chromium}/chrome-sandbox cx -> sandbox,
+
+ # Allow communicating with sandbox
+ unix (receive, send) peer=(label=@{profile_name}//sandbox),
+
+ /{usr/,}bin/ps Uxr,
+ /usr/lib/@{chromium}/xdg-settings Cxr -> xdgsettings,
+ /usr/bin/xdg-settings Cxr -> xdgsettings,
+ /usr/bin/lsb_release Cxr -> lsb_release,
+
+ # GSettings
+ owner /{,var/}run/user/*/dconf/ rw,
+ owner /{,var/}run/user/*/dconf/user rw,
+ owner @{HOME}/.config/dconf/user r,
+
+ # Magnet links
+ /usr/bin/gio ixr,
+
+ # Chrome Gnome Shell Integration
+ /etc/chromium/native-messaging-hosts/org.gnome.chrome_gnome_shell.json r,
+ /usr/bin/chrome-gnome-shell ixr,
+
+ profile xdgsettings {
+ include <abstractions/bash>
+ include <abstractions/gnome>
+
+ /{usr/,}bin/dash ixr,
+
+ /etc/ld.so.cache r,
+ /etc/xdg/** r,
+ /usr/bin/xdg-settings r,
+ /{usr/,}lib{,32,64}/@{chromium}/xdg-settings r,
+ /usr/share/applications/*.desktop r,
+ /usr/share/applications/*.list r,
+
+ # Checking default browser
+ /{usr/,}bin/grep ixr,
+ /{usr/,}bin/head ixr,
+ /{usr/,}bin/readlink ixr,
+ /{usr/,}bin/sed ixr,
+ /{usr/,}bin/tr ixr,
+ /{usr/,}bin/which ixr,
+ /usr/bin/basename ixr,
+ /usr/bin/cut ixr,
+
+ # Setting the default browser
+ /{usr/,}bin/mkdir ixr,
+ /{usr/,}bin/mv ixr,
+ /{usr/,}bin/touch ixr,
+ /usr/bin/dirname ixr,
+ /usr/bin/gconftool-2 ix,
+ /usr/bin/[gm]awk ixr,
+ /usr/bin/xdg-mime ixr,
+ owner @{HOME}/.local/share/applications/ w,
+ owner @{HOME}/.local/share/applications/mimeapps.list* rw,
+ }
+
+ profile lsb_release {
+ include <abstractions/base>
+ include <abstractions/python>
+ /usr/bin/lsb_release r,
+ /{usr/,}bin/dash ixr,
+ /usr/bin/dpkg-query ixr,
+ /usr/include/python2.[4567]/pyconfig.h r,
+ /etc/lsb-release r,
+ /etc/debian_version r,
+ /etc/dpkg/origins/** r,
+ /usr/share/distro-info/** r,
+ /var/lib/dpkg/** r,
+
+ /usr/local/lib/python3.{1,}[0-9]/dist-packages/ r,
+ /usr/bin/ r,
+ /usr/bin/python3.{1,}[0-9] mr,
+ }
+
+ profile sandbox {
+ # Be fanatical since it is setuid root and don't use an abstraction
+ /{usr/,}lib{,32,64}/libgcc_s.so* mr,
+ /{usr/,}lib{,32,64}/@{multiarch}/libgcc_s.so* mr,
+ /{usr/,}lib{,32,64}/libm-*.so* mr,
+ /{usr/,}lib/@{multiarch}/libm-*.so* mr,
+ /{usr/,}lib{,32,64}/libpthread-*.so* mr,
+ /{usr/,}lib/@{multiarch}/libpthread-*.so* mr,
+ /{usr/,}lib{,32,64}/libc-*.so* mr,
+ /{usr/,}lib/@{multiarch}/libc-*.so* mr,
+ /{usr/,}lib{,32,64}/libld-*.so* mr,
+ /{usr/,}lib/@{multiarch}/libld-*.so* mr,
+ /{usr/,}lib{,32,64}/ld-*.so* mr,
+ /{usr/,}lib{,32,64}/@{multiarch}/ld-*.so* mr,
+ /{usr/,}lib{,32,64}/tls/*/{cmov,nosegneg}/libm-*.so* mr,
+ /{usr/,}lib{,32,64}/tls/*/{cmov,nosegneg}/libpthread-*.so* mr,
+ /{usr/,}lib/tls/*/{cmov,nosegneg}/libc-*.so* mr,
+ /usr/lib{,32,64}/libstdc++.so* mr,
+ /usr/lib{,32,64}/@{multiarch}/libstdc++.so* mr,
+ /etc/ld.so.cache r,
+
+ # Required for dropping into PID namespace. Keep in mind that until the
+ # process drops this capability it can escape confinement, but once it
+ # drops CAP_SYS_ADMIN we are ok.
+ capability sys_admin,
+
+ # All of these are for sanely dropping from root and chrooting
+ capability chown,
+ capability fsetid,
+ capability setgid,
+ capability setuid,
+ capability dac_override,
+ capability sys_chroot,
+
+ capability sys_ptrace,
+ ptrace (read, readby),
+
+ signal (receive) peer=unconfined,
+ signal peer=@{profile_name},
+ signal (receive, send) set=("exists"),
+ signal (receive) peer=chromium_browser,
+
+ unix (receive, send) peer=(label=chromium_browser),
+ unix (create),
+ unix peer=(label=@{profile_name}),
+ unix (getattr, getopt, setopt, shutdown) addr=none,
+
+ @{PROC}/ r,
+ @{PROC}/[0-9]*/ r,
+ @{PROC}/[0-9]*/fd/ r,
+ deny @{PROC}/[0-9]*/oom_adj w,
+ deny @{PROC}/[0-9]*/oom_score_adj w,
+ @{PROC}/[0-9]*/status r,
+ @{PROC}/[0-9]*/task/[0-9]*/stat r,
+
+ /usr/bin/@{chromium} r,
+ /usr/lib/@{chromium}/@{chromium} Px,
+ /usr/lib/@{chromium}/chrome-sandbox mr,
+
+ /dev/null rw,
+
+ owner /tmp/** rw,
+ }
+
+ # Site-specific additions and overrides. See local/README for details.
+ include if exists <local/chromium_browser>
+
+}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.dumpcap b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
new file mode 100644
index 0000000000000000000000000000000000000000..556f3d9f14d3fa0cd8718290dc2278dff71eceaf
--- /dev/null
+++ b/profiles/apparmor/profiles/extras/usr.bin.dumpcap
@@ -0,0 +1,41 @@
+# vim:syntax=apparmor
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+/usr/bin/dumpcap {
+ include <abstractions/base>
+ include <abstractions/nameservice>
+
+ capability net_admin,
+ capability net_raw,
+
+ signal (receive) peer=/usr/bin/wireshark,
+
+ # TCP/UDP network access
+ network inet stream,
+ network inet6 stream,
+ network inet dgram,
+ network inet6 dgram,
+
+ network raw,
+ network packet,
+
+ # for finding an interface
+ @{PROC}/@{pid}/net/dev r,
+ @{PROC}/sys/net/core/bpf_jit_enable rw,
+ /sys/bus/usb/devices/ r,
+ /sys/class/net/ r,
+ /sys/devices/**/net/* r,
+
+ /usr/bin/dumpcap mr,
+
+ /usr/share/GeoIP/ r,
+ /usr/share/GeoIP/** r,
+
+ @{PROC}/@{pid}/net/psched r,
+
+ owner /tmp/*pcap{,ng} rw,
+ owner @{HOME}/**pcap{,ng} rw,
+}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10 b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
index b26228a03cc34621223715914a6e8fee01550fce..48c11bf954e4f5be7576311f3b38d49fccb4a93a 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
+++ b/profiles/apparmor/profiles/extras/usr.bin.evolution-2.10
@@ -38,19 +38,21 @@
#
#
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/evolution-2.10 {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/fonts>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
- #include <abstractions/gnome>
- #include <abstractions/user-mail>
- #include <abstractions/user-write>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/fonts>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
+ include <abstractions/gnome>
+ include <abstractions/user-mail>
+ include <abstractions/user-write>
capability ipc_lock,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.fam b/profiles/apparmor/profiles/extras/usr.bin.fam
index 1c435b16d51e3f476d72fd88b0809717d3b3fa70..8b8385ac0c8b1c124766fc146a4db096f20ea944 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.fam
+++ b/profiles/apparmor/profiles/extras/usr.bin.fam
@@ -8,11 +8,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/fam {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
/tmp/.fam* wl,
/etc/mtab rw,
/usr/bin/fam rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.freshclam b/profiles/apparmor/profiles/extras/usr.bin.freshclam
index 5eec8bd2494aaefe4e07d6a8440868efc2cd0623..d0bf30b747b7105d686d8aa5a24110c4d6304861 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.freshclam
+++ b/profiles/apparmor/profiles/extras/usr.bin.freshclam
@@ -1,6 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2019 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -8,12 +9,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/freshclam {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability setgid,
capability setuid,
@@ -21,7 +24,7 @@
/etc/clamd.conf r,
/etc/freshclam.conf r,
/usr/bin/freshclam mr,
- /var/lib/clamav/clamav-* rw,
- /var/lib/clamav/daily.cvd rw,
- /var/lib/clamav/main.cvd rw,
+ /var/lib/clamav/** rw,
+ owner /run/clamav/freshclam.pid w,
+
}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.gaim b/profiles/apparmor/profiles/extras/usr.bin.gaim
index bbc9205d5125605cbf7110c983116c316b34d8bc..e5ae3ef116810cd42ac1317d6bbb3f38456b62a6 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.gaim
+++ b/profiles/apparmor/profiles/extras/usr.bin.gaim
@@ -10,18 +10,20 @@
# vim:syntax=apparmor
# Last Modified: Fri Sep 2 19:07:43 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/gaim {
- #include <abstractions/audio>
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
- #include <abstractions/gnome>
- #include <abstractions/user-tmp>
+ include <abstractions/audio>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
+ include <abstractions/gnome>
+ include <abstractions/user-tmp>
/{usr/,}bin/bash mixr,
/dev/random r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.man b/profiles/apparmor/profiles/extras/usr.bin.man
index abcf58218792ada3a6fe006330f115a580608ef0..4dcc19c2c016e84f8700eb9412812cca145a2d59 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.man
+++ b/profiles/apparmor/profiles/extras/usr.bin.man
@@ -12,11 +12,13 @@
# vim:syntax=apparmor
#
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/man {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability setgid,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
index 9803e54dafbe688985a270c3b233cb5e7adca860..a562dfe23e78fe5b28e84bef01fd99b09fdaac7c 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-bounce
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-bounce {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/bin/mlmmj-bounce mr,
/usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
index 92e23d9200980fa5a1af45eb41d3fc6b3007f3ad..366d074f8a7010bd702919e3dba6ee917f85fc26 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-maintd
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-maintd {
- #include <abstractions/base>
+ include <abstractions/base>
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
index d53c6a42edabdadee8e6fc2e09c0c9571eacdeca..bbdd0e721762c54bcaa79ee8ba4e9acba2bffe85 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-make-ml.sh
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-make-ml.sh {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability sys_admin,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
index a57e4fee0a1b21c8e90a325e15d42c9a2a781b64..7a9a6ff1cb2ac5d5535215494787f89805ded232 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-process
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-process {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/bin/mlmmj-process mr,
/usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
index 2dd87c05c15643754979d90e5278de2b3e5c9eb5..a0742b476e90037b5247be930c0136c7746f3639 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-receive
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-receive {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/bin/mlmmj-process Px,
/usr/bin/mlmmj-receive mr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
index 298cc091797c942a17d65616a7a28d4240b8eddc..ebce17d77db790f6a013adc3f6c5b7fd91d33535 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-recieve
@@ -13,11 +13,12 @@
# mlmmj upstream renamed the (misspelled) mlmmj-recieve to mlmmj-receive,
# so this profile is probably superfluous
+abi <abi/3.0>,
-#include <tunables/global>
+include <tunables/global>
/usr/bin/mlmmj-recieve {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/bin/mlmmj-process Px,
/usr/bin/mlmmj-recieve mr,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
index 7a8d291d783006eb1271f6994d87dcf321404bbd..4ffb9d7150339abcb143f4eb1d676a039906df0a 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-send
@@ -10,11 +10,13 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-send {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
/usr/bin/mlmmj-send mr,
/var/spool/mlmmj/*/archive/* w,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
index d3634b1fcc66a7f064435826a62755ed2c8c2e1e..ed6a64f94f9928d796dd8c266c3bf65569a7cb40 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-sub
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-sub {
- #include <abstractions/base>
+ include <abstractions/base>
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
index 97b8fb486459ab9847c4533f64029b5b55fa6410..88fa6b152aa670b0c56eb190cc996255e72db3f5 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
+++ b/profiles/apparmor/profiles/extras/usr.bin.mlmmj-unsub
@@ -10,10 +10,12 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/mlmmj-unsub {
- #include <abstractions/base>
+ include <abstractions/base>
/usr/bin/mlmmj-unsub mr,
/usr/bin/mlmmj-send Px,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.opera b/profiles/apparmor/profiles/extras/usr.bin.opera
index f2ce645d0ea112b963147bc24333f51399b81742..324bc8d309423f66323835fedaa39fe94d405bea 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.opera
+++ b/profiles/apparmor/profiles/extras/usr.bin.opera
@@ -9,16 +9,18 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/opera {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/user-write>
- #include <abstractions/user-download>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/user-write>
+ include <abstractions/user-download>
+ include <abstractions/X>
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.passwd b/profiles/apparmor/profiles/extras/usr.bin.passwd
index 7db2e0254adb91e5924c1021a65c4e2fbb7430cd..d28d8be0efd90a265b0cb803fe2e2769b3c3e8b0 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.passwd
+++ b/profiles/apparmor/profiles/extras/usr.bin.passwd
@@ -9,14 +9,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/passwd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/wutmp>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/wutmp>
capability chown,
capability sys_resource,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.procmail b/profiles/apparmor/profiles/extras/usr.bin.procmail
index 45f4f5587a044b988f383d60a051ad50fd94c3b2..a9219682ccb444337eb9409fca772bc22f554396 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.procmail
+++ b/profiles/apparmor/profiles/extras/usr.bin.procmail
@@ -8,13 +8,15 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/procmail {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
- #include <abstractions/user-mail>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/nameservice>
+ include <abstractions/user-mail>
# procmail configuration
/etc/procmailrc r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.skype b/profiles/apparmor/profiles/extras/usr.bin.skype
index b92492bb726d66eed581d1c5af7258120ccd7303..dce23e3440c46d296a2b7ee305c6eef9f4e0b632 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.skype
+++ b/profiles/apparmor/profiles/extras/usr.bin.skype
@@ -2,21 +2,24 @@
# Additional profiling based on work by:
# - Ðндрей Калинин, LP: #226624
# - Jamie Strandboge and Ivan Frederiks, LP: #933440
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/skype flags=(complain) {
- #include <abstractions/audio>
- #include <abstractions/base>
- #include <abstractions/dbus-session>
- #include <abstractions/fonts>
- #include <abstractions/freedesktop.org>
- #include <abstractions/gnome>
- #include <abstractions/ibus>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/nvidia>
- #include <abstractions/ssl_certs>
- #include <abstractions/user-tmp>
- #include <abstractions/X>
+ include <abstractions/audio>
+ include <abstractions/base>
+ include <abstractions/dbus-session>
+ include <abstractions/fonts>
+ include <abstractions/freedesktop.org>
+ include <abstractions/gnome>
+ include <abstractions/ibus>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/nvidia>
+ include <abstractions/ssl_certs>
+ include <abstractions/user-tmp>
+ include <abstractions/X>
@{PROC}/sys/kernel/{ostype,osrelease} r,
@{PROC}/@{pid}/net/arp r,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.spamc b/profiles/apparmor/profiles/extras/usr.bin.spamc
index 145384436f1fce7baa17fdb26672d159d747c897..e51ba8e2acf682602539449578d2001d50bdc029 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.spamc
+++ b/profiles/apparmor/profiles/extras/usr.bin.spamc
@@ -10,11 +10,13 @@
# vim:syntax=apparmor
# Last Modified: Wed Feb 23 11:03:18 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/spamc {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
/usr/bin/spamc r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.svnserve b/profiles/apparmor/profiles/extras/usr.bin.svnserve
index 7709e906e3df3da865989f049ea419f63c2fbda9..9aa7868d3f985c478ba0e9859901b8eca85e4a62 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.svnserve
+++ b/profiles/apparmor/profiles/extras/usr.bin.svnserve
@@ -8,11 +8,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/svnserve {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
# network service ;)
capability net_bind_service,
diff --git a/profiles/apparmor/profiles/extras/usr.bin.wireshark b/profiles/apparmor/profiles/extras/usr.bin.wireshark
index 373a6ebe14edf3c01b793f04896067de96ebc1cf..a835afb347ef42b7b27902a518b99179bff77058 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.wireshark
+++ b/profiles/apparmor/profiles/extras/usr.bin.wireshark
@@ -10,22 +10,26 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/wireshark {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/dconf>
- #include <abstractions/dbus-session-strict>
- #include <abstractions/ibus>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/gnome>
- #include <abstractions/user-write>
- #include <abstractions/X>
-
- #include <abstractions/dbus-accessibility-strict>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/dconf>
+ include <abstractions/dbus-session-strict>
+ include <abstractions/ibus>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/gnome>
+ include <abstractions/user-write>
+ include <abstractions/X>
+
+ signal (send) peer=/usr/bin/dumpcap,
+
+ include <abstractions/dbus-accessibility-strict>
dbus (send)
bus=session
peer=(name=org.a11y.Bus),
@@ -40,14 +44,19 @@
# From abstractions/evince
deny /run/udev/data/** r,
+ /dev/dri/ r,
/etc/ethers r,
/etc/udev/udev.conf r,
/etc/wireshark/** r,
- owner @{HOME}/.wireshark/* rw,
- owner @{HOME}/.config/wireshark/* rw,
+ owner @{HOME}/.wireshark/{,**} rw,
+ owner @{HOME}/.config/wireshark/{,**} rw,
+ # TODO: move into it's own abstraction
owner @{HOME}/.config/QtProject.conf rw,
- owner @{HOME}/.config/QtProject.conf.lock rw,
+ owner @{HOME}/.config/QtProject.conf.* rw,
+ owner @{HOME}/.config/QtProject.conf.lock rwk,
+ owner @{HOME}/.config/.?????? rwk,
+ owner @{HOME}/.cache/qt_compose_cache_* rw,
owner @{HOME}/.fonts.cache-* r,
owner @{HOME}/.config/dconf/user w,
@@ -55,7 +64,11 @@
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/fd/ r,
@{PROC}/@{pid}/net/dev r,
- /sys/devices/pci[0-9]*/**/uevent r,
+
+ # Backported from the dri-enumerate abstraction, available in AppArmor 2.13
+ /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
+
+ /tmp/.X[0-9]*-lock r,
/etc/pango/pango.modules r,
/usr/lib/gtk-*/*/loaders/* mr,
@@ -66,6 +79,7 @@
/usr/lib/firefox/firefox.sh rPx,
/usr/bin/wireshark mixr,
/usr/share/mime/* r,
+ /usr/share/qt[45]/translations/* r,
/usr/share/snmp/mibs r,
/usr/share/snmp/mibs/* r,
/usr/share/snmp/mibs/.index rw,
@@ -76,6 +90,13 @@
/usr/lib/@{multiarch}/wireshark/plugins/**/ r,
/usr/lib/@{multiarch}/wireshark/plugins/**.so mr,
- # for reading pcaps
- /**.pcap r,
+ /usr/bin/dumpcap Px,
+
+ # file browsing dialogue
+ / r,
+ /**/ r,
+
+ # reading/writing pcaps
+ /**pcap{,ng}{,.gz} r,
+ owner /**pcap{,ng}{,.gz} rw,
}
diff --git a/profiles/apparmor/profiles/extras/usr.bin.xfs b/profiles/apparmor/profiles/extras/usr.bin.xfs
index 0f18811efdbd09c298f04e1e78001d4c392f9ece..17b9d06baac8a44687895cc9431bef699a0620c6 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.xfs
+++ b/profiles/apparmor/profiles/extras/usr.bin.xfs
@@ -8,11 +8,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/bin/xfs {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
/ r,
/dev/tty wr,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
index 54ca37bf637d8356a4b52566fbae870cfa8c0c94..02ffdb4bef8e753079004eb9017195ad0897645a 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib.GConf.2.gconfd-2
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/GConf/2/gconfd-2 {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
/etc/gconf/2/path r,
/etc/gconf/gconf.xml.defaults r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
index be728da9fe13ce5b65549d2f91df6f9762ac27ea..a2de723a431630c3caf781e4cf7d33f90a049c84 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
+++ b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
@@ -10,18 +10,20 @@
# vim:syntax=apparmor
# Last Modified: Wed Aug 31 11:14:09 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/RealPlayer10/realplay {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/fonts>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
- #include <abstractions/gnome>
- #include <abstractions/user-download>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/fonts>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
+ include <abstractions/gnome>
+ include <abstractions/user-download>
+ include <abstractions/X>
/{usr/,}bin/bash mix,
/{usr/,}bin/sed mixr,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
index 5cec99ec333d833b9e39d20c26ff7d83c24a9515..e09c0b9452e8dc9cbbf60c10fc03db1a12aec962 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
+++ b/profiles/apparmor/profiles/extras/usr.lib.bonobo.bonobo-activation-server
@@ -10,12 +10,14 @@
# vim:syntax=apparmor
# Last Modified: Mon Aug 29 10:49:30 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/bonobo/bonobo-activation-server {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
/etc/bonobo-activation/bonobo-activation-config.xml r,
/usr/lib/bonobo/bonobo-activation-server rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10 b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
index 477fc0cb2014b106d0efbd5171e3110f7a560c77..a649fe531c40104628571533c41f47d4ec0a4bcd 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
+++ b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/evolution-data-server/evolution-data-server-1.10 {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
/etc/mtab r,
/etc/** r,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
index 8f3bf56d9b79c6145c4d9fcf0deff5cd7f492271..6d869d674d367b732212945b73b869eb30ab0d96 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox
@@ -9,7 +9,9 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
# We want to confine the binaries that match:
# /usr/lib/firefox-4.0b8/firefox
@@ -17,13 +19,13 @@
# but not:
# /usr/lib/firefox-4.0b8/firefox.sh
/usr/lib/firefox{,-[0-9]*}/firefox{,*[^s][^h]} {
- #include <abstractions/audio>
- #include <abstractions/cups-client>
- #include <abstractions/dbus-session>
- #include <abstractions/gnome>
- #include <abstractions/ibus>
- #include <abstractions/kde>
- #include <abstractions/nameservice>
+ include <abstractions/audio>
+ include <abstractions/cups-client>
+ include <abstractions/dbus-session>
+ include <abstractions/gnome>
+ include <abstractions/ibus>
+ include <abstractions/kde>
+ include <abstractions/nameservice>
# for networking
network inet stream,
@@ -121,8 +123,12 @@
deny /usr/share/mozilla/extensions/**/ w,
deny /usr/share/mozilla/ w,
+ # needed by widevine
+ ptrace (trace) peer=@{profile_name},
+ @{HOME}/.mozilla/firefox/*/gmp-widevinecdm/*/lib*so m,
+
# Site-specific additions and overrides. See local/README for details.
# Local path is disabled, we only enable them for profiles we promote
# out of extras.
- ## include <local/usr.bin.firefox>
+ include if exists <local/usr.bin.firefox>
}
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
index 2ab2782684589b330b4175e373d25a7fe69d3e1f..95a7a7de4cb1a339d1911daa2b88993f29558fb8 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.firefox.sh
@@ -1,10 +1,13 @@
# Last Modified: Wed Nov 5 03:32:59 2008
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/firefox/firefox.sh {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
deny capability sys_ptrace,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
index 516adbd169cf41333e4cae619e746fe3e258fcd8..bb8ca311f652e8bdff93871b4b6b9c268c604a5f 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
+++ b/profiles/apparmor/profiles/extras/usr.lib.firefox.mozilla-xremote-client
@@ -10,11 +10,13 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/firefox/mozilla-xremote-client {
- #include <abstractions/base>
- #include <abstractions/X>
+ include <abstractions/base>
+ include <abstractions/X>
/usr/lib/mozilla/lib*so* mr,
/usr/lib/firefox/mozilla-xremote-client rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib.man-db.man b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
index ef0e068cfee32e6b79e37bedc9b192637b723c50..1770359f721d88a3814950f45bd58077d112b95c 100644
--- a/profiles/apparmor/profiles/extras/usr.lib.man-db.man
+++ b/profiles/apparmor/profiles/extras/usr.lib.man-db.man
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib/man-db/man {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/user-manpages>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/user-manpages>
/{usr/,}bin/bash rmix,
/{usr/,}bin/cat rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2 b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
index b6fb60537a5d0d143c1a00b0f07c40088c3a56bc..89925b0595341df631bb53b49aed8196ffdf7c37 100644
--- a/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
+++ b/profiles/apparmor/profiles/extras/usr.lib64.GConf.2.gconfd-2
@@ -10,12 +10,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/lib64/GConf/2/gconfd-2 {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
/etc/gconf/2/path r,
/etc/gconf/gconf.xml.defaults r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.cupsd b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
index 618a97c028730492108cb4e89bdc513ff0eacf59..24f521e00a50b6e3d0c9e4e07b1310bc48ad6f81 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.cupsd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
@@ -1,11 +1,15 @@
# Last Modified: Sun Sep 16 18:11:15 2007
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/cupsd {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/dbus>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/dbus>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
+ include <abstractions/hosts_access>
capability chown,
capability dac_override,
@@ -41,8 +45,6 @@
/etc/cups/printcap rw,
/etc/cups/ssl rw,
/etc/cups/yes/* rw,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
@{PROC}/meminfo r,
@{PROC}/sys/dev/parport/** r,
/sys/class/usb r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
index d54da0f5c672ffa35260dca69271a384f30370a2..5d534dd736a1330eb6f0308c6ce4080f6408a726 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.dhcpd
@@ -8,11 +8,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/dhcpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/hosts_access>
capability dac_override,
capability net_bind_service,
@@ -27,11 +30,10 @@
/db/dhcpd.leases* lrw,
/etc/dhcpd.conf r,
/etc/named.d/* r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
@{PROC}/net/dev r,
+ @{PROC}/sys/net/ipv4/ip_local_port_range r,
/usr/sbin/dhcpd rmix,
- /var/lib/dhcp/{db/,}dhcpd.leases* rwl,
+ /var/lib/dhcp/{db/,}dhcpd{6,}.leases* rwl,
/var/lib/dhcp/etc/dhcpd.conf r,
/{,var/}run/dhcpd.pid wl,
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
index da5f0807251b88085ee718e072e0318777a28b19..ada4f5634b39e339070329fb7411f0adeb31f2fe 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
+++ b/profiles/apparmor/profiles/extras/usr.sbin.httpd2-prefork
@@ -9,16 +9,18 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/httpd2-prefork {
- #include <abstractions/apache2-common>
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/kerberosclient>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
- #include <abstractions/openssl>
+ include <abstractions/apache2-common>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/kerberosclient>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
+ include <abstractions/openssl>
capability kill,
capability net_bind_service,
@@ -130,13 +132,13 @@
^HANDLING_UNTRUSTED_INPUT {
- #include <abstractions/apache2-common>
+ include <abstractions/apache2-common>
/var/log/apache2/* w,
}
^DEFAULT_URI {
- #include <abstractions/apache2-common>
- #include <abstractions/base>
+ include <abstractions/apache2-common>
+ include <abstractions/base>
# Note that mod_perl, mod_php, mod_python, etc, allows in-apache
# execution of content regardless of 'x' permissions, as no exec(2)
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.imapd b/profiles/apparmor/profiles/extras/usr.sbin.imapd
index a00318ca5d3287a93126757183b63cef1034c419..0d21823d2c8d585bd4079cf9db665b14b1bef348 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.imapd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.imapd
@@ -8,14 +8,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/imapd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
- #include <abstractions/user-mail>
- #include <abstractions/openssl>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/authentication>
+ include <abstractions/user-mail>
+ include <abstractions/openssl>
/dev/urandom r,
/tmp/* rwl,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
index 5f18bd06b97050b5be31bc59f54ad54e443e54e3..1bcb43b4b30c4371d6cdca7e13432cfc12eb44f2 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
@@ -8,16 +8,18 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/in.fingerd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
@{HOME}/.plan r,
@{HOME}/.project r,
/usr/bin/finger mix,
/var/log/lastlog r,
- /{,var/}run/utmp r,
+ /{,var/}run/utmp rk,
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
index 8d494efdbb2250a225293b8ac1e67df198a79606..e39356dd2ce39208345aee2ff950d88d1747d61b 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ftpd
@@ -8,12 +8,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/in.ftpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/authentication>
/ r,
/dev/urandom r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
index ba5227cda316226c910b5662600d3ad0f9853851..7b454a76ad03974ffac1eea6f24fffa5affecedb 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.ntalkd
@@ -8,12 +8,14 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/in.ntalkd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/consoles>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/consoles>
/usr/sbin/in.ntalkd r,
/{,var/}run/utmp r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
index 26deeb5137a7afc9557299d7febf7e19ba13febb..c65c9c958230d2438db0a3a5cf208c21f07b3022 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop2d
@@ -8,14 +8,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/ipop2d {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
- #include <abstractions/user-mail>
- #include <abstractions/openssl>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/authentication>
+ include <abstractions/user-mail>
+ include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
index dbfbc0d2d0266bf6189e374e71488dd53a1ca6f0..ca6348f5c60f5faf1c859ba3e07222f44dc3079d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
+++ b/profiles/apparmor/profiles/extras/usr.sbin.ipop3d
@@ -8,14 +8,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/ipop3d {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
- #include <abstractions/user-mail>
- #include <abstractions/openssl>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/authentication>
+ include <abstractions/user-mail>
+ include <abstractions/openssl>
/dev/urandom r ,
/tmp/.* rwl ,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
index 7fa27e24976a0615e3ac87608e7dc321aad0a1b6..af11fb5a9c4b690684c2b71b63ba68fdfcba0572 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.lighttpd
@@ -9,12 +9,15 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/lighttpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/web-data>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
+ include <abstractions/web-data>
# needed to change max file descriptors
capability sys_resource,
@@ -26,6 +29,8 @@
capability setgid,
capability setuid,
+ @{PROC}/loadavg r,
+
/etc/lighttpd r,
/etc/lighttpd/*.conf r,
/etc/lighttpd/conf.d/*.conf r,
@@ -50,7 +55,17 @@
/var/log/lighttpd/*.log rw,
# include_shell
/{usr/,}bin/bash mix,
+ /{usr/,}bin/dash mix,
/{usr/,}bin/zsh mix,
/{usr/,}bin/cat mix,
+
+ # Debian/Ubuntu integration in default installation
+ /etc/mime.types r,
+ /usr/share/lighttpd/ r,
+ /usr/share/lighttpd/*.pl mrix,
+ /etc/lighttpd/conf-available/ r,
+ /etc/lighttpd/conf-available/*.conf r,
+ /etc/lighttpd/conf-enabled/ r,
+ /etc/lighttpd/conf-enabled/*.conf r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.mysqld b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
index 4bfcf0851d3ddab0098e92ab6650667361603051..8410467b1cfb8837343cbfeba174d30106a6455c 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.mysqld
+++ b/profiles/apparmor/profiles/extras/usr.sbin.mysqld
@@ -12,20 +12,21 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/mysqld {
- #include <abstractions/base>
- #include <abstractions/mysql>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
+ include <abstractions/base>
+ include <abstractions/mysql>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
+ include <abstractions/hosts_access>
capability dac_override,
capability setgid,
capability setuid,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/my.cnf r,
/etc/my.cnf.d/ r,
/etc/my.cnf.d/*.cnf r,
@@ -41,6 +42,6 @@
/var/log/mysql/mysqld-upgrade-run.log w,
/var/log/mysql/mysqld.log w,
/var/log/mysql/mysqld.log-20* w,
- /{,var/}run/mysql/mysqld.pid w,
+ /{,var/}run/mysql{,d}/mysqld.pid w,
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.nmbd b/profiles/apparmor/profiles/extras/usr.sbin.nmbd
deleted file mode 100644
index cedfbbf62054ebffcf6fa2c64697c4a22bfe85fe..0000000000000000000000000000000000000000
--- a/profiles/apparmor/profiles/extras/usr.sbin.nmbd
+++ /dev/null
@@ -1,32 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# vim:syntax=apparmor
-# Last Modified: Thu Aug 18 12:14:01 2005
-
-#include <tunables/global>
-
-/usr/sbin/nmbd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
-
- capability net_bind_service,
-
- /etc/samba/dhcp.conf r,
- /etc/samba/smb.conf r,
- /usr/lib/samba/* r,
- /usr/sbin/nmbd r,
- /var/lib/samba/browse.dat lw,
- /var/lib/samba/browse.dat. lrw,
- /var/lib/samba/gencache.tdb rw,
- /var/lib/samba/messages.tdb rw,
- /var/lib/samba/unexpected.tdb rw,
- /var/log/samba/log.nmbd w,
- /{,var/}run/samba/nmbd.pid w,
-}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.oidentd b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
index 609def86ee316b9425bb7a4529e09edc9907911a..999cefefa9b382e4db95b779791261c0d49ef87e 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.oidentd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
@@ -9,11 +9,13 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/oidentd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability net_bind_service,
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.popper b/profiles/apparmor/profiles/extras/usr.sbin.popper
index d5831cf8e82cef67982392d702386b1f6c40718a..3b2ef4c6e050edb054ae9d904d5eaee8bafbf6ea 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.popper
+++ b/profiles/apparmor/profiles/extras/usr.sbin.popper
@@ -9,13 +9,16 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
# Last Modified: Wed Aug 31 11:14:09 2005
-#include <tunables/global>
+
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/popper {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/user-mail>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/user-mail>
capability setgid,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postalias b/profiles/apparmor/profiles/extras/usr.sbin.postalias
index 0ee6089cad950dccad5cc5509e9d8ff58242ed91..832a7a5fe938fdd9f3226f01012e2100b105209d 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postalias
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postalias
@@ -1,6 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -8,20 +9,22 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/postalias {
- #include <abstractions/base>
- #include <abstractions/kerberosclient>
- #include <abstractions/nameservice>
- #include <abstractions/consoles>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/kerberosclient>
+ include <abstractions/nameservice>
+ include <abstractions/consoles>
+ include <abstractions/postfix-common>
/etc/aliases r,
- /etc/aliases.db rwlk,
+ /etc/aliases.{lm,}db rwlk,
/etc/postfix r,
/etc/postfix/main.cf r,
/etc/postfix/aliases r,
- /etc/postfix/aliases.db rwlk,
+ /etc/postfix/aliases.{lm,}db rwl,
/etc/postfix/__db.aliases.db lrw,
/etc/__db.aliases.db rwl,
/usr/sbin/postalias rmix,
@@ -29,7 +32,7 @@
# On SuSE, mailman is configured to use its own alias db
/var/lib/mailman/data/aliases r,
/var/lib/mailman/data/__db.aliases.db rwl,
- /var/lib/mailman/data/aliases.db rwl,
+ /var/lib/mailman/data/aliases.{lm,}db rwl,
/var/spool/postfix r,
/var/spool/postfix/pid r,
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postdrop b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
index 881810593e3bd33aff8555d55032c9de2998e65b..3b170679960093e6c3ebba3ebaea8cc6d27afd5a 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postdrop
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postdrop
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/postdrop {
- #include <abstractions/base>
- #include <abstractions/kerberosclient>
- #include <abstractions/nameservice>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/kerberosclient>
+ include <abstractions/nameservice>
+ include <abstractions/postfix-common>
# This is needed at least for permissions=paranoid
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postmap b/profiles/apparmor/profiles/extras/usr.sbin.postmap
index 423681a975cb62b2706a78c97d184c42b4b8f340..11bc606e01c7e86bd14fa5c3efd172d8d1550db7 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postmap
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postmap
@@ -1,6 +1,7 @@
# ------------------------------------------------------------------
#
# Copyright (C) 2002-2005 Novell/SUSE
+# Copyright (C) 2021 Christian Boltz
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -8,18 +9,21 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/postmap {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/kerberosclient>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/kerberosclient>
+ include <abstractions/postfix-common>
/etc/fstab r,
/etc/mtab r,
/etc/postfix/* r,
/etc/postfix/*.db rwlk,
+ /etc/postfix/*.lmdb rwlk,
@{PROC}/net/if_inet6 r,
/usr/share/icu/[0-9]*.[0-9]*/*.dat r,
/usr/sbin/postmap rmix,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.postqueue b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
index d2816252ea454c1248d8688d49104a8d29c2b0bb..4ca429c38b5293fb32a035171a99577518aa27d2 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.postqueue
+++ b/profiles/apparmor/profiles/extras/usr.sbin.postqueue
@@ -8,14 +8,16 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/postqueue {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/kerberosclient>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/kerberosclient>
+ include <abstractions/postfix-common>
# This is needed at least for permissions=paranoid
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
index b8138ae76663e3f7fa473f5ca089d4dc38286a06..f1326d8dec073221e0e36fab63877bdf13b5d6aa 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail
@@ -11,23 +11,24 @@
# support /etc/alternatives/ -- SuSE has no such mechanism. So, this
# file supports _BOTH_ sendmail's sendmail and postfix's sendmail.
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/sendmail {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/kerberosclient>
- #include <abstractions/nameservice>
- #include <abstractions/user-tmp>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/kerberosclient>
+ include <abstractions/nameservice>
+ include <abstractions/user-tmp>
+ include <abstractions/postfix-common>
+ include <abstractions/hosts_access>
/usr/bin/procmail Px,
/etc/aliases.db rw,
/etc/aliases rw,
/etc/fstab r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/ldap.conf r,
/etc/mail/* r,
/etc/mail/statistics rw,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
index a760a671beb98c107617a5e3a473ad0c569ef316..ed7fa7e4ddaa1af03e3fcc2ddf38c7f69c996d85 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.postfix
@@ -8,15 +8,17 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/sendmail.postfix {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/consoles>
- #include <abstractions/kerberosclient>
- #include <abstractions/user-tmp>
- #include <abstractions/postfix-common>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/consoles>
+ include <abstractions/kerberosclient>
+ include <abstractions/user-tmp>
+ include <abstractions/postfix-common>
/etc/mtab r,
/etc/postfix r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
index c2350358e7dbea17964e6204f36b79a47964d51c..4bce297d83490fa5a05a5e46e3cb47c9064558ea 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sendmail.sendmail
@@ -8,18 +8,19 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/sendmail.sendmail {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/hosts_access>
@{PROC}/loadavg r,
/etc/aliases rw,
/etc/aliases.db rw,
/etc/fstab r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/ldap.conf r,
/etc/mail/statistics rw,
/etc/mail/* r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.smbd b/profiles/apparmor/profiles/extras/usr.sbin.smbd
deleted file mode 100644
index da32416e2f72512a4fe5683930cda3a136dd0667..0000000000000000000000000000000000000000
--- a/profiles/apparmor/profiles/extras/usr.sbin.smbd
+++ /dev/null
@@ -1,45 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# vim:syntax=apparmor
-# Last Modified: Thu Aug 18 11:41:15 2005
-
-#include <tunables/global>
-
-/usr/sbin/smbd {
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/nameservice>
-
- capability net_bind_service,
- capability setgid,
- capability setuid,
- capability sys_resource,
-
- /etc/cups/client.conf r,
- /etc/samba/dhcp.conf r,
- /etc/samba/secrets.tdb rw,
- /etc/samba/smb.conf r,
- /etc/samba/smbpasswd rw,
-
- @{HOME}/** rwl,
- @{HOMEDIRS} rwl,
-
- @{PROC}/@{pid}/mounts r,
- /tmp rw,
- /var/tmp rw,
- /var/tmp/** lrw,
- /usr/lib/samba/lowcase.dat r,
- /usr/lib/samba/upcase.dat r,
- /usr/lib/samba/valid.dat r,
- /usr/sbin/smbd r,
- /var/lib/samba/** rw,
- /var/log/samba/log.smbd w,
- /{,var/}run/samba/smbd.pid w,
-}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.spamd b/profiles/apparmor/profiles/extras/usr.sbin.spamd
index abed1dab72605454c532422c5073ca0828d37f38..6ee9f97a250e4dc300499d98820c4e3e4dfd0610 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.spamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.spamd
@@ -10,13 +10,15 @@
# vim:syntax=apparmor
# Last Modified: Wed Feb 23 11:03:18 2005
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/spamd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/perl>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/perl>
capability net_bind_service,
capability setgid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.squid b/profiles/apparmor/profiles/extras/usr.sbin.squid
index c20373f008883417ddcee5d0c3d896f3a003eef3..a94eb3e712ff885047a5d1eb7b99197b76c6da06 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.squid
+++ b/profiles/apparmor/profiles/extras/usr.sbin.squid
@@ -9,13 +9,15 @@
# ------------------------------------------------------------------
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/squid {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/kerberosclient>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/kerberosclient>
+ include <abstractions/nameservice>
capability setgid,
capability setuid,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.sshd b/profiles/apparmor/profiles/extras/usr.sbin.sshd
index a4863e0dafdca9001fbb4ba01403a9c9cd1d4948..98927ddd59425913e1a868d769325c777eefa31c 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.sshd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.sshd
@@ -14,15 +14,18 @@
#
# vim:syntax=apparmor
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/sshd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/libpam-systemd>
- #include <abstractions/nameservice>
- #include <abstractions/wutmp>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/libpam-systemd>
+ include <abstractions/nameservice>
+ include <abstractions/wutmp>
+ include <abstractions/hosts_access>
capability sys_chroot,
capability sys_resource,
@@ -52,8 +55,6 @@
/dev/urandom r,
/etc/default/locale r,
/etc/environment r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/modules.conf r,
/etc/security/** r,
/etc/ssh/** r,
@@ -99,9 +100,9 @@
# to set memory protection for passwd
@{PROC}/@{pid}/task/@{pid}/attr/exec w,
profile passwd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
capability audit_write,
capability chown,
@@ -129,6 +130,7 @@
/etc.legal r,
/etc/motd r,
/{,var/}run/motd{,.dynamic}{,.new} rw,
+ /tmp/krb5cc* wk,
/tmp/ssh-[a-zA-Z0-9]*/ w,
/tmp/ssh-[a-zA-Z0-9]*/agent.[0-9]* wl,
@@ -140,5 +142,5 @@
/usr/lib/openssh/sftp-server PUx,
# Site-specific additions and overrides. See local/README for details.
- ## include <local/usr.sbin.sshd>
+ include if exists <local/usr.sbin.sshd>
}
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.useradd b/profiles/apparmor/profiles/extras/usr.sbin.useradd
index 56e6a5245e8c06b8838bc75533bdb03ca0c2c34b..1b38a0e42bca8d67b8126b6cfe597b5197525078 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.useradd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.useradd
@@ -9,16 +9,18 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/useradd {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/perl>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
- #include <abstractions/wutmp>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/perl>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
+ include <abstractions/wutmp>
capability audit_write,
capability chown,
@@ -60,9 +62,9 @@
/var/spool/mail/* rw,
profile pam_tally2 {
- #include <abstractions/base>
- #include <abstractions/consoles>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/consoles>
+ include <abstractions/nameservice>
capability audit_write,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.userdel b/profiles/apparmor/profiles/extras/usr.sbin.userdel
index aca38dad47701b92f354e5f942c4cff7e0b39bb0..138a5b1eba242fd000b5dbd6225c9209bfaab7dd 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.userdel
+++ b/profiles/apparmor/profiles/extras/usr.sbin.userdel
@@ -9,16 +9,18 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/userdel {
- #include <abstractions/authentication>
- #include <abstractions/base>
- #include <abstractions/bash>
- #include <abstractions/consoles>
- #include <abstractions/perl>
- #include <abstractions/nameservice>
- #include <abstractions/wutmp>
+ include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/bash>
+ include <abstractions/consoles>
+ include <abstractions/perl>
+ include <abstractions/nameservice>
+ include <abstractions/wutmp>
capability chown,
capability dac_override,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
index dda87f1eabfad3070f0d615fe411a349d027c75d..7d4862dfb1573021066ffc516edc2662cc9fd609 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.vsftpd
@@ -9,19 +9,20 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/vsftpd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
- #include <abstractions/authentication>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/authentication>
+ include <abstractions/hosts_access>
/dev/urandom r,
/etc/environment r,
/etc/fstab r,
/etc/ftpusers r,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/mtab r,
/etc/shells r,
/etc/vsftpd.* r,
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.xinetd b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
index 3e05b8c784bdde8db2b3a6c9182c27e96ada9b8e..d5fb26a376c5102c7a53ff5982b632b5b8708a6e 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.xinetd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.xinetd
@@ -8,18 +8,19 @@
#
# ------------------------------------------------------------------
-#include <tunables/global>
+abi <abi/3.0>,
+
+include <tunables/global>
/usr/sbin/xinetd {
- #include <abstractions/base>
- #include <abstractions/nameservice>
+ include <abstractions/base>
+ include <abstractions/nameservice>
+ include <abstractions/hosts_access>
capability net_bind_service,
capability setgid,
capability setuid,
- /etc/hosts.allow r,
- /etc/hosts.deny r,
/etc/xinetd.conf r,
/etc/xinetd.d r,
/etc/xinetd.d/* r,
diff --git a/tests/regression/apparmor/Makefile b/tests/regression/apparmor/Makefile
index c3d0cfb7390648f5e785c06f29da9aa2e05c8dbf..5c275a3cd617616712094759653b7eb382f86c55 100644
--- a/tests/regression/apparmor/Makefile
+++ b/tests/regression/apparmor/Makefile
@@ -67,10 +67,10 @@ system aa-exec by adding USE_SYSTEM=1 to your make command.${nl}\
LDLIBS += -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
endif # USE_SYSTEM
-CFLAGS += -g -O0 -Wall -Wstrict-prototypes
-
-USE_SYSCTL:=$(shell echo "#include <sys/sysctl.h>" | cpp -dM >/dev/null 2>/dev/null && echo true)
++SYSCTL_INCLUDE="\#include <sys/sysctl.h>"
++USE_SYSCTL:=$(shell echo $(SYSCTL_INCLUDE) | cpp -dM >/dev/null 2>/dev/null && echo true)
+CFLAGS += -g -O0 $(EXTRA_WARNINGS)
SRC=access.c \
at_secure.c \
@@ -141,7 +141,8 @@ SRC=access.c \
unix_socket.c \
unix_socket_client.c \
unlink.c \
- xattrs.c
+ xattrs.c \
+ xattrs_profile.c
#only do the ioperm/iopl tests for x86 derived architectures
ifneq (,$(findstring $(shell uname -i),i386 i486 i586 i686 x86 x86_64))
@@ -166,10 +167,14 @@ Install libdbus-1-dev or equivalent package to build and run these tests${nl}\
endif
TRANSITION_CFLAGS=
+AA_POLICY_CACHE_CFLAGS=
ifdef USE_SYSTEM
ifneq (,$(shell pkg-config --atleast-version 2.10 libapparmor && echo TRUE))
SRC+=aa_policy_cache.c
CONDITIONAL_TESTS+=aa_policy_cache
+ ifeq (,$(shell pkg-config --atleast-version 2.13 libapparmor && echo TRUE))
+ AA_POLICY_CACHE_CFLAGS=-DCOMPAT_PATH_PREVIEW
+ endif
else
$(warning ${nl}\
************************************************************************${nl}\
@@ -178,7 +183,7 @@ ifdef USE_SYSTEM
endif
ifneq (,$(shell pkg-config --atleast-version 2.10.95 libapparmor && echo TRUE))
- CONDITIONAL_TESTS+=exec_stack stackonexec stackprofile
+ CONDITIONAL_TESTS+=exec_stack nnp stackonexec stackprofile
else
$(warning ${nl}\
************************************************************************${nl}\
@@ -188,7 +193,7 @@ ifdef USE_SYSTEM
endif
else
SRC+=aa_policy_cache.c
- CONDITIONAL_TESTS+=exec_stack aa_policy_cache stackonexec stackprofile
+ CONDITIONAL_TESTS+=exec_stack aa_policy_cache nnp stackonexec stackprofile
endif
EXEC=$(SRC:%.c=%)
@@ -245,8 +250,10 @@ TESTS=aa_exec \
unix_socket_pathname \
unix_socket_abstract \
unix_socket_unnamed \
+ unix_socket_autobind \
unlink\
xattrs\
+ xattrs_profile\
longpath
#only do dbus if proper libs are installl
@@ -274,6 +281,9 @@ else # !USE_SYSTEM
cp uservars.inc.source uservars.inc
endif # USE_SYSTEM
+aa_policy_cache: aa_policy_cache.c
+ ${CC} ${CFLAGS} ${AA_POLICY_CACHE_CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS}
+
at_secure: at_secure.c transition
${CC} ${CFLAGS} ${LDFLAGS} $< -o $@ ${LDLIBS}
@@ -307,6 +317,27 @@ unix_socket_client: unix_socket_client.c unix_socket_common.o
unix_socket: unix_socket.c unix_socket_common.o unix_socket_client
${CC} ${CFLAGS} ${LDFLAGS} $(filter-out unix_socket_client, $^) -o $@ ${LDLIBS}
+build-dep:
+ @if [ `whoami` = "root" ] ;\
+ then \
+ if [ -z ${DISTRO} ] ;\
+ then \
+ echo "must set DISTRO before using target 'build-dep'" ;\
+ exit 1;\
+ fi; \
+ \
+ if [ ${DISTRO} = "ubuntu" ] || [ ${DISTRO} = "debian" ] ;\
+ then \
+ apt install apparmor libapparmor1 libapparmor-dev perl python gcc libc-dev ;\
+ else \
+ echo "Unknown option for DISTRO: '$(DISTRO)'. Supported options are 'ubuntu' or 'debian'" ;\
+ exit 1;\
+ fi; \
+ else \
+ echo "must be root to install build dependencies" ;\
+ exit 1;\
+ fi
+
tests: all
@if [ `whoami` = "root" ] ;\
then \
diff --git a/tests/regression/apparmor/aa_policy_cache.c b/tests/regression/apparmor/aa_policy_cache.c
index b1fc11d91968de1214bafb3793f4b7875b66c4d2..b102eb59bc59d1a68fd3e8d61bee6c66cfa4f344 100644
--- a/tests/regression/apparmor/aa_policy_cache.c
+++ b/tests/regression/apparmor/aa_policy_cache.c
@@ -14,12 +14,17 @@
* along with this program; if not, contact Canonical Ltd.
*/
+#define _GNU_SOURCE
+
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
#include <sys/apparmor.h>
@@ -62,6 +67,84 @@ out:
return rc;
}
+#ifdef COMPAT_PATH_PREVIEW
+
+static char *path_from_fd(int fd)
+{
+ char *proc_path = NULL;
+ char *path = NULL;
+ int proc_fd = -1;
+ struct stat proc_stat;
+ ssize_t size, path_len;
+
+ if (asprintf(&proc_path, "/proc/self/fd/%d", fd) == -1) {
+ proc_path = NULL;
+ errno = ENOMEM;
+ goto err;
+ }
+
+ proc_fd = open(proc_path, O_RDONLY | O_CLOEXEC | O_PATH | O_NOFOLLOW);
+ if (proc_fd == -1)
+ goto out;
+
+ if (fstat(proc_fd, &proc_stat) == -1)
+ goto err;
+
+ if (!S_ISLNK(proc_stat.st_mode)) {
+ errno = EINVAL;
+ goto err;
+ }
+
+ size = proc_stat.st_size;
+repeat:
+ path = malloc(size + 1);
+ if (!path)
+ goto err;
+
+ /**
+ * Since 2.6.39, symlink file descriptors opened with
+ * (O_PATH | O_NOFOLLOW) can be used as the dirfd with an empty string
+ * as the path. readlinkat() will operate on the symlink inode.
+ */
+ path_len = readlinkat(proc_fd, "", path, size);
+ if (path_len == -1)
+ goto err;
+ if (path_len == size) {
+ free(path);
+ size = size * 2;
+ goto repeat;
+ }
+ path[path_len] = '\0';
+ goto out;
+err:
+ free(path);
+out:
+ free(proc_path);
+ return path;
+}
+
+static char *aa_policy_cache_dir_path_preview(aa_features *kernel_features,
+ int dirfd, const char *path)
+{
+ char *cache_loc = NULL;
+ char *dir_path;
+
+ if (dirfd != AT_FDCWD) {
+ cache_loc = path_from_fd(dirfd);
+ if (!cache_loc)
+ return NULL;
+ }
+
+ if (asprintf(&dir_path, "%s%s%s", cache_loc ? cache_loc : "",
+ cache_loc ? "/" : "", path) < 0)
+ dir_path = NULL;
+
+ free(cache_loc);
+ return dir_path;
+}
+
+#endif /* COMPAT_PATH_PREVIEW */
+
static int test_cache_dir(const char *path)
{
char *cache_dir;
diff --git a/tests/regression/apparmor/i18n.sh b/tests/regression/apparmor/i18n.sh
index d57bc3849d90edf43525c3c187aba3e395277e20..43e4fab23ae729bcef0d3d922ad8d42e8c96ce94 100755
--- a/tests/regression/apparmor/i18n.sh
+++ b/tests/regression/apparmor/i18n.sh
@@ -13,6 +13,8 @@
# in the name.
#=END
+LANG=C
+
pwd=`dirname $0`
pwd=`cd $pwd ; /bin/pwd`
diff --git a/tests/regression/apparmor/mkprofile.pl b/tests/regression/apparmor/mkprofile.pl
index 6b192406fa570027ca31b54507b59b7556381d2e..201d53cb50bfd379640bd920fabc4b04bf0e62d7 100755
--- a/tests/regression/apparmor/mkprofile.pl
+++ b/tests/regression/apparmor/mkprofile.pl
@@ -20,6 +20,8 @@ my $usestdin = '';
my %output_rules;
my $hat = "__no_hat";
my %flags;
+my %xattrs;
+my $path = '';
GetOptions(
'escape|E' => \$escape,
@@ -95,9 +97,14 @@ sub gen_default_rules() {
# give every profile access to change_hat
gen_file("/proc/*/attr/current:w");
+ gen_file("/proc/*/attr/apparmor/current:w");
# give every profile access to /dev/urandom (propolice, etc.)
gen_file("/dev/urandom:r");
+
+ # give every profile access to FIPS hmac files in /lib and /usr/lib
+ gen_file("/{usr/,}lib{,32,64}/.lib*.so*.hmac:r");
+ gen_file("/{usr/,}lib/{,**/}.lib*.so*.hmac:r");
}
sub gen_elf_binary($) {
@@ -361,6 +368,7 @@ sub gen_hat($) {
$hat = $rules[1];
# give every profile/hat access to change_hat
@{$output_rules{$hat}} = ( " /proc/*/attr/current w,\n",);
+ push(@{$output_rules{$hat}}, " /proc/*/attr/apparmor/current w,\n");
}
}
@@ -374,6 +382,28 @@ sub gen_addimage($) {
}
}
+sub gen_xattr($) {
+ my $rule = shift;
+ my @rules = split (/:/, $rule);
+ if (@rules == 3) {
+ $xattrs{$rules[1]} = $rules[2];
+ } elsif (@rules == 2) {
+ $xattrs{$rules[1]} = "";
+ } else {
+ (!$nowarn) && print STDERR "Warning: invalid xattr description '$rule', ignored\n";
+ }
+}
+
+sub gen_path($) {
+ my $rule = shift;
+ my @rules = split (/:/, $rule);
+ if (@rules != 2) {
+ (!$nowarn) && print STDERR "Warning: invalid path description '$rule', ignored\n";
+ } else {
+ $path = $rules[1];
+ }
+}
+
sub emit_flags($) {
my $hat = shift;
@@ -429,6 +459,10 @@ sub gen_from_args() {
} elsif ($rule =~ /^addimage:/) {
gen_addimage($rule);
$addimage = 1;
+ } elsif ($rule =~ /^xattr:/) {
+ gen_xattr($rule);
+ } elsif ($rule =~ /^path:/) {
+ gen_path($rule);
} else {
gen_file($rule);
}
@@ -438,9 +472,28 @@ sub gen_from_args() {
print STDOUT "# Profile autogenerated by $__VERSION__\n";
if (not substr($bin, 0, 1) eq "/") {
- print STDOUT "profile "
+ print STDOUT "profile "
}
print STDOUT "$bin ";
+ if (not $path eq "") {
+ print STDOUT "$path "
+ }
+ if (%xattrs) {
+ print STDOUT "xattrs=(";
+ my $firstloop = 1;
+ foreach my $xattr (keys %xattrs) {
+ if ($firstloop) {
+ $firstloop = 0;
+ } else {
+ print STDOUT " ";
+ }
+ print STDOUT "$xattr";
+ if (not $xattrs{$xattr} eq "") {
+ print STDOUT "=$xattrs{$xattr}";
+ }
+ }
+ print STDOUT ") ";
+ }
emit_flags('__no_hat');
print STDOUT "{\n";
foreach my $outrule (@{$output_rules{'__no_hat'}}) {
diff --git a/tests/regression/apparmor/nnp.sh b/tests/regression/apparmor/nnp.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b948f894707802b355c0979bc893e1e8df1fe56f
--- /dev/null
+++ b/tests/regression/apparmor/nnp.sh
@@ -0,0 +1,144 @@
+#! /bin/bash
+# Copyright (C) 2019 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME nnp
+#=DESCRIPTION
+# Verifies AppArmor interactions with NO_NEW_PRIVS
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+settest transition
+
+file=$tmpdir/file
+okperm=rw
+
+fileok="${file}:${okperm}"
+
+getcon="/proc/*/attr/current:r"
+setcon="/proc/*/attr/current:w"
+setexec="/proc/*/attr/exec:w"
+policy="/sys/kernel/security/apparmor/"
+
+touch $file
+
+# Verify file access by an unconfined process
+runchecktest "NNP (unconfined - no NNP)" pass -f "$file"
+runchecktest "NNP (unconfined - NNP)" pass -n -f "$file"
+
+# Verify file access under simple confinement
+genprofile "$fileok" "$getcon"
+runchecktest "NNP (confined - no NNP)" pass -f "$file"
+runchecktest "NNP (confined - NNP)" pass -n -f "$file"
+
+# Verify that NNP allows ix transitions
+genprofile image="$test" "$fileok" "$getcon"
+runchecktest "NNP (ix - no NNP)" pass -- "$test" -f "$file"
+runchecktest "NNP (ix - NNP)" pass -- "$test" -n -f "$file"
+
+# Verify that NNP causes unconfined profile transition failures
+# NNP-induced failures will use EPERM rather than EACCES
+genprofile -I "$test":rux "$fileok"
+runchecktest "NNP (ux - no NNP)" pass -- "$test" -f "$file"
+runchecktest_errno EPERM "NNP (ux - NNP)" fail -n -- "$test" -f "$file"
+
+# Verify that NNP causes discrete profile transition failures
+genprofile "$bin/open":px -- image="$bin/open" "$fileok"
+runchecktest "NNP (px - no NNP)" pass -- "$bin/open" "$file"
+runchecktest_errno EPERM "NNP (px - NNP)" fail -n -- "$bin/open" "$file"
+
+# Verify that NNP causes change onexec failures
+genprofile "change_profile->":"$bin/open" "$setexec" -- image="$bin/open" "$fileok"
+runchecktest "NNP (change onexec - no NNP)" pass -O "$bin/open" -- "$bin/open" "$file"
+runchecktest_errno EPERM "NNP (change onexec - NNP)" fail -n -O "$bin/open" -- "$bin/open" "$file"
+
+# Verify that NNP causes change profile failures
+genprofile "change_profile->":"$bin/open" "$setcon" -- image="$bin/open"
+runchecktest "NNP (change profile - no NNP)" pass -P "$bin/open"
+runchecktest_errno EPERM "NNP (change profile - NNP)" fail -n -P "$bin/open"
+
+if [ "$(kernel_features_istrue domain/stack)" != "true" ] ; then
+ echo " kernel does not support profile stacking - skipping stacking nnp tests ..."
+else
+
+ # Verify that NNP allows stack onexec of another profile
+ genprofile "$fileok" "$setexec" "change_profile->:&${bin}/open" -- image="$bin/open" "$fileok"
+ runchecktest "NNP (stack onexec - no NNP)" pass -o "$bin/open" -- "$bin/open" "$file"
+ runchecktest "NNP (stack onexec - NNP)" pass -n -o "$bin/open" -- "$bin/open" "$file"
+
+ # Verify that NNP allows stacking another profile
+ genprofile "$fileok" "$setcon" "change_profile->:&$bin/open" -- image="$bin/open" "$fileok"
+ runchecktest "NNP (stack profile - no NNP)" pass -p "$bin/open" -f "$file"
+ runchecktest "NNP (stack profile - NNP)" pass -n -p "$bin/open" -f "$file"
+
+ #Verify that NNP allow stacking unconfined along current profile
+ #this allows verifying that a stack with unconfined still gets the
+ #unconfined exception applied. It also tests that dropping unconfined
+ #from the stack is allowed. ie.
+ # transition//&unconfined -> transition//&open
+ # and
+ # transition//&unconfined -> transition//&open//&unconfined
+ genprofile "$fileok" "$setcon" "change_profile->:&$bin/open" "change_profile->:&unconfined" -- image="$bin/open" "$fileok"
+ runchecktest "NNP (stack profile&unconfined - no NNP)" pass -i "&unconfined" -p "$bin/open" -f "$file"
+ runchecktest "NNP (stack profile&unconfined - NNP)" pass -n -i "&unconfined" -p "$bin/open" -f "$file"
+
+ genprofile "$fileok" "$setcon" "change_profile->:$bin/transition" "change_profile->:$bin/open" "change_profile->:&unconfined" -- image="$bin/open" "$fileok"
+ runchecktest "NNP (change profile&unconfined - no NNP)" pass -i "&unconfined" -P "$bin/transition//&$bin/open" -f "$file"
+ runchecktest "NNP (change profile&unconfined - NNP)" pass -n -i "&unconfined" -P "$bin/transition//&$bin/open" -f "$file"
+
+
+ #Verify that NNP allows stacking a new policy namespace
+ #must use stdin with genprofile for namespaces
+ genprofile --stdin <<EOF
+$test {
+ @{gen_bin $test}
+ @{gen_def}
+ ${file} ${okperm},
+ /proc/*/attr/current w,
+ change_profile-> &:nnp:unconfined,
+}
+:nnp:$bin/open {
+ @{gen_bin $bin/open}
+ @{gen_def}
+ ${file} ${okperm},
+}
+EOF
+ #genprofile is creating child namespace so mkdir not needed
+ runchecktest "NNP (stack :nnp:unconfined - no NNP)" pass -p ":nnp:unconfined" -f "$file"
+ runchecktest "NNP (stack :nnp:unconfined - NNP)" pass -n -p ":nnp:unconfined" -f "$file"
+
+ runchecktest "NNP (stack :nnp:open - no NNP)" fail -p ":nnp:$bin/open" -f "$file"
+ runchecktest "NNP (stack :nnp:open - NNP)" fail -n -p ":nnp:$bin/open" -f "$file"
+
+ genprofile --stdin <<EOF
+$test {
+ @{gen_bin $test}
+ @{gen_def}
+ ${file} ${okperm},
+ /proc/*/attr/current w,
+ change_profile-> &:nnp:$bin/open,
+}
+:nnp:$bin/open {
+ @{gen_bin $bin/open}
+ @{gen_def}
+ ${file} ${okperm},
+}
+EOF
+ runchecktest "NNP (stack :nnp:open - no NNP)" pass -p ":nnp:$bin/open" -f "$file"
+ runchecktest "NNP (stack :nnp:open - NNP)" pass -n -p ":nnp:$bin/open" -f "$file"
+ # explicitly remove profile before cleaning up the namespace so
+ # prologue.inc auto cleanup doesn't fail
+ removeprofile
+ echo -n ":nnp:" > "$policy/.remove" || echo " warning failed to remove namespace policy/namespaces/nnp"
+
+fi
diff --git a/tests/regression/apparmor/prologue.inc b/tests/regression/apparmor/prologue.inc
index 76f0d8da80b6333880cf70e5f1226613ad5d1247..c3ed1ad62304278aa8f514f5ea3b1ca42d69cdba 100755
--- a/tests/regression/apparmor/prologue.inc
+++ b/tests/regression/apparmor/prologue.inc
@@ -418,6 +418,7 @@ fi
mv $profilenames ${profilenames}.old
fi
+ echo "abi <kernel>," >$profile
num_emitted=0
while /bin/true
diff --git a/tests/regression/apparmor/stackprofile.sh b/tests/regression/apparmor/stackprofile.sh
index 68d2e30b09828e61bd8a9153fb1bae44937a2e59..82cc3bb7ae37cb8e5d44649efd088ec1e35069cc 100755
--- a/tests/regression/apparmor/stackprofile.sh
+++ b/tests/regression/apparmor/stackprofile.sh
@@ -33,7 +33,7 @@ otherok="${otherfile}:${okperm}"
thirdok="${thirdfile}:${okperm}"
sharedok="${sharedfile}:${okperm}"
-getcon="/proc/*/attr/current:r"
+getcon="/proc/*/attr/current:r /proc/*/attr/apparmor/current:r"
othertest="$pwd/rename"
thirdtest="$pwd/exec"
@@ -125,7 +125,7 @@ $test {
$nstest {
$otherfile $okperm,
$sharedfile $okperm,
- /proc/*/attr/current r,
+ /proc/*/attr/{apparmor/,}current r,
}
EOF
runchecktest_errno EACCES "STACKPROFILE (stacked with namespaced profile - file)" fail -p $nstest -f $file
diff --git a/tests/regression/apparmor/swap.sh b/tests/regression/apparmor/swap.sh
index c15987a71ecd142d6f5db818b1e979f184a7b23c..9078d26e0969261adc966bd3ad868ca87cd15c8a 100755
--- a/tests/regression/apparmor/swap.sh
+++ b/tests/regression/apparmor/swap.sh
@@ -41,6 +41,7 @@ swap_file=$tmpdir/swapfile
# ppc64el wants this to be larger than 640KiB
# arm/small machines want this as small as possible
dd if=/dev/zero of=${swap_file} bs=1024 count=768 2> /dev/null
+chmod 600 ${swap_file}
/sbin/mkswap -f ${swap_file} > /dev/null
# TEST 1. Make sure can enable and disable swap unconfined
diff --git a/tests/regression/apparmor/transition.c b/tests/regression/apparmor/transition.c
index 560b824bba98b8f09dc8f5f4714482026e9799fd..53970ffa74968105fc8c01c9301d899f16f5a645 100644
--- a/tests/regression/apparmor/transition.c
+++ b/tests/regression/apparmor/transition.c
@@ -21,6 +21,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/apparmor.h>
+#include <sys/prctl.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
@@ -281,6 +282,15 @@ static void handle_transition(int transition, const char *target)
}
}
+static void set_no_new_privs(void)
+{
+ if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
+ int err = errno;
+ perror("FAIL - prctl (PR_SET_NO_NEW_PRIVS)");
+ exit(err);
+ }
+}
+
static void exec(const char *prog, char **argv)
{
int err;
@@ -299,6 +309,8 @@ static void usage(const char *prog)
" -P <LABEL>\tCall aa_change_profile(LABEL)\n"
" -o <LABEL>\tCall aa_stack_onexec(LABEL)\n"
" -p <LABEL>\tCall aa_stack_profile(LABEL)\n"
+ " -i <LABEL>\tCall aa_change_profile(LABEL) before nnp\n"
+ " -n\t\tSet NO_NEW_PRIVS\n"
" -L <LABEL>\tVerify that /proc/self/attr/exec contains LABEL\n"
" -M <MODE>\tVerify that /proc/self/attr/exec contains MODE. Set to \"%s\" if a NULL mode is expected.\n"
" -l <LABEL>\tVerify that /proc/self/attr/current contains LABEL\n"
@@ -320,6 +332,8 @@ struct options {
int transition; /* CHANGE_PROFILE, STACK_ONEXEC, etc. */
const char *target; /* The target label of the transition */
+ bool no_new_privs;
+
const char *exec;
char **exec_argv;
};
@@ -338,10 +352,10 @@ static void set_transition(const char *prog, struct options *opts,
static void parse_opts(int argc, char **argv, struct options *opts)
{
const char *prog = argv[0];
- int o;
+ int o, rc;
memset(opts, 0, sizeof(*opts));
- while ((o = getopt(argc, argv, "f:L:M:l:m:O:P:o:p:")) != -1) {
+ while ((o = getopt(argc, argv, "f:L:M:l:m:nO:P:o:p:i:")) != -1) {
switch (o) {
case 'f': /* file */
opts->file = optarg;
@@ -358,6 +372,9 @@ static void parse_opts(int argc, char **argv, struct options *opts)
case 'm': /* expected current mode */
opts->expected_current_mode = optarg;
break;
+ case 'n': /* NO_NEW_PRIVS */
+ opts->no_new_privs = true;
+ break;
case 'O': /* aa_change_profile */
set_transition(prog, opts, CHANGE_ONEXEC, optarg);
break;
@@ -370,6 +387,14 @@ static void parse_opts(int argc, char **argv, struct options *opts)
case 'p': /* aa_stack_profile */
set_transition(prog, opts, STACK_PROFILE, optarg);
break;
+ case 'i': /* aa_change_profile - immediate before nnp */
+ rc = aa_change_profile(optarg);
+ if (rc < 0) {
+ int err = errno;
+ perror("FAIL: immediate change_profile");
+ exit(err);
+ }
+ break;
default: /* '?' */
usage(prog);
}
@@ -391,6 +416,9 @@ int main(int argc, char **argv)
parse_opts(argc, argv, &opts);
+ if (opts.no_new_privs)
+ set_no_new_privs();
+
if (opts.transition)
handle_transition(opts.transition, opts.target);
diff --git a/tests/regression/apparmor/unix_socket.c b/tests/regression/apparmor/unix_socket.c
index bd43a9e8bf9fd601cc9f200f1a18a9ff5e0f2919..cb8610ac1ec2d346797ef57088f7fa7f50347e6f 100644
--- a/tests/regression/apparmor/unix_socket.c
+++ b/tests/regression/apparmor/unix_socket.c
@@ -29,6 +29,7 @@
#define MSG_BUF_MAX 1024
#define PATH_FOR_UNNAMED "none"
+#define PATH_FOR_AUTOBIND "auto"
static int connection_based_messaging(int sock, int sock_is_peer_sock,
char *msg_buf, size_t msg_buf_len)
@@ -99,7 +100,7 @@ int main (int argc, char *argv[])
size_t sun_path_len;
pid_t pid;
int sock, peer_sock, type, rc;
- int unnamed = 0;
+ int unnamed = 0, autobind = 0;
if (argc != 5) {
fprintf(stderr,
@@ -124,6 +125,9 @@ int main (int argc, char *argv[])
addr.sun_path[0] = '\0';
} else if (!strcmp(sun_path, PATH_FOR_UNNAMED)) {
unnamed = 1;
+ } else if (!strcmp(sun_path, PATH_FOR_AUTOBIND)) {
+ sun_path_len = 0;
+ autobind = 1;
} else {
/* include the nul terminator for pathname addr types */
sun_path_len++;
@@ -195,6 +199,21 @@ int main (int argc, char *argv[])
exit(1);
}
}
+
+ if (autobind) {
+ unsigned int len = sizeof(addr);
+ rc = getsockname(sock, (struct sockaddr *) &addr, &len);
+ if (rc < 0) {
+ perror("FAIL - getsockname");
+ exit(1);
+ }
+ if (len > sizeof(addr)) {
+ perror("FAIL - getsockname: address too long");
+ exit(1);
+ }
+ addr.sun_path[0] = '@';
+ sun_path = addr.sun_path;
+ }
}
rc = get_sock_io_timeo(sock);
diff --git a/tests/regression/apparmor/unix_socket.inc b/tests/regression/apparmor/unix_socket.inc
index cd38e88495a92795dedfac0822f1679554472a7f..a8bacb667e3281a65c28150923b0c3a871bef023 100644
--- a/tests/regression/apparmor/unix_socket.inc
+++ b/tests/regression/apparmor/unix_socket.inc
@@ -18,7 +18,7 @@ message=4a0c83d87aaa7afa2baab5df3ee4df630f0046d5bfb7a3080c550b721f401b3b\
do_test()
{
- local addr_type="$1" # abstract or unnamed
+ local addr_type="$1" # abstract, auto or unnamed
local test_prog="$2" # server or client
local l_u_access="$3" # optional local unbound perms
local l_b_access="$4" # local bound perms
diff --git a/tests/regression/apparmor/unix_socket_autobind.sh b/tests/regression/apparmor/unix_socket_autobind.sh
new file mode 100644
index 0000000000000000000000000000000000000000..3a183d7534298f4ead52f456163e4b10092106be
--- /dev/null
+++ b/tests/regression/apparmor/unix_socket_autobind.sh
@@ -0,0 +1,128 @@
+#! /bin/bash
+#
+# Copyright (C) 2014 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, contact Canonical Ltd.
+
+#=NAME unix_socket_autobind abstract sockets
+#=DESCRIPTION
+# This tests access to autobinding abstract unix domain sockets. The
+# server opens a socket, forks a client with it's own profile, passes
+# an fd across exec, sends a message to the client over the socket, and
+# sees what happens.
+#=END
+#
+# TODO: peer_addr auto, just generates a pattern it would be better if we
+# could extract the bound socket name and pass that in to the profile
+# generation
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+. $bin/unix_socket.inc
+requires_kernel_features policy/versions/v7
+requires_kernel_features network/af_unix
+requires_parser_support "unix,"
+
+settest unix_socket
+
+addr=auto
+#TODO: replace client_addr pattern with actual autobound address
+client_addr=@[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].client
+
+# Test autobind stream server and client
+do_test "autobind" \
+ "server" \
+ "create,setopt" \
+ "bind,listen,getopt,shutdown,getattr" \
+ stream \
+ "$addr" \
+ "accept,read,write" \
+ "unconfined" \
+ "" \
+ dgram \
+ "@autoXXX" \
+ "${test}XXX" \
+ ""
+do_test "autobind" \
+ "client" \
+ "" \
+ "create,getopt,setopt,getattr" \
+ stream \
+ "" \
+ "connect,write,read" \
+ "$test" \
+ "$addr" \
+ seqpacket \
+ "" \
+ "${test}XXX" \
+ "@autoXXX"
+
+# Test autobind dgram server and client
+do_test "autobind" \
+ "server" \
+ "create,setopt" \
+ "bind,getopt,shutdown,getattr" \
+ dgram \
+ "$addr" \
+ "read,write" \
+ "unconfined" \
+ "$client_addr" \
+ seqpacket \
+ "@autoXXX" \
+ "${test}XXX" \
+ "${client_addr}XXX"
+do_test "autobind" \
+ "client" \
+ "create,setopt,getattr" \
+ "bind,getopt,getattr" \
+ dgram \
+ "$client_addr" \
+ "write,read" \
+ "$test" \
+ "$addr" \
+ stream \
+ "${client_addr}XXX" \
+ "${test}XXX" \
+ "@autoXXX"
+
+# Test autobind seqpacket server and client
+do_test "autobind" \
+ "server" \
+ "create,setopt" \
+ "bind,listen,getopt,shutdown,getattr" \
+ seqpacket \
+ "$addr" \
+ "accept,read,write" \
+ "unconfined" \
+ "" \
+ stream \
+ "@autoXXX" \
+ "${test}XXX" \
+ ""
+do_test "autobind" \
+ "client" \
+ "" \
+ "create,getopt,setopt,getattr" \
+ seqpacket \
+ "" \
+ "connect,write,read" \
+ "$test" \
+ "$addr" \
+ dgram \
+ "" \
+ "${test}XXX" \
+ "@autoXXX"
diff --git a/tests/regression/apparmor/unix_socket_client.c b/tests/regression/apparmor/unix_socket_client.c
index 7619aaf0d30c4f0ec8b0695e3dfe1342655ede2e..33423ca1aeff567f1c758602775f1ac0dbd1b715 100644
--- a/tests/regression/apparmor/unix_socket_client.c
+++ b/tests/regression/apparmor/unix_socket_client.c
@@ -44,7 +44,9 @@ static int connection_based_messaging(int sock, struct sockaddr_un *peer_addr,
if (peer_addr) {
rc = connect(sock, (struct sockaddr *)peer_addr, peer_addr_len);
if (rc < 0) {
- perror("FAIL CLIENT - connect");
+ if (peer_addr_len > 0 && peer_addr->sun_path[0] == 0)
+ peer_addr->sun_path[0] = '@';
+ fprintf(stderr, "FAIL CLIENT - connect '%s'(%d): %m", peer_addr->sun_path, peer_addr_len);
exit(1);
}
}
diff --git a/tests/regression/apparmor/xattrs_profile.c b/tests/regression/apparmor/xattrs_profile.c
new file mode 100644
index 0000000000000000000000000000000000000000..e364ae9b12bef0b7965da35439921d86a50713ea
--- /dev/null
+++ b/tests/regression/apparmor/xattrs_profile.c
@@ -0,0 +1,63 @@
+#include <sys/types.h>
+
+/*
+ * Copyright (C) 2018 Canonical, Ltd.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, version 2 of the
+ * License.
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+/*
+ * NAME xattr_profile
+ * DESCRIPTION this test asserts that it's running under a specific apparmor
+ * profile
+ */
+int main(int argc, char *argv[])
+{
+ FILE *fd;
+ ssize_t n;
+ size_t len = 0;
+ char *line;
+ char *token;
+ const char *path = "/proc/self/attr/current";
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: %s apparmor-profile\n", argv[0]);
+ return 1;
+ }
+
+ fd = fopen(path, "r");
+ if (fd == NULL) {
+ fprintf(stderr, "failed to open %s: %s", path, strerror(errno));
+ return 1;
+ }
+
+ if ((n = getline(&line, &len, fd)) == -1) {
+ fprintf(stderr, "failed to read %s: %s", path, strerror(errno));
+ fclose(fd);
+ return 1;
+ }
+ fclose(fd);
+ if ((token = strsep(&line, "\n")) != NULL) {
+ line = token;
+ }
+
+ // Get name of profile without "(complain)" or similar suffix
+ if ((token = strsep(&line, " ")) != NULL) {
+ line = token;
+ }
+
+ if (strcmp(line, argv[1])) {
+ printf("FAILED: run as profile %s, expected %s\n",
+ line, argv[1]);
+ return 1;
+ }
+
+ printf("PASS\n");
+ return 0;
+}
diff --git a/tests/regression/apparmor/xattrs_profile.sh b/tests/regression/apparmor/xattrs_profile.sh
new file mode 100755
index 0000000000000000000000000000000000000000..41116ad15c15e9f18bbf117011744b9cb0fc42f9
--- /dev/null
+++ b/tests/regression/apparmor/xattrs_profile.sh
@@ -0,0 +1,196 @@
+#! /bin/bash
+# Copyright (C) 2018 Canonical, Ltd.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation, version 2 of the
+# License.
+
+#=NAME xattrs_profile
+#=DESCRIPTION
+# This test verifies that profiles using xattr matching match correctly.
+#=END
+
+pwd=`dirname $0`
+pwd=`cd $pwd ; /bin/pwd`
+
+bin=$pwd
+
+. $bin/prologue.inc
+
+file="$bin/xattrs_profile"
+
+requires_kernel_features domain/attach_conditions/xattr
+requires_kernel_features policy/outofband
+
+# Clean up existing xattrs
+clean_xattr()
+{
+ setfattr --remove=user.foo $file 2> /dev/null || true
+ setfattr --remove=user.bar $file 2> /dev/null || true
+ setfattr --remove=user.spam $file 2> /dev/null || true
+}
+
+set_xattr()
+{
+ setfattr --name="$1" --value="$2" $file
+}
+
+clean_xattr
+
+# Test basic basic xattr
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ "xattr:user.bar:bye" \
+ --nowarn
+
+runchecktest "Path with no xattrs 1" pass unconfined
+set_xattr "user.foo" "hello"
+runchecktest "Path only matching one xattr" pass unconfined
+set_xattr "user.bar" "hello"
+runchecktest "Path not matching xattr value" pass unconfined
+set_xattr "user.bar" "bye"
+runchecktest "Path matching xattrs value" pass profile_1
+set_xattr "user.spam" "hello"
+runchecktest "Path matching xattrs value with additional xattr" pass profile_1
+
+clean_xattr
+
+# Test basic xattrs with wildcards
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$bin/xattrs_profile" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello/*" \
+ "xattr:user.bar:*"
+
+runchecktest "Path with no xattrs 2" pass unconfined
+set_xattr "user.foo" "hello"
+runchecktest "Path not matching xattr regexs" pass unconfined
+set_xattr "user.bar" "hello"
+runchecktest "Path matching one xattr regex" pass unconfined
+set_xattr "user.foo" "hello/foo"
+runchecktest "Path matching xattrs regex" pass profile_1
+set_xattr "user.spam" "bye"
+runchecktest "Path matching xattrs regex with additional xattr" pass profile_1
+
+clean_xattr
+
+# Test that longer paths have higher priority than xattrs
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$bin/*" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ -- \
+ "image=profile_2" \
+ "addimage:$file" \
+ "path:$bin/xattrs_profile" \
+ "/proc/*/attr/current:r"
+
+runchecktest "Path with no xattrs 3" pass profile_2
+set_xattr "user.foo" "hello"
+runchecktest "Path more specific than xattr profile" pass profile_2
+
+clean_xattr
+
+# Test that longer paths with xattrs have higher priority than shorter paths
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ -- \
+ "image=profile_2" \
+ "addimage:$file" \
+ "path:$bin/xattrs_*" \
+ "/proc/*/attr/current:r"
+
+runchecktest "Path with no xattrs 4" pass profile_2
+set_xattr "user.foo" "hello"
+runchecktest "Path with xattrs longer" pass profile_1
+
+clean_xattr
+
+# Test that xattrs break path length ties
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ -- \
+ "image=profile_2" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r"
+
+runchecktest "Path with no xattrs 5" pass profile_2
+set_xattr "user.foo" "hello"
+runchecktest "Profiles with xattrs and same path length" pass profile_1
+
+clean_xattr
+
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:**" \
+
+runchecktest "Path with no xattrs 6" pass unconfined
+set_xattr "user.foo" "ab"
+runchecktest "matches value" pass profile_1
+set_xattr "user.foo" "0x610062" # "a\0b"
+runchecktest "xattr values with null characters work 6" pass profile_1
+
+clean_xattr
+
+# All test cases below this use an xattr key without specified value
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo" \
+
+runchecktest "Path with no xattrs 7" pass unconfined
+set_xattr "user.foo" "ab"
+runchecktest "matches value" pass profile_1
+set_xattr "user.foo" "0x610062" # "a\0b"
+runchecktest "xattr values with null characters work " pass profile_1
+
+clean_xattr
+
+# Test that xattr keys contribute to the priority of a profile
+
+genprofile "image=profile_1" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ "xattr:user.bar:bye" \
+ -- \
+ "image=profile_2" \
+ "addimage:$file" \
+ "path:$file" \
+ "/proc/*/attr/current:r" \
+ "xattr:user.foo:hello" \
+ "xattr:user.bar" \
+ "xattr:user.spam"
+
+runchecktest "Path with no xattrs 8" pass unconfined
+set_xattr "user.foo" "hello"
+set_xattr "user.bar" "bye"
+runchecktest "matches value" pass profile_1
+set_xattr "user.spam" "spam"
+runchecktest "matches more xattrs in profile_2" pass profile_2
+
+clean_xattr
diff --git a/tests/stress/Makefile b/tests/stress/Makefile
index e7bef13df5781e18fde718589ab93d84def52f08..fb756f20f9458f1583018d013871f58cb91c17d6 100644
--- a/tests/stress/Makefile
+++ b/tests/stress/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS=subdomain
+SUBDIRS=apparmor
.PHONY: clean
clean:
diff --git a/tests/stress/subdomain/Makefile b/tests/stress/apparmor/Makefile
similarity index 100%
rename from tests/stress/subdomain/Makefile
rename to tests/stress/apparmor/Makefile
diff --git a/tests/stress/subdomain/change_hat.c b/tests/stress/apparmor/change_hat.c
similarity index 100%
rename from tests/stress/subdomain/change_hat.c
rename to tests/stress/apparmor/change_hat.c
diff --git a/tests/stress/subdomain/change_hat.profile.pre b/tests/stress/apparmor/change_hat.profile.pre
similarity index 100%
rename from tests/stress/subdomain/change_hat.profile.pre
rename to tests/stress/apparmor/change_hat.profile.pre
diff --git a/tests/stress/subdomain/child.c b/tests/stress/apparmor/child.c
similarity index 100%
rename from tests/stress/subdomain/child.c
rename to tests/stress/apparmor/child.c
diff --git a/tests/stress/subdomain/child.profile.pre b/tests/stress/apparmor/child.profile.pre
similarity index 100%
rename from tests/stress/subdomain/child.profile.pre
rename to tests/stress/apparmor/child.profile.pre
diff --git a/tests/stress/subdomain/kill.sh b/tests/stress/apparmor/kill.sh
similarity index 100%
rename from tests/stress/subdomain/kill.sh
rename to tests/stress/apparmor/kill.sh
diff --git a/tests/stress/subdomain/open.c b/tests/stress/apparmor/open.c
similarity index 100%
rename from tests/stress/subdomain/open.c
rename to tests/stress/apparmor/open.c
diff --git a/tests/stress/subdomain/open.profile.pre b/tests/stress/apparmor/open.profile.pre
similarity index 100%
rename from tests/stress/subdomain/open.profile.pre
rename to tests/stress/apparmor/open.profile.pre
diff --git a/tests/stress/subdomain/s-2.4.20.sh b/tests/stress/apparmor/s-2.4.20.sh
similarity index 100%
rename from tests/stress/subdomain/s-2.4.20.sh
rename to tests/stress/apparmor/s-2.4.20.sh
diff --git a/tests/stress/subdomain/s.sh b/tests/stress/apparmor/s.sh
similarity index 100%
rename from tests/stress/subdomain/s.sh
rename to tests/stress/apparmor/s.sh
diff --git a/tests/stress/subdomain/sh.profile.pre b/tests/stress/apparmor/sh.profile.pre
similarity index 100%
rename from tests/stress/subdomain/sh.profile.pre
rename to tests/stress/apparmor/sh.profile.pre
diff --git a/tests/stress/subdomain/stress.sh b/tests/stress/apparmor/stress.sh
similarity index 100%
rename from tests/stress/subdomain/stress.sh
rename to tests/stress/apparmor/stress.sh
diff --git a/tests/stress/subdomain/stress.sh-2.4.20 b/tests/stress/apparmor/stress.sh-2.4.20
similarity index 100%
rename from tests/stress/subdomain/stress.sh-2.4.20
rename to tests/stress/apparmor/stress.sh-2.4.20
diff --git a/tests/stress/subdomain/uservars.inc b/tests/stress/apparmor/uservars.inc
similarity index 100%
rename from tests/stress/subdomain/uservars.inc
rename to tests/stress/apparmor/uservars.inc
diff --git a/utils/Makefile b/utils/Makefile
index 5807c2cb81b610faf8e6a1f352bfefd1d094a46a..91a15107b2257e4d014e90e55d9afbb4c740cb11 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -20,16 +20,17 @@ COMMONDIR=../common/
include $(COMMONDIR)/Make.rules
-PERLTOOLS = aa-notify
PYTOOLS = aa-easyprof aa-genprof aa-logprof aa-cleanprof aa-mergeprof \
aa-autodep aa-audit aa-complain aa-enforce aa-disable \
- aa-status aa-unconfined
-TOOLS = ${PERLTOOLS} ${PYTOOLS} aa-decode aa-remove-unknown
+ aa-notify aa-unconfined
+TOOLS = ${PYTOOLS} aa-decode aa-remove-unknown
PYSETUP = python-tools-setup.py
PYMODULES = $(wildcard apparmor/*.py apparmor/rule/*.py)
MANPAGES = ${TOOLS:=.8} logprof.conf.5
+PYFLAKES ?= pyflakes3
+
all: docs
$(MAKE) -C po all
$(MAKE) -C vim all
@@ -43,7 +44,6 @@ BINDIR=${DESTDIR}/usr/sbin
CONFDIR=${DESTDIR}/etc/apparmor
PYPREFIX=/usr
-PYFLAKES=pyflakes
po/${NAME}.pot: ${TOOLS} ${PYMODULES}
$(MAKE) -C po ${NAME}.pot NAME=${NAME} SOURCES="${TOOLS} ${PYMODULES}"
@@ -53,13 +53,11 @@ install: ${MANPAGES} ${HTMLMANPAGES}
install -d ${CONFDIR}
install -m 644 logprof.conf severity.db notify.conf ${CONFDIR}
install -d ${BINDIR}
- ln -sf aa-status ${BINDIR}/apparmor_status
# aa-easyprof is installed by python-tools-setup.py
install -m 755 $(filter-out aa-easyprof, ${TOOLS}) ${BINDIR}
$(MAKE) -C po install DESTDIR=${DESTDIR} NAME=${NAME}
$(MAKE) install_manpages DESTDIR=${DESTDIR}
$(MAKE) -C vim install DESTDIR=${DESTDIR}
- ln -sf aa-status.8 ${DESTDIR}/${MANDIR}/man8/apparmor_status.8
${PYTHON} ${PYSETUP} install --prefix=${PYPREFIX} --root=${DESTDIR} --version=${VERSION}
.PHONY: clean
@@ -74,6 +72,7 @@ clean: pod_clean
rm -rf staging/ build/
rm -f apparmor/*.pyc apparmor/rule/*.pyc
rm -rf apparmor/__pycache__/ apparmor/rule/__pycache__/
+ rm -rf apparmor.egg-info/
# ${CAPABILITIES} is defined in common/Make.rules
.PHONY: check_severity_db
@@ -89,15 +88,17 @@ check_severity_db: /usr/include/linux/capability.h severity.db
test "$$RC" -eq 0
# check_pod_files is defined in common/Make.rules
-.PHONY: check
-.SILENT: check
-check: check_severity_db check_pod_files
- for i in ${PERLTOOLS} ; do \
- perl -c $$i || exit 1; \
- done
+.PHONY: check_lint
+.SILENT: check_lint
+check_lint:
for i in ${PYTOOLS} apparmor test/*.py; do \
echo Checking $$i; \
$(PYFLAKES) $$i || exit 1; \
done
+
+# check_pod_files is defined in common/Make.rules
+.PHONY: check
+.SILENT: check
+check: check_severity_db check_pod_files check_lint
$(MAKE) -C test check
$(MAKE) -C vim check
diff --git a/utils/aa-audit.8 b/utils/aa-audit.8
index 3d0dab9f4bf00ec1372174f29d64b0f812f32d8a..c7981fc252e062efc7ad830696f1e0a5d846d131 100644
--- a/utils/aa-audit.8
+++ b/utils/aa-audit.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-AUDIT 8"
-.TH AA-AUDIT 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-AUDIT 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,8 +169,8 @@ The \fI\-\-remove\fR option can be used to remove the audit mode for the profile
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-audit.8.html b/utils/aa-audit.8.html
index 519046f1bb00b74418e1fa7379f071ae7200ba50..cde341a9c7324a344d824be7e6bdff86e98e5ed9 100644
--- a/utils/aa-audit.8.html
+++ b/utils/aa-audit.8.html
@@ -38,14 +38,14 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
<p><b>-r --remove</b></p>
-<pre><code> Removes the audit mode for the profile.</code></pre>
+<pre><code>Removes the audit mode for the profile.</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -55,7 +55,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
diff --git a/utils/aa-audit.pod b/utils/aa-audit.pod
index 59f15bc453df60b467f2a3ec7714c369024a617c..0592385b5454225c0109ce2609bf35d82bd02b5a 100644
--- a/utils/aa-audit.pod
+++ b/utils/aa-audit.pod
@@ -32,7 +32,7 @@ The I<--remove> option can be used to remove the audit mode for the profile.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-autodep.8 b/utils/aa-autodep.8
index aa9fe81176cbbef09257032c230e87e520b5a174..58db599c237b2d10fab9e8e419ed73d212bb725f 100644
--- a/utils/aa-autodep.8
+++ b/utils/aa-autodep.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-AUTODEP 8"
-.TH AA-AUTODEP 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-AUTODEP 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,7 +164,7 @@ executables. This program will generate a profile for binary executable
as well as interpreted script programs. At a minimum aa-autodep will provide
a base profile containing a base include directive which includes basic
profile entries needed by most programs. The profile is generated by
-recursively calling \fIldd\fR\|(1) on the executables listed on the command line.
+recursively calling \fBldd\fR\|(1) on the executables listed on the command line.
.PP
The \fI\-\-force\fR option will overwrite any existing profile for the executable with
the newly generated minimal AppArmor profile.
@@ -169,8 +173,8 @@ the newly generated minimal AppArmor profile.
This program does not perform full static analysis of executables, so
the profiles generated are necessarily incomplete. If you find any bugs,
please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-complain\fR\|(1), \fIaa\-enforce\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-complain\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-autodep.8.html b/utils/aa-autodep.8.html
index 6bec55f1380435d15f5fedb994303d10454d5d14..6eb1b41de8c0666d8ef019fe8b97aceed36c1d64 100644
--- a/utils/aa-autodep.8.html
+++ b/utils/aa-autodep.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-autodep - guess basic AppArmor profile requirements</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-autodep - guess basic AppArmor profile requirements</span></strong></big>
</td></tr>
</table>
@@ -38,12 +38,12 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>-f --force</b></p>
-<pre><code> Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.</code></pre>
+<pre><code>Overwrites any existing AppArmor profile for the executable with the generated minimal AppArmor profile.</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -53,7 +53,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>This program does not perform full static analysis of executables, so the profiles generated are necessarily incomplete. If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>This program does not perform full static analysis of executables, so the profiles generated are necessarily incomplete. If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -61,7 +61,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-autodep - guess basic AppArmor profile requirements</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-autodep.pod b/utils/aa-autodep.pod
index 25339e0c4a5bb0b465e7eaf2feb021841ac9034c..109eba2660ca3acfb7b79f91eb91347efb464db1 100644
--- a/utils/aa-autodep.pod
+++ b/utils/aa-autodep.pod
@@ -56,7 +56,7 @@ the newly generated minimal AppArmor profile.
This program does not perform full static analysis of executables, so
the profiles generated are necessarily incomplete. If you find any bugs,
please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-cleanprof.8 b/utils/aa-cleanprof.8
index 73dc1e5ffe7b059fa5eb64c8b2d6723a75a71582..8ad47f2d11896cee90ebce9c72a8ff5642b9d90e 100644
--- a/utils/aa-cleanprof.8
+++ b/utils/aa-cleanprof.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-CLEANPROF 8"
-.TH AA-CLEANPROF 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-CLEANPROF 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,8 +169,8 @@ together and removes all comments from the file.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-cleanprof.8.html b/utils/aa-cleanprof.8.html
index bd2e545fa0764a4c920d761d09914418be43f6a4..27f6f328ff2bf520e4c6e923125f99837f7216ca 100644
--- a/utils/aa-cleanprof.8.html
+++ b/utils/aa-cleanprof.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-cleanprof - clean an existing AppArmor security profile.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-cleanprof - clean an existing AppArmor security profile.</span></strong></big>
</td></tr>
</table>
@@ -38,14 +38,14 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
<p><b>-s --silent</b></p>
-<pre><code> Silently overwrites the profile without user prompt.</code></pre>
+<pre><code>Silently overwrites the profile without user prompt.</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -53,7 +53,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -61,7 +61,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-cleanprof - clean an existing AppArmor security profile.</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-cleanprof.pod b/utils/aa-cleanprof.pod
index 15f5bd191db92fc6e39c6d83a46ffe0b4cc6424c..5bfa4aba87b4f041070cba27660205e00a4f5c44 100644
--- a/utils/aa-cleanprof.pod
+++ b/utils/aa-cleanprof.pod
@@ -32,7 +32,7 @@ together and removes all comments from the file.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-complain.8 b/utils/aa-complain.8
index 6d96a94a38369c971e0e47c04c309fc3282a3e97..4e51518539e1b53d0a93d186528020d0600ee053 100644
--- a/utils/aa-complain.8
+++ b/utils/aa-complain.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-COMPLAIN 8"
-.TH AA-COMPLAIN 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-COMPLAIN 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,8 +164,8 @@ Note that 'deny' rules will be enforced even in complain mode.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-complain.8.html b/utils/aa-complain.8.html
index 1e70c5621884ab9f25287edc6274e6bd4375bc93..d255af91c6e56cba35ee965794ce34153f06773d 100644
--- a/utils/aa-complain.8.html
+++ b/utils/aa-complain.8.html
@@ -38,8 +38,8 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
@@ -51,7 +51,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
diff --git a/utils/aa-complain.pod b/utils/aa-complain.pod
index ed61fff6c88799208a7771c38af80b9e9ba49a22..5fc1a3aeaf0e39ddbace2cdfe125feced79aed04 100644
--- a/utils/aa-complain.pod
+++ b/utils/aa-complain.pod
@@ -49,7 +49,7 @@ Note that 'deny' rules will be enforced even in complain mode.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-decode b/utils/aa-decode
index 14cc151b7fdbbeaa99a63ac97fd8307326c55b66..16f23b55b3739764b1bef94ee8b8389f72645340 100755
--- a/utils/aa-decode
+++ b/utils/aa-decode
@@ -37,8 +37,12 @@ EOM
}
decode() {
- decoded=`perl -le "\\$s = uc('$1') ; if (\\$s =~ /^[0-9A-F]*$/) { print pack 'H*', \\$s; }"`
- echo "$decoded"
+ if echo "$1" | egrep -q "^[0-9A-Fa-f]+$" ; then
+ python3 -c "import binascii; print(bytes.decode(binascii.unhexlify('$1'), errors='strict'));"
+ else
+ echo ""
+ fi
+
}
if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
@@ -92,4 +96,3 @@ while read line ; do
echo "$line"
done
-
diff --git a/utils/aa-decode.8 b/utils/aa-decode.8
index 2cfbde91f04dc28b71ae1d53228f5c8c8ad65d93..626d7616da580082dd6db430150b4cf5aa1886d2 100644
--- a/utils/aa-decode.8
+++ b/utils/aa-decode.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-DECODE 8"
-.TH AA-DECODE 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-DECODE 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,8 +165,8 @@ displays a short usage statement.
.Ve
.SH "BUGS"
.IX Header "BUGS"
-None. Please report any you find to Launchpad at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+None. Please report any you find to gitlab at
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7)
+\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-decode.8.html b/utils/aa-decode.8.html
index 73252958d0896c2a56c582a0c4ef6141a0228e95..28f3fd84cce31a76cee526d7296ddf0b4499eb70 100644
--- a/utils/aa-decode.8.html
+++ b/utils/aa-decode.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-decode - decode hex-encoded in AppArmor log files</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-decode - decode hex-encoded in AppArmor log files</span></strong></big>
</td></tr>
</table>
@@ -53,15 +53,15 @@
<h1 id="EXAMPLES">EXAMPLES</h1>
-<pre><code> $ aa-decode 2F746D702F666F6F20626172
- Decoded: /tmp/foo bar
+<pre><code>$ aa-decode 2F746D702F666F6F20626172
+Decoded: /tmp/foo bar
- $ cat /var/log/kern.log | aa-decode
- ... denied_mask="r::" fsuid=1000 ouid=1000 name=/tmp/foo bar</code></pre>
+$ cat /var/log/kern.log | aa-decode
+... denied_mask="r::" fsuid=1000 ouid=1000 name=/tmp/foo bar</code></pre>
<h1 id="BUGS">BUGS</h1>
-<p>None. Please report any you find to Launchpad at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>None. Please report any you find to gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -69,7 +69,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-decode - decode hex-encoded in AppArmor log files</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-decode.pod b/utils/aa-decode.pod
index 178ca5c4c338dfbe65d2ad24f17c0bd3d692724a..1857090d1aec6f50abce442247192a8ce3af54ac 100644
--- a/utils/aa-decode.pod
+++ b/utils/aa-decode.pod
@@ -35,8 +35,8 @@ displays a short usage statement.
=head1 BUGS
-None. Please report any you find to Launchpad at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+None. Please report any you find to gitlab at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-disable.8 b/utils/aa-disable.8
index 8a4266869dd8ecde2a7bb0db80174fbe47db5a6c..4d6943b66f1db7abadc8443221da8c7de607efdd 100644
--- a/utils/aa-disable.8
+++ b/utils/aa-disable.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-DISABLE 8"
-.TH AA-DISABLE 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-DISABLE 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,8 +164,8 @@ this behavior.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-disable.8.html b/utils/aa-disable.8.html
index 507310af03b99864731dff45aeb6f7471b00681b..08a02803c83e33e682bdb462565d9758063ed32c 100644
--- a/utils/aa-disable.8.html
+++ b/utils/aa-disable.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-disable - disable an AppArmor security profile</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-disable - disable an AppArmor security profile</span></strong></big>
</td></tr>
</table>
@@ -38,8 +38,8 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>--no-reload</b> Do not unreload the profile after modifying it.</p>
@@ -49,7 +49,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -57,7 +57,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-disable - disable an AppArmor security profile</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-disable.pod b/utils/aa-disable.pod
index c52664fa3569b371cb952bae40783976741c7088..9f6f633aa9ccdd3fd21d0c8fa8e550bf5e1bdab5 100644
--- a/utils/aa-disable.pod
+++ b/utils/aa-disable.pod
@@ -49,7 +49,7 @@ this behavior.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-easyprof.8 b/utils/aa-easyprof.8
index a826741f86b34404a990c28a60e7c8383b1e2cf6..ffa41d53c74a0fbdbdbadf3ff416ca4e18aa4c1d 100644
--- a/utils/aa-easyprof.8
+++ b/utils/aa-easyprof.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-EASYPROF 8"
-.TH AA-EASYPROF 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-EASYPROF 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,15 +177,15 @@ locate the path starting with /sbin/apparmor_parser.
Specify \s-1ABSTRACTIONS\s0 as a comma-separated list of AppArmor abstractions. It is
usually recommended you use policy groups instead, but this is provided as a
convenience. AppArmor abstractions are located in /etc/apparmor.d/abstractions.
-See \fIapparmor.d\fR\|(5) for details.
+See \fBapparmor.d\fR\|(5) for details.
.IP "\-b \s-1PATH,\s0 \-\-base=PATH" 4
.IX Item "-b PATH, --base=PATH"
Set the base \s-1PATH\s0 for resolving abstractions specified by \-\-abstractions.
-See the same option in \fIapparmor_parser\fR\|(8) for details.
+See the same option in \fBapparmor_parser\fR\|(8) for details.
.IP "\-I \s-1PATH,\s0 \-\-Include=PATH" 4
.IX Item "-I PATH, --Include=PATH"
Add \s-1PATH\s0 to the search paths used for resolving abstractions specified by
-\&\-\-abstractions. See the same option in \fIapparmor_parser\fR\|(8) for details.
+\&\-\-abstractions. See the same option in \fBapparmor_parser\fR\|(8) for details.
.IP "\-r \s-1PATH,\s0 \-\-read\-path=PATH" 4
.IX Item "-r PATH, --read-path=PATH"
Specify a \s-1PATH\s0 to allow owner reads. May be specified multiple times. If the
@@ -405,8 +409,8 @@ To output a manifest file based on aa-easyprof arguments:
.Ve
.SH "BUGS"
.IX Header "BUGS"
-If you find any additional bugs, please report them to Launchpad at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any additional bugs, please report them to GitLab at
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7) \fIapparmor.d\fR\|(5)
+\&\fBapparmor\fR\|(7) \fBapparmor.d\fR\|(5)
diff --git a/utils/aa-easyprof.8.html b/utils/aa-easyprof.8.html
index 146b58ab771d14e7b395e4f23ee556b2ae529cee..ce10b09b261bd784ef5d471cb70d55bf9880fdfb 100644
--- a/utils/aa-easyprof.8.html
+++ b/utils/aa-easyprof.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-easyprof - AppArmor profile generation made easy.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-easyprof - AppArmor profile generation made easy.</span></strong></big>
</td></tr>
</table>
@@ -164,10 +164,10 @@
<p>Must be used with --policy-vendor and is used to specify the version of policy groups and templates. When specified, <b>aa-easyprof</b> looks for the subdirectory VENDOR/VERSION within the policy-groups and templates directory. The specified version must be a positive decimal number compatible with the JSON Number type. Eg, when using:</p>
-<pre><code> $ aa-easyprof --templates-dir=/usr/share/apparmor/easyprof/templates \
- --policy-groups-dir=/usr/share/apparmor/easyprof/policygroups \
- --policy-vendor="foo" \
- --policy-version=1.0</code></pre>
+<pre><code>$ aa-easyprof --templates-dir=/usr/share/apparmor/easyprof/templates \
+ --policy-groups-dir=/usr/share/apparmor/easyprof/policygroups \
+ --policy-vendor="foo" \
+ --policy-version=1.0</code></pre>
<p>Then /usr/share/apparmor/easyprof/templates/foo/1.0 will be searched for templates and /usr/share/apparmor/easyprof/policygroups/foo/1.0 for policy groups.</p>
@@ -201,80 +201,80 @@
<p><b>aa-easyprof</b> also supports using a JSON manifest file for specifying options related to policy. Unlike command line arguments, the JSON file may specify multiple profiles. The structure of the JSON is:</p>
-<pre><code> {
- "security": {
- "profiles": {
- "<profile name 1>": {
- ... attributes specific to this profile ...
- },
- "<profile name 2>": {
- ...
- }
+<pre><code>{
+ "security": {
+ "profiles": {
+ "<profile name 1>": {
+ ... attributes specific to this profile ...
+ },
+ "<profile name 2>": {
+ ...
}
}
- }</code></pre>
+ }
+}</code></pre>
<p>Each profile JSON object (ie, everything under a profile name) may specify any fields related to policy. The "security" JSON container object is optional and may be omitted. An example manifest file demonstrating all fields is:</p>
-<pre><code> {
- "security": {
- "profiles": {
- "com.example.foo": {
- "abstractions": [
- "audio",
- "gnome"
- ],
- "author": "Your Name",
- "binary": "/opt/foo/**",
- "comment": "Unstructured single-line comment",
- "copyright": "Unstructured single-line copyright statement",
- "name": "My Foo App",
- "policy_groups": [
- "networking",
- "user-application"
- ],
- "policy_vendor": "somevendor",
- "policy_version": 1.0,
- "read_path": [
- "/tmp/foo_r",
- "/tmp/bar_r/"
- ],
- "template": "user-application",
- "template_variables": {
- "APPNAME": "foo",
- "VAR1": "bar",
- "VAR2": "baz"
- },
- "write_path": [
- "/tmp/foo_w",
- "/tmp/bar_w/"
- ]
- }
+<pre><code>{
+ "security": {
+ "profiles": {
+ "com.example.foo": {
+ "abstractions": [
+ "audio",
+ "gnome"
+ ],
+ "author": "Your Name",
+ "binary": "/opt/foo/**",
+ "comment": "Unstructured single-line comment",
+ "copyright": "Unstructured single-line copyright statement",
+ "name": "My Foo App",
+ "policy_groups": [
+ "networking",
+ "user-application"
+ ],
+ "policy_vendor": "somevendor",
+ "policy_version": 1.0,
+ "read_path": [
+ "/tmp/foo_r",
+ "/tmp/bar_r/"
+ ],
+ "template": "user-application",
+ "template_variables": {
+ "APPNAME": "foo",
+ "VAR1": "bar",
+ "VAR2": "baz"
+ },
+ "write_path": [
+ "/tmp/foo_w",
+ "/tmp/bar_w/"
+ ]
}
}
- }</code></pre>
+ }
+}</code></pre>
<p>A manifest file does not have to include all the fields. Eg, a manifest file for an Ubuntu SDK application might be:</p>
-<pre><code> {
- "security": {
- "profiles": {
- "com.ubuntu.developer.myusername.MyCoolApp": {
- "policy_groups": [
- "networking",
- "online-accounts"
- ],
- "policy_vendor": "ubuntu",
- "policy_version": 1.0,
- "template": "ubuntu-sdk",
- "template_variables": {
- "APPNAME": "MyCoolApp",
- "APPVERSION": "0.1.2"
- }
+<pre><code>{
+ "security": {
+ "profiles": {
+ "com.ubuntu.developer.myusername.MyCoolApp": {
+ "policy_groups": [
+ "networking",
+ "online-accounts"
+ ],
+ "policy_vendor": "ubuntu",
+ "policy_version": 1.0,
+ "template": "ubuntu-sdk",
+ "template_variables": {
+ "APPNAME": "MyCoolApp",
+ "APPVERSION": "0.1.2"
}
}
}
- }</code></pre>
+ }
+}</code></pre>
</dd>
<dt id="verify-manifest">--verify-manifest</dt>
@@ -301,37 +301,37 @@
<p>Example usage for a program named 'foo' which is installed in /opt/foo:</p>
-<pre><code> $ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" \
- --policy-groups=opt-application,user-application \
- /opt/foo/bin/FooApp</code></pre>
+<pre><code>$ aa-easyprof --template=user-application --template-var="@{APPNAME}=foo" \
+ --policy-groups=opt-application,user-application \
+ /opt/foo/bin/FooApp</code></pre>
<p>When using a manifest file:</p>
-<pre><code> $ aa-easyprof --manifest=manifest.json</code></pre>
+<pre><code>$ aa-easyprof --manifest=manifest.json</code></pre>
<p>To output a manifest file based on aa-easyprof arguments:</p>
-<pre><code> $ aa-easyprof --output-format=json \
- --author="Your Name" \
- --comment="Unstructured single-line comment" \
- --copyright="Unstructured single-line copyright statement" \
- --name="My Foo App" \
- --profile-name="com.example.foo" \
- --template="user-application" \
- --policy-groups="user-application,networking" \
- --abstractions="audio,gnome" \
- --read-path="/tmp/foo_r" \
- --read-path="/tmp/bar_r/" \
- --write-path="/tmp/foo_w" \
- --write-path=/tmp/bar_w/ \
- --template-var="@{APPNAME}=foo" \
- --template-var="@{VAR1}=bar" \
- --template-var="@{VAR2}=baz" \
- "/opt/foo/**"</code></pre>
+<pre><code>$ aa-easyprof --output-format=json \
+ --author="Your Name" \
+ --comment="Unstructured single-line comment" \
+ --copyright="Unstructured single-line copyright statement" \
+ --name="My Foo App" \
+ --profile-name="com.example.foo" \
+ --template="user-application" \
+ --policy-groups="user-application,networking" \
+ --abstractions="audio,gnome" \
+ --read-path="/tmp/foo_r" \
+ --read-path="/tmp/bar_r/" \
+ --write-path="/tmp/foo_w" \
+ --write-path=/tmp/bar_w/ \
+ --template-var="@{APPNAME}=foo" \
+ --template-var="@{VAR1}=bar" \
+ --template-var="@{VAR2}=baz" \
+ "/opt/foo/**"</code></pre>
<h1 id="BUGS">BUGS</h1>
-<p>If you find any additional bugs, please report them to Launchpad at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any additional bugs, please report them to GitLab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -339,7 +339,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-easyprof - AppArmor profile generation made easy.</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-easyprof.pod b/utils/aa-easyprof.pod
index 56ef257b2bb3796eb60c8473b3e92871d3fc3b1f..c2fa68215c0d5f568bcc332ae6a5f05f4e02e054 100644
--- a/utils/aa-easyprof.pod
+++ b/utils/aa-easyprof.pod
@@ -314,8 +314,8 @@ To output a manifest file based on aa-easyprof arguments:
=head1 BUGS
-If you find any additional bugs, please report them to Launchpad at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any additional bugs, please report them to GitLab at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-enforce.8 b/utils/aa-enforce.8
index 041c51268df68fa3005644d1f3c8287f11093a8a..a259d538a4a2cbc6b42d2d91acc3014315d8b836 100644
--- a/utils/aa-enforce.8
+++ b/utils/aa-enforce.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-ENFORCE 8"
-.TH AA-ENFORCE 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-ENFORCE 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,8 +166,8 @@ utility must be run to change this behavior.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-complain\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-enforce.8.html b/utils/aa-enforce.8.html
index ddf878a3e4cda73da72a313b02785f13db2e8fa4..997d5775a4a2e2b81151b0f64a022865e15b0112 100644
--- a/utils/aa-enforce.8.html
+++ b/utils/aa-enforce.8.html
@@ -38,8 +38,8 @@
<p><b>-d --dir / path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>--no-reload</b> Do not reload the profile after modifying it.</p>
@@ -49,7 +49,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
diff --git a/utils/aa-enforce.pod b/utils/aa-enforce.pod
index 0fc8e5921f42c3d616fee4d89b2f35c3e664398f..f3164691d74aca169556708682decbf50e36a54e 100644
--- a/utils/aa-enforce.pod
+++ b/utils/aa-enforce.pod
@@ -51,7 +51,7 @@ utility must be run to change this behavior.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-genprof b/utils/aa-genprof
index f73879d9cc5dbbb95efd77a31122e7bf70fc2361..bf5c5ee6081f35a91dad8e028d0cd971f8b32a53 100755
--- a/utils/aa-genprof
+++ b/utils/aa-genprof
@@ -101,6 +101,8 @@ apparmor.check_qualifiers(program)
apparmor.loadincludes()
+apparmor.read_profiles(True)
+
profile_filename = apparmor.get_profile_filename_from_attachment(program, True)
if os.path.exists(profile_filename):
apparmor.helpers[program] = apparmor.get_profile_flags(profile_filename, program)
@@ -135,7 +137,6 @@ done_profiling = False
if os.path.exists('/var/log/audit/audit.log'):
syslog = False
-passno = 0
while not done_profiling:
if syslog:
logmark = subprocess.check_output(['date | md5sum'], shell=True)
@@ -154,10 +155,7 @@ while not done_profiling:
ans, arg = q.promptUser('noexit')
if ans == 'CMD_SCAN':
- lp_ret = apparmor.do_logprof_pass(logmark, passno)
- passno += 1
- if lp_ret == 'FINISHED':
- done_profiling = True
+ apparmor.do_logprof_pass(logmark)
else:
done_profiling = True
diff --git a/utils/aa-genprof.8 b/utils/aa-genprof.8
index 6218123185637bf7ef65ca31a3f03cb5f354690f..3a9f80fbf80ea9eb9f88d1ae6fe58e23730e1cc5 100644
--- a/utils/aa-genprof.8
+++ b/utils/aa-genprof.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-GENPROF 8"
-.TH AA-GENPROF 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-GENPROF 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,7 +169,7 @@ specified program is not a fully-qualified path, aa-genprof will search \f(CW$PA
in order to find the program.
.PP
If a profile does not exist for the program, aa-genprof will create one using
-\&\fIaa\-autodep\fR\|(1).
+\&\fBaa\-autodep\fR\|(1).
.PP
Genprof will then:
.PP
@@ -183,7 +187,7 @@ to add to profile and (F)inish.
.PP
If the user selects (S)can or hits return, aa-genprof will parse
the complain mode logs and iterate through generated violations
-using \fIaa\-logprof\fR\|(1).
+using \fBaa\-logprof\fR\|(1).
.PP
After the user finishes selecting profile entries based on violations
that were detected during the program execution, aa-genprof will reload
@@ -196,9 +200,9 @@ and any other profiles that were generated, into enforce mode and exit.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1), \fIaa\-disable\fR\|(1),
-\&\fIaa_change_hat\fR\|(2), \fIaa\-logprof\fR\|(1), \fIlogprof.conf\fR\|(5), and
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1), \fBaa\-disable\fR\|(1),
+\&\fBaa_change_hat\fR\|(2), \fBaa\-logprof\fR\|(1), \fBlogprof.conf\fR\|(5), and
<https://wiki.apparmor.net>.
diff --git a/utils/aa-genprof.8.html b/utils/aa-genprof.8.html
index 014e18ef0e41a1c4300621a7742d437e8dd57b6c..3c55e7070d8b5ea9fae1ed959c1af6584c691ca3 100644
--- a/utils/aa-genprof.8.html
+++ b/utils/aa-genprof.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-genprof - profile generation utility for AppArmor</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-genprof - profile generation utility for AppArmor</span></strong></big>
</td></tr>
</table>
@@ -38,17 +38,17 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>-f --file /path/to/logfile</b></p>
-<pre><code> Specifies the location of logfile.
- Default locations are read from F</etc/apparmor/logprof.conf>.
- Typical defaults are:
- /var/log/audit/audit.log
- /var/log/syslog
- /var/log/messages</code></pre>
+<pre><code>Specifies the location of logfile.
+Default locations are read from F</etc/apparmor/logprof.conf>.
+Typical defaults are:
+ /var/log/audit/audit.log
+ /var/log/syslog
+ /var/log/messages</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -58,12 +58,12 @@
<p>Genprof will then:</p>
-<pre><code> - set the profile to complain mode
+<pre><code>- set the profile to complain mode
- - write a mark to the system log
+- write a mark to the system log
- - instruct the user to start the application to
- be profiled in another window and exercise its functionality</code></pre>
+- instruct the user to start the application to
+ be profiled in another window and exercise its functionality</code></pre>
<p>It then presents the user with two options, (S)can system log for entries to add to profile and (F)inish.</p>
@@ -75,7 +75,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -83,7 +83,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-genprof - profile generation utility for AppArmor</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-genprof.pod b/utils/aa-genprof.pod
index 217f2d5715e70e77dc2bfacb80fc91b816fcee0d..3270baa303e709e2c347f1269f169ea8ec73ae03 100644
--- a/utils/aa-genprof.pod
+++ b/utils/aa-genprof.pod
@@ -81,7 +81,7 @@ and any other profiles that were generated, into enforce mode and exit.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-logprof b/utils/aa-logprof
index 53b2c3b6dae4900fbd6fd32cadb238541d6a3f7d..b56d4e6438d6f2fdf27d0f46c2b9d001cbb7e71c 100755
--- a/utils/aa-logprof
+++ b/utils/aa-logprof
@@ -47,5 +47,6 @@ if not aa_mountpoint:
apparmor.loadincludes()
+apparmor.read_profiles(True)
apparmor.do_logprof_pass(logmark)
diff --git a/utils/aa-logprof.8 b/utils/aa-logprof.8
index 06de13fb7718c71783e828eb9dcfda381c6971c9..1af78220538937d9697c74277511cad19f967600 100644
--- a/utils/aa-logprof.8
+++ b/utils/aa-logprof.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-LOGPROF 8"
-.TH AA-LOGPROF 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-LOGPROF 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -242,12 +246,12 @@ After all of the accesses have been handled, logrof will write all
updated profiles to the disk and reload them if AppArmor is running.
.SS "New Process (Execution) Events"
.IX Subsection "New Process (Execution) Events"
-If there are unhandled x accesses generated by the \fIexecve\fR\|(2) of a
+If there are unhandled x accesses generated by the \fBexecve\fR\|(2) of a
new process, aa-logprof will display the parent profile and the target
program that's being executed and prompt the user to select an execute
modifier. These modifiers will allow a choice for the target to: have it's
own profile (px), inherit the parent's profile (ix), run unconstrained
-(ux), or deny access for the target. See \fIapparmor.d\fR\|(5) for details.
+(ux), or deny access for the target. See \fBapparmor.d\fR\|(5) for details.
.PP
If there is a corresponding entry for the target in the qualifiers
section of /etc/apparmor/logprof.conf, the presented list will contain only the
@@ -267,7 +271,7 @@ The default option for this question is selected using this logic\*(--
aa-logprof will never suggest \*(L"ux\*(R" as the default.
.SS "ChangeHat Events"
.IX Subsection "ChangeHat Events"
-If unknown \fIaa_change_hat\fR\|(2) events are found, the user is prompted to add a new
+If unknown \fBaa_change_hat\fR\|(2) events are found, the user is prompted to add a new
hat, if the events should go into the default hat for this profile based
on the corresponding entry in the defaulthat section of logprof.conf,
or if the following events that run under that hat should be denied
@@ -276,13 +280,13 @@ altogether.
.IX Subsection "Capability Events"
If there are capability accesses, the user is shown each capability
access and asked if the capability should be allowed, denied, or if the
-user wants to quit. See \fIcapability\fR\|(7) for details.
+user wants to quit. See \fBcapability\fR\|(7) for details.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIklogd\fR\|(8), \fIauditd\fR\|(8), \fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa_change_hat\fR\|(2),
-\&\fIlogprof.conf\fR\|(5), \fIaa\-genprof\fR\|(1), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1),
-\&\fIaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
+\&\fBklogd\fR\|(8), \fBauditd\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2),
+\&\fBlogprof.conf\fR\|(5), \fBaa\-genprof\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
+\&\fBaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-logprof.8.html b/utils/aa-logprof.8.html
index bdfb28afb596ff287325da73cd58554c4c653a23..79fbe84c726db9d080a948d9e9a957dd09e7a4a8 100644
--- a/utils/aa-logprof.8.html
+++ b/utils/aa-logprof.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-logprof - utility for updating AppArmor security profiles</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-logprof - utility for updating AppArmor security profiles</span></strong></big>
</td></tr>
</table>
@@ -45,23 +45,23 @@
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies where to look for the AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies where to look for the AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<p><b>-f --file /path/to/logfile</b></p>
-<pre><code> Specifies the location of logfile that contains AppArmor security events.
- Default locations are read from F</etc/apparmor/logprof.conf>.
- Typical defaults are:
- /var/log/audit/audit.log
- /var/log/syslog
- /var/log/messages</code></pre>
+<pre><code>Specifies the location of logfile that contains AppArmor security events.
+ Default locations are read from F</etc/apparmor/logprof.conf>.
+ Typical defaults are:
+ /var/log/audit/audit.log
+ /var/log/syslog
+ /var/log/messages</code></pre>
<p><b> -m --logmark "mark"</b></p>
-<pre><code> aa-logprof will ignore all events in the system log before the
- specified mark is seen. If the mark contains spaces, it must
- be surrounded with quotes to work correctly.</code></pre>
+<pre><code>aa-logprof will ignore all events in the system log before the
+specified mark is seen. If the mark contains spaces, it must
+be surrounded with quotes to work correctly.</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -77,7 +77,7 @@
<p>The user is then presented with info about the access including profile, path, old mode if there was a previous entry in the profile for this path, new mode, the suggestion list, and given these options:</p>
-<pre><code> (A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit</code></pre>
+<pre><code>(A)llow, (D)eny, (I)gnore, (N)ew, (G)lob last piece, (Q)uit</code></pre>
<p>If the AppArmor profile was in complain mode when the event was generated, the default for this option is (A)llow, otherwise, it's (D)eny.</p>
@@ -115,12 +115,12 @@
<p>The default option for this question is selected using this logic--</p>
-<pre><code> # if px mode is allowed and profile exists for the target
- # px is default.
- # else if ix mode is allowed
- # ix is default
- # else
- # deny is default</code></pre>
+<pre><code># if px mode is allowed and profile exists for the target
+# px is default.
+# else if ix mode is allowed
+# ix is default
+# else
+# deny is default</code></pre>
<p>aa-logprof will never suggest "ux" as the default.</p>
@@ -134,7 +134,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -142,7 +142,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-logprof - utility for updating AppArmor security profiles</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-logprof.pod b/utils/aa-logprof.pod
index 36e9f1fb83d3147ebf8dfa7bd84e4741eabb4474..d5ef6435669f76d4d82c446a74a2e65414933b51 100644
--- a/utils/aa-logprof.pod
+++ b/utils/aa-logprof.pod
@@ -165,7 +165,7 @@ user wants to quit. See capability(7) for details.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-mergeprof b/utils/aa-mergeprof
index dfcad091d8844b2746efa304b121fbf8943564f5..4b67719eaa1a1b54fddc798f0fd49130afa6ce2f 100755
--- a/utils/aa-mergeprof
+++ b/utils/aa-mergeprof
@@ -16,13 +16,11 @@
import argparse
import apparmor.aa
-import apparmor.aamode
import apparmor.severity
import apparmor.cleanprofile as cleanprofile
import apparmor.ui as aaui
-from apparmor.regex import re_match_include
# setup exception handling
@@ -45,21 +43,13 @@ apparmor.aa.init_aa(profiledir=args.dir)
profiles = args.files
-
-def reset_aa():
- apparmor.aa.aa = apparmor.aa.hasher()
- apparmor.aa.filelist = apparmor.aa.hasher()
- apparmor.aa.include = dict()
- apparmor.aa.active_profiles = apparmor.aa.ProfileList()
- apparmor.aa.original_aa = apparmor.aa.hasher()
-
def find_profiles_from_files(files):
profile_to_filename = dict()
for file_name in files:
apparmor.aa.read_profile(file_name, True)
- for profile_name in apparmor.aa.filelist[file_name]['profiles'].keys():
+ for profile_name in apparmor.aa.active_profiles.profiles_in_file(file_name):
profile_to_filename[profile_name] = file_name
- reset_aa()
+ apparmor.aa.reset_aa()
return profile_to_filename
@@ -70,7 +60,7 @@ def find_files_from_profiles(profiles):
for profile_name in profiles:
profile_to_filename[profile_name] = apparmor.aa.get_profile_filename_from_profile_name(profile_name, True)
- reset_aa()
+ apparmor.aa.reset_aa()
return profile_to_filename
@@ -86,55 +76,27 @@ def main():
user_file = user_profile_to_file[profile_name]
base_file = base_profile_to_file.get(profile_name, None)
- act([user_file, base_file], profile_name)
+ act(user_file, base_file, profile_name)
- reset_aa()
+ apparmor.aa.reset_aa()
-def act(files, merging_profile):
- mergeprofiles = Merge(files)
+def act(user_file, base_file, merging_profile):
+ mergeprofiles = Merge(user_file, base_file)
#Get rid of common/superfluous stuff
mergeprofiles.clear_common()
-# if not args.auto:
- if 1 == 1: # workaround to avoid lots of whitespace changes
- mergeprofiles.ask_merge_questions()
-
- q = aaui.PromptQuestion()
- q.title = _('Changed Local Profiles')
- q.explanation = _('The following local profiles were changed. Would you like to save them?')
- q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY']
- q.default = 'CMD_VIEW_CHANGES'
- q.options = [merging_profile]
- q.selected = 0
-
- ans = ''
- arg = None
- programs = list(mergeprofiles.user.aa.keys())
- program = programs[0]
- while ans != 'CMD_SAVE_CHANGES':
- ans, arg = q.promptUser()
- if ans == 'CMD_SAVE_CHANGES':
- apparmor.aa.write_profile_ui_feedback(program)
- apparmor.aa.reload_base(program)
- elif ans == 'CMD_VIEW_CHANGES':
- for program in programs:
- apparmor.aa.original_aa[program] = apparmor.aa.deepcopy(apparmor.aa.aa[program])
- #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '')
- newprofile = apparmor.aa.serialize_profile(mergeprofiles.user.aa[program], program, '')
- aaui.UI_Changes(mergeprofiles.user.filename, newprofile, comments=True)
- elif ans == 'CMD_IGNORE_ENTRY':
- break
+ mergeprofiles.ask_merge_questions()
+ apparmor.aa.changed[merging_profile] = True # force asking to save the profile
+ apparmor.aa.save_profiles(True)
class Merge(object):
- def __init__(self, profiles):
- user, base = profiles
-
+ def __init__(self, user, base):
#Read and parse base profile and save profile data, include data from it and reset them
apparmor.aa.read_profile(base, True)
self.base = cleanprofile.Prof(base)
- reset_aa()
+ apparmor.aa.reset_aa()
#Read and parse user profile
apparmor.aa.read_profile(user, True)
@@ -152,42 +114,18 @@ class Merge(object):
log_dict = {'merge': other.aa}
apparmor.aa.loadincludes()
- done = False
-
- #Add the file-wide includes from the other profile to the user profile
- options = []
- for inc in other.filelist[other.filename]['include'].keys():
- if not inc in self.user.filelist[self.user.filename]['include'].keys():
- if inc.startswith('/'):
- options.append('#include "%s"' %inc)
- else:
- options.append('#include <%s>' %inc)
-
- default_option = 1
-
- q = aaui.PromptQuestion()
- q.options = options
- q.selected = default_option - 1
- q.headers = [_('File includes'), _('Select the ones you wish to add')]
- q.functions = ['CMD_ALLOW', 'CMD_IGNORE_ENTRY', 'CMD_ABORT', 'CMD_FINISHED']
- q.default = 'CMD_ALLOW'
-
- while not done and options:
- ans, selected = q.promptUser()
- if ans == 'CMD_IGNORE_ENTRY':
- done = True
- elif ans == 'CMD_ALLOW':
- selection = options[selected]
- inc = re_match_include(selection)
- self.user.filelist[self.user.filename]['include'][inc] = True
- options.pop(selected)
- aaui.UI_Info(_('Adding %s to the file.') % selection)
- elif ans == 'CMD_FINISHED':
- return
if not apparmor.aa.sev_db:
apparmor.aa.sev_db = apparmor.severity.Severity(apparmor.aa.CONFDIR + '/severity.db', _('unknown'))
+ # ask about preamble rules
+ apparmor.aa.ask_rule_questions(
+ other.active_profiles.files[other.filename], # prof_events aka log_dict
+ '[preamble]', # displayed profile name
+ self.user.active_profiles.files[self.user.filename], # profile to update
+ ['abi', 'inc_ie'] # rule types - TODO: don't hardcode
+ )
+
apparmor.aa.ask_the_questions(log_dict)
if __name__ == '__main__':
diff --git a/utils/aa-mergeprof.8 b/utils/aa-mergeprof.8
index 38e5cfd48b57e9f447c69c0fe1002e584996234b..38c9172ca3485130a49c1a07a50d532bdbe3f8f8 100644
--- a/utils/aa-mergeprof.8
+++ b/utils/aa-mergeprof.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-MERGEPROF 8"
-.TH AA-MERGEPROF 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-MERGEPROF 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,9 +163,9 @@ aa\-mergeprof \- merge AppArmor security profiles.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa_change_hat\fR\|(2), \fIaa\-genprof\fR\|(1),
-\&\fIaa\-logprof\fR\|(1), \fIaa\-enforce\fR\|(1), \fIaa\-audit\fR\|(1), \fIaa\-complain\fR\|(1),
-\&\fIaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), \fBaa\-genprof\fR\|(1),
+\&\fBaa\-logprof\fR\|(1), \fBaa\-enforce\fR\|(1), \fBaa\-audit\fR\|(1), \fBaa\-complain\fR\|(1),
+\&\fBaa\-disable\fR\|(1), and <https://wiki.apparmor.net>.
diff --git a/utils/aa-mergeprof.8.html b/utils/aa-mergeprof.8.html
index 4c9fb0da5b1c09cebe98b959f3eb5d8088495516..e5065755813afb476a917d58436377cd3773ae5a 100644
--- a/utils/aa-mergeprof.8.html
+++ b/utils/aa-mergeprof.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-mergeprof - merge AppArmor security profiles.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-mergeprof - merge AppArmor security profiles.</span></strong></big>
</td></tr>
</table>
@@ -38,12 +38,12 @@
<p><b>file</b></p>
-<pre><code> One or more files containing profiles to merge into the profile directory (see -d).</code></pre>
+<pre><code>One or more files containing profiles to merge into the profile directory (see -d).</code></pre>
<p><b>-d --dir /path/to/profiles</b></p>
-<pre><code> Specifies the target directory for the merged AppArmor security profile set.
- Defaults to /etc/apparmor.d.</code></pre>
+<pre><code>Specifies the target directory for the merged AppArmor security profile set.
+Defaults to /etc/apparmor.d.</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
@@ -51,7 +51,7 @@
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -59,7 +59,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-mergeprof - merge AppArmor security profiles.</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-mergeprof.pod b/utils/aa-mergeprof.pod
index d7d9c65499b1966cba0ed1510a63ecd0b28b248a..0b268ae15edce39cdedb776b7c737dc4adb18461 100644
--- a/utils/aa-mergeprof.pod
+++ b/utils/aa-mergeprof.pod
@@ -26,7 +26,7 @@ B<aa-mergeprof>
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-notify b/utils/aa-notify
index 32c0285e9ca98738fc27a4a78be97b095aeda0dc..4bb65abad5beea6c267a2fa111ef30f15f44d94f 100755
--- a/utils/aa-notify
+++ b/utils/aa-notify
@@ -1,13 +1,17 @@
-#!/usr/bin/perl
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2009-2011 Canonical Ltd.
+#! /usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2018–2019 Otto Kekäläinen <otto@kekalainen.net>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
#
-# ------------------------------------------------------------------
+# ----------------------------------------------------------------------
#
# /etc/apparmor/notify.conf:
# # set to 'yes' to enable AppArmor DENIED notifications
@@ -20,679 +24,522 @@
# # set to 'yes' to enable AppArmor DENIED notifications
# show_notifications="yes"
#
-
-use strict;
-use warnings;
-no warnings qw( once );
-
-require LibAppArmor;
-require POSIX;
-require Time::Local;
-require File::Basename;
-
-use Getopt::Long;
-
-my %prefs;
-my $conf = "/etc/apparmor/notify.conf";
-my $user_conf = "";
-my $notify_exe = "/usr/bin/notify-send";
-my $notify_home = "";
-my $notify_display = "";
-my $last_exe = "/usr/bin/last";
-my $ps_exe = "/bin/ps";
-my $url = "https://wiki.ubuntu.com/DebuggingApparmor";
-my $nobody_user = "nobody";
-my $nobody_group = "nogroup";
-
-sub readconf;
-sub parse_message;
-sub format_message;
-sub format_stats;
-sub kill_running_daemons;
-sub do_notify;
-sub show_since;
-sub do_last;
-sub do_show_messages;
-sub _error;
-sub _warn;
-sub _debug;
-sub exitscript;
-sub usage;
-
-#
-# Main script
-#
-
-# Clean environment
-$ENV{PATH} = "/bin:/usr/bin";
-$ENV{SHELL} = "/bin/sh";
-defined($ENV{IFS}) and $ENV{IFS} = ' \t\n';
-
-my $prog = File::Basename::basename($0);
-
-if ($prog !~ /^[a-zA-Z0-9_\-]+$/) {
- print STDERR "ERROR: bad programe name '$prog'\n";
- exitscript(1);
-}
-
-$> == $< or die "Cannot be suid\n";
-$) == $( or die "Cannot be sgid\n";
-
-my $login;
-our $orig_euid = $>;
-
-my $opt_d = '';
-my $opt_display = '';
-my $opt_h = '';
-my $opt_l = '';
-my $opt_p = '';
-my $opt_v = '';
-my $opt_f = '';
-my $opt_s = 0;
-my $opt_u = '';
-my $opt_w = 0;
-GetOptions(
- 'debug|d' => \$opt_d,
- 'display=s' => \$opt_display,
- 'help|h' => \$opt_h,
- 'since-last|l' => \$opt_l,
- 'poll|p' => \$opt_p,
- 'verbose|v' => \$opt_v,
- 'file|f=s' => \$opt_f,
- 'since-days|s=n' => \$opt_s,
- 'user|u=s' => \$opt_u,
- 'wait|w=n' => \$opt_w,
-);
-if ($opt_h) {
- usage;
- exitscript(0);
-}
-
-# monitor file specified with -f, else use audit.log if auditd is running,
-# otherwise kern.log
-our $logfile = "/var/log/kern.log";
-if ($opt_f) {
- -f $opt_f or die "'$opt_f' does not exist. Aborting\n";
- $logfile = $opt_f;
-} else {
- -e "/var/run/auditd.pid" and $logfile = "/var/log/audit/audit.log";
-}
-
--r $logfile or die "Cannot read '$logfile'\n";
-our $logfile_inode = get_logfile_inode($logfile);
-our $logfile_size = get_logfile_size($logfile);
-open (LOGFILE, "<$logfile") or die "Could not open '$logfile'\n";
-# Drop priviliges, if running as root
-if ($< == 0) {
- $login = "root";
- if (defined($ENV{SUDO_UID}) and defined($ENV{SUDO_GID})) {
- $) = "$ENV{SUDO_GID} $ENV{SUDO_GID}" or _error("Could not change egid");
- $( = $ENV{SUDO_GID} or _error("Could not change gid");
- $> = $ENV{SUDO_UID} or _error("Could not change euid");
- defined($ENV{SUDO_USER}) and $login = $ENV{SUDO_USER};
- } else {
- my $drop_to = $nobody_user;
- if ($opt_u) {
- $drop_to = $opt_u;
- }
- # nobody/nogroup
- my $nam = scalar(getgrnam($nobody_group));
- $) = "$nam $nam" or _error("Could not change egid");
- $( = $nam or _error("Could not change gid");
- $> = scalar(getpwnam($drop_to)) or _error("Could not change euid to '$drop_to'");
- }
-} else {
- $login = getlogin();
- defined $login or $login = $ENV{'USER'};
-}
-
-if (-s $conf) {
- readconf($conf);
- if (defined($prefs{use_group})) {
- my ($name, $passwd, $gid, $members) = getgrnam($prefs{use_group});
- if (not defined($members) or not defined($login) or (not grep { $_ eq $login } split(/ /, $members) and $login ne "root")) {
- _error("'$login' must be in '$prefs{use_group}' group. Aborting.\nAsk your admin to add you to this group or to change the group in\n$conf if you want to use aa-notify.");
- }
- }
-}
-
-# find user's notify.conf
-if (-e "$ENV{HOME}/.apparmor/notify.conf" ) {
- # use legacy path if the conf file is there
- $user_conf = "$ENV{HOME}/.apparmor/notify.conf";
-} elsif (defined $ENV{XDG_CONFIG_HOME}) {
- # use XDG_CONFIG_HOME if it is defined
- $user_conf = "$ENV{XDG_CONFIG_HOME}/apparmor/notify.conf";
-} else {
- # fallback to the default value of XDG_CONFIG_HOME
- $user_conf = "$ENV{HOME}/.config/apparmor/notify.conf";
-}
-
-if ($opt_p) {
- # notify-send is packaged in libnotify-bin on Debian/Ubuntu, libnotify-tools on openSUSE
- -x "$notify_exe" or _error("Could not find '$notify_exe'. Please install it (package libnotify-bin or libnotify-tools). Aborting");
-
- # we need correct values for $HOME and $DISPLAY environment variables,
- # otherwise $notify_exe won't be able to connect to DBUS to display the
- # message. Do this here to avoid excessive lookups.
- $notify_home = (getpwuid $>)[7]; # homedir of the user
-
- if ($opt_display ne '') {
- $notify_display = $opt_display;
- } elsif (defined($ENV{'DISPLAY'})) {
- $notify_display = $ENV{'DISPLAY'};
- }
-
- if ($notify_display eq '') {
- my $sudo_warn_msg = '';
- if (defined($ENV{'SUDO_USER'})) {
- $sudo_warn_msg = ' (or reset by sudo)';
- }
- _warn("Environment variable \$DISPLAY not set$sudo_warn_msg.");
- _warn ('Desktop notifications will not work.');
- if ($sudo_warn_msg ne '') {
- _warn ('Use sudo aa-notify -p --display "$DISPLAY" to set the environment variable.');
- } else {
- _warn ('Use something like aa-notify -p --display :0 to set the environment variable.')
- }
- }
-} elsif ($opt_l) {
- -x "$last_exe" or _error("Could not find '$last_exe'. Aborting");
-}
-if ($opt_s and not $opt_l) {
- $opt_s =~ /^[0-9]+$/ or _error("-s requires a number");
-}
-
-if ($opt_w) {
- $opt_w =~ /^[0-9]+$/ or _error("-w requires a number");
-}
-
-if ($opt_p or $opt_l) {
- if (-s $user_conf) {
- readconf($user_conf);
- }
-
- if (defined($prefs{show_notifications}) and $prefs{show_notifications} ne "yes") {
- _debug("'show_notifications' is disabled. Exiting");
- exitscript(0);
- }
-}
-
-my $now = time();
-if ($opt_p) {
- do_notify();
-} elsif ($opt_l) {
- do_last();
-} elsif ($opt_s and not $opt_p) {
- do_show_messages($opt_s);
-} else {
- usage;
- exitscript(1);
-}
-
-exitscript(0);
-
-#
-# Subroutines
-#
-sub readconf {
- my $cfg = $_[0];
- -r $cfg or die "'$cfg' does not exist\n";
-
- open (CFG, "<$cfg") or die "Could not open '$cfg'\n";
- while (<CFG>) {
- chomp;
- s/#.*//; # no comments
- s/^\s+//; # no leading white
- s/\s+$//; # no trailing white
- next unless length; # anything left?
- my ($var, $value) = split(/\s*=\s*/, $_, 2);
- if ($var eq "show_notifications" or $var eq "use_group" or $var eq "message_body" or $var eq "message_title" or $var eq "message_footer") {
- $value =~ s/^"(.*)"$/$1/g;
- $prefs{$var} = $value;
- }
- }
- close(CFG);
-}
-
-sub parse_message {
- my @params = @_;
- my $msg = $params[0];
-
- chomp($msg);
- #_debug("processing: $msg");
-
- my ($test) = LibAppArmorc::parse_record($msg);
-
- # Don't show logs before certain date
- my $date = LibAppArmor::aa_log_record::swig_epoch_get($test);
- my $since = 0;
- if (defined($date) and $#params > 0 and $params[1] =~ /^[0-9]+$/) {
- $since = int($params[1]);
- int($date) >= $since or goto err;
- }
-
- # ignore all but status and denied messages
- my $type = LibAppArmor::aa_log_record::swig_event_get($test);
-
- if ($type != $LibAppArmor::AA_RECORD_DENIED and $type != $LibAppArmor::AA_RECORD_ALLOWED) {
- goto err;
- }
-
- my $profile = LibAppArmor::aa_log_record::swig_profile_get($test);
- my $operation = LibAppArmor::aa_log_record::swig_operation_get($test);
- my $name = LibAppArmor::aa_log_record::swig_name_get($test);
- my $denied = LibAppArmor::aa_log_record::swig_denied_mask_get($test);
- my $family = LibAppArmor::aa_log_record::swig_net_family_get($test);
- my $sock_type = LibAppArmor::aa_log_record::swig_net_sock_type_get($test);
- LibAppArmorc::free_record($test);
-
- return ($profile, $operation, $name, $denied, $family, $sock_type, $date);
-
-err:
- LibAppArmorc::free_record($test);
- return ();
-}
-
-sub format_message {
- my ($profile, $operation, $name, $denied, $family, $sock_type, $date) = @_;
-
- my $formatted = "";
- if (defined($prefs{message_body})) {
- $formatted .= $prefs{message_body};
- } else {
- defined($profile) and $formatted .= "Profile: $profile\n";
- defined($operation) and $formatted .= "Operation: $operation\n";
- defined($name) and $formatted .= "Name: $name\n";
- defined($denied) and $formatted .= "Denied: $denied\n";
- defined($family) and defined ($sock_type) and $formatted .= "Family: $family\nSocket type: $sock_type\n";
- $formatted .= "Logfile: $logfile\n";
- }
-
- return $formatted;
-}
-
-sub format_stats {
- my $num = $_[0];
- my $time = $_[1];
- if ($num > 0) {
- print "AppArmor denial";
- $num > 1 and print "s";
- print ": $num (since " . scalar(localtime($time)) . ")\n";
- $opt_v and print "For more information, please see: $url\n";
- }
-}
-
-sub kill_running_daemons {
- # Look for other daemon instances of this script and kill them. This
- # can happen on logout and back in (in which case $notify_exe fails
- # anyway). 'ps xw' should output something like:
- # 9987 ? Ss 0:01 /usr/bin/perl ./bin/aa-notify -p
- # 10170 ? Ss 0:00 /usr/bin/perl ./bin/aa-notify -p
- open(PS,"$ps_exe xw|") or die "Unable to run '$ps_exe':$!\n";
- while(<PS>) {
- chomp;
- /$prog -[ps]/ or next;
- s/^\s+//;
- my @line = split(/\s+/, $_);
- if ($line[5] =~ /$prog$/ and ($line[6] eq "-p" or $line[6] eq "-s")) {
- if ($line[0] != $$) {
- _warn("killing old daemon '$line[0]'");
- kill 15, ($line[0]);
- }
- }
- }
- close(PS);
-}
-
-sub send_message {
- my $msg = $_[0];
-
- my $pid = fork();
- if ($pid == 0) { # child
- # notify-send needs $< to be the unprivileged user
- $< = $>;
-
- $notify_home ne "" and $ENV{'HOME'} = $notify_home;
- $notify_display ne "" and $ENV{'DISPLAY'} = $notify_display;
- if (not defined($ENV{'DBUS_SESSION_BUS_ADDRESS'})) {
- $ENV{'DBUS_SESSION_BUS_ADDRESS'} = "unix:path=/run/user/$>/bus";
- }
-
- # 'system' uses execvp() so no shell metacharacters here.
- # $notify_exe is an absolute path so execvp won't search PATH.
- system "$notify_exe", "-i", "gtk-dialog-warning", "-u", "normal", "--", "AppArmor Message", "$msg";
- my $exit_code = $? >> 8;
- exit($exit_code);
- }
-
- # parent
- waitpid($pid, 0);
- return $?;
-}
-
-sub do_notify {
- my %seen;
- my $seconds = 5;
- our $time_to_die = 0;
-
- print "Starting aa-notify\n";
- kill_running_daemons();
-
- # Daemonize, but not if in debug mode
- if (not $opt_d) {
- chdir('/') or die "Can't chdir to /: $!";
- umask 0;
- open STDIN, '/dev/null' or die "Can't read /dev/null: $!";
- open STDOUT, '>/dev/null' or die "Can't write to /dev/null: $!";
- #open STDERR, '>/dev/null' or die "Can't write to /dev/null: $!";
- my $pid = fork();
- exit if $pid;
- die "Couldn't fork: $!" unless defined($pid);
- POSIX::setsid() or die "Can't start a new session: $!";
- }
-
- sub signal_handler {
- $time_to_die = 1;
- }
- $SIG{INT} = $SIG{TERM} = $SIG{HUP} = \&signal_handler;
- $SIG{'PIPE'} = 'IGNORE';
-
- if ($opt_w) {
- sleep($opt_w);
- }
-
- my $count = 0;
- my $footer = exists $prefs{message_footer} ? $prefs{message_footer} : "For more information, please see:\n$url";
- my $first_run = 1;
- my $since = $now;
- if ($opt_s and int($opt_s) > 0) {
- $since = $since - (int($opt_s) * 60 * 60 * 24);
- }
- for (my $i=0; $time_to_die == 0; $i++) {
- if ($logfile_inode != get_logfile_inode($logfile)) {
- _warn("$logfile changed inodes, reopening");
- reopen_logfile();
- } elsif (get_logfile_size($logfile) < $logfile_size) {
- _warn("$logfile is smaller, reopening");
- reopen_logfile();
- }
- while(my $msg = <LOGFILE>) {
- my @attrib;
- if ($first_run == 1) {
- if ($since != $now) {
- @attrib = parse_message($msg, $since);
- }
- } else {
- @attrib = parse_message($msg);
- }
- $#attrib > 0 or next;
- if ($first_run == 1) {
- $count++;
- next;
- }
-
- my ($profile, $operation, $name, $denied, $family, $sock_type, $date) = @attrib;
-
- # Rate limit messages by creating a hash whose keys are:
- # - for files: $profile|$name|$denied|
- # - for everything else: $profile|$operation|$name|$denied|$family|$sock_type| (as available)
- # The value for the key is a timestamp (epoch) and we won't show
- # messages whose key has a timestamp from less than 5 seconds afo
- my $k = "";
- defined($profile) and $k .= "$profile|";
- if (defined($name) and defined($denied)) {
- $k .= "$name|$denied|"; # for file access, don't worry about operation
- } else {
- defined($operation) and $k .= "$operation|";
- defined($name) and $k .= "$name|";
- defined($denied) and $k .= "$denied|";
- defined($family) and defined ($sock_type) and $k .= "$family|$sock_type|";
+# In a typical desktop environment one would run as a service the
+# command:
+# /usr/bin/aa-notify -p -w 10
+
+import argparse
+import atexit
+import os
+import re
+import sys
+import time
+import notify2
+import psutil
+import pwd
+import grp
+
+import apparmor.aa as aa
+import apparmor.ui as aaui
+import apparmor.config as aaconfig
+from apparmor.common import DebugLogger, open_file_read
+from apparmor.fail import enable_aa_exception_handler
+from apparmor.notify import get_last_login_timestamp
+from apparmor.translations import init_translation
+
+import LibAppArmor # C-library to parse one log line
+
+def get_user_login():
+ '''Portable function to get username. Should not trigger any
+ "OSError: [Errno 25] Inappropriate ioctl for device" errors in Giltab-CI'''
+ if os.name == "posix":
+ username = pwd.getpwuid(os.geteuid()).pw_name
+ else:
+ username = os.environ.get('USER')
+ if not username and hasattr(os, 'getlogin'):
+ username = os.getlogin()
+ return username
+
+
+
+def format_event(event, logsource):
+ output = []
+
+ if 'message_body' in config['']:
+ output += [config['']['message_body']]
+
+ if event.profile:
+ output += ['Profile: {}'.format(event.profile)]
+ if event.operation:
+ output += ['Operation: {}'.format(event.operation)]
+ if event.name:
+ output += ['Name: {}'.format(event.name)]
+ if event.denied_mask:
+ output += ['Denied: {}'.format(event.denied_mask)]
+ if event.net_family and event.net_sock_type:
+ output += ['Family: {}'.format(event.net_family)]
+ output += ['Socket: {}'.format(event.net_sock_type)]
+
+ output += ['Logfile: {}'.format(logsource)]
+
+ return "\n".join(output)
+
+
+def notify_about_new_entries(logfile, wait=0):
+ # Kill other instances of aa-notify if already running
+ for process in psutil.process_iter():
+ # Find the process that has the same name as this script, e.g. aa-notify.py
+ if process.name() == os.path.basename(__file__) and process.pid != os.getpid():
+ print(_('Killing old daemon (PID {})...').format(process.pid))
+ os.kill(process.pid, 15)
+
+ # Spawn/fork into the background and stay running
+ newpid = os.fork()
+ if newpid == 0:
+
+ # Follow the logfile and stream notifications
+ # Rate limit to not show too many notifications
+ try:
+ for event in follow_apparmor_events(logfile, wait):
+ debug_logger.info(format_event(event, logfile))
+ yield(format_event(event, logfile))
+ except PermissionError:
+ sys.exit(_("ERROR: Cannot read {}. Please check permissions.".format(logfile)))
+
+ else:
+ print(_('Notification emitter started in the background'))
+ # pids = (os.getpid(), newpid)
+ # print("parent: %d, child: %d\n" % pids)
+ os._exit(0) # Exit child without calling exit handlers etc
+
+
+def show_entries_since_epoch(logfile, epoch_since):
+ count = 0
+ for event in get_apparmor_events(logfile, epoch_since):
+ count += 1
+ if args.verbose:
+ print(format_event(event, logfile))
+ print() # Print a newline after each entry for better readability
+
+ aaui.UI_Info(_('AppArmor denials: {count} (since {date})').format(
+ **{
+ 'count': count,
+ 'date': time.strftime(timeformat, time.localtime(epoch_since))
}
+ )
+ )
+
+ if args.verbose:
+ if 'message_footer' in config['']:
+ print(config['']['message_footer'])
+ else:
+ print(_('For more information, please see: {}').format(debug_docs_url))
+
+
+def show_entries_since_last_login(logfile, username=get_user_login()):
+ # If running as sudo, use username of sudo user instead of root
+ if 'SUDO_USER' in os.environ.keys():
+ username = os.environ['SUDO_USER']
- # don't display same message if seen in last 5 seconds
- if (not defined($seen{$k})) {
- $seen{$k} = time();
- } else {
- my $now = time();
- $now - $seen{$k} < $seconds and next;
- $seen{$k} = $now;
- }
-
- my $m = format_message(@attrib);
- $m ne "" or next;
-
- $m .= $footer;
-
- my $rc = send_message($m);
- if ($rc != 0) {
- _warn("'$notify_exe' exited with error '$rc'");
- $time_to_die = 1;
- last;
- }
- }
- # from seek() in Programming Perl
- seek(LOGFILE, 0, 1);
- sleep(1);
-
- if ($first_run) {
- if ($count > 0) {
- my $m = "$logfile contains $count denied message";
- $count > 1 and $m .= "s";
- if ($opt_s) {
- $m .= " in the last ";
- if ($opt_s > 1) {
- $m .= "$opt_s days";
- } else {
- $m .= "day";
- }
- }
- $m .= ". ";
- $m .= $footer;
- send_message($m);
- }
- $first_run = 0;
- }
-
- # clean out the %seen database every 30 seconds
- if ($i > 30) {
- foreach my $k (keys %seen) {
- my $now = time();
- $now - $seen{$k} > $seconds and delete $seen{$k} and _debug("deleted $k");
- }
- $i = 0;
- _debug("done purging");
- foreach my $k (keys %seen) {
- _debug("remaining key: $k: $seen{$k}");
- }
- }
- }
- print STDERR "Stopping aa-notify\n";
-}
-
-sub show_since {
- my %msg_hash;
- my %last_date;
- my @msg_list;
- my $count = 0;
- while(my $msg = <LOGFILE>) {
- my @attrib = parse_message($msg, $_[0]);
- $#attrib > 0 or next;
-
- my $m = format_message(@attrib);
- $m ne "" or next;
- my $date = $attrib[6];
- if ($opt_v) {
- if (exists($msg_hash{$m})) {
- $msg_hash{$m}++;
- defined($date) and $last_date{$m} = scalar(localtime($date));
- } else {
- $msg_hash{$m} = 1;
- push(@msg_list, $m);
- }
- }
- $count++;
- }
- if ($opt_v) {
- foreach my $m (@msg_list) {
- print "$m";
- if ($msg_hash{$m} gt 1) {
- print "($msg_hash{$m} found";
- if (exists($last_date{$m})) {
- print ", most recent from '$last_date{$m}'";
- }
- print ")\n";
- }
- print "\n";
- }
- }
- return $count;
-}
-
-sub do_last {
- open(LAST,"$last_exe -F -a $login|") or die "Unable to run $last_exe:$!\n";
- my $time = 0;
- while(my $line = <LAST>) {
- _debug("Checking '$line'");
- $line =~ /^$login/ or next;
- $line !~ /^$login\s+pts.*\s+:[0-9]+\.[0-9]+$/ or next; # ignore xterm and friends
- my @entry = split(/\s+/, $line);
- my ($hour, $min, $sec) = (split(/:/, $entry[5]))[0,1,2];
- $time = Time::Local::timelocal($sec, $min, $hour, $entry[4], $entry[3], $entry[6]);
- last;
- }
- close(LAST);
- $time > 0 or _error("Couldn't find last login");
-
- format_stats(show_since($time), $time);
-}
-
-sub do_show_messages {
- my $since = $now - (int($_[0]) * 60 * 60 * 24);
- format_stats(show_since($since), $since);
-}
-
-sub _warn {
- my $msg = $_[0];
- print STDERR "aa-notify: WARN: $msg\n";
-}
-sub _error {
- my $msg = $_[0];
- print STDERR "aa-notify: ERROR: $msg\n";
- exitscript(1);
-}
-
-sub _debug {
- $opt_d or return;
- my $msg = $_[0];
- print STDERR "aa-notify: DEBUG: $msg\n";
-}
-
-sub exitscript {
- my $rc = $_[0];
- close(LOGFILE);
- exit $rc;
-}
-
-sub usage {
- my $s = <<'EOF';
-USAGE: aa-notify [OPTIONS]
-
-Display AppArmor notifications or messages for DENIED entries.
-
-OPTIONS:
- -p, --poll poll AppArmor logs and display notifications
- --display $DISPLAY set the DISPLAY environment variable to $DISPLAY
- (might be needed if sudo resets $DISPLAY)
- -f FILE, --file=FILE search FILE for AppArmor messages
- -l, --since-last display stats since last login
- -s NUM, --since-days=NUM show stats for last NUM days (can be used alone
- or with -p)
- -v, --verbose show messages with stats
- -h, --help display this help
- -u USER, --user=USER user to drop privileges to when not using sudo
- -w NUM, --wait=NUM wait NUM seconds before displaying
- notifications (with -p)
-EOF
- print $s;
-}
-
-sub raise_privileges {
- my $old_euid = -1;
-
- if ($> != $<) {
- _debug("raising privileges to '$orig_euid'");
- $old_euid = $>;
- $> = $orig_euid;
- $> == $orig_euid or die "Could not raise privileges\n";
- }
-
- return $old_euid;
-}
-
-sub drop_privileges {
- my $old_euid = $_[0];
-
- # Just exit if we didn't raise privileges
- $old_euid == -1 and return;
-
- _debug("dropping privileges to '$old_euid'");
- $> = $old_euid;
- $> == $old_euid or die "Could not drop privileges\n";
-}
-
-sub reopen_logfile {
- # reopen the logfile, temporarily switching back to starting euid for
- # file permissions.
- close(LOGFILE);
-
- my $old_euid = raise_privileges();
-
- $logfile_inode = get_logfile_inode($logfile);
- $logfile_size = get_logfile_size($logfile);
- open (LOGFILE, "<$logfile") or die "Could not open '$logfile'\n";
-
- drop_privileges($old_euid);
-}
-
-sub get_logfile_size {
- my $fn = $_[0];
- my $size;
- my $dir = File::Basename::dirname($fn);
-
- # If we can't access the file, then raise privs. This can happen when
- # using auditd and /var/log/audit/ is 700.
- my $old_euid = -1;
- if (! -x $dir) {
- $old_euid = raise_privileges();
- }
-
- defined(($size = (stat($fn))[7])) or (sleep(10) and defined(($size = (stat($fn))[7])) or die "'$fn' disappeared. Aborting\n");
-
- drop_privileges($old_euid);
-
- return $size;
-}
-
-sub get_logfile_inode {
- my $fn = $_[0];
- my $inode;
- my $dir = File::Basename::dirname($fn);
-
- # If we can't access the file, then raise privs. This can happen when
- # using auditd and /var/log/audit/ is 700.
- my $old_euid = -1;
- if (! -x $dir) {
- $old_euid = raise_privileges();
- }
-
- defined(($inode = (stat($fn))[1])) or (sleep(10) and defined(($inode = (stat($fn))[1])) or die "'$fn' disappeared. Aborting\n");
-
- drop_privileges($old_euid);
-
- return $inode;
-}
-
-#
-# end Subroutines
-#
+ if args.verbose:
+ print(_('Showing entries since {} logged in').format(username))
+ print() # Newline
+ epoch_since = get_last_login_timestamp(username)
+ if epoch_since == 0:
+ print(_('ERROR: Could not find last login'), file=sys.stderr)
+ sys.exit(1)
+ show_entries_since_epoch(logfile, epoch_since)
+
+
+def show_entries_since_days(logfile, since_days):
+ day_in_seconds = 60*60*24
+ epoch_now = int(time.time())
+ epoch_since = epoch_now - day_in_seconds * since_days
+ show_entries_since_epoch(logfile, epoch_since)
+
+
+def follow_apparmor_events(logfile, wait=0):
+ '''Follow AppArmor events and yield relevant entries until process stops'''
+
+ # If wait was given as argument but was type None (from ArgumentParser)
+ # ensure it type int and zero
+ if not wait:
+ wait = 0
+
+ # Record start time here so wait can be calculated later
+ start_time = int(time.time())
+
+ # Record initial file size to detect if log rotates
+ log_size = os.stat(logfile).st_size
+ # Record initial file inode number to detect if log gets renamed
+ log_inode = os.stat(logfile).st_ino
+
+ # @TODO Implement more log sources in addition to just the logfile
+ with open_file_read(logfile) as logdata:
+
+ # Loop all pre-existing events in the log source once so later runs
+ # will only see new events
+ for discarded_event in logdata:
+ pass
+
+ # @TODO: while+sleep will cause CPU interruptions once per second,
+ # so switch to epoll/inotify/etc for less resource consumption.
+ while True:
+ debug_logger.debug(
+ 'Poll AppArmor event source {} seconds since start'.
+ format(int(time.time()) - start_time)
+ )
+
+ (logdata, log_inode, log_size) = reopen_logfile_if_needed(logfile, logdata, log_inode, log_size)
+
+ for event in parse_logdata(logdata):
+ # @TODO Alternatively use os.times()
+ if int(time.time()) - start_time < wait:
+ debug_logger.debug('Omitted an event seen during wait time')
+ continue
+ yield event
+
+ if debug_logger.debugging and debug_logger.debug_level <= 10 and int(time.time()) - start_time > 100:
+ debug_logger.debug('Debug mode detected: aborting notification emitter after 100 seconds.')
+ sys.exit(0)
+
+ time.sleep(1)
+
+
+def reopen_logfile_if_needed(logfile, logdata, log_inode, log_size):
+ retry = True
+
+ while retry:
+ try:
+ # Reopen file if inode has chaneged, e.g. rename by logrotate
+ if os.stat(logfile).st_ino != log_inode:
+ debug_logger.debug('Logfile was renamed, reload to read the new file.')
+ logdata = open(logfile, 'r')
+ # Store new inode number for next comparisons
+ log_inode = os.stat(logfile).st_ino
+
+ # Start reading from the beginning if file shrank
+ if os.stat(logfile).st_size < log_size:
+ debug_logger.debug('Logfile shrank in size, reload from beginning.')
+ logdata.seek(0)
+ log_size = os.stat(logfile).st_size # Reset file size value
+
+ # Record new file size if grown
+ if os.stat(logfile).st_size > log_size:
+ log_size = os.stat(logfile).st_size
+
+ retry = False
+ except FileNotFoundError:
+ # @TODO: switch to epoll/inotify/
+ debug_logger.debug('Logfile not found, retrying.')
+ time.sleep(1)
+ # @TODO: send notification if reopening the log fails too many times
+
+ return (logdata, log_inode, log_size)
+
+
+def get_apparmor_events(logfile, since=0):
+ '''Read audit events from log source and yield all relevant events'''
+
+ # Get logdata from file
+ # @TODO Implement more log sources in addition to just the logfile
+ try:
+ with open_file_read(logfile) as logdata:
+ for event in parse_logdata(logdata):
+ if event.epoch > since:
+ yield event
+ except PermissionError:
+ sys.exit(_("ERROR: Cannot read {}. Please check permissions.".format(logfile)))
+
+
+def parse_logdata(logsource):
+ '''Traverse any iterable log source and extract relevant AppArmor events'''
+
+ RE_audit_time_id = '(msg=)?audit\([\d\.\:]+\):\s+' # 'audit(1282626827.320:411): '
+ RE_kernel_time = '\[[\d\.\s]+\]' # '[ 1612.746129]'
+ RE_type_num = '1[45][0-9][0-9]' # 1400..1599
+ RE_aa_or_op = '(apparmor=|operation=)'
+
+ RE_log_parts = [
+ 'kernel:\s+(' + RE_kernel_time + '\s+)?(audit:\s+)?type=' + RE_type_num + '\s+' + RE_audit_time_id + RE_aa_or_op, # v2_6 syslog
+ 'kernel:\s+(' + RE_kernel_time + '\s+)?' + RE_audit_time_id + 'type=' + RE_type_num + '\s+' + RE_aa_or_op,
+ 'type=(AVC|APPARMOR[_A-Z]*|' + RE_type_num + ')\s+' + RE_audit_time_id + '(type=' + RE_type_num + '\s+)?' + RE_aa_or_op, # v2_6 audit and dmesg
+ 'type=USER_AVC\s+' + RE_audit_time_id + '.*apparmor=', # dbus
+ 'type=UNKNOWN\[' + RE_type_num + '\]\s+' + RE_audit_time_id + RE_aa_or_op,
+ 'dbus\[[0-9]+\]:\s+apparmor=', # dbus
+ ]
+
+ # Pre-filter log lines so that we hand over only relevant lines to LibAppArmor parsing
+ RE_LOG_ALL = re.compile('(' + '|'.join(RE_log_parts) + ')')
+
+ for entry in logsource:
+
+ # Check the start of the log line and only process lines from AppArmor
+ apparmor_entry = RE_LOG_ALL.search(entry)
+ if apparmor_entry:
+ # Parse the line using LibAppArmor (C library)
+ # See aalogparse.h for data structure
+ event = LibAppArmor.parse_record(entry)
+ # Only show actual events of contained programs and ignore among
+ # others AppArmor profile reloads
+ if event.operation and event.operation[0:8] != 'profile_':
+ yield event
+
+
+def drop_privileges():
+ '''If running as root, drop privileges to USER if known, or fall-back to nobody_user/group'''
+
+ if os.geteuid() == 0:
+
+ if 'SUDO_USER' in os.environ.keys():
+ next_username = os.environ['SUDO_USER']
+ next_uid = os.environ['SUDO_UID']
+ next_gid = os.environ['SUDO_GID']
+ else:
+ nobody_user_info = pwd.getpwnam(nobody_user)
+ next_username = nobody_user_info[0]
+ next_uid = nobody_user_info[2]
+ next_gid = nobody_user_info[3]
+
+ debug_logger.debug('Dropping to user "{}" privileges'.format(next_username))
+
+ # @TODO?
+ # Remove group privileges, including potential 'adm' group that might
+ # have had log read access but also other accesses.
+ # os.setgroups([])
+
+ # Try setting the new uid/gid
+ # Set gid first, otherwise the latter step would fail on missing permissions
+ os.setegid(int(next_gid))
+ os.seteuid(int(next_uid))
+
+def raise_privileges():
+ '''If was running as user with saved user ID 0, raise back to root privileges'''
+
+ if os.geteuid() != 0 and original_effective_user == 0:
+
+ debug_logger.debug('Rasing privileges from UID {} back to UID 0 (root)'.format(os.geteuid()))
+
+ # os.setgid(int(next_gid))
+ os.seteuid(original_effective_user)
+
+def read_notify_conf(path, shell_config):
+ try:
+ shell_config.CONF_DIR = path
+ conf_dict = shell_config.read_config('notify.conf')
+ debug_logger.debug('Found configuration file in {}/notify.conf'.format(shell_config.CONF_DIR))
+ return conf_dict
+ except FileNotFoundError:
+ return {}
+
+def main():
+ '''
+ Main function of aa-notify that parses command line
+ arguments and starts the requested operations.
+ '''
+
+ global _, debug_logger, config, args
+ global debug_docs_url, nobody_user, original_effective_user, timeformat
+
+ debug_docs_url = "https://wiki.ubuntu.com/DebuggingApparmor"
+ nobody_user = "nobody"
+ timeformat = "%c" # Automatically using locale format
+ original_effective_user = os.geteuid()
+
+ # setup exception handling
+ enable_aa_exception_handler()
+
+ # setup module translations
+ _ = init_translation()
+
+ # Register the on_exit method with atexit
+ # Takes care of closing the debug log etc
+ atexit.register(aa.on_exit)
+
+ # Set up UI logger for separate messages from UI module
+ debug_logger = DebugLogger('Notify')
+ debug_logger.debug("Starting aa-notify")
+
+ parser = argparse.ArgumentParser(description=_('Display AppArmor notifications or messages for DENIED entries.'))
+ parser.add_argument('-p', '--poll', action='store_true', help=_('poll AppArmor logs and display notifications'))
+ parser.add_argument('--display', type=str, help=_('set the DISPLAY environment variable (might be needed if sudo resets $DISPLAY)'))
+ parser.add_argument('-f', '--file', type=str, help=_('search FILE for AppArmor messages'))
+ parser.add_argument('-l', '--since-last', action='store_true', help=_('display stats since last login'))
+ parser.add_argument('-s', '--since-days', type=int, metavar=('NUM'), help=_('show stats for last NUM days (can be used alone or with -p)'))
+ parser.add_argument('-v', '--verbose', action='store_true', help=_('show messages with stats'))
+ parser.add_argument('-u', '--user', type=str, help=_('user to drop privileges to when not using sudo'))
+ parser.add_argument('-w', '--wait', type=int, metavar=('NUM'), help=_('wait NUM seconds before displaying notifications (with -p)'))
+ parser.add_argument('--debug', action='store_true', help=_('debug mode'))
+
+ # If a TTY then assume running in test mode and fix output width
+ if not sys.stdout.isatty():
+ parser.formatter_class = lambda prog: argparse.HelpFormatter(prog, width=80)
+
+ args = parser.parse_args()
+
+ # Debug mode can be invoked directly with --debug or env LOGPROF_DEBUG=3
+ if args.debug:
+ debug_logger.activateStderr()
+ debug_logger.debug('Logging level: {}'.format(debug_logger.debug_level))
+ debug_logger.debug('Running as uid: {0[0]}, euid: {0[1]}, suid: {0[2]}'.format(os.getresuid()))
+ if args.poll:
+ debug_logger.debug('Running with --debug and --poll. Will exit in 100s')
+ # Sanity checks
+ user_ids = os.getresuid()
+ groups_ids = os.getresgid()
+ if user_ids[1] != user_ids[2]:
+ sys.exit("ERROR: Cannot be started with suid set!")
+ if groups_ids[1] != groups_ids[2]:
+ sys.exit("ERROR: Cannot be started with sgid set!")
+
+ # Define global variables that will be populated by init_aa()
+ # conf = None
+ logfile = None
+
+ confdir = os.getenv('__AA_CONFDIR')
+ if confdir:
+ aa.init_aa(confdir)
+ else:
+ aa.init_aa()
+
+ # Initialize aa.logfile
+ aa.set_logfile(args.file)
+
+ # Load global config reader
+ shell_config = aaconfig.Config('shell')
+
+ # Load system's notify.conf
+ # By default aa.CONFDIR is /etc/apparmor on most production systems
+ system_config = read_notify_conf(aa.CONFDIR, shell_config)
+ # Set default is no system notify.conf was found
+ if not system_config:
+ system_config = {'': {'show_notifications': 'yes'}}
+
+ # Load user's notify.conf
+ if os.path.isfile(os.environ['HOME'] + '/.apparmor/notify.conf'):
+ # Use legacy path if the conf file is there
+ user_config = read_notify_conf(os.environ['HOME'] + '/.apparmor', shell_config)
+ elif 'XDG_CONFIG_HOME' in os.environ and os.path.isfile(os.environ['XDG_CONFIG_HOME'] + '/apparmor/notify.conf'):
+ # Use XDG_CONFIG_HOME if it is defined
+ user_config = read_notify_conf(os.environ['XDG_CONFIG_HOME'] + '/apparmor', shell_config)
+ else:
+ # Fallback to the default value of XDG_CONFIG_HOME
+ user_config = read_notify_conf(os.environ['HOME'] + '/.config/apparmor', shell_config)
+
+ # Merge the two config dicts in an accurate and idiomatic way (requires Python 3.5)
+ config = {**system_config, **user_config}
+
+ """
+ Possible configuration options:
+ - show_notifications
+ - message_body
+ - message_footer
+ - use_group
+ """
+
+ # # Config checks
+
+ # Warn about unknown keys in the config
+ allowed_config_keys = [
+ 'use_group',
+ 'show_notifications',
+ 'message_body',
+ 'message_footer'
+ ]
+ found_config_keys = config[''].keys()
+ unknown_keys = [item for item in found_config_keys if item not in allowed_config_keys]
+ for item in unknown_keys:
+ print(_('Warning! Configration item "{}" is unknown!').format(item))
+
+ # Warn if use_group is defined and current group does not match defined
+ if 'use_group' in config['']:
+ user = pwd.getpwuid(os.geteuid())[0]
+ user_groups = [g.gr_name for g in grp.getgrall() if user in g.gr_mem]
+ gid = pwd.getpwnam(user).pw_gid
+ user_groups.append(grp.getgrgid(gid).gr_name)
+
+ if config['']['use_group'] not in user_groups:
+ print(
+ _('ERROR! User {user} not member of {group} group!').format(
+ user=user,
+ group=config['']['use_group']
+ ),
+ file=sys.stderr
+ )
+ sys.exit(1)
+ # @TODO: Extend UI lib to have warning and error functions that
+ # can be used in an uniform way with both text and JSON output.
+
+ if args.file:
+ logfile = args.file
+ elif os.path.isfile('/var/run/auditd.pid') and os.path.isfile('/var/log/audit/audit.log'):
+ # If auditd is running, look at /var/log/audit/audit.log
+ logfile = '/var/log/audit/audit.log'
+ elif os.path.isfile('/var/log/kern.log'):
+ # For aa-notify, the fallback is kern.log, not syslog from aa.logfile
+ logfile = '/var/log/kern.log'
+ else:
+ # If all above failed, use aa cfg
+ logfile = aa.logfile
+
+ if args.verbose:
+ print(_('Using log file'), logfile)
+
+ if args.display:
+ os.environ['DISPLAY'] = args.display
+
+ if args.poll:
+ # Exit immediately if show_notifications is no or any of the options below
+ if config['']['show_notifications'] in [False, 'no', 'false', '0']:
+ print(_('Showing notifications forbidden in notify.conf, aborting..'))
+ sys.exit(0)
+
+ # Don't allow usage of aa-notify by root, must be some user. Desktop
+ # logins as root are not recommended and certainly not a use case for
+ # aa-notify notifications.
+ if not args.user and os.getuid() == 0 and 'SUDO_USER' not in os.environ.keys():
+ sys.exit("ERROR: Cannot be started a real root user. Use --user to define what user to use.")
+
+ # At this point this script needs to be able to read 'logfile' but once
+ # the for loop starts, privileges can be dropped since the file descriptor
+ # has been opened and access granted. Further reads of the file will not
+ # trigger any new permission checks.
+ # @TODO Plan to catch PermissionError here or..?
+ for message in notify_about_new_entries(logfile, args.wait):
+
+ # Notifications should not be run as root, since root probably is
+ # the wrong desktop user and not the one getting the notifications.
+ drop_privileges()
+
+ # sudo does not preserve DBUS address, so we need to guess it based on UID
+ if 'DBUS_SESSION_BUS_ADDRESS' not in os.environ:
+ os.environ['DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=/run/user/{}/bus'.format(os.geteuid())
+
+ # Before use, notify2 must be initialized and the DBUS channel
+ # should be opened using the non-root user. This this step needs to
+ # be executed after the drop_privileges().
+ notify2.init('AppArmor')
+
+ n = notify2.Notification(
+ _('AppArmor notification'),
+ message,
+ 'gtk-dialog-warning'
+ )
+ n.show()
+
+ # When notification is sent, raise privileged back to root if the
+ # original effective user id was zero (to be ableo to read AppArmor logs)
+ raise_privileges()
+
+ elif args.since_last:
+ show_entries_since_last_login(logfile)
+ elif args.since_days:
+ show_entries_since_days(logfile, args.since_days)
+ else:
+ parser.print_help()
+
+ sys.exit(0)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/utils/aa-notify.8 b/utils/aa-notify.8
index 4ce1dabb9c1899724dd4f098102b70fe04201073..ed7e3e834c9590e7575b49a254799b7488c3711b 100644
--- a/utils/aa-notify.8
+++ b/utils/aa-notify.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-NOTIFY 8"
-.TH AA-NOTIFY 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-NOTIFY 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -209,8 +213,8 @@ the deprecated ~/.apparmor/notify.conf if it exists):
\&\fBaa-notify\fR needs to be able to read the logfiles containing the
AppArmor \s-1DENIED\s0 messages.
.PP
-If you find any additional bugs, please report them to Launchpad at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any additional bugs, please report them to Gitlab at
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7)
+\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-notify.8.html b/utils/aa-notify.8.html
index 7448b8551c4a3f827434f88285e503e4e963a532..aa89b6ea6081bc38a273c7db3f630dc6eb2e1b24 100644
--- a/utils/aa-notify.8.html
+++ b/utils/aa-notify.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-notify - display information about logged AppArmor messages.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-notify - display information about logged AppArmor messages.</span></strong></big>
</td></tr>
</table>
@@ -105,28 +105,28 @@
<p>System-wide configuration for <b>aa-notify</b> is done via /etc/apparmor/notify.conf:</p>
-<pre><code> # set to 'yes' to enable AppArmor DENIED notifications
- show_notifications="yes"
+<pre><code># set to 'yes' to enable AppArmor DENIED notifications
+show_notifications="yes"
- # only people in use_group can use aa-notify
- use_group="admin"
+# only people in use_group can use aa-notify
+use_group="admin"
- # OPTIONAL - custom notification message body
- message_body="This is a custom notification message."
+# OPTIONAL - custom notification message body
+message_body="This is a custom notification message."
- # OPTIONAL - custom notification message footer
- message_footer="For more information visit https://foo.com"</code></pre>
+# OPTIONAL - custom notification message footer
+message_footer="For more information visit https://foo.com"</code></pre>
<p>Per-user configuration is done via $XDG_CONFIG_HOME/apparmor/notify.conf (or the deprecated ~/.apparmor/notify.conf if it exists):</p>
-<pre><code> # set to 'yes' to enable AppArmor DENIED notifications
- show_notifications="yes"</code></pre>
+<pre><code># set to 'yes' to enable AppArmor DENIED notifications
+show_notifications="yes"</code></pre>
<h1 id="BUGS">BUGS</h1>
<p><b>aa-notify</b> needs to be able to read the logfiles containing the AppArmor DENIED messages.</p>
-<p>If you find any additional bugs, please report them to Launchpad at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any additional bugs, please report them to Gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -134,7 +134,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-notify - display information about logged AppArmor messages.</span></strong></big>
</td></tr>
</table>
diff --git a/debian/notify/apparmor-notify.desktop b/utils/aa-notify.desktop
similarity index 100%
rename from debian/notify/apparmor-notify.desktop
rename to utils/aa-notify.desktop
diff --git a/utils/aa-notify.pod b/utils/aa-notify.pod
index 7ec2a5f7c844bda0004a09a4a2d6d2b1817121b1..591385c75bea6dfa6f09f48b6cdf173bdfa574b8 100644
--- a/utils/aa-notify.pod
+++ b/utils/aa-notify.pod
@@ -109,8 +109,8 @@ the deprecated ~/.apparmor/notify.conf if it exists):
B<aa-notify> needs to be able to read the logfiles containing the
AppArmor DENIED messages.
-If you find any additional bugs, please report them to Launchpad at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any additional bugs, please report them to Gitlab at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-remove-unknown b/utils/aa-remove-unknown
index d3bd9144bf864c3eca970b0bba4b297db2b6b262..81adfc1d9f3aec5fda7cbbd37b624acc9e380a44 100644
--- a/utils/aa-remove-unknown
+++ b/utils/aa-remove-unknown
@@ -78,7 +78,14 @@ fi
# parent. We *do* need to remove the child profile and not rely
# on removing the parent profile when the profile has had its
# child profile names changed.
-profiles_names_list | awk '
+
+LOADED_PROFILES=$("$PARSER" -N $PROFILE_DIRS) || {
+ ret=$?
+ echo 'apparmor_parser exited with failure, aborting.' >&2
+ exit $ret
+}
+
+echo "$LOADED_PROFILES" | awk '
BEGIN {
while (getline < "'${PROFILES}'" ) {
str = sub(/ \((enforce|complain)\)$/, "", $0);
diff --git a/utils/aa-remove-unknown.8 b/utils/aa-remove-unknown.8
index 1a73d994e880bcad8a60fe0929e965ddf74a9fe8..0883f29754c63a73c7274fa923e82af9136194d8 100644
--- a/utils/aa-remove-unknown.8
+++ b/utils/aa-remove-unknown.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-REMOVE-UNKNOWN 8"
-.TH AA-REMOVE-UNKNOWN 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-REMOVE-UNKNOWN 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,8 +170,8 @@ dry run; only prints the names of profiles that would be removed
.Ve
.SH "BUGS"
.IX Header "BUGS"
-None. Please report any you find to Launchpad at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+None. Please report any you find to Gitlab at
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7)
+\&\fBapparmor\fR\|(7)
diff --git a/utils/aa-remove-unknown.8.html b/utils/aa-remove-unknown.8.html
index d3ea9cfd984a8ef8e34e3f9573c2357844bd20f3..ebd25447314e56ecf0d8c2696f9197078c3dc805 100644
--- a/utils/aa-remove-unknown.8.html
+++ b/utils/aa-remove-unknown.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-remove-unknown - remove unknown AppArmor profiles</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-remove-unknown - remove unknown AppArmor profiles</span></strong></big>
</td></tr>
</table>
@@ -59,17 +59,17 @@
<h1 id="EXAMPLES">EXAMPLES</h1>
-<pre><code> $ sudo ./aa-remove-unknown -n
- Would remove 'test//null-/usr/bin/whoami'
- Would remove 'test'
+<pre><code>$ sudo ./aa-remove-unknown -n
+Would remove 'test//null-/usr/bin/whoami'
+Would remove 'test'
- $ sudo ./aa-remove-unknown
- Removing 'test//null-/usr/bin/whoami'
- Removing 'test'</code></pre>
+$ sudo ./aa-remove-unknown
+Removing 'test//null-/usr/bin/whoami'
+Removing 'test'</code></pre>
<h1 id="BUGS">BUGS</h1>
-<p>None. Please report any you find to Launchpad at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>None. Please report any you find to Gitlab at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -77,7 +77,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-remove-unknown - remove unknown AppArmor profiles</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-remove-unknown.pod b/utils/aa-remove-unknown.pod
index b16646579cc831e9c8937efa5e609929642bafba..4c4c0549c910867157918188c96817f7ecfd2b01 100644
--- a/utils/aa-remove-unknown.pod
+++ b/utils/aa-remove-unknown.pod
@@ -41,8 +41,8 @@ dry run; only prints the names of profiles that would be removed
=head1 BUGS
-None. Please report any you find to Launchpad at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+None. Please report any you find to Gitlab at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-sandbox.pod b/utils/aa-sandbox.pod
index 324b809dff22511a91dc7108506fa9770ff8dc65..5c8dbb4b351aa632c4a7e8b603590067a59de1c7 100644
--- a/utils/aa-sandbox.pod
+++ b/utils/aa-sandbox.pod
@@ -179,8 +179,8 @@ Restarting the sandbox will resolve the issue.
=head1 BUGS
-If you find any bugs, please report them to Launchpad at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+If you find any bugs, please report them to Gitlab at
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/aa-status b/utils/aa-status
deleted file mode 100755
index abc4b0160821951cbae601a6224f5c9ed495ea3a..0000000000000000000000000000000000000000
--- a/utils/aa-status
+++ /dev/null
@@ -1,267 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2005-2006 Novell/SUSE
-# Copyright (C) 2011 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import re, os, sys, errno, json
-
-# PLEASE NOTE: we try to keep aa-status as minimal as possible, for
-# environments where installing all of the python utils and python
-# apparmor module may not make sense. Please think carefully before
-# importing anything from apparmor; see how the apparmor.fail import is
-# handled below.
-
-# setup exception handling
-try:
- from apparmor.fail import enable_aa_exception_handler
- enable_aa_exception_handler()
-except ImportError:
- # just let normal python exceptions happen (LP: #1480492)
- pass
-
-def cmd_enabled():
- '''Returns error code if AppArmor is not enabled'''
- if get_profiles() == {}:
- sys.exit(2)
-
-def cmd_profiled():
- '''Prints the number of loaded profiles'''
- profiles = get_profiles()
- sys.stdout.write("%d\n" % len(profiles))
- if profiles == {}:
- sys.exit(2)
-
-def cmd_enforced():
- '''Prints the number of loaded enforcing profiles'''
- profiles = get_profiles()
- sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'enforce')))
- if profiles == {}:
- sys.exit(2)
-
-def cmd_complaining():
- '''Prints the number of loaded non-enforcing profiles'''
- profiles = get_profiles()
- sys.stdout.write("%d\n" % len(filter_profiles(profiles, 'complain')))
- if profiles == {}:
- sys.exit(2)
-
-def cmd_verbose():
- '''Displays multiple data points about loaded profile set'''
- global verbose
- verbose = True
- profiles = get_profiles()
- processes = get_processes(profiles)
-
- stdmsg("%d profiles are loaded." % len(profiles))
- for status in ('enforce', 'complain'):
- filtered_profiles = filter_profiles(profiles, status)
- stdmsg("%d profiles are in %s mode." % (len(filtered_profiles), status))
- for item in filtered_profiles:
- stdmsg(" %s" % item)
-
- stdmsg("%d processes have profiles defined." % len(processes))
- for status in ('enforce', 'complain', 'unconfined'):
- filtered_processes = filter_processes(processes, status)
- if status == 'unconfined':
- stdmsg("%d processes are unconfined but have a profile defined." % len(filtered_processes))
- else:
- stdmsg("%d processes are in %s mode." % (len(filtered_processes), status))
- # Sort by name, and then by pid
- filtered_processes.sort(key=lambda x: int(x[0]))
- filtered_processes.sort(key=lambda x: x[1])
- for (pid, profile, exe) in filtered_processes:
- if exe == profile:
- profile = ""
- stdmsg(" %s (%s) %s" % (exe, pid, profile))
-
- if profiles == {}:
- sys.exit(2)
-
-def cmd_json(pretty_output=False):
- '''Outputs multiple data points about loaded profile set in a machine-readable JSON format'''
- global verbose
- profiles = get_profiles()
- processes = get_processes(profiles)
-
- i = {
- 'version': '1',
- 'profiles': {},
- 'processes': {}
- }
-
- for status in ('enforce', 'complain'):
- filtered_profiles = filter_profiles(profiles, status)
- for item in filtered_profiles:
- i['profiles'][item] = status
-
- for status in ('enforce', 'complain', 'unconfined'):
- filtered_processes = filter_processes(processes, status)
- for (pid, profile, exe) in filtered_processes:
- if exe not in i['processes']:
- i['processes'][exe] = []
-
- i['processes'][exe].append({
- 'profile': profile,
- 'pid': pid,
- 'status': status
- })
-
- if pretty_output:
- sys.stdout.write(json.dumps(i, sort_keys=True, indent=4, separators=(',', ': ')))
- else:
- sys.stdout.write(json.dumps(i))
-
-def cmd_pretty_json():
- cmd_json(True)
-
-def get_profiles():
- '''Fetch loaded profiles'''
-
- profiles = {}
-
- if os.path.exists("/sys/module/apparmor"):
- stdmsg("apparmor module is loaded.")
- else:
- errormsg("apparmor module is not loaded.")
- sys.exit(1)
-
- apparmorfs = find_apparmorfs()
- if not apparmorfs:
- errormsg("apparmor filesystem is not mounted.")
- sys.exit(3)
-
- apparmor_profiles = os.path.join(apparmorfs, "profiles")
- try:
- f = open(apparmor_profiles)
- except IOError as e:
- if e.errno == errno.EACCES:
- errormsg("You do not have enough privilege to read the profile set.")
- else:
- errormsg("Could not open %s: %s" % (apparmor_profiles, os.strerror(e.errno)))
- sys.exit(4)
-
- for p in f.readlines():
- match = re.search("^(.+)\s+\((\w+)\)$", p)
- profiles[match.group(1)] = match.group(2)
-
- f.close()
-
- return profiles
-
-def get_processes(profiles):
- '''Fetch process list'''
- processes = {}
- contents = os.listdir("/proc")
- for filename in contents:
- if filename.isdigit():
- try:
- for p in open("/proc/%s/attr/current" % filename).readlines():
- match = re.search("^([^\(]+)\s+\((\w+)\)$", p)
- exe = os.path.realpath("/proc/%s/exe" % filename)
- if match:
- processes[filename] = { 'profile' : match.group(1), \
- 'exe': exe, \
- 'mode' : match.group(2) }
- elif exe in profiles:
- # keep only unconfined processes that have a profile defined
- processes[filename] = { 'profile' : exe, \
- 'exe': exe, \
- 'mode' : 'unconfined' }
- except:
- pass
- return processes
-
-def filter_profiles(profiles, status):
- '''Return a list of profiles that have a particular status'''
- filtered = []
- for key, value in list(profiles.items()):
- if value == status:
- filtered.append(key)
- filtered.sort()
- return filtered
-
-def filter_processes(processes, status):
- '''Return a list of processes that have a particular status'''
- filtered = []
- for key, value in list(processes.items()):
- if value['mode'] == status:
- filtered.append([key, value['profile'], value['exe']])
- return filtered
-
-def find_apparmorfs():
- '''Finds AppArmor mount point'''
- for p in open("/proc/mounts","rb").readlines():
- if p.split()[2].decode() == "securityfs" and \
- os.path.exists(os.path.join(p.split()[1].decode(), "apparmor")):
- return os.path.join(p.split()[1].decode(), "apparmor")
- return False
-
-def errormsg(message):
- '''Prints to stderr if verbose mode is on'''
- global verbose
- if verbose:
- sys.stderr.write(message + "\n")
-
-def stdmsg(message):
- '''Prints to stdout if verbose mode is on'''
- global verbose
- if verbose:
- sys.stdout.write(message + "\n")
-
-def print_usage():
- '''Print usage information'''
- sys.stdout.write('''Usage: %s [OPTIONS]
-Displays various information about the currently loaded AppArmor policy.
-OPTIONS (one only):
- --enabled returns error code if AppArmor not enabled
- --profiled prints the number of loaded policies
- --enforced prints the number of loaded enforcing policies
- --complaining prints the number of loaded non-enforcing policies
- --json displays multiple data points in machine-readable JSON format
- --pretty-json same data as --json, formatted for human consumption as well
- --verbose (default) displays multiple data points about loaded policy set
- --help this message
-''' % sys.argv[0])
-
-# Main
-global verbose
-verbose = False
-
-if len(sys.argv) > 2:
- sys.stderr.write("Error: Too many options.\n")
- print_usage()
- sys.exit(1)
-elif len(sys.argv) == 2:
- cmd = sys.argv.pop(1)
-else:
- cmd = '--verbose'
-
-# Command dispatch:
-commands = {
- '--enabled' : cmd_enabled,
- '--profiled' : cmd_profiled,
- '--enforced' : cmd_enforced,
- '--complaining' : cmd_complaining,
- '--json' : cmd_json,
- '--pretty-json' : cmd_pretty_json,
- '--verbose' : cmd_verbose,
- '-v' : cmd_verbose,
- '--help' : print_usage,
- '-h' : print_usage
-}
-
-if cmd in commands:
- commands[cmd]()
- sys.exit(0)
-else:
- sys.stderr.write("Error: Invalid command.\n")
- print_usage()
- sys.exit(1)
-
diff --git a/utils/aa-status.8.html b/utils/aa-status.8.html
deleted file mode 100644
index 8640b8a437dcebbab2a80113df4146fcfe843fe7..0000000000000000000000000000000000000000
--- a/utils/aa-status.8.html
+++ /dev/null
@@ -1,167 +0,0 @@
-<?xml version="1.0" ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title></title>
-<link rel="stylesheet" href="apparmor.css" type="text/css" />
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:root@localhost" />
-</head>
-
-<body>
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-
-
-<ul id="index">
- <li><a href="#NAME">NAME</a></li>
- <li><a href="#SYNOPSIS">SYNOPSIS</a></li>
- <li><a href="#DESCRIPTION">DESCRIPTION</a></li>
- <li><a href="#OPTIONS">OPTIONS</a></li>
- <li><a href="#EXIT-STATUS">EXIT STATUS</a></li>
- <li><a href="#BUGS">BUGS</a></li>
- <li><a href="#SEE-ALSO">SEE ALSO</a></li>
-</ul>
-
-<h1 id="NAME">NAME</h1>
-
-<p>aa-status - display various information about the current AppArmor policy.</p>
-
-<h1 id="SYNOPSIS">SYNOPSIS</h1>
-
-<p><b>aa-status</b> [option]</p>
-
-<h1 id="DESCRIPTION">DESCRIPTION</h1>
-
-<p><b>aa-status</b> will report various aspects of the current state of AppArmor confinement. By default, it displays the same information as if the <i>--verbose</i> argument were given. A sample of what this looks like is:</p>
-
-<pre><code> apparmor module is loaded.
- 110 profiles are loaded.
- 102 profiles are in enforce mode.
- 8 profiles are in complain mode.
- Out of 129 processes running:
- 13 processes have profiles defined.
- 8 processes have profiles in enforce mode.
- 5 processes have profiles in complain mode.</code></pre>
-
-<p>Other argument options are provided to report individual aspects, to support being used in scripts.</p>
-
-<h1 id="OPTIONS">OPTIONS</h1>
-
-<p><b>aa-status</b> accepts only one argument at a time out of:</p>
-
-<dl>
-
-<dt id="enabled">--enabled</dt>
-<dd>
-
-<p>returns error code if AppArmor is not enabled.</p>
-
-</dd>
-<dt id="profiled">--profiled</dt>
-<dd>
-
-<p>displays the number of loaded AppArmor policies.</p>
-
-</dd>
-<dt id="enforced">--enforced</dt>
-<dd>
-
-<p>displays the number of loaded enforcing AppArmor policies.</p>
-
-</dd>
-<dt id="complaining">--complaining</dt>
-<dd>
-
-<p>displays the number of loaded non-enforcing AppArmor policies.</p>
-
-</dd>
-<dt id="verbose">--verbose</dt>
-<dd>
-
-<p>displays multiple data points about loaded AppArmor policy set (the default action if no arguments are given).</p>
-
-</dd>
-<dt id="json">--json</dt>
-<dd>
-
-<p>displays multiple data points about loaded AppArmor policy set in a JSON format, fit for machine consumption.</p>
-
-</dd>
-<dt id="pretty-json">--pretty-json</dt>
-<dd>
-
-<p>same as --json, formatted to be readable by humans as well as by machines.</p>
-
-</dd>
-<dt id="help">--help</dt>
-<dd>
-
-<p>displays a short usage statement.</p>
-
-</dd>
-</dl>
-
-<h1 id="EXIT-STATUS">EXIT STATUS</h1>
-
-<p>Upon exiting, <b>aa-status</b> will set its exit status to the following values:</p>
-
-<dl>
-
-<dt id="pod0"><b>0</b></dt>
-<dd>
-
-<p>if apparmor is enabled and policy is loaded.</p>
-
-</dd>
-<dt id="pod1"><b>1</b></dt>
-<dd>
-
-<p>if apparmor is not enabled/loaded.</p>
-
-</dd>
-<dt id="pod2"><b>2</b></dt>
-<dd>
-
-<p>if apparmor is enabled but no policy is loaded.</p>
-
-</dd>
-<dt id="pod3"><b>3</b></dt>
-<dd>
-
-<p>if the apparmor control files aren't available under /sys/kernel/security/.</p>
-
-</dd>
-<dt id="pod4"><b>4</b></dt>
-<dd>
-
-<p>if the user running the script doesn't have enough privileges to read the apparmor control files.</p>
-
-</dd>
-</dl>
-
-<h1 id="BUGS">BUGS</h1>
-
-<p><b>aa-status</b> must be run as root to read the state of the loaded policy from the apparmor module. It uses the /proc filesystem to determine which processes are confined and so is susceptible to race conditions.</p>
-
-<p>If you find any additional bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
-
-<h1 id="SEE-ALSO">SEE ALSO</h1>
-
-<p>apparmor(7), apparmor.d(5), and <a href="https://wiki.apparmor.net">https://wiki.apparmor.net</a>.</p>
-
-<table border="0" width="100%" cellspacing="0" cellpadding="3">
-<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
-</td></tr>
-</table>
-
-</body>
-
-</html>
-
-
diff --git a/utils/aa-unconfined b/utils/aa-unconfined
index 04073955ee2ca1dccf0897e18ea9eab539333100..3cb0b52b7bd70b0f9b0dda419974c2b5aafa6e10 100755
--- a/utils/aa-unconfined
+++ b/utils/aa-unconfined
@@ -99,6 +99,20 @@ def get_pids_netstat(netstat='netstat'):
return pids
+def read_proc_current(filename):
+ attr = None
+
+ if os.path.exists(filename):
+ with apparmor.common.open_file_read(filename) as current:
+ for line in current:
+ line = line.strip()
+ if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1) or line.endswith(' (kill)', 1): # enforce at least one char as profile name
+ # intentionally not checking for '(unconfined)', because $binary confined by $profile (unconfined) would look very confusing
+ attr = line
+
+ return attr
+
+
pids = set()
if paranoid:
pids = get_all_pids()
@@ -112,13 +126,12 @@ for pid in sorted(map(int, pids)):
prog = os.readlink("/proc/%s/exe" % pid)
except OSError:
continue
- attr = None
- if os.path.exists("/proc/%s/attr/current" % pid):
- with apparmor.common.open_file_read("/proc/%s/attr/current" % pid) as current:
- for line in current:
- line = line.strip()
- if line.endswith(' (complain)', 1) or line.endswith(' (enforce)', 1): # enforce at least one char as profile name
- attr = line
+
+ if os.path.exists("/proc/%s/attr/apparmor/current" % pid):
+ attr = read_proc_current("/proc/%s/attr/apparmor/current" % pid)
+ else:
+ # fallback to shared attr/current if attr/apparmor/current doesn't exist
+ attr = read_proc_current("/proc/%s/attr/current" % pid)
pname = None
cmdline = None
diff --git a/utils/aa-unconfined.8 b/utils/aa-unconfined.8
index 1b907953597abb1eb30f6fc79aa7b2043926d3a6..7392e9e3c9ed2ca853a988a26e3aea68cfe73512 100644
--- a/utils/aa-unconfined.8
+++ b/utils/aa-unconfined.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "AA-UNCONFINED 8"
-.TH AA-UNCONFINED 8 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH AA-UNCONFINED 8 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,16 +152,16 @@ Displays all processes from \fI/proc\fR filesystem with tcp or udp ports
that do not have AppArmor profiles loaded.
.IP "\fB\-\-with\-ss\fR" 4
.IX Item "--with-ss"
-Use the \fIss\fR\|(8) command to find processes listening on network sockets
+Use the \fBss\fR\|(8) command to find processes listening on network sockets
(the default).
.IP "\fB\-\-with\-netstat\fR" 4
.IX Item "--with-netstat"
-Use the \fInetstat\fR\|(8) command to find processes listening on network
-sockets. This is also what aa-unconfined will fall back to when \fIss\fR\|(8)
+Use the \fBnetstat\fR\|(8) command to find processes listening on network
+sockets. This is also what aa-unconfined will fall back to when \fBss\fR\|(8)
is not available.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fBaa-unconfined\fR will use \fInetstat\fR\|(8) to determine which processes have open
+\&\fBaa-unconfined\fR will use \fBnetstat\fR\|(8) to determine which processes have open
network sockets and do not have AppArmor profiles loaded into the kernel.
.SH "BUGS"
.IX Header "BUGS"
@@ -166,14 +170,14 @@ link from the \fI/proc\fR filesystem. This program is susceptible to race
conditions of several flavours: an unlinked executable will be mishandled;
an executable started before an AppArmor profile is loaded will not
appear in the output, despite running without confinement; a process that dies
-between the \fInetstat\fR\|(8) and further checks will be mishandled. This
+between the \fBnetstat\fR\|(8) and further checks will be mishandled. This
program only lists processes using \s-1TCP\s0 and \s-1UDP.\s0 In short, this
program is unsuitable for forensics use and is provided only as an aid
to profiling all network-accessible processes in the lab.
.PP
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIss\fR\|(8), \fInetstat\fR\|(8), \fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa_change_hat\fR\|(2), and
+\&\fBss\fR\|(8), \fBnetstat\fR\|(8), \fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa_change_hat\fR\|(2), and
<https://wiki.apparmor.net>.
diff --git a/utils/aa-unconfined.8.html b/utils/aa-unconfined.8.html
index 9cbab0c367715e8967e4d53751af76ff05eca497..6840327f0c6a114cab9b4d0c11fc2de82dd9b37b 100644
--- a/utils/aa-unconfined.8.html
+++ b/utils/aa-unconfined.8.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</span></strong></big>
</td></tr>
</table>
@@ -66,7 +66,7 @@
<p><b>aa-unconfined</b> must be run as root to retrieve the process executable link from the <i>/proc</i> filesystem. This program is susceptible to race conditions of several flavours: an unlinked executable will be mishandled; an executable started before an AppArmor profile is loaded will not appear in the output, despite running without confinement; a process that dies between the netstat(8) and further checks will be mishandled. This program only lists processes using TCP and UDP. In short, this program is unsuitable for forensics use and is provided only as an aid to profiling all network-accessible processes in the lab.</p>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -74,7 +74,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> aa-unconfined - output a list of processes with tcp or udp ports that do not have AppArmor profiles loaded</span></strong></big>
</td></tr>
</table>
diff --git a/utils/aa-unconfined.pod b/utils/aa-unconfined.pod
index 5f9de502aa0ea69086e78d12a5c30a412b5faab9..469c5ae445c17723195c44d8e316ab66c1b80e4b 100644
--- a/utils/aa-unconfined.pod
+++ b/utils/aa-unconfined.pod
@@ -69,7 +69,7 @@ program is unsuitable for forensics use and is provided only as an aid
to profiling all network-accessible processes in the lab.
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/apparmor/aa.py b/utils/apparmor/aa.py
index a76072ff83f43d479015ec0befea5bf82e0c026d..4ba484dadc86b880169a18e47f0b92e26987dc98 100644
--- a/utils/apparmor/aa.py
+++ b/utils/apparmor/aa.py
@@ -1,6 +1,6 @@
# ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
-# Copyright (C) 2014-2018 Christian Boltz <apparmor@cboltz.de>
+# Copyright (C) 2014-2019 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -32,16 +32,13 @@ from copy import deepcopy
from apparmor.aare import AARE
-from apparmor.common import (AppArmorException, AppArmorBug, open_file_read, valid_path, hasher,
- open_file_write, DebugLogger)
+from apparmor.common import (AppArmorException, AppArmorBug, is_skippable_file, open_file_read, valid_path, hasher,
+ split_name, type_is_str, open_file_write, DebugLogger)
import apparmor.ui as aaui
-from apparmor.aamode import str_to_mode, split_mode
-
-from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
- RE_ABI, RE_PROFILE_ALIAS,
- RE_PROFILE_BOOLEAN, RE_PROFILE_VARIABLE, RE_PROFILE_CONDITIONAL,
+from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END,
+ RE_PROFILE_BOOLEAN, RE_PROFILE_CONDITIONAL,
RE_PROFILE_CONDITIONAL_VARIABLE, RE_PROFILE_CONDITIONAL_BOOLEAN,
RE_PROFILE_CHANGE_HAT,
RE_PROFILE_HAT_DEF, RE_PROFILE_MOUNT,
@@ -51,18 +48,22 @@ from apparmor.regex import (RE_PROFILE_START, RE_PROFILE_END, RE_PROFILE_LINK,
from apparmor.profile_list import ProfileList
-from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletypes, write_abi
+from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, ruletypes
import apparmor.rules as aarules
+from apparmor.rule.abi import AbiRule
+from apparmor.rule.alias import AliasRule
from apparmor.rule.capability import CapabilityRule
from apparmor.rule.change_profile import ChangeProfileRule
from apparmor.rule.dbus import DbusRule
from apparmor.rule.file import FileRule
+from apparmor.rule.include import IncludeRule
from apparmor.rule.network import NetworkRule
from apparmor.rule.ptrace import PtraceRule
from apparmor.rule.rlimit import RlimitRule
from apparmor.rule.signal import SignalRule
+from apparmor.rule.variable import VariableRule
from apparmor.rule import quote_if_needed
# setup module translations
@@ -81,7 +82,6 @@ logfile = None
CONFDIR = None
conf = None
cfg = None
-repo_cfg = None
parser = None
profile_dir = None
@@ -104,16 +104,24 @@ aa = hasher() # Profiles originally in sd, replace by aa
original_aa = hasher()
extras = hasher() # Inactive profiles from extras
### end our
-log_pid = dict() # handed over to ReadLog, gets filled in logparser.py. The only case the previous content of this variable _might_(?) be used is aa-genprof (multiple do_logprof_pass() runs)
-profile_changes = dict()
-prelog = hasher()
changed = dict()
created = []
helpers = dict() # Preserve this between passes # was our
### logprof ends
-filelist = hasher() # File level variables and stuff in config files
+def reset_aa():
+ ''' Reset the most important global variables
+
+ Used by aa-mergeprof and some tests.
+ '''
+
+ global aa, include, active_profiles, original_aa
+
+ aa = hasher()
+ include = dict()
+ active_profiles = ProfileList()
+ original_aa = hasher()
def on_exit():
"""Shutdowns the logger and records exit if debugging enabled"""
@@ -179,7 +187,7 @@ def which(file):
return shutil.which(file)
env_dirs = os.getenv('PATH').split(':')
for env_dir in env_dirs:
- env_path = env_dir + '/' + file
+ env_path = os.path.join(env_dir, file)
# Test if the path is executable or not
if os.access(env_path, os.X_OK):
return env_path
@@ -190,7 +198,7 @@ def get_full_path(original_path):
path = original_path
link_count = 0
if not path.startswith('/'):
- path = os.getcwd() + '/' + path
+ path = os.path.join(os.getcwd(), path)
while os.path.islink(path):
link_count += 1
if link_count > 64:
@@ -202,7 +210,7 @@ def get_full_path(original_path):
path = link
else:
# Link is relative path
- path = direc + '/' + link
+ path = os.path.join(direc, link)
return os.path.realpath(path)
def find_executable(bin_path):
@@ -247,7 +255,7 @@ def get_new_profile_filename(profile):
else:
profile = "profile_" + profile
profile = profile.replace('/', '.')
- full_profilename = profile_dir + '/' + profile
+ full_profilename = os.path.join(profile_dir, profile)
return full_profilename
def name_to_prof_filename(prof_filename):
@@ -284,6 +292,7 @@ def set_complain(filename, program):
# a force-complain symlink is more packaging-friendly, but breaks caching
# create_symlink('force-complain', filename)
delete_symlink('disable', filename)
+ change_profile_flags(filename, program, ['enforce', 'kill', 'unconfined', 'prompt'], False) # remove conflicting mode flags
change_profile_flags(filename, program, 'complain', True)
def set_enforce(filename, program):
@@ -291,7 +300,7 @@ def set_enforce(filename, program):
aaui.UI_Info(_('Setting %s to enforce mode.') % (filename if program is None else program))
delete_symlink('force-complain', filename)
delete_symlink('disable', filename)
- change_profile_flags(filename, program, 'complain', False)
+ change_profile_flags(filename, program, ['complain', 'kill', 'unconfined', 'prompt'], False) # remove conflicting and complain mode flags
def delete_symlink(subdir, filename):
path = filename
@@ -441,16 +450,15 @@ def get_interpreter_and_abstraction(exec_target):
return interpreter_path, abstraction
-def get_inactive_profile(local_profile):
- if extras.get(local_profile, False):
- return {local_profile: extras[local_profile]}
- return dict()
-
def create_new_profile(localfile, is_stub=False):
local_profile = hasher()
local_profile[localfile] = ProfileStorage('NEW', localfile, 'create_new_profile()')
local_profile[localfile]['flags'] = 'complain'
- local_profile[localfile]['include']['abstractions/base'] = 1
+
+ if os.path.join(profile_dir, 'abstractions/base') in include:
+ local_profile[localfile]['inc_ie'].add(IncludeRule('abstractions/base', False, True))
+ else:
+ aaui.UI_Important(_("WARNING: Can't find %s, therefore not adding it to the new profile.") % 'abstractions/base')
if os.path.exists(localfile) and os.path.isfile(localfile):
interpreter_path, abstraction = get_interpreter_and_abstraction(localfile)
@@ -460,7 +468,10 @@ def create_new_profile(localfile, is_stub=False):
local_profile[localfile]['file'].add(FileRule(interpreter_path, None, 'ix', FileRule.ALL, owner=False))
if abstraction:
- local_profile[localfile]['include'][abstraction] = True
+ if os.path.join(profile_dir, abstraction) in include:
+ local_profile[localfile]['inc_ie'].add(IncludeRule(abstraction, False, True))
+ else:
+ aaui.UI_Important(_("WARNING: Can't find %s, therefore not adding it to the new profile.") % abstraction)
handle_binfmt(local_profile[localfile], interpreter_path)
else:
@@ -501,50 +512,33 @@ def confirm_and_abort():
sys.exit(0)
def get_profile(prof_name):
- profile_data = None
- distro = cfg['repository']['distro']
- repo_url = cfg['repository']['url']
- # local_profiles = []
- profile_hash = hasher()
- if repo_is_enabled():
- aaui.UI_BusyStart(_('Connecting to repository...'))
- status_ok, ret = fetch_profiles_by_name(repo_url, distro, prof_name)
- aaui.UI_BusyStop()
- if status_ok:
- profile_hash = ret
- else:
- aaui.UI_Important(_('WARNING: Error fetching profiles from the repository'))
- inactive_profile = get_inactive_profile(prof_name)
- if inactive_profile:
- uname = 'Inactive local profile for %s' % prof_name
- inactive_profile[prof_name][prof_name]['flags'] = 'complain'
- orig_filename = inactive_profile[prof_name][prof_name]['filename'] # needed for CMD_VIEW_PROFILE
- inactive_profile[prof_name][prof_name]['filename'] = ''
- profile_hash[uname]['username'] = uname
- profile_hash[uname]['profile_type'] = 'INACTIVE_LOCAL'
- profile_hash[uname]['profile'] = serialize_profile(inactive_profile[prof_name], prof_name, None)
- profile_hash[uname]['profile_data'] = inactive_profile
-
- # no longer necessary after splitting active and extra profiles
- # existing_profiles.pop(prof_name) # remove profile filename from list to force storing in /etc/apparmor.d/ instead of extra_profile_dir
-
- # If no profiles in repo and no inactive profiles
- if not profile_hash.keys():
- return None
- options = []
- tmp_list = []
- preferred_present = False
- preferred_user = cfg['repository'].get('preferred_user', 'NOVELL')
-
- for p in profile_hash.keys():
- if profile_hash[p]['username'] == preferred_user:
- preferred_present = True
- else:
- tmp_list.append(profile_hash[p]['username'])
-
- if preferred_present:
- options.append(preferred_user)
- options += tmp_list
+ '''search for inactive/extra profile, and ask if it should be used'''
+
+ if not extras.get(prof_name, False):
+ return None # no inactive profile found
+
+ # TODO: search based on the attachment, not (only?) based on the profile name
+ # (Note: in theory, multiple inactive profiles (with different profile names) could exist for a binary.)
+ inactive_profile = {prof_name: extras[prof_name]}
+ inactive_profile[prof_name][prof_name]['flags'] = 'complain'
+ orig_filename = inactive_profile[prof_name][prof_name]['filename'] # needed for CMD_VIEW_PROFILE
+ inactive_profile[prof_name][prof_name]['filename'] = ''
+
+ # ensure active_profiles has the /etc/apparmor.d/ filename initialized
+ # TODO: ideally serialize_profile() shouldn't always use active_profiles
+ prof_filename = get_new_profile_filename(prof_name)
+ if not active_profiles.files.get(prof_filename):
+ active_profiles.init_file(prof_filename)
+
+ uname = 'Inactive local profile for %s' % prof_name
+ profile_hash = {
+ uname: {
+ 'profile': serialize_profile(inactive_profile[prof_name], prof_name, {}),
+ 'profile_data': inactive_profile,
+ }
+ }
+
+ options = [uname]
q = aaui.PromptQuestion()
q.headers = ['Profile', prof_name]
@@ -561,36 +555,13 @@ def get_profile(prof_name):
if ans == 'CMD_VIEW_PROFILE':
aaui.UI_ShowFile(uname, orig_filename)
elif ans == 'CMD_USE_PROFILE':
- if p['profile_type'] == 'INACTIVE_LOCAL':
- profile_data = p['profile_data']
- created.append(prof_name)
- else:
- profile_data = parse_repo_profile(prof_name, repo_url, p)
- return profile_data
+ created.append(prof_name)
+ return p['profile_data']
-def activate_repo_profiles(url, profiles, complain):
- read_profiles()
- try:
- for p in profiles:
- pname = p[0]
- profile_data = parse_repo_profile(pname, url, p[1])
- attach_profile_data(aa, profile_data)
- write_profile(pname)
- if complain:
- fname = get_profile_filename_from_profile_name(pname, True)
- change_profile_flags(profile_dir + fname, None, 'complain', True)
- aaui.UI_Info(_('Setting %s to complain mode.') % pname)
- except Exception as e:
- sys.stderr.write(_("Error activating profiles: %s") % e)
+ return None # CMD_CREATE_PROFILE chosen
def autodep(bin_name, pname=''):
bin_full = None
- global repo_cfg
- if not repo_cfg and not cfg['repository'].get('url', False):
- repo_conf = apparmor.config.Config('shell', CONFDIR)
- repo_cfg = repo_conf.read_config('repository.conf')
- if not repo_cfg.get('repository', False) or repo_cfg['repository']['enabled'] == 'later':
- UI_ask_to_enable_repo()
if bin_name:
bin_full = find_executable(bin_name)
#if not bin_full:
@@ -610,15 +581,21 @@ def autodep(bin_name, pname=''):
if not profile_data:
profile_data = create_new_profile(pname)
file = get_profile_filename_from_profile_name(pname, True)
- profile_data[pname][pname]['filename'] = None # will be stored in /etc/apparmor.d when saving, so it shouldn't carry the extra_profile_dir filename
+ profile_data[pname][pname]['filename'] = file # change filename from extra_profile_dir to /etc/apparmor.d/
+
attach_profile_data(aa, profile_data)
attach_profile_data(original_aa, profile_data)
+
+ attachment = profile_data[pname][pname]['attachment']
+ if not attachment and pname.startswith('/'):
+ active_profiles.add_profile(file, pname, pname) # use name as name and attachment
+ else:
+ active_profiles.add_profile(file, pname, attachment)
+
+ if os.path.isfile(profile_dir + '/abi/3.0'):
+ active_profiles.add_abi(file, AbiRule('abi/3.0', False, True))
if os.path.isfile(profile_dir + '/tunables/global'):
- if not filelist.get(file, False):
- filelist[file] = hasher()
- filelist[file]['include']['tunables/global'] = True
- filelist[file]['profiles'][pname] = hasher()
- filelist[file]['profiles'][pname][pname] = True
+ active_profiles.add_inc_ie(file, IncludeRule('tunables/global', False, True))
write_profile_ui_feedback(pname)
def get_profile_flags(filename, program):
@@ -648,7 +625,7 @@ def change_profile_flags(prof_filename, program, flag, set_flag):
found = False
- if not flag or flag.strip() == '':
+ if not flag or (type_is_str(flag) and flag.strip() == ''):
raise AppArmorBug('New flag for %s is empty' % prof_filename)
with open_file_read(prof_filename) as f_in:
@@ -678,6 +655,7 @@ def change_profile_flags(prof_filename, program, flag, set_flag):
'flags': newflags,
'profile_keyword': matches['profile_keyword'],
'header_comment': matches['comment'] or '',
+ 'xattrs': matches['xattrs'],
}
line = write_header(header_data, len(space)/2, profile, False, True)
line = '%s\n' % line[0]
@@ -721,146 +699,6 @@ def profile_exists(program):
# return True
return False
-def sync_profile():
- user, passw = get_repo_user_pass()
- if not user or not passw:
- return None
- repo_profiles = []
- changed_profiles = []
- new_profiles = []
- serialize_opts = dict()
- status_ok, ret = fetch_profiles_by_user(cfg['repository']['url'],
- cfg['repository']['distro'], user)
- if not status_ok:
- if not ret:
- ret = 'UNKNOWN ERROR'
- aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository:\n%s\n') % ret)
- else:
- users_repo_profiles = ret
- serialize_opts['NO_FLAGS'] = True
- for prof in sorted(aa.keys()):
- if is_repo_profile([aa[prof][prof]]):
- repo_profiles.append(prof)
- if prof in created:
- p_local = serialize_profile(aa[prof], prof, serialize_opts)
- if not users_repo_profiles.get(prof, False):
- new_profiles.append(prof)
- new_profiles.append(p_local)
- new_profiles.append('')
- else:
- p_repo = users_repo_profiles[prof]['profile']
- if p_local != p_repo:
- changed_profiles.append(prof)
- changed_profiles.append(p_local)
- changed_profiles.append(p_repo)
- if repo_profiles:
- for prof in repo_profiles:
- p_local = serialize_profile(aa[prof], prof, serialize_opts)
- if not users_repo_profiles.get(prof, False):
- new_profiles.append(prof)
- new_profiles.append(p_local)
- new_profiles.append('')
- else:
- p_repo = ''
- if aa[prof][prof]['repo']['user'] == user:
- p_repo = users_repo_profiles[prof]['profile']
- else:
- status_ok, ret = fetch_profile_by_id(cfg['repository']['url'],
- aa[prof][prof]['repo']['id'])
- if status_ok:
- p_repo = ret['profile']
- else:
- if not ret:
- ret = 'UNKNOWN ERROR'
- aaui.UI_Important(_('WARNING: Error synchronizing profiles with the repository\n%s') % ret)
- continue
- if p_repo != p_local:
- changed_profiles.append(prof)
- changed_profiles.append(p_local)
- changed_profiles.append(p_repo)
- if changed_profiles:
- submit_changed_profiles(changed_profiles)
- if new_profiles:
- submit_created_profiles(new_profiles)
-
-def fetch_profile_by_id(url, id):
- #To-Do
- return None, None
-
-def fetch_profiles_by_name(url, distro, user):
- #to-Do
- return None, None
-
-def fetch_profiles_by_user(url, distro, user):
- #to-Do
- return None, None
-
-def submit_created_profiles(new_profiles):
- #url = cfg['repository']['url']
- if new_profiles:
- title = 'Submit newly created profiles to the repository'
- message = 'Would you like to upload newly created profiles?'
- console_select_and_upload_profiles(title, message, new_profiles)
-
-def submit_changed_profiles(changed_profiles):
- #url = cfg['repository']['url']
- if changed_profiles:
- title = 'Submit changed profiles to the repository'
- message = 'The following profiles from the repository were changed.\nWould you like to upload your changes?'
- console_select_and_upload_profiles(title, message, changed_profiles)
-
-def upload_profile(url, user, passw, distro, p, profile_string, changelog):
- # To-Do
- return None, None
-
-def console_select_and_upload_profiles(title, message, profiles_up):
- url = cfg['repository']['url']
- profiles = profiles_up[:]
- q = aaui.PromptQuestion()
- q.title = title
- q.headers = ['Repository', url]
- q.explanation = message
- q.functions = ['CMD_UPLOAD_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ASK_LATER',
- 'CMD_ASK_NEVER', 'CMD_ABORT']
- q.default = 'CMD_VIEW_CHANGES'
- q.options = [i[0] for i in profiles]
- q.selected = 0
- ans = ''
- while 'CMD_UPLOAD_CHANGES' not in ans and 'CMD_ASK_NEVER' not in ans and 'CMD_ASK_LATER' not in ans:
- ans, arg = q.promptUser()
- if ans == 'CMD_VIEW_CHANGES':
- aaui.UI_Changes(profiles[arg][2], profiles[arg][1])
- if ans == 'CMD_NEVER_ASK':
- set_profiles_local_only([i[0] for i in profiles])
- elif ans == 'CMD_UPLOAD_CHANGES':
- changelog = aaui.UI_GetString(_('Changelog Entry: '), '')
- user, passw = get_repo_user_pass()
- if user and passw:
- for p_data in profiles:
- prof = p_data[0]
- prof_string = p_data[1]
- status_ok, ret = upload_profile(url, user, passw,
- cfg['repository']['distro'],
- prof, prof_string, changelog)
- if status_ok:
- newprof = ret
- newid = newprof['id']
- set_repo_info(aa[prof][prof], url, user, newid)
- write_profile_ui_feedback(prof)
- aaui.UI_Info('Uploaded %s to repository' % prof)
- else:
- if not ret:
- ret = 'UNKNOWN ERROR'
- aaui.UI_Important(_('WARNING: An error occurred while uploading the profile %(profile)s\n%(ret)s') % { 'profile': prof, 'ret': ret })
- else:
- aaui.UI_Important(_('Repository Error\nRegistration or Signin was unsuccessful. User login\ninformation is required to upload profiles to the repository.\nThese changes could not be sent.'))
-
-def set_profiles_local_only(profiles):
- for p in profiles:
- aa[profiles][profiles]['repo']['neversubmit'] = True
- write_profile_ui_feedback(profiles)
-
-
def build_x_functions(default, options, exec_toggle):
ret_list = []
fallback_toggle = False
@@ -902,50 +740,20 @@ def build_x_functions(default, options, exec_toggle):
ret_list += ['CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED']
return ret_list
-def handle_children(profile, hat, root):
- entries = root[:]
- pid = None
- p = None
- h = None
- prog = None
- aamode = None
- mode = None
- detail = None
- to_name = None
- uhat = None
- capability = None
- family = None
- sock_type = None
- protocol = None
- regex_nullcomplain = re.compile('^null(-complain)*-profile$')
-
- for entry in entries:
- if type(entry[0]) != str:
- handle_children(profile, hat, entry)
- else:
- typ = entry.pop(0)
- if typ == 'fork':
- # If type is fork then we (should) have pid, profile and hat
- pid, p, h = entry[:3]
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if hat:
- profile_changes[pid] = profile + '//' + hat
- else:
- profile_changes[pid] = profile
- elif typ == 'unknown_hat':
- # If hat is not known then we (should) have pid, profile, hat, mode and unknown hat in entry
- pid, p, h, aamode, uhat = entry[:5]
- if not regex_nullcomplain.search(p):
- profile = p
- if aa[profile].get(uhat, False):
- hat = uhat
- continue
- new_p = update_repo_profile(aa[profile][profile])
- if new_p and UI_SelectUpdatedRepoProfile(profile, new_p) and aa[profile].get(uhat, False):
- hat = uhat
- continue
+def ask_addhat(hashlog):
+ '''ask the user about change_hat events (requests to add a hat)'''
+
+ for aamode in hashlog:
+ for profile in hashlog[aamode]:
+ if '//' in hashlog[aamode][profile]['final_name'] and hashlog[aamode][profile]['change_hat'].keys():
+ aaui.UI_Important('Ignoring change_hat event for %s, nested profiles are not supported yet.' % profile)
+ continue
+
+ for full_hat in hashlog[aamode][profile]['change_hat']:
+ hat = full_hat.split('//')[-1]
+
+ if aa[profile].get(hat, False):
+ continue # no need to ask if the hat already exists
default_hat = None
for hatglob in cfg.options('defaulthat'):
@@ -953,7 +761,7 @@ def handle_children(profile, hat, root):
default_hat = cfg['defaulthat'][hatglob]
context = profile
- context = context + ' -> ^%s' % uhat
+ context = context + ' -> ^%s' % hat
ans = transitions.get(context, 'XXXINVALIDXXX')
while ans not in ['CMD_ADDHAT', 'CMD_USEDEFAULT', 'CMD_DENY']:
@@ -963,7 +771,7 @@ def handle_children(profile, hat, root):
if default_hat:
q.headers += [_('Default Hat'), default_hat]
- q.headers += [_('Requested Hat'), uhat]
+ q.headers += [_('Requested Hat'), hat]
q.functions.append('CMD_ADDHAT')
if default_hat:
@@ -983,89 +791,42 @@ def handle_children(profile, hat, root):
transitions[context] = ans
if ans == 'CMD_ADDHAT':
- hat = uhat
- aa[profile][hat] = ProfileStorage(profile, hat, 'handle_children addhat')
+ aa[profile][hat] = ProfileStorage(profile, hat, 'ask_addhat addhat')
aa[profile][hat]['flags'] = aa[profile][profile]['flags']
+ hashlog[aamode][full_hat]['final_name'] = '%s//%s' % (profile, hat)
changed[profile] = True
elif ans == 'CMD_USEDEFAULT':
hat = default_hat
+ hashlog[aamode][full_hat]['final_name'] = '%s//%s' % (profile, default_hat)
+ if not aa[profile].get(hat, False):
+ # create default hat if it doesn't exist yet
+ aa[profile][hat] = ProfileStorage(profile, hat, 'ask_addhat default hat')
+ aa[profile][hat]['flags'] = aa[profile][profile]['flags']
+ changed[profile] = True
elif ans == 'CMD_DENY':
# As unknown hat is denied no entry for it should be made
+ hashlog[aamode][full_hat]['final_name'] = ''
continue
- elif typ == 'capability':
- # If capability then we (should) have pid, profile, hat, program, mode, capability
- pid, p, h, prog, aamode, capability = entry[:6]
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not profile or not hat:
- continue
- prelog[aamode][profile][hat]['capability'][capability] = True
-
- elif typ == 'dbus':
- # If dbus then we (should) have pid, profile, hat, program, mode, access, bus, name, path, interface, member, peer_profile
- pid, p, h, prog, aamode, access, bus, path, name, interface, member, peer_profile = entry
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not profile or not hat:
- continue
- prelog[aamode][profile][hat]['dbus'][access][bus][path][name][interface][member][peer_profile] = True
-
- elif typ == 'ptrace':
- # If ptrace then we (should) have pid, profile, hat, program, mode, access and peer
- pid, p, h, prog, aamode, access, peer = entry
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not profile or not hat:
- continue
- prelog[aamode][profile][hat]['ptrace'][peer][access] = True
-
- elif typ == 'signal':
- # If signal then we (should) have pid, profile, hat, program, mode, access, signal and peer
- pid, p, h, prog, aamode, access, signal, peer = entry
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not profile or not hat:
- continue
- prelog[aamode][profile][hat]['signal'][peer][access][signal] = True
-
- elif typ == 'path' or typ == 'exec':
- # If path or exec then we (should) have pid, profile, hat, program, mode, details and to_name
- pid, p, h, prog, aamode, mode, detail, to_name = entry[:8]
- if not mode:
- mode = set()
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not profile or not hat or not detail:
- continue
+def ask_exec(hashlog):
+ '''ask the user about exec events (requests to execute another program) and which exec mode to use'''
- # Give Execute dialog if x access requested for something that's not a directory
- # For directories force an 'ix' Path dialog
- do_execute = False
- exec_target = detail
+ for aamode in hashlog:
+ for profile in hashlog[aamode]:
+ if '//' in hashlog[aamode][profile]['final_name'] and hashlog[aamode][profile]['exec'].keys():
+ # TODO: is this really needed? Or would removing Cx from the options be good enough?
+ aaui.UI_Important('WARNING: Ignoring exec event in %s, nested profiles are not supported yet.' % hashlog[aamode][profile]['final_name'])
+ continue
- if mode & str_to_mode('x'):
- if os.path.isdir(exec_target):
- raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
- elif typ != 'exec':
- raise AppArmorBug('exec permissions requested for %(exec_target)s, but mode is %(mode)s instead of exec. This should not happen - please open a bugreport!' % {'exec_target': exec_target, 'mode':mode})
- else:
- do_execute = True
- domainchange = 'change'
+ hat = profile # XXX temporary solution to avoid breaking the existing code
- if mode and mode != str_to_mode('x'): # x is already handled in handle_children, so it must not become part of prelog
- path = detail
+ for exec_target in hashlog[aamode][profile]['exec']:
+ for target_profile in hashlog[aamode][profile]['exec'][exec_target]:
+ to_name = ''
- if prelog[aamode][profile][hat]['path'].get(path, False):
- mode |= prelog[aamode][profile][hat]['path'][path]
- prelog[aamode][profile][hat]['path'][path] = mode
+ if os.path.isdir(exec_target):
+ raise AppArmorBug('exec permissions requested for directory %s. This should not happen - please open a bugreport!' % exec_target)
- if do_execute:
if not aa[profile][hat]:
continue # ignore log entries for non-existing profiles
@@ -1073,19 +834,6 @@ def handle_children(profile, hat, root):
if is_known_rule(aa[profile][hat], 'file', exec_event):
continue
- p = update_repo_profile(aa[profile][profile])
- if to_name:
- if UI_SelectUpdatedRepoProfile(profile, p) and is_known_rule(aa[profile][hat], 'file', exec_event): # we need an exec_event with target=to_name here
- continue
- else:
- if UI_SelectUpdatedRepoProfile(profile, p) and is_known_rule(aa[profile][hat], 'file', exec_event): # we need an exec_event with target=exec_target here
- continue
-
- context_new = profile
- if profile != hat:
- context_new = context_new + '^%s' % hat
- context_new = context_new + ' -> %s' % exec_target
-
# nx is not used in profiles but in log files.
# Log parsing methods will convert it to its profile form
# nx is internally cx/px/cix/pix + to_name
@@ -1094,8 +842,6 @@ def handle_children(profile, hat, root):
if True:
options = cfg['qualifiers'].get(exec_target, 'ipcnu')
- if to_name:
- fatal_error(_('%s has transition name but not transition mode') % entry)
### If profiled program executes itself only 'ix' option
##if exec_target == profile:
@@ -1122,22 +868,23 @@ def handle_children(profile, hat, root):
#
parent_uses_ld_xxx = check_for_LD_XXX(profile)
- sev_db.unload_variables()
- sev_db.load_variables(get_profile_filename_from_profile_name(profile, True))
+ prof_filename = get_profile_filename_from_profile_name(profile)
+ if prof_filename and active_profiles.files.get(prof_filename):
+ sev_db.set_variables(active_profiles.get_all_merged_variables(prof_filename, include_list_recursive(active_profiles.files[prof_filename])))
+ else:
+ sev_db.set_variables( {} )
+
severity = sev_db.rank_path(exec_target, 'x')
# Prompt portion starts
q = aaui.PromptQuestion()
q.headers += [_('Profile'), combine_name(profile, hat)]
- if prog and prog != 'HINT':
- q.headers += [_('Program'), prog]
# to_name should not exist here since, transitioning is already handeled
q.headers += [_('Execute'), exec_target]
q.headers += [_('Severity'), severity]
- # prompt = '\n%s\n' % context_new # XXX
exec_toggle = False
q.functions += build_x_functions(default, options, exec_toggle)
@@ -1204,9 +951,10 @@ def handle_children(profile, hat, root):
if ans == 'CMD_DENY':
aa[profile][hat]['file'].add(FileRule(exec_target, None, 'x', FileRule.ALL, owner=False, log_event=True, deny=True))
changed[profile] = True
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = ''
# Skip remaining events if they ask to deny exec
- if domainchange == 'change':
- return None
+ continue
if ans != 'CMD_DENY':
if to_name:
@@ -1222,29 +970,34 @@ def handle_children(profile, hat, root):
interpreter_path, abstraction = get_interpreter_and_abstraction(exec_target)
if interpreter_path:
- aa[profile][hat]['file'].add(FileRule(exec_target, 'r', None, FileRule.ALL, owner=False))
- aa[profile][hat]['file'].add(FileRule(interpreter_path, None, 'ix', FileRule.ALL, owner=False))
+ exec_target_rule = FileRule(exec_target, 'r', None, FileRule.ALL, owner=False)
+ interpreter_rule = FileRule(interpreter_path, None, 'ix', FileRule.ALL, owner=False)
+
+ if not is_known_rule(aa[profile][hat], 'file', exec_target_rule):
+ aa[profile][hat]['file'].add(exec_target_rule)
+ if not is_known_rule(aa[profile][hat], 'file', interpreter_rule):
+ aa[profile][hat]['file'].add(interpreter_rule)
if abstraction:
- aa[profile][hat]['include'][abstraction] = True
+ abstraction_rule = IncludeRule(abstraction, False, True)
+
+ if not aa[profile][hat]['inc_ie'].is_covered(abstraction_rule):
+ aa[profile][hat]['inc_ie'].add(abstraction_rule)
handle_binfmt(aa[profile][hat], interpreter_path)
# Update tracking info based on kind of change
if ans == 'CMD_ix':
- if hat:
- profile_changes[pid] = '%s//%s' % (profile, hat)
- else:
- profile_changes[pid] = '%s//' % profile
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = profile
+
elif re.search('^CMD_(px|nx|pix|nix)', ans):
if to_name:
exec_target = to_name
- if aamode == 'PERMITTING':
- if domainchange == 'change':
- profile = exec_target
- hat = exec_target
- profile_changes[pid] = '%s' % profile
+
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = exec_target
# Check profile exists for px
if not os.path.exists(get_profile_filename_from_attachment(exec_target, True)):
@@ -1258,95 +1011,39 @@ def handle_children(profile, hat, root):
else:
autodep(exec_target, '')
reload_base(exec_target)
+ else:
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = profile # not creating the target profile effectively results in ix mode
+
elif ans.startswith('CMD_cx') or ans.startswith('CMD_cix'):
if to_name:
exec_target = to_name
- if aamode == 'PERMITTING':
- if domainchange == 'change':
- profile_changes[pid] = '%s//%s' % (profile, exec_target)
if not aa[profile].get(exec_target, False):
ynans = 'y'
if 'i' in exec_mode:
ynans = aaui.UI_YesNo(_('A profile for %s does not exist.\nDo you want to create one?') % exec_target, 'n')
if ynans == 'y':
- hat = exec_target
- if not aa[profile].get(hat, False):
- stub_profile = create_new_profile(hat, True)
- aa[profile][hat] = stub_profile[hat][hat]
-
- aa[profile][hat]['profile'] = True
+ if not aa[profile].get(exec_target, False):
+ stub_profile = create_new_profile(exec_target, True)
+ aa[profile][exec_target] = stub_profile[exec_target][exec_target]
- if profile != hat:
- aa[profile][hat]['flags'] = aa[profile][profile]['flags']
+ aa[profile][exec_target]['profile'] = True
- aa[profile][hat]['flags'] = 'complain'
+ if profile != exec_target:
+ aa[profile][exec_target]['flags'] = aa[profile][profile]['flags']
- file_name = aa[profile][profile]['filename']
- filelist[file_name]['profiles'][profile][hat] = True
+ aa[profile][exec_target]['flags'] = 'complain'
- elif ans.startswith('CMD_ux'):
- profile_changes[pid] = 'unconfined'
- if domainchange == 'change':
- return None
-
- elif typ == 'netdomain':
- # If netdomain we (should) have pid, profile, hat, program, mode, network family, socket type and protocol
- pid, p, h, prog, aamode, family, sock_type, protocol = entry[:8]
-
- if not regex_nullcomplain.search(p) and not regex_nullcomplain.search(h):
- profile = p
- hat = h
- if not hat or not profile:
- continue
- if family and sock_type:
- prelog[aamode][profile][hat]['netdomain'][family][sock_type] = True
-
- return None
-
-##### Repo related functions
-
-def UI_SelectUpdatedRepoProfile(profile, p):
- # To-Do
- return False
-
-def UI_repo_signup():
- # To-Do
- return None, None
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = '%s//%s' % (profile, exec_target)
-def UI_ask_to_enable_repo():
- # To-Do
- pass
-
-def UI_ask_to_upload_profiles():
- # To-Do
- pass
-
-def parse_repo_profile(fqdbin, repo_url, profile):
- # To-Do
- pass
-
-def set_repo_info(profile_data, repo_url, username, iden):
- # To-Do
- pass
-
-def is_repo_profile(profile_data):
- # To-Do
- pass
-
-def get_repo_user_pass():
- # To-Do
- pass
-def get_preferred_user(repo_url):
- # To-Do
- pass
-def repo_is_enabled():
- # To-Do
- return False
+ else:
+ if target_profile and hashlog[aamode].get(target_profile):
+ hashlog[aamode][target_profile]['final_name'] = profile # not creating the target profile effectively results in ix mode
-def update_repo_profile(profile):
- # To-Do
- return None
+ elif ans.startswith('CMD_ux'):
+ continue
def order_globs(globs, original_path):
"""Returns the globs in sorted order, more specific behind"""
@@ -1375,13 +1072,11 @@ def ask_the_questions(log_dict):
raise AppArmorBug(_('Invalid mode found: %s') % aamode)
for profile in sorted(log_dict[aamode].keys()):
- # Update the repo profiles
- p = update_repo_profile(aa[profile][profile])
- if p:
- UI_SelectUpdatedRepoProfile(profile, p)
-
- sev_db.unload_variables()
- sev_db.load_variables(get_profile_filename_from_profile_name(profile, True))
+ prof_filename = get_profile_filename_from_profile_name(profile)
+ if prof_filename and active_profiles.files.get(prof_filename):
+ sev_db.set_variables(active_profiles.get_all_merged_variables(prof_filename, include_list_recursive(active_profiles.files[prof_filename])))
+ else:
+ sev_db.set_variables( {} )
# Sorted list of hats with the profile name coming first
hats = list(filter(lambda key: key != profile, sorted(log_dict[aamode][profile].keys())))
@@ -1429,60 +1124,46 @@ def ask_the_questions(log_dict):
aa[profile][hat] = ProfileStorage(profile, hat, 'mergeprof ask_the_questions() - missing hat')
aa[profile][hat]['profile'] = False
- #Add the includes from the other profile to the user profile
- done = False
-
- options = []
- for inc in log_dict[aamode][profile][hat]['include'].keys():
- if not inc in aa[profile][hat]['include'].keys():
- if inc.startswith('/'):
- options.append('#include "%s"' %inc)
- else:
- options.append('#include <%s>' %inc)
-
- default_option = 1
-
- q = aaui.PromptQuestion()
- q.options = options
- q.selected = default_option - 1
- q.headers = [_('File includes'), _('Select the ones you wish to add')]
- q.functions = ['CMD_ALLOW', 'CMD_IGNORE_ENTRY', 'CMD_ABORT', 'CMD_FINISHED']
- q.default = 'CMD_ALLOW'
-
- while not done and options:
- ans, selected = q.promptUser()
- if ans == 'CMD_IGNORE_ENTRY':
- done = True
- elif ans == 'CMD_ALLOW':
- selection = options[selected]
- inc = re_match_include(selection)
- deleted = apparmor.aa.delete_duplicates(aa[profile][hat], inc)
- aa[profile][hat]['include'][inc] = True
- options.pop(selected)
- aaui.UI_Info(_('Adding %s to the file.') % selection)
- if deleted:
- aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
- elif ans == 'CMD_FINISHED':
- return
-
# check for and ask about conflicting exec modes
ask_conflict_mode(profile, hat, aa[profile][hat], log_dict[aamode][profile][hat])
- for ruletype in ruletypes:
- for rule_obj in log_dict[aamode][profile][hat][ruletype].rules:
+ prof_changed, end_profiling = ask_rule_questions(log_dict[aamode][profile][hat], combine_name(profile, hat), aa[profile][hat], ruletypes)
+ if prof_changed:
+ changed[profile] = True
+ if end_profiling:
+ return # end profiling loop
+
+def ask_rule_questions(prof_events, profile_name, the_profile, r_types):
+ ''' ask questions about rules to add to a single profile/hat
+
+ parameter typical value
+ prof_events log_dict[aamode][profile][hat]
+ profile_name profile name (possible profile//hat)
+ the_profile aa[profile][hat] -- will be modified
+ r_types ruletypes
+
+ returns:
+ changed True if the profile was changed
+ end_profiling True if the user wants to end profiling
+ '''
+
+ changed = False
+
+ for ruletype in r_types:
+ for rule_obj in prof_events[ruletype].rules:
- if is_known_rule(aa[profile][hat], ruletype, rule_obj):
+ if is_known_rule(the_profile, ruletype, rule_obj):
continue
default_option = 1
options = []
- newincludes = match_includes(aa[profile][hat], ruletype, rule_obj)
+ newincludes = match_includes(the_profile, ruletype, rule_obj)
q = aaui.PromptQuestion()
if newincludes:
- options += list(map(lambda inc: '#include <%s>' % inc, sorted(set(newincludes))))
+ options += list(map(lambda inc: 'include <%s>' % inc, sorted(set(newincludes))))
if ruletype == 'file' and rule_obj.path:
- options += propose_file_rules(aa[profile][hat], rule_obj)
+ options += propose_file_rules(the_profile, rule_obj)
else:
options.append(rule_obj.get_clean())
@@ -1490,7 +1171,7 @@ def ask_the_questions(log_dict):
while not done:
q.options = options
q.selected = default_option - 1
- q.headers = [_('Profile'), combine_name(profile, hat)]
+ q.headers = [_('Profile'), profile_name]
q.headers += rule_obj.logprof_header()
# Load variables into sev_db? Not needed/used for capabilities and network rules.
@@ -1515,7 +1196,7 @@ def ask_the_questions(log_dict):
break
elif ans == 'CMD_FINISHED':
- return
+ return changed, True
elif ans.startswith('CMD_AUDIT'):
if ans == 'CMD_AUDIT_NEW':
@@ -1539,13 +1220,13 @@ def ask_the_questions(log_dict):
elif ans == 'CMD_ALLOW':
done = True
- changed[profile] = True
+ changed = True
inc = re_match_include(selection)
if inc:
- deleted = delete_duplicates(aa[profile][hat], inc)
+ deleted = delete_all_duplicates(the_profile, inc, r_types)
- aa[profile][hat]['include'][inc] = True
+ the_profile['inc_ie'].add(IncludeRule.parse(selection))
aaui.UI_Info(_('Adding %s to profile.') % selection)
if deleted:
@@ -1553,7 +1234,7 @@ def ask_the_questions(log_dict):
else:
rule_obj = selection_to_rule_obj(rule_obj, selection)
- deleted = aa[profile][hat][ruletype].add(rule_obj, cleanup=True)
+ deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
if deleted:
@@ -1565,12 +1246,12 @@ def ask_the_questions(log_dict):
else:
done = True
- changed[profile] = True
+ changed = True
rule_obj = selection_to_rule_obj(rule_obj, selection)
rule_obj.deny = True
rule_obj.raw_rule = None # reset raw rule after manually modifying rule_obj
- deleted = aa[profile][hat][ruletype].add(rule_obj, cleanup=True)
+ deleted = the_profile[ruletype].add(rule_obj, cleanup=True)
aaui.UI_Info(_('Adding %s to profile.') % rule_obj.get_clean())
if deleted:
aaui.UI_Info(_('Deleted %s previous matching profile entries.') % deleted)
@@ -1613,6 +1294,8 @@ def ask_the_questions(log_dict):
else:
done = False
+ return changed, False
+
def selection_to_rule_obj(rule_obj, selection):
rule_type = type(rule_obj)
return rule_type.parse(selection)
@@ -1689,19 +1372,15 @@ def add_to_options(options, newpath):
default_option = options.index(newpath) + 1
return (options, default_option)
-def delete_duplicates(profile, incname):
+def delete_all_duplicates(profile, incname, r_types):
deleted = 0
# Allow rules covered by denied rules shouldn't be deleted
# only a subset allow rules may actually be denied
if include.get(incname, False):
- for rule_type in ruletypes:
+ for rule_type in r_types:
deleted += profile[rule_type].delete_duplicates(include[incname][incname][rule_type])
- elif filelist.get(incname, False):
- for rule_type in ruletypes:
- deleted += profile[rule_type].delete_duplicates(filelist[incname][incname][rule_type])
-
return deleted
def ask_conflict_mode(profile, hat, old_profile, merge_profile):
@@ -1737,30 +1416,45 @@ def ask_conflict_mode(profile, hat, old_profile, merge_profile):
done = True
-def get_include_path(incname):
- if incname.startswith('/'):
- return incname
- return profile_dir + '/' + incname
-
def match_includes(profile, rule_type, rule_obj):
+ ''' propose abstractions that allow the given rule_obj
+
+ Note: This function will return relative paths for includes inside profile_dir
+ '''
+
newincludes = []
for incname in include.keys():
+ rel_incname = incname.replace(profile_dir + '/', '')
+
+ # TODO: improve/fix logic to honor magic vs. quoted include paths
+ if rel_incname.startswith('/'):
+ is_magic = False
+ else:
+ is_magic = True
+
+ # never propose includes that are already in the profile (shouldn't happen because of is_known_rule())
+ if profile and profile['inc_ie'].is_covered(IncludeRule(rel_incname, False, is_magic)):
+ continue
+
+ # never propose a local/ include (they are meant to be included in exactly one profile)
+ if rel_incname.startswith('local/'):
+ continue
+
# XXX type check should go away once we init all profiles correctly
- if valid_include(profile, incname) and include[incname][incname].get(rule_type, False) and include[incname][incname][rule_type].is_covered(rule_obj):
- newincludes.append(incname)
+ if valid_include(incname) and include[incname][incname][rule_type].is_covered(rule_obj):
+ if include[incname][incname]['logprof_suggest'] != 'no':
+ newincludes.append(rel_incname)
return newincludes
-def valid_include(profile, incname):
- if profile and profile['include'].get(incname, False):
- return False
-
+def valid_include(incname):
+ ''' check if the given include file exists or is whitelisted in custom_includes '''
if cfg['settings']['custom_includes']:
for incm in cfg['settings']['custom_includes'].split():
if incm == incname:
return True
- if incname.startswith('abstractions/') and os.path.isfile(profile_dir + '/' + incname):
+ if incname.startswith('abstractions/') and os.path.isfile(os.path.join(profile_dir, incname)):
return True
elif incname.startswith('/') and os.path.isfile(incname):
return True
@@ -1789,70 +1483,37 @@ def set_logfile(filename):
elif os.path.isdir(logfile):
raise AppArmorException(_('%s is a directory. Please specify a file as logfile') % logfile)
-def do_logprof_pass(logmark='', passno=0, log_pid=log_pid):
+def do_logprof_pass(logmark=''):
# set up variables for this pass
# transitions = hasher()
global active_profiles
global sev_db
# aa = hasher()
-# profile_changes = hasher()
-# prelog = hasher()
# changed = dict()
-# filelist = hasher()
aaui.UI_Info(_('Reading log entries from %s.') % logfile)
- if not passno:
- aaui.UI_Info(_('Updating AppArmor profiles in %s.') % profile_dir)
- read_profiles()
-
if not sev_db:
sev_db = apparmor.severity.Severity(CONFDIR + '/severity.db', _('unknown'))
#print(pid)
#print(active_profiles)
- ##if not repo_cf and cfg['repostory']['url']:
- ## repo_cfg = read_config('repository.conf')
- ## if not repo_cfg['repository'].get('enabled', False) or repo_cfg['repository]['enabled'] not in ['yes', 'no']:
- ## UI_ask_to_enable_repo()
- log_reader = apparmor.logparser.ReadLog(log_pid, logfile, active_profiles, profile_dir)
- log = log_reader.read_log(logmark)
- #read_log(logmark)
+ log_reader = apparmor.logparser.ReadLog(logfile, active_profiles, profile_dir)
+ hashlog = log_reader.read_log(logmark)
- for root in log:
- handle_children('', '', root)
- #for root in range(len(log)):
- #log[root] = handle_children('', '', log[root])
- #print(log)
- for pid in sorted(profile_changes.keys()):
- set_process(pid, profile_changes[pid])
+ ask_exec(hashlog)
+ ask_addhat(hashlog)
- log_dict = collapse_log()
+ log_dict = collapse_log(hashlog)
ask_the_questions(log_dict)
- finishing = False
- # Check for finished
save_profiles()
- ##if not repo_cfg['repository'].get('upload', False) or repo['repository']['upload'] == 'later':
- ## UI_ask_to_upload_profiles()
- ##if repo_enabled():
- ## if repo_cgf['repository']['upload'] == 'yes':
- ## sync_profiles()
- ## created = []
-
- # If user selects 'Finish' then we want to exit logprof
- if finishing:
- return 'FINISHED'
- else:
- return 'NORMAL'
-
-
-def save_profiles():
+def save_profiles(is_mergeprof=False):
# Ensure the changed profiles are actual active profiles
for prof_name in changed.keys():
- if not is_active_profile(prof_name):
+ if not aa.get(prof_name, False):
print("*** save_profiles(): removing %s" % prof_name)
print('*** This should not happen. Please open a bugreport!')
changed.pop(prof_name)
@@ -1864,6 +1525,8 @@ def save_profiles():
q.title = 'Changed Local Profiles'
q.explanation = _('The following local profiles were changed. Would you like to save them?')
q.functions = ['CMD_SAVE_CHANGES', 'CMD_SAVE_SELECTED', 'CMD_VIEW_CHANGES', 'CMD_VIEW_CHANGES_CLEAN', 'CMD_ABORT']
+ if is_mergeprof:
+ q.functions = ['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY']
q.default = 'CMD_VIEW_CHANGES'
q.selected = 0
ans = ''
@@ -1892,103 +1555,76 @@ def save_profiles():
else:
oldprofile = get_profile_filename_from_attachment(which, True)
- serialize_options = {}
- serialize_options['METADATA'] = True
+ serialize_options = {'METADATA': True}
newprofile = serialize_profile(aa[which], which, serialize_options)
aaui.UI_Changes(oldprofile, newprofile, comments=True)
elif ans == 'CMD_VIEW_CHANGES_CLEAN':
- oldprofile = serialize_profile(original_aa[which], which, '')
- newprofile = serialize_profile(aa[which], which, '')
+ oldprofile = serialize_profile(original_aa[which], which, {})
+ newprofile = serialize_profile(aa[which], which, {})
aaui.UI_Changes(oldprofile, newprofile)
+ elif ans == 'CMD_IGNORE_ENTRY':
+ changed.pop(options[arg])
+
for profile_name in sorted(changed.keys()):
write_profile_ui_feedback(profile_name)
reload_base(profile_name)
-def get_pager():
- return 'less'
+def collapse_log(hashlog, ignore_null_profiles=True):
+ log_dict = hasher()
-def set_process(pid, profile):
- # If process not running don't do anything
- if not os.path.exists('/proc/%s/attr/current' % pid):
- return None
+ for aamode in hashlog.keys():
+ for full_profile in hashlog[aamode].keys():
+ if hashlog[aamode][full_profile]['final_name'] == '':
+ continue # user chose "deny" or "unconfined" for this target, therefore ignore log events
- process = None
- try:
- process = open_file_read('/proc/%s/attr/current' % pid)
- except IOError:
- return None
- current = process.readline().strip()
- process.close()
+ if '//null-' in hashlog[aamode][full_profile]['final_name'] and ignore_null_profiles:
+ # ignore null-* profiles (probably nested childs)
+ # otherwise we'd accidently create a null-* hat in the profile which is worse
+ # XXX drop this once we support nested childs
+ continue
- if not re.search('^null(-complain)*-profile$', current):
- return None
+ profile, hat = split_name(hashlog[aamode][full_profile]['final_name']) # XXX limited to two levels to avoid an Exception on nested child profiles or nested null-*
+ # TODO: support nested child profiles
- stats = None
- try:
- stats = open_file_read('/proc/%s/stat' % pid)
- except IOError:
- return None
- stat = stats.readline().strip()
- stats.close()
+ # used to avoid to accidently initialize aa[profile][hat] or calling is_known_rule() on events for a non-existing profile
+ hat_exists = False
+ if aa.get(profile) and aa[profile].get(hat):
+ hat_exists = True
- match = re.search('^\d+ \((\S+)\) ', stat)
- if not match:
- return None
+ if True:
+ if not log_dict[aamode][profile].get(hat):
+ # with execs in ix mode, we already have ProfileStorage initialized and should keep the content it already has
+ log_dict[aamode][profile][hat] = ProfileStorage(profile, hat, 'collapse_log()')
- try:
- process = open_file_write('/proc/%s/attr/current' % pid)
- except IOError:
- return None
- process.write('setprofile %s' % profile)
- process.close()
-
-def collapse_log():
- log_dict = hasher()
- for aamode in prelog.keys():
- for profile in prelog[aamode].keys():
- for hat in prelog[aamode][profile].keys():
- # used to avoid to accidently initialize aa[profile][hat] or calling is_known_rule() on events for a non-existing profile
- hat_exists = False
- if aa.get(profile) and aa[profile].get(hat):
- hat_exists = True
-
- log_dict[aamode][profile][hat] = ProfileStorage(profile, hat, 'collapse_log()')
-
- for path in prelog[aamode][profile][hat]['path'].keys():
- mode = prelog[aamode][profile][hat]['path'][path]
-
- user, other = split_mode(mode)
-
- # logparser.py doesn't preserve 'owner' information, see https://bugs.launchpad.net/apparmor/+bug/1538340
- # XXX re-check this code after fixing this bug
- if other:
- owner = False
- mode = other
- else:
- owner = True
- mode = user
+ for path in hashlog[aamode][full_profile]['path'].keys():
+ for owner in hashlog[aamode][full_profile]['path'][path]:
+ mode = set(hashlog[aamode][full_profile]['path'][path][owner].keys())
- # python3 aa-logprof -f <(echo '[55826.822365] audit: type=1400 audit(1454355221.096:85479): apparmor="ALLOWED" operation="file_receive" profile="/usr/sbin/smbd" name="/foo.png" pid=28185 comm="smbd" requested_mask="w" denied_mask="w" fsuid=100 ouid=100')
- # happens via log_str_to_mode() called in logparser.py parse_event_for_tree()
- # XXX fix this in the log parsing!
- if 'a' in mode and 'w' in mode:
- mode.remove('a')
+ # logparser sums up multiple log events, so both 'a' and 'w' can be present
+ if 'a' in mode and 'w' in mode:
+ mode.remove('a')
- file_event = FileRule(path, mode, None, FileRule.ALL, owner=owner, log_event=True)
+ file_event = FileRule(path, mode, None, FileRule.ALL, owner=owner, log_event=True)
- if not hat_exists or not is_known_rule(aa[profile][hat], 'file', file_event):
- log_dict[aamode][profile][hat]['file'].add(file_event)
+ if not hat_exists or not is_known_rule(aa[profile][hat], 'file', file_event):
+ log_dict[aamode][profile][hat]['file'].add(file_event)
+ # TODO: check for existing rules with this path, and merge them into one rule
- for cap in prelog[aamode][profile][hat]['capability'].keys():
+ for cap in hashlog[aamode][full_profile]['capability'].keys():
cap_event = CapabilityRule(cap, log_event=True)
if not hat_exists or not is_known_rule(aa[profile][hat], 'capability', cap_event):
log_dict[aamode][profile][hat]['capability'].add(cap_event)
- dbus = prelog[aamode][profile][hat]['dbus']
+ for cp in hashlog[aamode][full_profile]['change_profile'].keys():
+ cp_event = ChangeProfileRule(None, ChangeProfileRule.ALL, cp, log_event=True)
+ if not hat_exists or not is_known_rule(aa[profile][hat], 'change_profile', cp_event):
+ log_dict[aamode][profile][hat]['change_profile'].add(cp_event)
+
+ dbus = hashlog[aamode][full_profile]['dbus']
for access in dbus:
for bus in dbus[access]:
for path in dbus[access][bus]:
@@ -2011,21 +1647,21 @@ def collapse_log():
if not hat_exists or not is_known_rule(aa[profile][hat], 'dbus', dbus_event):
log_dict[aamode][profile][hat]['dbus'].add(dbus_event)
- nd = prelog[aamode][profile][hat]['netdomain']
+ nd = hashlog[aamode][full_profile]['network']
for family in nd.keys():
for sock_type in nd[family].keys():
net_event = NetworkRule(family, sock_type, log_event=True)
if not hat_exists or not is_known_rule(aa[profile][hat], 'network', net_event):
log_dict[aamode][profile][hat]['network'].add(net_event)
- ptrace = prelog[aamode][profile][hat]['ptrace']
+ ptrace = hashlog[aamode][full_profile]['ptrace']
for peer in ptrace.keys():
for access in ptrace[peer].keys():
ptrace_event = PtraceRule(access, peer, log_event=True)
if not hat_exists or not is_known_rule(aa[profile][hat], 'ptrace', ptrace_event):
log_dict[aamode][profile][hat]['ptrace'].add(ptrace_event)
- sig = prelog[aamode][profile][hat]['signal']
+ sig = hashlog[aamode][full_profile]['signal']
for peer in sig.keys():
for access in sig[peer].keys():
for signal in sig[peer][access].keys():
@@ -2035,45 +1671,33 @@ def collapse_log():
return log_dict
-def is_skippable_file(path):
- """Returns True if filename matches something to be skipped (rpm or dpkg backup files, hidden files etc.)
- The list of skippable files needs to be synced with apparmor initscript and libapparmor _aa_is_blacklisted()
- path: filename (with or without directory)"""
-
- basename = os.path.basename(path)
-
- if not basename or basename[0] == '.' or basename == 'README':
- return True
-
- skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
- if basename.endswith(skippable_suffix):
- return True
-
- return False
-
def is_skippable_dir(path):
- if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|\.git)/?$', path):
+ if re.search('^(.*/)?(disable|cache|cache\.d|force-complain|lxc|abi|\.git)/?$', path):
return True
return False
-def read_profiles():
+def read_profiles(ui_msg=False):
# we'll read all profiles from disk, so reset the storage first (autodep() might have created/stored
# a profile already, which would cause a 'Conflicting profile' error in attach_profile_data())
global aa, original_aa
aa = hasher()
original_aa = hasher()
+ if ui_msg:
+ aaui.UI_Info(_('Updating AppArmor profiles in %s.') % profile_dir)
+
try:
os.listdir(profile_dir)
except:
fatal_error(_("Can't read AppArmor profiles in %s") % profile_dir)
for file in os.listdir(profile_dir):
- if os.path.isfile(profile_dir + '/' + file):
+ full_file = os.path.join(profile_dir, file)
+ if os.path.isfile(full_file):
if is_skippable_file(file):
continue
else:
- read_profile(profile_dir + '/' + file, True)
+ read_profile(full_file, True)
def read_inactive_profiles():
if hasattr(read_inactive_profiles, 'already_read'):
@@ -2091,11 +1715,12 @@ def read_inactive_profiles():
fatal_error(_("Can't read AppArmor profiles in %s") % extra_profile_dir)
for file in os.listdir(extra_profile_dir):
- if os.path.isfile(extra_profile_dir + '/' + file):
+ full_file = os.path.join(extra_profile_dir, file)
+ if os.path.isfile(full_file):
if is_skippable_file(file):
continue
else:
- read_profile(extra_profile_dir + '/' + file, False)
+ read_profile(full_file, False)
def read_profile(file, active_profile):
data = None
@@ -2119,9 +1744,9 @@ def read_profile(file, active_profile):
filename = profile_data[profile][profile]['filename']
if not attachment and name.startswith('/'):
- active_profiles.add(filename, name, name) # use name as name and attachment
+ active_profiles.add_profile(filename, name, name) # use name as name and attachment
else:
- active_profiles.add(filename, name, attachment)
+ active_profiles.add_profile(filename, name, attachment)
elif profile_data:
attach_profile_data(extras, profile_data)
@@ -2132,9 +1757,9 @@ def read_profile(file, active_profile):
filename = profile_data[profile][profile]['filename']
if not attachment and name.startswith('/'):
- extra_profiles.add(filename, name, name) # use name as name and attachment
+ extra_profiles.add_profile(filename, name, name) # use name as name and attachment
else:
- extra_profiles.add(filename, name, attachment)
+ extra_profiles.add_profile(filename, name, attachment)
def attach_profile_data(profiles, profile_data):
# Make deep copy of data to avoid changes to
@@ -2182,15 +1807,15 @@ def parse_profile_start(line, file, lineno, profile, hat):
attachment = matches['attachment']
flags = matches['flags']
+ xattrs = matches['xattrs']
- return (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
+ return (profile, hat, attachment, xattrs, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
def parse_profile_data(data, file, do_include):
profile_data = hasher()
profile = None
hat = None
in_contained_hat = None
- repo_data = None
parsed_profiles = []
initial_comment = ''
lastline = None
@@ -2211,7 +1836,7 @@ def parse_profile_data(data, file, do_include):
lastline = None
# Starting line of a profile
if RE_PROFILE_START.search(line):
- (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat)
+ (profile, hat, attachment, xattrs, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat)
if profile_data[profile].get(hat, False):
raise AppArmorException('Profile %(profile)s defined twice in %(file)s, last found in line %(line)s' %
@@ -2229,8 +1854,8 @@ def parse_profile_data(data, file, do_include):
# save profile name and filename
profile_data[profile][hat]['name'] = profile
profile_data[profile][hat]['filename'] = file
- filelist[file]['profiles'][profile][hat] = True
+ profile_data[profile][hat]['xattrs'] = xattrs
profile_data[profile][hat]['flags'] = flags
# Save the initial comment
@@ -2239,10 +1864,6 @@ def parse_profile_data(data, file, do_include):
initial_comment = ''
- if repo_data:
- profile_data[profile][profile]['repo']['url'] = repo_data['url']
- profile_data[profile][profile]['repo']['user'] = repo_data['user']
-
elif RE_PROFILE_END.search(line):
# If profile ends and we're not in one
if not profile:
@@ -2263,52 +1884,18 @@ def parse_profile_data(data, file, do_include):
profile_data[profile][hat]['capability'].add(CapabilityRule.parse(line))
- elif RE_PROFILE_LINK.search(line):
- matches = RE_PROFILE_LINK.search(line).groups()
-
- if not profile:
- raise AppArmorException(_('Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
-
- audit = False
- if matches[0]:
- audit = True
-
- allow = 'allow'
- if matches[1] and matches[1].strip() == 'deny':
- allow = 'deny'
-
- subset = matches[3]
- link = strip_quotes(matches[6])
- value = strip_quotes(matches[7])
- profile_data[profile][hat][allow]['link'][link]['to'] = value
- profile_data[profile][hat][allow]['link'][link]['mode'] = profile_data[profile][hat][allow]['link'][link].get('mode', set()) | apparmor.aamode.AA_MAY_LINK
-
- if subset:
- profile_data[profile][hat][allow]['link'][link]['mode'] |= apparmor.aamode.AA_LINK_SUBSET
-
- if audit:
- profile_data[profile][hat][allow]['link'][link]['audit'] = profile_data[profile][hat][allow]['link'][link].get('audit', set()) | apparmor.aamode.AA_LINK_SUBSET
- else:
- profile_data[profile][hat][allow]['link'][link]['audit'] = set()
-
elif ChangeProfileRule.match(line):
if not profile:
raise AppArmorException(_('Syntax Error: Unexpected change profile entry found in file: %(file)s line: %(line)s') % { 'file': file, 'line': lineno + 1 })
profile_data[profile][hat]['change_profile'].add(ChangeProfileRule.parse(line))
- elif RE_PROFILE_ALIAS.search(line):
- matches = RE_PROFILE_ALIAS.search(line).groups()
-
- from_name = strip_quotes(matches[0])
- to_name = strip_quotes(matches[1])
-
- if profile:
- profile_data[profile][hat]['alias'][from_name] = to_name
+ elif AliasRule.match(line):
+ if profile and not do_include:
+ raise AppArmorException(_('Syntax Error: Unexpected alias definition found inside profile in file: %(file)s line: %(line)s') % {
+ 'file': file, 'line': lineno + 1 })
else:
- if not filelist.get(file, False):
- filelist[file] = hasher()
- filelist[file]['alias'][from_name] = to_name
+ active_profiles.add_alias(file, AliasRule.parse(line))
elif RlimitRule.match(line):
if not profile:
@@ -2328,22 +1915,12 @@ def parse_profile_data(data, file, do_include):
profile_data[profile][hat]['lvar'][bool_var] = value
- elif RE_PROFILE_VARIABLE.search(line):
- # variable additions += and =
- matches = RE_PROFILE_VARIABLE.search(line).groups()
-
- list_var = strip_quotes(matches[0])
- var_operation = matches[1]
- value = matches[2]
-
- if profile:
- if not profile_data[profile][hat].get('lvar', False):
- profile_data[profile][hat]['lvar'][list_var] = []
- store_list_var(profile_data[profile]['lvar'], list_var, value, var_operation, file)
+ elif VariableRule.match(line):
+ if profile and not do_include:
+ raise AppArmorException(_('Syntax Error: Unexpected variable definition found inside profile in file: %(file)s line: %(line)s') % {
+ 'file': file, 'line': lineno + 1 })
else:
- if not filelist[file].get('lvar', False):
- filelist[file]['lvar'][list_var] = []
- store_list_var(filelist[file]['lvar'], list_var, value, var_operation, file)
+ active_profiles.add_variable(file, VariableRule.parse(line))
elif RE_PROFILE_CONDITIONAL.search(line):
# Conditional Boolean
@@ -2357,34 +1934,25 @@ def parse_profile_data(data, file, do_include):
# Conditional Boolean defined
pass
- elif RE_ABI.search(line):
+ elif AbiRule.match(line):
if profile:
- profile_data[profile][hat]['abi'].append(line)
+ profile_data[profile][hat]['abi'].add(AbiRule.parse(line))
else:
- if not filelist.get(file):
- filelist[file] = hasher()
- if not filelist[file].get('abi'):
- filelist[file]['abi'] = []
- filelist[file]['abi'].append(line)
-
- elif re_match_include(line):
- # Include files
- include_name = re_match_include(line)
+ active_profiles.add_abi(file, AbiRule.parse(line))
+ elif IncludeRule.match(line):
+ rule_obj = IncludeRule.parse(line)
if profile:
- profile_data[profile][hat]['include'][include_name] = True
- else:
- if not filelist.get(file):
- filelist[file] = hasher()
- filelist[file]['include'][include_name] = True
- # If include is a directory
- if os.path.isdir(get_include_path(include_name)):
- for file_name in include_dir_filelist(profile_dir, include_name):
- if not include.get(file_name, False):
- load_include(file_name)
+ profile_data[profile][hat]['inc_ie'].add(rule_obj)
else:
- if not include.get(include_name, False):
- load_include(include_name)
+ active_profiles.add_inc_ie(file, rule_obj)
+
+ for incname in rule_obj.get_full_paths(profile_dir):
+ if incname == file:
+ # warn about endless loop, and don't call load_include() (again) for this file
+ aaui.UI_Important(_('WARNING: endless loop detected: file %s includes itsself' % incname))
+ else:
+ load_include(incname)
elif NetworkRule.match(line):
if not profile:
@@ -2495,7 +2063,11 @@ def parse_profile_data(data, file, do_include):
hat = matches.group('hat')
hat = strip_quotes(hat)
- # if hat is already known, the filelist check some lines below will error out.
+ if profile_data[profile].get(hat, False) and not do_include:
+ raise AppArmorException('Profile %(profile)s defined twice in %(file)s, last found in line %(line)s' %
+ { 'file': file, 'line': lineno + 1, 'profile': combine_name(profile, hat) })
+
+ # if hat is already known, the check above will error out (if not do_include)
# nevertheless, just to be sure, don't overwrite existing profile_data.
if not profile_data[profile].get(hat, False):
profile_data[profile][hat] = ProfileStorage(profile, hat, 'parse_profile_data() hat_def')
@@ -2508,29 +2080,23 @@ def parse_profile_data(data, file, do_include):
if initial_comment:
profile_data[profile][hat]['initial_comment'] = initial_comment
initial_comment = ''
- if filelist[file]['profiles'][profile].get(hat, False) and not do_include:
- raise AppArmorException(_('Error: Multiple definitions for hat %(hat)s in profile %(profile)s.') % { 'hat': hat, 'profile': profile })
- filelist[file]['profiles'][profile][hat] = True
elif line[0] == '#':
# Handle initial comments
if not profile:
if line.startswith('# Last Modified:'):
continue
- elif line.startswith('# REPOSITORY:'): # TODO: allow any number of spaces/tabs
- parts = line.split()
- if len(parts) == 3 and parts[2] == 'NEVERSUBMIT':
- repo_data = {'neversubmit': True}
- elif len(parts) == 5:
- repo_data = {'url': parts[2],
- 'user': parts[3],
- 'id': parts[4]}
- else:
- aaui.UI_Important(_('Warning: invalid "REPOSITORY:" line in %s, ignoring.') % file)
- initial_comment = initial_comment + line + '\n'
else:
initial_comment = initial_comment + line + '\n'
+ if line.startswith('# LOGPROF-SUGGEST:'): # TODO: allow any number of spaces/tabs after '#'
+ parts = line.split()
+ if len(parts) > 2:
+ profile_data[profile][hat]['logprof_suggest'] = parts[2]
+
+ # keep line as part of initial_comment (if we ever support writing abstractions, we should update serialize_profile())
+ initial_comment = initial_comment + line + '\n'
+
elif FileRule.match(line):
# leading permissions could look like a keyword, therefore handle file rules after everything else
if not profile:
@@ -2580,47 +2146,6 @@ def parse_unix_rule(line):
# XXX Do real parsing here
return aarules.Raw_Unix_Rule(line)
-def separate_vars(vs):
- """Returns a list of all the values for a variable"""
- data = set()
- vs = vs.strip()
-
- RE_VARS = re.compile('^(("[^"]*")|([^"\s]+))\s*(.*)$')
- while RE_VARS.search(vs):
- matches = RE_VARS.search(vs).groups()
- data.add(strip_quotes(matches[0]))
- vs = matches[3].strip()
-
- if vs:
- raise AppArmorException('Variable assignments contains invalid parts (unbalanced quotes?): %s' % vs)
-
- return data
-
-def is_active_profile(pname):
- if aa.get(pname, False):
- return True
- else:
- return False
-
-def store_list_var(var, list_var, value, var_operation, filename):
- """Store(add new variable or add values to variable) the variables encountered in the given list_var
- - the 'var' parameter will be modified
- - 'list_var' is the variable name, for example '@{foo}'
- """
- vlist = separate_vars(value)
- if var_operation == '=':
- if not var.get(list_var, False):
- var[list_var] = set(vlist)
- else:
- raise AppArmorException(_('Redefining existing variable %(variable)s: %(value)s in %(file)s') % { 'variable': list_var, 'value': value, 'file': filename })
- elif var_operation == '+=':
- if var.get(list_var, False):
- var[list_var] |= vlist
- else:
- raise AppArmorException(_('Values added to a non-existing variable %(variable)s: %(value)s in %(file)s') % { 'variable': list_var, 'value': value, 'file': filename })
- else:
- raise AppArmorException(_('Unknown variable operation %(operation)s for variable %(variable)s in %(file)s') % { 'operation': var_operation, 'variable': list_var, 'file': filename })
-
def write_header(prof_data, depth, name, embedded_hat, write_flags):
pre = ' ' * int(depth * 2)
data = []
@@ -2638,222 +2163,15 @@ def write_header(prof_data, depth, name, embedded_hat, write_flags):
if (not embedded_hat and re.search('^[^/]', unquoted_name)) or (embedded_hat and re.search('^[^^]', unquoted_name)) or prof_data['attachment'] or prof_data['profile_keyword']:
name = 'profile %s%s' % (name, attachment)
+ xattrs = ''
+ if prof_data['xattrs']:
+ xattrs = ' xattrs=(%s)' % prof_data['xattrs']
+
flags = ''
if write_flags and prof_data['flags']:
flags = ' flags=(%s)' % prof_data['flags']
- data.append('%s%s%s {%s' % (pre, name, flags, comment))
-
- return data
-
-def set_allow_str(allow):
- if allow == 'deny':
- return 'deny '
- elif allow == 'allow':
- return ''
- elif allow == '':
- return ''
- else:
- raise AppArmorException(_("Invalid allow string: %(allow)s"))
-
-def set_ref_allow(prof_data, allow):
- if allow:
- return prof_data[allow], set_allow_str(allow)
- else:
- return prof_data, ''
-
-
-def write_pair(prof_data, depth, allow, name, prefix, sep, tail, fn):
- pre = ' ' * depth
- data = []
- ref, allow = set_ref_allow(prof_data, allow)
-
- if ref.get(name, False):
- for key in sorted(ref[name].keys()):
- value = fn(ref[name][key]) # eval('%s(%s)' % (fn, ref[name][key]))
- data.append('%s%s%s%s%s%s%s' % (pre, allow, prefix, key, sep, value, tail))
- if ref[name].keys():
- data.append('')
-
- return data
-
-def write_includes(prof_data, depth):
- pre = ' ' * depth
- data = []
-
- for key in sorted(prof_data['include'].keys()):
- if key.startswith('/'):
- qkey = '"%s"' % key
- else:
- qkey = '<%s>' % quote_if_needed(key)
-
- data.append('%s#include %s' % (pre, qkey))
-
- if data:
- data.append('')
-
- return data
-
-def write_change_profile(prof_data, depth):
- data = []
- if prof_data.get('change_profile', False):
- data = prof_data['change_profile'].get_clean(depth)
- return data
-
-def write_alias(prof_data, depth):
- return write_pair(prof_data, depth, '', 'alias', 'alias ', ' -> ', ',', quote_if_needed)
-
-def write_rlimits(prof_data, depth):
- data = []
- if prof_data.get('rlimit', False):
- data = prof_data['rlimit'].get_clean(depth)
- return data
-
-def var_transform(ref):
- data = []
- for value in ref:
- if not value:
- value = '""'
- data.append(quote_if_needed(value))
- return ' '.join(data)
-
-def write_list_vars(prof_data, depth):
- return write_pair(prof_data, depth, '', 'lvar', '', ' = ', '', var_transform)
-
-def write_capabilities(prof_data, depth):
- data = []
- if prof_data.get('capability', False):
- data = prof_data['capability'].get_clean(depth)
- return data
-
-def write_netdomain(prof_data, depth):
- data = []
- if prof_data.get('network', False):
- data = prof_data['network'].get_clean(depth)
- return data
-
-def write_dbus(prof_data, depth):
- data = []
- if prof_data.get('dbus', False):
- data = prof_data['dbus'].get_clean(depth)
- return data
-
-def write_mount_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no mount rules, so return
- if not prof_data[allow].get('mount', False):
- return data
-
- for mount_rule in prof_data[allow]['mount']:
- data.append('%s%s' % (pre, mount_rule.serialize()))
- data.append('')
- return data
-
-def write_mount(prof_data, depth):
- data = write_mount_rules(prof_data, depth, 'deny')
- data += write_mount_rules(prof_data, depth, 'allow')
- return data
-
-def write_signal(prof_data, depth):
- data = []
- if prof_data.get('signal', False):
- data = prof_data['signal'].get_clean(depth)
- return data
-
-def write_ptrace(prof_data, depth):
- data = []
- if prof_data.get('ptrace', False):
- data = prof_data['ptrace'].get_clean(depth)
- return data
-
-def write_pivot_root_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no pivot_root rules, so return
- if not prof_data[allow].get('pivot_root', False):
- return data
-
- for pivot_root_rule in prof_data[allow]['pivot_root']:
- data.append('%s%s' % (pre, pivot_root_rule.serialize()))
- data.append('')
- return data
-
-def write_pivot_root(prof_data, depth):
- data = write_pivot_root_rules(prof_data, depth, 'deny')
- data += write_pivot_root_rules(prof_data, depth, 'allow')
- return data
-
-def write_unix_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
-
- # no unix rules, so return
- if not prof_data[allow].get('unix', False):
- return data
-
- for unix_rule in prof_data[allow]['unix']:
- data.append('%s%s' % (pre, unix_rule.serialize()))
- data.append('')
- return data
-
-def write_unix(prof_data, depth):
- data = write_unix_rules(prof_data, depth, 'deny')
- data += write_unix_rules(prof_data, depth, 'allow')
- return data
-
-def write_link_rules(prof_data, depth, allow):
- pre = ' ' * depth
- data = []
- allowstr = set_allow_str(allow)
-
- if prof_data[allow].get('link', False):
- for path in sorted(prof_data[allow]['link'].keys()):
- to_name = prof_data[allow]['link'][path]['to']
- subset = ''
- if prof_data[allow]['link'][path]['mode'] & apparmor.aamode.AA_LINK_SUBSET:
- subset = 'subset '
- audit = ''
- if prof_data[allow]['link'][path].get('audit', False):
- audit = 'audit '
- path = quote_if_needed(path)
- to_name = quote_if_needed(to_name)
- data.append('%s%s%slink %s%s -> %s,' % (pre, audit, allowstr, subset, path, to_name))
- data.append('')
-
- return data
-
-def write_links(prof_data, depth):
- data = write_link_rules(prof_data, depth, 'deny')
- data += write_link_rules(prof_data, depth, 'allow')
-
- return data
-
-def write_file(prof_data, depth):
- data = []
- if prof_data.get('file', False):
- data = prof_data['file'].get_clean(depth)
- return data
-
-def write_rules(prof_data, depth):
- data = write_abi(prof_data, depth)
- data += write_alias(prof_data, depth)
- data += write_list_vars(prof_data, depth)
- data += write_includes(prof_data, depth)
- data += write_rlimits(prof_data, depth)
- data += write_capabilities(prof_data, depth)
- data += write_netdomain(prof_data, depth)
- data += write_dbus(prof_data, depth)
- data += write_mount(prof_data, depth)
- data += write_signal(prof_data, depth)
- data += write_ptrace(prof_data, depth)
- data += write_pivot_root(prof_data, depth)
- data += write_unix(prof_data, depth)
- data += write_links(prof_data, depth)
- data += write_file(prof_data, depth)
- data += write_change_profile(prof_data, depth)
+ data.append('%s%s%s%s {%s' % (pre, name, xattrs, flags, comment))
return data
@@ -2869,7 +2187,7 @@ def write_piece(profile_data, depth, name, nhat, write_flags):
name = nhat
inhat = True
data += write_header(profile_data[name], depth, wname, False, write_flags)
- data += write_rules(profile_data[name], depth + 1)
+ data += profile_data[name].get_rules_clean(depth + 1)
pre2 = ' ' * (depth + 1)
@@ -2879,11 +2197,11 @@ def write_piece(profile_data, depth, name, nhat, write_flags):
if not profile_data[hat]['external']:
data.append('')
if profile_data[hat]['profile']:
- data += list(map(str, write_header(profile_data[hat], depth + 1, hat, True, write_flags)))
+ data += write_header(profile_data[hat], depth + 1, hat, True, write_flags)
else:
- data += list(map(str, write_header(profile_data[hat], depth + 1, '^' + hat, True, write_flags)))
+ data += write_header(profile_data[hat], depth + 1, '^' + hat, True, write_flags)
- data += list(map(str, write_rules(profile_data[hat], depth + 2)))
+ data += profile_data[hat].get_rules_clean(depth + 2)
data.append('%s}' % pre2)
@@ -2900,46 +2218,31 @@ def write_piece(profile_data, depth, name, nhat, write_flags):
def serialize_profile(profile_data, name, options):
string = ''
- include_metadata = False
- include_flags = True
data = []
- if options: # and type(options) == dict:
- if options.get('METADATA', False):
- include_metadata = True
- if options.get('NO_FLAGS', False):
- include_flags = False
+ if type(options) is not dict:
+ raise AppArmorBug('serialize_profile(): options is not a dict: %s' % options)
+
+ include_metadata = options.get('METADATA', False)
+ include_flags = options.get('FLAGS', True)
if include_metadata:
string = '# Last Modified: %s\n' % time.asctime()
- if (profile_data[name].get('repo', False) and
- profile_data[name]['repo']['url'] and
- profile_data[name]['repo']['user'] and
- profile_data[name]['repo']['id']):
- repo = profile_data[name]['repo']
- string += '# REPOSITORY: %s %s %s\n' % (repo['url'], repo['user'], repo['id'])
- elif profile_data[name]['repo'].get('neversubmit'):
- string += '# REPOSITORY: NEVERSUBMIT\n'
-
# if profile_data[name].get('initial_comment', False):
# comment = profile_data[name]['initial_comment']
# comment.replace('\\n', '\n')
# string += comment + '\n'
- if options and options.get('is_attachment'):
+ if options.get('is_attachment'):
prof_filename = get_profile_filename_from_attachment(name, True)
else:
prof_filename = get_profile_filename_from_profile_name(name, True)
- if filelist.get(prof_filename, False):
- data += write_abi(filelist[prof_filename], 0)
- data += write_alias(filelist[prof_filename], 0)
- data += write_list_vars(filelist[prof_filename], 0)
- data += write_includes(filelist[prof_filename], 0)
+ data += active_profiles.get_clean(prof_filename, 0)
#Here should be all the profiles from the files added write after global/common stuff
- for prof in sorted(filelist[prof_filename]['profiles'].keys()):
+ for prof in sorted(active_profiles.profiles_in_file(prof_filename)):
if prof != name:
if original_aa[prof][prof].get('initial_comment', False):
comment = original_aa[prof][prof]['initial_comment']
@@ -2957,14 +2260,6 @@ def serialize_profile(profile_data, name, options):
return string + '\n'
-def serialize_parse_profile_start(line, file, lineno, profile, hat, prof_data_profile, prof_data_external, correct):
- (profile, hat, attachment, flags, in_contained_hat, pps_set_profile, pps_set_hat_external) = parse_profile_start(line, file, lineno, profile, hat)
-
- if hat and profile != hat and '%s//%s'%(profile, hat) in line and not prof_data_external:
- correct = False
-
- return (profile, hat, attachment, flags, in_contained_hat, correct)
-
def write_profile_ui_feedback(profile, is_attachment=False):
aaui.UI_Info(_('Writing updated profile for %s.') % profile)
write_profile(profile, is_attachment)
@@ -3001,29 +2296,37 @@ def write_profile(profile, is_attachment=False):
original_aa[profile] = deepcopy(aa[profile])
+def include_list_recursive(profile):
+ ''' get a list of all includes in a profile and its included files '''
+
+ includelist = profile['inc_ie'].get_all_full_paths(profile_dir)
+ full_list = []
+
+ while includelist:
+ incname = includelist.pop(0)
+
+ if incname in full_list:
+ continue
+ full_list.append(incname)
+
+ for childinc in include[incname][incname]['inc_ie'].rules:
+ for childinc_file in childinc.get_full_paths(profile_dir):
+ if childinc_file not in full_list:
+ includelist += [childinc_file]
+
+ return full_list
+
def is_known_rule(profile, rule_type, rule_obj):
# XXX get rid of get() checks after we have a proper function to initialize a profile
if profile.get(rule_type, False):
if profile[rule_type].is_covered(rule_obj, False):
return True
- includelist = list(profile['include'].keys())
- checked = []
+ includelist = include_list_recursive(profile)
- while includelist:
- incname = includelist.pop(0)
- checked.append(incname)
-
- if os.path.isdir(get_include_path(incname)):
- includelist += include_dir_filelist(profile_dir, incname)
- else:
- if include[incname][incname].get(rule_type, False):
- if include[incname][incname][rule_type].is_covered(rule_obj, False):
- return True
-
- for childinc in include[incname][incname]['include'].keys():
- if childinc not in checked:
- includelist += [childinc]
+ for incname in includelist:
+ if include[incname][incname][rule_type].is_covered(rule_obj, False):
+ return True
return False
@@ -3032,35 +2335,21 @@ def get_file_perms(profile, path, audit, deny):
perms = profile['file'].get_perms_for_path(path, audit, deny)
- includelist = list(profile['include'].keys())
- checked = []
+ includelist = include_list_recursive(profile)
- while includelist:
- incname = includelist.pop(0)
-
- if incname in checked:
- continue
- checked.append(incname)
-
- if os.path.isdir(get_include_path(incname)):
- includelist += include_dir_filelist(profile_dir, incname)
- else:
- incperms = include[incname][incname]['file'].get_perms_for_path(path, audit, deny)
-
- for allow_or_deny in ['allow', 'deny']:
- for owner_or_all in ['all', 'owner']:
- for perm in incperms[allow_or_deny][owner_or_all]:
- perms[allow_or_deny][owner_or_all].add(perm)
+ for incname in includelist:
+ incperms = include[incname][incname]['file'].get_perms_for_path(path, audit, deny)
- if 'a' in perms[allow_or_deny][owner_or_all] and 'w' in perms[allow_or_deny][owner_or_all]:
- perms[allow_or_deny][owner_or_all].remove('a') # a is a subset of w, so remove it
+ for allow_or_deny in ['allow', 'deny']:
+ for owner_or_all in ['all', 'owner']:
+ for perm in incperms[allow_or_deny][owner_or_all]:
+ perms[allow_or_deny][owner_or_all].add(perm)
- for incpath in incperms['paths']:
- perms['paths'].add(incpath)
+ if 'a' in perms[allow_or_deny][owner_or_all] and 'w' in perms[allow_or_deny][owner_or_all]:
+ perms[allow_or_deny][owner_or_all].remove('a') # a is a subset of w, so remove it
- for childinc in include[incname][incname]['include'].keys():
- if childinc not in checked:
- includelist += [childinc]
+ for incpath in incperms['paths']:
+ perms['paths'].add(incpath)
return perms
@@ -3124,7 +2413,7 @@ def reload(bin_path):
def get_include_data(filename):
data = []
if not filename.startswith('/'):
- filename = profile_dir + '/' + filename
+ filename = os.path.join(profile_dir, filename)
if os.path.exists(filename):
with open_file_read(filename) as f_in:
data = f_in.readlines()
@@ -3132,22 +2421,21 @@ def get_include_data(filename):
raise AppArmorException(_('File Not Found: %s') % filename)
return data
-def include_dir_filelist(profile_dir, include_name):
- '''returns a list of files in the given profile_dir/include_name directory,
- except skippable files. If include_name is an absolute path, ignore
- profile_dir.
+def include_dir_filelist(include_name):
+ '''returns a list of files in the given include_name directory,
+ except skippable files.
'''
+
+ if not include_name.startswith('/'):
+ raise AppArmorBug('incfile %s not starting with /' % include_name)
+
files = []
- include_name_abs = get_include_path(include_name)
- for path in os.listdir(include_name_abs):
+ for path in os.listdir(include_name):
path = path.strip()
if is_skippable_file(path):
continue
- if os.path.isfile(include_name_abs + '/' + path):
- file_name = include_name + '/' + path
- # strip off profile_dir for non-absolute paths
- if not include_name.startswith('/'):
- file_name = file_name.replace(profile_dir + '/', '')
+ file_name = os.path.join(include_name, path)
+ if os.path.isfile(file_name):
files.append(file_name)
return files
@@ -3156,18 +2444,20 @@ def load_include(incname):
load_includeslist = [incname]
while load_includeslist:
incfile = load_includeslist.pop(0)
- incfile_abs = get_include_path(incfile)
+ if not incfile.startswith('/'):
+ raise AppArmorBug('incfile %s not starting with /' % incfile)
+
if include.get(incfile, {}).get(incfile, False):
pass # already read, do nothing
- elif os.path.isfile(incfile_abs):
- data = get_include_data(incfile_abs)
+ elif os.path.isfile(incfile):
+ data = get_include_data(incfile)
incdata = parse_profile_data(data, incfile, True)
attach_profile_data(include, incdata)
#If the include is a directory means include all subfiles
- elif os.path.isdir(incfile_abs):
- load_includeslist += include_dir_filelist(profile_dir, incfile)
+ elif os.path.isdir(incfile):
+ load_includeslist += include_dir_filelist(incfile)
else:
- raise AppArmorException("Include file %s not found" % (incfile_abs))
+ raise AppArmorException("Include file %s not found" % (incfile))
return 0
@@ -3189,15 +2479,14 @@ def loadincludes():
for idir in incdirs:
if is_skippable_dir(idir):
continue
- for dirpath, dirname, files in os.walk(profile_dir + '/' + idir):
+ for dirpath, dirname, files in os.walk(os.path.join(profile_dir, idir)):
if is_skippable_dir(dirpath):
continue
for fi in files:
if is_skippable_file(fi):
continue
else:
- fi = dirpath + '/' + fi
- fi = fi.replace(profile_dir + '/', '', 1)
+ fi = os.path.join(dirpath, fi)
load_include(fi)
def glob_common(path):
diff --git a/utils/apparmor/aamode.py b/utils/apparmor/aamode.py
deleted file mode 100644
index 8017bcfc75f6f5a5ead595f14306e046061ec439..0000000000000000000000000000000000000000
--- a/utils/apparmor/aamode.py
+++ /dev/null
@@ -1,167 +0,0 @@
-# ----------------------------------------------------------------------
-# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License as published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# ----------------------------------------------------------------------
-import re
-from apparmor.common import AppArmorBug
-
-def AA_OTHER(mode):
- other = set()
- for i in mode:
- other.add('::%s' % i)
- return other
-
-def AA_OTHER_REMOVE(mode):
- other = set()
- for i in mode:
- if '::' in i:
- other.add(i[2:])
- return other
-
-AA_MAY_EXEC = set('x')
-AA_MAY_WRITE = set('w')
-AA_MAY_READ = set('r')
-AA_MAY_APPEND = set('a')
-AA_MAY_LINK = set('l')
-AA_MAY_LOCK = set('k')
-AA_EXEC_MMAP = set('m')
-AA_EXEC_UNSAFE = set(['execunsafe'])
-AA_EXEC_INHERIT = set('i')
-AA_EXEC_UNCONFINED = set('U')
-AA_EXEC_PROFILE = set('P')
-AA_EXEC_CHILD = set('C')
-AA_EXEC_NT = set('N')
-AA_LINK_SUBSET = set(['linksubset'])
-AA_BARE_FILE_MODE = set(['bare_file_mode'])
-#AA_OTHER_SHIFT = 14
-#AA_USER_MASK = 16384 - 1
-
-MODE_HASH = {'x': AA_MAY_EXEC, 'X': AA_MAY_EXEC,
- 'w': AA_MAY_WRITE, 'W': AA_MAY_WRITE,
- 'r': AA_MAY_READ, 'R': AA_MAY_READ,
- 'a': AA_MAY_APPEND, 'A': AA_MAY_APPEND,
- 'l': AA_MAY_LINK, 'L': AA_MAY_LINK,
- 'k': AA_MAY_LOCK, 'K': AA_MAY_LOCK,
- 'm': AA_EXEC_MMAP, 'M': AA_EXEC_MMAP,
- 'i': AA_EXEC_INHERIT, 'I': AA_EXEC_INHERIT,
- 'u': AA_EXEC_UNCONFINED | AA_EXEC_UNSAFE, # Unconfined + Unsafe
- 'U': AA_EXEC_UNCONFINED,
- 'p': AA_EXEC_PROFILE | AA_EXEC_UNSAFE, # Profile + unsafe
- 'P': AA_EXEC_PROFILE,
- 'c': AA_EXEC_CHILD | AA_EXEC_UNSAFE, # Child + Unsafe
- 'C': AA_EXEC_CHILD,
- 'n': AA_EXEC_NT | AA_EXEC_UNSAFE,
- 'N': AA_EXEC_NT
- }
-
-LOG_MODE_RE = re.compile('^(r|w|l|m|k|a|x|ix|ux|px|pux|cx|nx|pix|cix|Ux|Px|PUx|Cx|Nx|Pix|Cix)+$')
-MODE_MAP_SET = {"r", "w", "l", "m", "k", "a", "x", "i", "u", "p", "c", "n", "I", "U", "P", "C", "N"}
-
-def str_to_mode(string):
- if not string:
- return set()
- user, other = split_log_mode(string)
- if not user:
- user = other
-
- mode = sub_str_to_mode(user)
- #print(string, mode)
- #print(string, 'other', sub_str_to_mode(other))
- mode |= (AA_OTHER(sub_str_to_mode(other)))
- #print (string, mode)
- #print('str_to_mode:', mode)
- return mode
-
-def sub_str_to_mode(string):
- mode = set()
-
- for mode_char in string:
- if mode_char in MODE_MAP_SET and MODE_HASH.get(mode_char, False):
- mode |= MODE_HASH[mode_char]
- else:
- raise AppArmorBug("Mode string '%s' contains invalid char '%s'" % (string, mode_char))
-
- return mode
-
-def split_log_mode(mode):
- #if the mode has a "::", then the left side is the user mode, and the right side is the other mode
- #if not, then the mode is both the user and other mode
- user = ''
- other = ''
-
- if "::" in mode:
- try:
- user, other = mode.split("::")
- except ValueError as e:
- raise AppArmorBug("Got ValueError '%s' when splitting %s" % (str(e), mode))
- else:
- user = mode
- other = mode
-
- return user, other
-
-def mode_contains(mode, subset):
- # w implies a
- if mode & AA_MAY_WRITE:
- mode |= AA_MAY_APPEND
- if mode & (AA_OTHER(AA_MAY_WRITE)):
- mode |= (AA_OTHER(AA_MAY_APPEND))
-
- return (mode & subset) == subset
-
-def validate_log_mode(mode):
- if LOG_MODE_RE.search(mode):
- return True
- else:
- return False
-
-def hide_log_mode(mode):
- mode = mode.replace('::', '')
- return mode
-
-def split_mode(mode):
- user = set()
- for i in mode:
- if not '::' in i:
- user.add(i)
- other = mode - user
- other = AA_OTHER_REMOVE(other)
- return user, other
-
-def log_str_to_mode(profile, string, nt_name):
- mode = str_to_mode(string)
- # If contains nx and nix
- #print (profile, string, nt_name)
- if mode_contains(mode, str_to_mode('Nx')):
- # Transform to px, cx
- match = re.search('(.+?)//(.+?)', nt_name)
- if match:
- lprofile, lhat = match.groups()
- tmode = 0
-
- if lprofile == profile:
- if mode & AA_MAY_EXEC:
- tmode = str_to_mode('Cx::')
- if mode & AA_OTHER(AA_MAY_EXEC):
- tmode |= str_to_mode('Cx')
- nt_name = lhat
- else:
- if mode & AA_MAY_EXEC:
- tmode = str_to_mode('Px::')
- if mode & AA_OTHER(AA_MAY_EXEC):
- tmode |= str_to_mode('Px')
- nt_name = lhat
-
- mode = mode - str_to_mode('Nx')
- mode |= tmode
-
- return mode, nt_name
diff --git a/utils/apparmor/cleanprofile.py b/utils/apparmor/cleanprofile.py
index 664cc732aff55e88376783587739d6afaf4838c8..af2380bef1824bea4fa7a5db2f920193a6cd36da 100644
--- a/utils/apparmor/cleanprofile.py
+++ b/utils/apparmor/cleanprofile.py
@@ -18,7 +18,7 @@ class Prof(object):
def __init__(self, filename):
apparmor.init_aa()
self.aa = apparmor.aa
- self.filelist = apparmor.filelist
+ self.active_profiles = apparmor.active_profiles
self.include = apparmor.include
self.filename = filename
@@ -31,12 +31,8 @@ class CleanProf(object):
def compare_profiles(self):
deleted = 0
- other_file_includes = list(self.other.filelist[self.other.filename]['include'].keys())
- #Remove the duplicate file-level includes from other
- for rule in self.profile.filelist[self.profile.filename]['include'].keys():
- if rule in other_file_includes:
- self.other.filelist[self.other.filename]['include'].pop(rule)
+ deleted += self.other.active_profiles.delete_preamble_duplicates(self.other.filename)
for profile in self.profile.aa.keys():
deleted += self.remove_duplicate_rules(profile)
@@ -45,27 +41,22 @@ class CleanProf(object):
def remove_duplicate_rules(self, program):
#Process the profile of the program
- #Process every hat in the profile individually
- file_includes = list(self.profile.filelist[self.profile.filename]['include'].keys())
+
deleted = 0
- for hat in sorted(self.profile.aa[program].keys()):
- #The combined list of includes from profile and the file
- includes = list(self.profile.aa[program][hat]['include'].keys()) + file_includes
- #If different files remove duplicate includes in the other profile
- if not self.same_file:
- if self.other.aa[program].get(hat): # carefully avoid to accidently initialize self.other.aa[program][hat]
- for inc in includes:
- if self.other.aa[program][hat]['include'].get(inc, False):
- self.other.aa[program][hat]['include'].pop(inc)
- deleted += 1
+ # remove duplicate rules from the preamble
+ deleted += self.profile.active_profiles.delete_preamble_duplicates(self.profile.filename)
+
+ #Process every hat in the profile individually
+ for hat in sorted(self.profile.aa[program].keys()):
+ includes = self.profile.aa[program][hat]['inc_ie'].get_all_full_paths(apparmor.profile_dir)
#Clean up superfluous rules from includes in the other profile
for inc in includes:
if not self.profile.include.get(inc, {}).get(inc, False):
apparmor.load_include(inc)
if self.other.aa[program].get(hat): # carefully avoid to accidently initialize self.other.aa[program][hat]
- deleted += apparmor.delete_duplicates(self.other.aa[program][hat], inc)
+ deleted += apparmor.delete_all_duplicates(self.other.aa[program][hat], inc, apparmor.ruletypes)
#Clean duplicate rules in other profile
for ruletype in apparmor.ruletypes:
diff --git a/utils/apparmor/common.py b/utils/apparmor/common.py
index 081f362bcb017253d40ef9064301f9b8e3ed7aac..ec90a25d62caabdff676589d069db53323f98167 100644
--- a/utils/apparmor/common.py
+++ b/utils/apparmor/common.py
@@ -10,7 +10,6 @@
# ------------------------------------------------------------------
from __future__ import print_function
-import codecs
import collections
import glob
import logging
@@ -172,6 +171,22 @@ def get_directory_contents(path):
files.sort()
return files
+def is_skippable_file(path):
+ """Returns True if filename matches something to be skipped (rpm or dpkg backup files, hidden files etc.)
+ The list of skippable files needs to be synced with apparmor initscript and libapparmor _aa_is_blacklisted()
+ path: filename (with or without directory)"""
+
+ basename = os.path.basename(path)
+
+ if not basename or basename[0] == '.' or basename == 'README':
+ return True
+
+ skippable_suffix = ('.dpkg-new', '.dpkg-old', '.dpkg-dist', '.dpkg-bak', '.dpkg-remove', '.pacsave', '.pacnew', '.rpmnew', '.rpmsave', '.orig', '.rej', '~')
+ if basename.endswith(skippable_suffix):
+ return True
+
+ return False
+
def open_file_read(path, encoding='UTF-8'):
'''Open specified file read-only'''
return open_file_anymode('r', path, encoding)
@@ -181,13 +196,17 @@ def open_file_write(path):
return open_file_anymode('w', path, 'UTF-8')
def open_file_anymode(mode, path, encoding='UTF-8'):
- '''Open specified file in specified mode'''
+ '''Crash-resistant wrapper to open a specified file in specified mode'''
+ # This avoids a crash when reading a logfile with special characters that
+ # are not utf8-encoded (for example a latin1 "ö"), and also avoids crashes
+ # at several other places we don't know yet ;-)
errorhandling = 'surrogateescape'
+
if sys.version_info[0] < 3:
errorhandling = 'replace'
- orig = codecs.open(path, mode, encoding, errors=errorhandling)
+ orig = open(path, mode, encoding=encoding, errors=errorhandling)
return orig
@@ -258,12 +277,30 @@ def type_is_str(var):
else:
return False
+def split_name(full_profile):
+ if '//' in full_profile:
+ profile, hat = full_profile.split('//')[:2] # XXX limit to two levels to avoid an Exception on nested child profiles or nested null-*
+ # TODO: support nested child profiles
+ else:
+ profile = full_profile
+ hat = full_profile
+
+ return (profile, hat)
+
+
class DebugLogger(object):
+ '''Unified debug facility. Logs to file or stderr.
+
+ Does not log anything by default. Will only log if environment variable
+ LOGPROF_DEBUG is set to a number between 1 and 3 or if method activateStderr
+ is run.
+ '''
def __init__(self, module_name=__name__):
self.debugging = False
- self.logfile = '/var/log/apparmor/logprof.log'
self.debug_level = logging.DEBUG
+
if os.getenv('LOGPROF_DEBUG', False):
+ self.logfile = '/var/log/apparmor/logprof.log'
self.debugging = os.getenv('LOGPROF_DEBUG')
try:
self.debugging = int(self.debugging)
@@ -275,11 +312,11 @@ class DebugLogger(object):
if self.debugging == 0: # debugging disabled, don't need to setup logging
return
if self.debugging == 1:
- self.debug_level = logging.ERROR
+ self.debug_level = logging.ERROR # 40
elif self.debugging == 2:
- self.debug_level = logging.INFO
+ self.debug_level = logging.INFO # 20
elif self.debugging == 3:
- self.debug_level = logging.DEBUG
+ self.debug_level = logging.DEBUG # 10
try:
logging.basicConfig(filename=self.logfile, level=self.debug_level,
@@ -295,6 +332,15 @@ class DebugLogger(object):
self.logger = logging.getLogger(module_name)
+ def activateStderr(self):
+ self.debugging = True
+ logging.basicConfig(
+ level=self.debug_level,
+ format='%(levelname)s: %(message)s',
+ stream=sys.stderr,
+ )
+ self.logger = logging.getLogger(__name__)
+
def error(self, message):
if self.debugging:
self.logger.error(message)
diff --git a/utils/apparmor/config.py b/utils/apparmor/config.py
index 64334c9b777ee1150ec79cd42888276465dd7aad..9997655df93c9f47a88a693bfb2210d8022f53db 100644
--- a/utils/apparmor/config.py
+++ b/utils/apparmor/config.py
@@ -40,7 +40,7 @@ from apparmor.common import AppArmorException, open_file_read # , warn, msg,
# CFG = None
# REPO_CFG = None
-# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf', 'subdomain.conf']
+# SHELL_FILES = ['easyprof.conf', 'notify.conf', 'parser.conf']
class Config(object):
def __init__(self, conf_type, conf_dir='/etc/apparmor'):
self.CONF_DIR = conf_dir
@@ -60,14 +60,9 @@ class Config(object):
def read_config(self, filename):
"""Reads the file and returns a config[section][attribute]=property object"""
- # LP: Bug #692406
- # Explicitly disabled repository
- filepath = self.CONF_DIR + '/' + filename
+ filepath = os.path.join(self.CONF_DIR, filename)
self.input_file = filepath
- if filename == "repository.conf":
- config = dict()
- config['repository'] = {'enabled': 'no'}
- elif self.conf_type == 'shell':
+ if self.conf_type == 'shell':
config = self.read_shell(filepath)
elif self.conf_type == 'ini':
if sys.version_info > (3, 0):
@@ -89,7 +84,7 @@ class Config(object):
def write_config(self, filename, config):
"""Writes the given config to the specified file"""
- filepath = self.CONF_DIR + '/' + filename
+ filepath = os.path.join(self.CONF_DIR, filename)
permission_600 = stat.S_IRUSR | stat.S_IWUSR # Owner read and write
try:
# Open a temporary file in the CONF_DIR to write the config file
@@ -133,6 +128,7 @@ class Config(object):
def read_shell(self, filepath):
"""Reads the shell type conf files and returns config[''][option]=value"""
+ # @TODO: Use standard ConfigParser when https://bugs.python.org/issue22253 is fixed
config = {'': dict()}
with open_file_read(filepath) as conf_file:
for line in conf_file:
diff --git a/utils/apparmor/easyprof.py b/utils/apparmor/easyprof.py
index c6e693270d1dd97bcbfd4fb842d1afe76ad68ef3..9ccc7ef10f4033a04305bf6bfc50dd8ed1318d42 100644
--- a/utils/apparmor/easyprof.py
+++ b/utils/apparmor/easyprof.py
@@ -82,18 +82,6 @@ def cmd(command):
return [sp.returncode, out]
-def cmd_pipe(command1, command2):
- '''Try to pipe command1 into command2.'''
- try:
- sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE)
- sp2 = subprocess.Popen(command2, stdin=sp1.stdout)
- except OSError as ex:
- return [127, str(ex)]
-
- out = sp2.communicate()[0]
- return [sp2.returncode, out]
-
-
def debug(out):
'''Print debug message'''
if DEBUGGING:
@@ -822,8 +810,8 @@ def check_for_manifest_arg(option, opt_str, value, parser):
def check_for_manifest_arg_append(option, opt_str, value, parser):
'''Check for -m/--manifest with conflicting args (with append)'''
if parser.values.manifest:
- raise optparse.OptionValueError("can't use --%s with --manifest " \
- "argument" % opt_str.lstrip('-'))
+ raise optparse.OptionValueError("can't use --%s with --manifest " \
+ "argument" % opt_str.lstrip('-'))
parser.values.ensure_value(option.dest, []).append(value)
def add_parser_policy_args(parser):
@@ -1216,7 +1204,7 @@ def verify_manifest(params, args=None):
tv_val = tv.split('=')[1]
debug("Examining %s" % tv_val)
if '..' in tv_val or pat.search(tv_val):
- err_str += "\n%s" % tv
+ err_str += "\n%s" % tv
if err_str:
warn("Manifest definition is potentially unsafe%s" % err_str)
diff --git a/utils/apparmor/fail.py b/utils/apparmor/fail.py
index 5e5cb50ecf77f5da40b61ce0b83fcf870d4753f9..6a0c57e8ccd668805511c3fcf7285529a74c2754 100644
--- a/utils/apparmor/fail.py
+++ b/utils/apparmor/fail.py
@@ -41,7 +41,7 @@ def handle_exception(*exc_info):
cgitb_hook = cgitb.Hook(display=1, file=file, format='text', context=10)
cgitb_hook.handle(exc_info)
- file.write('Please consider reporting a bug at https://bugs.launchpad.net/apparmor/\n')
+ file.write('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues\n')
file.write('and attach this file.\n')
print(''.join(traceback.format_exception(*exc_info)), file=sys.stderr)
@@ -49,7 +49,7 @@ def handle_exception(*exc_info):
print('An unexpected error occoured!', file=sys.stderr)
print('', file=sys.stderr)
print('For details, see %s' % path, file=sys.stderr)
- print('Please consider reporting a bug at https://bugs.launchpad.net/apparmor/', file=sys.stderr)
+ print('Please consider reporting a bug at https://gitlab.com/apparmor/apparmor/-/issues', file=sys.stderr)
print('and attach this file.', file=sys.stderr)
def enable_aa_exception_handler():
diff --git a/utils/apparmor/logparser.py b/utils/apparmor/logparser.py
index 6b8286e3189c2d2576596497e722d27a895a7efc..a64b64b107f2b8494d489bb33c04346e0f4b6f58 100644
--- a/utils/apparmor/logparser.py
+++ b/utils/apparmor/logparser.py
@@ -1,6 +1,6 @@
# ----------------------------------------------------------------------
# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
-# Copyright (C) 2015-2018 Christian Boltz <apparmor@cboltz.de>
+# Copyright (C) 2015-2019 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -17,44 +17,47 @@ import re
import sys
import time
import LibAppArmor
-from apparmor.common import AppArmorException, AppArmorBug, open_file_read, DebugLogger
-
-from apparmor.aamode import validate_log_mode, log_str_to_mode, hide_log_mode, AA_MAY_EXEC
+from apparmor.common import AppArmorException, AppArmorBug, hasher, open_file_read, split_name, DebugLogger
# setup module translations
from apparmor.translations import init_translation
_ = init_translation()
class ReadLog:
- RE_audit_time_id = '(msg=)?audit\([\d\.\:]+\):\s+' # 'audit(1282626827.320:411): '
- RE_kernel_time = '\[[\d\.\s]+\]' # '[ 1612.746129]'
- RE_type_num = '1[45][0-9][0-9]' # 1400..1599
- RE_aa_or_op = '(apparmor=|operation=)'
-
- RE_log_parts = [
- 'kernel:\s+(' + RE_kernel_time + '\s+)?(audit:\s+)?type=' + RE_type_num + '\s+' + RE_audit_time_id + RE_aa_or_op, # v2_6 syslog
- 'kernel:\s+(' + RE_kernel_time + '\s+)?' + RE_audit_time_id + 'type=' + RE_type_num + '\s+' + RE_aa_or_op,
- 'type=(AVC|APPARMOR[_A-Z]*|' + RE_type_num + ')\s+' + RE_audit_time_id + '(type=' + RE_type_num + '\s+)?' + RE_aa_or_op, # v2_6 audit and dmesg
- 'type=(USER_AVC|1107)\s+' + RE_audit_time_id + '.*apparmor=', # dbus
- 'type=UNKNOWN\[' + RE_type_num + '\]\s+' + RE_audit_time_id + RE_aa_or_op,
- 'dbus\[[0-9]+\]:\s+apparmor=', # dbus
- ]
# used to pre-filter log lines so that we hand over only relevant lines to LibAppArmor parsing
- RE_LOG_ALL = re.compile('(' + '|'.join(RE_log_parts) + ')')
+ RE_LOG_ALL = re.compile('apparmor=|operation=|type=AVC')
- def __init__(self, pid, filename, active_profiles, profile_dir):
+ def __init__(self, filename, active_profiles, profile_dir):
self.filename = filename
self.profile_dir = profile_dir
- self.pid = pid
self.active_profiles = active_profiles
- self.log = []
+ self.hashlog = { 'PERMITTING': {}, 'REJECTING': {}, 'AUDIT': {} } # structure inside {}: {'profilename': init_hashlog(aamode, profilename), 'profilename2': init_hashlog(...), ...}
self.debug_logger = DebugLogger('ReadLog')
self.LOG = None
self.logmark = ''
self.seenmark = None
self.next_log_entry = None
+ def init_hashlog(self, aamode, profile):
+ ''' initialize self.hashlog[aamode][profile] for all rule types'''
+
+ if profile in self.hashlog[aamode].keys():
+ return # already initialized, don't overwrite existing data
+
+ self.hashlog[aamode][profile] = {
+ 'final_name': profile, # might be changed for null-* profiles based on exec decisions
+ 'capability': {}, # flat, no hasher needed
+ 'change_hat': {}, # flat, no hasher needed
+ 'change_profile': {}, # flat, no hasher needed (at least in logparser which doesn't support EXEC MODE and EXEC COND)
+ 'dbus': hasher(),
+ 'exec': hasher(),
+ 'network': hasher(),
+ 'path': hasher(),
+ 'ptrace': hasher(),
+ 'signal': hasher(),
+ }
+
def prefetch_next_log_entry(self):
if self.next_log_entry:
sys.stderr.out('A log entry already present: %s' % self.next_log_entry)
@@ -72,26 +75,10 @@ class ReadLog:
self.next_log_entry = None
return log_entry
- def peek_at_next_log_entry(self):
- # Take a peek at the next log entry
- if not self.next_log_entry:
- self.prefetch_next_log_entry()
- return self.next_log_entry
-
- def throw_away_next_log_entry(self):
- self.next_log_entry = None
-
- def parse_log_record(self, record):
- self.debug_logger.debug('parse_log_record: %s' % record)
-
- record_event = self.parse_event(record)
- return record_event
-
def parse_event(self, msg):
"""Parse the event from log into key value pairs"""
msg = msg.strip()
self.debug_logger.info('parse_event: %s' % msg)
- #print(repr(msg))
if sys.version_info < (3, 0):
# parse_record fails with u'foo' style strings hence typecasting to string
msg = str(msg)
@@ -138,10 +125,6 @@ class ReadLog:
if not ev['time']:
ev['time'] = int(time.time())
- # Remove None keys
- #for key in ev.keys():
- # if not ev[key] or not re.search('[\w]+', ev[key]):
- # ev.pop(key)
if ev['aamode']:
# Convert aamode values to their counter-parts
@@ -164,41 +147,10 @@ class ReadLog:
ev['aamode'] = 'ERROR'
if ev['aamode']:
- #debug_logger.debug(ev)
return ev
else:
return None
- def add_to_tree(self, loc_pid, parent, type, event):
- self.debug_logger.info('add_to_tree: pid [%s] type [%s] event [%s]' % (loc_pid, type, event))
- if not self.pid.get(loc_pid, False):
- profile, hat = event[:2]
- if parent and self.pid.get(parent, False):
- if not hat:
- hat = 'null-complain-profile'
- arrayref = []
- self.pid[parent].append(arrayref)
- self.pid[loc_pid] = arrayref
- for ia in ['fork', loc_pid, profile, hat]:
- arrayref.append(ia)
-# self.pid[parent].append(array_ref)
-# self.pid[loc_pid] = array_ref
- else:
- arrayref = []
- self.log.append(arrayref)
- self.pid[loc_pid] = arrayref
-# self.log.append(array_ref)
-# self.pid[loc_pid] = array_ref
- self.pid[loc_pid].append([type, loc_pid] + event)
- #print("\n\npid",self.pid)
- #print("log",self.log)
-
- def add_event_to_tree(self, e):
- e = self.parse_event_for_tree(e)
- if e is not None:
- (pid, parent, mode, details) = e
- self.add_to_tree(pid, parent, mode, details)
-
def parse_event_for_tree(self, e):
aamode = e.get('aamode', 'UNKNOWN')
@@ -208,128 +160,81 @@ class ReadLog:
if aamode in ['AUDIT', 'STATUS', 'ERROR']:
return None
- if 'profile_set' in e['operation']:
- return None
-
# Skip if AUDIT event was issued due to a change_hat in unconfined mode
if not e.get('profile', False):
return None
+ full_profile = e['profile'] # full, nested profile name
+ self.init_hashlog(aamode, full_profile)
+
# Convert new null profiles to old single level null profile
if '//null-' in e['profile']:
e['profile'] = 'null-complain-profile'
- profile = e['profile']
- hat = None
-
- if '//' in e['profile']:
- profile, hat = e['profile'].split('//')[:2]
-
- # Filter out change_hat events that aren't from learning
- if e['operation'] == 'change_hat':
- if aamode != 'HINT' and aamode != 'PERMITTING':
- return None
- if e['error_code'] == 1 and e['info'] == 'unconfined can not change_hat':
- return None
- profile = e['name2']
- #hat = None
- if '//' in e['name2']:
- profile, hat = e['name2'].split('//')[:2]
-
- if not hat:
- hat = profile
-
- # prog is no longer passed around consistently
- prog = 'HINT'
+ profile, hat = split_name(e['profile'])
if profile != 'null-complain-profile' and not self.profile_exists(profile):
return None
if e['operation'] == 'exec':
- # convert rmask and dmask to mode arrays
- e['denied_mask'], e['name2'] = log_str_to_mode(e['profile'], e['denied_mask'], e['name2'])
- e['request_mask'], e['name2'] = log_str_to_mode(e['profile'], e['request_mask'], e['name2'])
-
- if e.get('info', False) and e['info'] == 'mandatory profile missing':
- return(e['pid'], e['parent'], 'exec',
- [profile, hat, aamode, 'PERMITTING', e['denied_mask'], e['name'], e['name2']])
- elif (e.get('name2', False) and '//null-' in e['name2']) or e.get('name', False):
- return(e['pid'], e['parent'], 'exec',
- [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
- else:
- self.debug_logger.debug('parse_event_for_tree: dropped exec event in %s' % e['profile'])
+ if not e['name']:
+ raise AppArmorException('exec without executed binary')
+
+ if not e['name2']:
+ e['name2'] = '' # exec events in enforce mode don't have target=...
+
+ self.hashlog[aamode][full_profile]['exec'][e['name']][e['name2']] = True
+ return None
elif self.op_type(e) == 'file':
# Map c (create) and d (delete) to w (logging is more detailed than the profile language)
- rmask = e['request_mask']
- rmask = rmask.replace('c', 'w')
- rmask = rmask.replace('d', 'w')
- if not validate_log_mode(hide_log_mode(rmask)):
- raise AppArmorException(_('Log contains unknown mode %s') % rmask)
-
dmask = e['denied_mask']
dmask = dmask.replace('c', 'w')
dmask = dmask.replace('d', 'w')
- if not validate_log_mode(hide_log_mode(dmask)):
- raise AppArmorException(_('Log contains unknown mode %s') % dmask)
+
+ owner = False
+
+ if '::' in dmask:
+ # old log styles used :: to indicate if permissions are meant for owner or other
+ (owner_d, other_d) = dmask.split('::')
+ if owner_d and other_d:
+ raise AppArmorException('Found log event with both owner and other permissions. Please open a bugreport!')
+ if owner_d:
+ dmask = owner_d
+ owner = True
+ else:
+ dmask = other_d
if e.get('ouid') is not None and e['fsuid'] == e['ouid']:
- # mark as "owner" event
- if '::' not in rmask:
- rmask = '%s::' % rmask
- if '::' not in dmask:
- dmask = '%s::' % dmask
-
- # convert rmask and dmask to mode arrays
- e['denied_mask'], e['name2'] = log_str_to_mode(e['profile'], dmask, e['name2'])
- e['request_mask'], e['name2'] = log_str_to_mode(e['profile'], rmask, e['name2'])
-
- # check if this is an exec event
- is_domain_change = False
- if e['operation'] == 'inode_permission' and (e['denied_mask'] & AA_MAY_EXEC) and aamode == 'PERMITTING':
- following = self.peek_at_next_log_entry()
- if following:
- entry = self.parse_log_record(following)
- if entry and entry.get('info', False) == 'set profile':
- is_domain_change = True
- self.throw_away_next_log_entry()
-
- if is_domain_change:
- return(e['pid'], e['parent'], 'exec',
- [profile, hat, prog, aamode, e['denied_mask'], e['name'], e['name2']])
- else:
- return(e['pid'], e['parent'], 'path',
- [profile, hat, prog, aamode, e['denied_mask'], e['name'], ''])
+ # in current log style, owner permissions are indicated by a match of fsuid and ouid
+ owner = True
+
+ for perm in dmask:
+ if perm in 'mrwalk': # intentionally not allowing 'x' here
+ self.hashlog[aamode][full_profile]['path'][e['name']][owner][perm] = True
+ else:
+ raise AppArmorException(_('Log contains unknown mode %s') % dmask)
+
+ return None
elif e['operation'] == 'capable':
- return(e['pid'], e['parent'], 'capability',
- [profile, hat, prog, aamode, e['name'], ''])
-
- elif e['operation'] == 'clone':
- parent, child = e['pid'], e['task']
- if not parent:
- parent = 'null-complain-profile'
- if not hat:
- hat = 'null-complain-profile'
- arrayref = []
- if self.pid.get(parent, False):
- self.pid[parent].append(arrayref)
- else:
- self.log.append(arrayref)
- self.pid[child].append(arrayref)
- for ia in ['fork', child, profile, hat]:
- arrayref.append(ia)
-# if self.pid.get(parent, False):
-# self.pid[parent] += [arrayref]
-# else:
-# self.log += [arrayref]
-# self.pid[child] = arrayref
+ self.hashlog[aamode][full_profile]['capability'][e['name']] = True
+ return None
elif self.op_type(e) == 'net':
- return(e['pid'], e['parent'], 'netdomain',
- [profile, hat, prog, aamode, e['family'], e['sock_type'], e['protocol']])
+ self.hashlog[aamode][full_profile]['network'][e['family']][e['sock_type']][e['protocol']] = True
+ return None
+
elif e['operation'] == 'change_hat':
- return(e['pid'], e['parent'], 'unknown_hat',
- [profile, hat, aamode, hat])
+ if e['error_code'] == 1 and e['info'] == 'unconfined can not change_hat':
+ return None
+
+ self.hashlog[aamode][full_profile]['change_hat'][e['name2']] = True
+ return None
+
+ elif e['operation'] == 'change_profile':
+ self.hashlog[aamode][full_profile]['change_profile'][e['name2']] = True
+ return None
+
elif e['operation'] == 'ptrace':
if not e['peer']:
self.debug_logger.debug('ignored garbage ptrace event with empty peer')
@@ -338,14 +243,17 @@ class ReadLog:
self.debug_logger.debug('ignored garbage ptrace event with empty denied_mask')
return None
- return(e['pid'], e['parent'], 'ptrace',
- [profile, hat, prog, aamode, e['denied_mask'], e['peer']])
+ self.hashlog[aamode][full_profile]['ptrace'][e['peer']][e['denied_mask']] = True
+ return None
+
elif e['operation'] == 'signal':
- return(e['pid'], e['parent'], 'signal',
- [profile, hat, prog, aamode, e['denied_mask'], e['signal'], e['peer']])
+ self.hashlog[aamode][full_profile]['signal'][e['peer']][e['denied_mask']][e['signal']]= True
+ return None
+
elif e['operation'].startswith('dbus_'):
- return(e['pid'], e['parent'], 'dbus',
- [profile, hat, prog, aamode, e['denied_mask'], e['bus'], e['path'], e['name'], e['interface'], e['member'], e['peer_profile']])
+ self.hashlog[aamode][full_profile]['dbus'][e['denied_mask']][e['bus']][e['path']][e['name']][e['interface']][e['member']][e['peer_profile']] = True
+ return None
+
else:
self.debug_logger.debug('UNHANDLED: %s' % e)
@@ -354,14 +262,10 @@ class ReadLog:
seenmark = True
if self.logmark:
seenmark = False
- #last = None
- #event_type = None
try:
- #print(self.filename)
self.LOG = open_file_read(self.filename)
except IOError:
raise AppArmorException('Can not read AppArmor logfile: ' + self.filename)
- #LOG = open_file_read(log_open)
line = True
while line:
line = self.get_next_log_entry()
@@ -376,11 +280,11 @@ class ReadLog:
if not seenmark:
continue
- event = self.parse_log_record(line)
- #print(event)
+ event = self.parse_event(line)
if event:
try:
- self.add_event_to_tree(event)
+ self.parse_event_for_tree(event)
+
except AppArmorException as e:
ex_msg = ('%(msg)s\n\nThis error was caused by the log line:\n%(logline)s' %
{'msg': e.value, 'logline': line})
@@ -389,7 +293,8 @@ class ReadLog:
self.LOG.close()
self.logmark = ''
- return self.log
+
+ return self.hashlog
# operation types that can be network or file operations
# (used by op_type() which checks some event details to decide)
@@ -451,14 +356,3 @@ class ReadLog:
return True
return False
-
- def get_profile_filename(self, profile):
- """Returns the full profile name"""
- if profile.startswith('/'):
- # Remove leading /
- profile = profile[1:]
- else:
- profile = "profile_" + profile
- profile = profile.replace('/', '.')
- full_profilename = self.profile_dir + '/' + profile
- return full_profilename
diff --git a/utils/apparmor/notify.py b/utils/apparmor/notify.py
new file mode 100644
index 0000000000000000000000000000000000000000..3043b47379650b14a8b759223dbe1db24c9c5c54
--- /dev/null
+++ b/utils/apparmor/notify.py
@@ -0,0 +1,104 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2018–2019 Otto Kekäläinen <otto@kekalainen.net>
+# Copyright (C) 2021 Christian Boltz
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import os
+import struct
+
+from apparmor.common import AppArmorBug, DebugLogger
+
+debug_logger = DebugLogger('apparmor.notify')
+
+
+def sane_timestamp(timestamp):
+ ''' Check if the given timestamp is in a date range that makes sense for a wtmp file '''
+
+ if timestamp < 946681200: # 2000-01-01
+ return False
+ elif timestamp > 2524604400: # 2050-01-01
+ return False
+
+ return True
+
+def get_last_login_timestamp(username, filename='/var/log/wtmp'):
+ '''Directly read wtmp and get last login for user as epoch timestamp'''
+ timestamp = 0
+ last_login = 0
+
+ debug_logger.debug('Username: {}'.format(username))
+
+ with open(filename, "rb") as wtmp_file:
+ offset = 0
+ wtmp_filesize = os.path.getsize(filename)
+ debug_logger.debug('WTMP filesize: {}'.format(wtmp_filesize))
+
+ if wtmp_filesize < 356:
+ return 0 # (nearly) empty wtmp file, no entries
+
+ # detect architecture based on utmp format differences
+ wtmp_file.seek(340) # first possible timestamp position
+ timestamp_x86_64 = struct.unpack("<L", wtmp_file.read(4))[0]
+ timestamp_aarch64 = struct.unpack("<L", wtmp_file.read(4))[0]
+ timestamp_s390x = struct.unpack(">L", wtmp_file.read(4))[0]
+ debug_logger.debug('WTMP timestamps: x86_64 %s, aarch64 %s, s390x %s' % (timestamp_x86_64, timestamp_aarch64, timestamp_s390x))
+
+ if sane_timestamp(timestamp_x86_64):
+ endianness = '<' # little endian
+ extra_offset_before = 0
+ extra_offset_after = 0
+ elif sane_timestamp(timestamp_aarch64):
+ endianness = '<' # little endian
+ extra_offset_before = 4
+ extra_offset_after = 12
+ elif sane_timestamp(timestamp_s390x):
+ endianness = '>' # big endian
+ extra_offset_before = 8
+ extra_offset_after = 8
+ else:
+ raise AppArmorBug('Your /var/log/wtmp is broken or has an unknown format. Please open a bugreport with /var/log/wtmp and the output of "last" attached!')
+
+ while offset < wtmp_filesize:
+ wtmp_file.seek(offset)
+ offset += 384 + extra_offset_before + extra_offset_after # Increment for next entry
+
+ type = struct.unpack('%sH' % endianness, wtmp_file.read(2))[0]
+ debug_logger.debug('WTMP entry type: {}'.format(type))
+ wtmp_file.read(2) # skip padding
+
+ # Only parse USER lines
+ if type == 7:
+ # Read each item and move pointer forward
+ pid = struct.unpack("<L", wtmp_file.read(4))[0]
+ line = wtmp_file.read(32).decode("utf-8", "replace").split('\0', 1)[0]
+ id = wtmp_file.read(4).decode("utf-8", "replace").split('\0', 1)[0]
+ user = wtmp_file.read(32).decode("utf-8", "replace").split('\0', 1)[0]
+ host = wtmp_file.read(256).decode("utf-8", "replace").split('\0', 1)[0]
+ term = struct.unpack("<H", wtmp_file.read(2))[0]
+ exit = struct.unpack("<H", wtmp_file.read(2))[0]
+ session = struct.unpack("<L", wtmp_file.read(4))[0]
+ if extra_offset_before:
+ wtmp_file.read(extra_offset_before)
+ timestamp = struct.unpack('%sL' % endianness, wtmp_file.read(4))[0]
+ if extra_offset_after:
+ wtmp_file.read(extra_offset_after)
+ usec = struct.unpack("<L", wtmp_file.read(4))[0]
+ entry = (pid, line, id, user, host, term, exit, session, timestamp, usec)
+ debug_logger.debug('WTMP entry: {}'.format(entry))
+
+ # Store login timestamp for requested user
+ if user == username:
+ last_login = timestamp
+
+ # When loop is done, last value should be the latest login timestamp
+ return last_login
diff --git a/utils/apparmor/profile_list.py b/utils/apparmor/profile_list.py
index f500f3a04cb491e760378403186948c1c9e6818c..e18ef048c9d80e2668feb3268aeab172b61c77ad 100644
--- a/utils/apparmor/profile_list.py
+++ b/utils/apparmor/profile_list.py
@@ -1,5 +1,5 @@
# ----------------------------------------------------------------------
-# Copyright (C) 2018 Christian Boltz <apparmor@cboltz.de>
+# Copyright (C) 2018-2020 Christian Boltz <apparmor@cboltz.de>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
@@ -14,6 +14,10 @@
from apparmor.aare import AARE
from apparmor.common import AppArmorBug, AppArmorException
+from apparmor.rule.alias import AliasRule, AliasRuleset
+from apparmor.rule.abi import AbiRule, AbiRuleset
+from apparmor.rule.include import IncludeRule, IncludeRuleset
+from apparmor.rule.variable import VariableRule, VariableRuleset
# setup module translations
from apparmor.translations import init_translation
@@ -21,14 +25,35 @@ _ = init_translation()
class ProfileList:
- ''' Stores the list of profiles (both name and attachment) and in which files they live '''
+ ''' Stores the preamble section and the list of profile(s) (both name and
+ attachment) that live in profile files.
+
+ Also allows "reverse" lookups to find out in which file a profile
+ lives.
+ '''
def __init__(self):
self.profile_names = {} # profile name -> filename
self.attachments = {} # attachment -> filename
self.attachments_AARE = {} # AARE(attachment) -> filename
+ self.files = {} # filename -> content - see init_file()
+
+ def __repr__(self):
+ return('\n<ProfileList>\n%s\n</ProfileList>\n' % '\n'.join(self.files))
+
+ def init_file(self, filename):
+ if self.files.get(filename):
+ return # don't re-initialize / overwrite existing data
- def add(self, filename, profile_name, attachment):
+ self.files[filename] = {
+ 'abi': AbiRuleset(),
+ 'alias': AliasRuleset(),
+ 'inc_ie': IncludeRuleset(),
+ 'variable': VariableRuleset(),
+ 'profiles': [],
+ }
+
+ def add_profile(self, filename, profile_name, attachment):
''' Add the given profile and attachment to the list '''
if not filename:
@@ -50,6 +75,88 @@ class ProfileList:
self.attachments[attachment] = filename
self.attachments_AARE[attachment] = AARE(attachment, True)
+ self.init_file(filename)
+
+ if profile_name:
+ self.files[filename]['profiles'].append(profile_name)
+ else:
+ self.files[filename]['profiles'].append(attachment)
+
+ def add_abi(self, filename, abi_rule):
+ ''' Store the given abi rule for the given profile filename preamble '''
+
+ if type(abi_rule) is not AbiRule:
+ raise AppArmorBug('Wrong type given to ProfileList: %s' % abi_rule)
+
+ self.init_file(filename)
+
+ self.files[filename]['abi'].add(abi_rule)
+
+ def add_alias(self, filename, alias_rule):
+ ''' Store the given alias rule for the given profile filename preamble '''
+
+ if type(alias_rule) is not AliasRule:
+ raise AppArmorBug('Wrong type given to ProfileList: %s' % alias_rule)
+
+ self.init_file(filename)
+
+ self.files[filename]['alias'].add(alias_rule)
+
+ def add_inc_ie(self, filename, inc_rule):
+ ''' Store the given include / include if exists rule for the given profile filename preamble '''
+ if type(inc_rule) is not IncludeRule:
+ raise AppArmorBug('Wrong type given to ProfileList: %s' % inc_rule)
+
+ self.init_file(filename)
+
+ self.files[filename]['inc_ie'].add(inc_rule)
+
+ def add_variable(self, filename, var_rule):
+ ''' Store the given variable rule for the given profile filename preamble '''
+ if type(var_rule) is not VariableRule:
+ raise AppArmorBug('Wrong type given to ProfileList: %s' % var_rule)
+
+ self.init_file(filename)
+
+ self.files[filename]['variable'].add(var_rule)
+
+ def delete_preamble_duplicates(self, filename):
+ ''' Delete duplicates in the preamble of the given profile file '''
+
+ if not self.files.get(filename):
+ raise AppArmorBug('%s not listed in ProfileList files' % filename)
+
+ deleted = 0
+
+ for r_type in ['abi', 'alias', 'inc_ie', 'variable']: # TODO: don't hardcode
+ deleted += self.files[filename][r_type].delete_duplicates(None) # None means not to check includes -- TODO check if this makes sense for all preamble rule types
+
+ return deleted
+
+ def get_raw(self, filename, depth=0):
+ ''' Get the preamble for the given profile filename (in original formatting) '''
+ if not self.files.get(filename):
+ raise AppArmorBug('%s not listed in ProfileList files' % filename)
+
+ data = []
+ data += self.files[filename]['abi'].get_raw(depth)
+ data += self.files[filename]['alias'].get_raw(depth)
+ data += self.files[filename]['inc_ie'].get_raw(depth)
+ data += self.files[filename]['variable'].get_raw(depth)
+ return data
+
+ def get_clean(self, filename, depth=0):
+ ''' Get the preamble for the given profile filename (in clean formatting) '''
+ if not self.files.get(filename):
+ raise AppArmorBug('%s not listed in ProfileList files' % filename)
+
+ data = []
+ data += self.files[filename]['abi'].get_clean_unsorted(depth)
+ data += self.files[filename]['alias'].get_clean_unsorted(depth)
+ data += self.files[filename]['inc_ie'].get_clean_unsorted(depth)
+ data += self.files[filename]['variable'].get_clean_unsorted(depth)
+ return data
+
def filename_from_profile_name(self, name):
''' Return profile filename for the given profile name, or None '''
@@ -71,3 +178,66 @@ class ProfileList:
return self.attachments[path] # XXX this returns the first match, not necessarily the best one
return None # nothing found
+
+ def get_all_merged_variables(self, filename, all_incfiles):
+ ''' Get merged variables of a file and its includes
+
+ Note that this function is more forgiving than apparmor_parser.
+ It detects variable redefinitions and adding values to non-existing variables.
+ However, it doesn't honor the order - so adding to a variable first and defining
+ it later won't trigger an error.
+ '''
+
+ if not self.files.get(filename):
+ raise AppArmorBug('%s not listed in ProfileList files' % filename)
+
+ merged_variables = {}
+
+ mainfile_variables = self.files[filename]['variable'].get_merged_variables()
+
+ # keep track in which file a variable gets set
+ set_in = {}
+ for var in mainfile_variables['=']:
+ merged_variables[var] = mainfile_variables['='][var]
+ set_in[var] = filename
+
+ # collect variable additions (+=)
+ inc_add = {}
+ if mainfile_variables['+=']:
+ inc_add[filename] = mainfile_variables['+='] # variable additions from main file
+
+ for incname in all_incfiles:
+ if not self.files.get(incname):
+ continue # tunables/* only end up in self.files if they contain variable or alias definitions
+
+ inc_vars = self.files[incname]['variable'].get_merged_variables()
+
+ for var in inc_vars['=']:
+ if merged_variables.get(var):
+ raise AppArmorException('While parsing %(profile)s: Conflicting variable definitions for variable %(var)s found in %(file1)s and %(file2)s.' % {
+ 'var': var, 'profile': filename, 'file1': set_in[var], 'file2': incname})
+ else:
+ merged_variables[var] = inc_vars['='][var]
+ set_in[var] = incname
+
+ # variable additions can happen in other files than the variable definition. First collect them from all files...
+ if inc_vars['+=']:
+ inc_add[incname] = inc_vars['+=']
+
+ for incname in inc_add:
+ # ... and then check if the variables that get extended have an initial definition. If yes, merge them.
+ for var in inc_add[incname]:
+ if merged_variables.get(var):
+ merged_variables[var] |= inc_add[incname][var]
+ else:
+ raise AppArmorException('While parsing %(profile)s: Variable %(var)s was not previously declared, but is being assigned additional value in file %(file)s.' % {
+ 'var': var, 'profile': filename, 'file': incname})
+
+ return merged_variables
+
+ def profiles_in_file(self, filename):
+ ''' Return list of profiles in the given file '''
+ if not self.files.get(filename):
+ raise AppArmorBug('%s not listed in ProfileList files' % filename)
+
+ return self.files[filename]['profiles']
diff --git a/utils/apparmor/profile_storage.py b/utils/apparmor/profile_storage.py
index 193b28c070a6ed3a50f88af252eec349f05bc103..19e62383f7782270d2d6a3ece90ebb8b1c79280e 100644
--- a/utils/apparmor/profile_storage.py
+++ b/utils/apparmor/profile_storage.py
@@ -14,18 +14,28 @@
# ----------------------------------------------------------------------
-from apparmor.common import AppArmorBug, hasher, type_is_str
+from apparmor.common import AppArmorBug, type_is_str
+from apparmor.rule.abi import AbiRuleset
from apparmor.rule.capability import CapabilityRuleset
from apparmor.rule.change_profile import ChangeProfileRuleset
from apparmor.rule.dbus import DbusRuleset
from apparmor.rule.file import FileRuleset
+from apparmor.rule.include import IncludeRuleset
from apparmor.rule.network import NetworkRuleset
from apparmor.rule.ptrace import PtraceRuleset
from apparmor.rule.rlimit import RlimitRuleset
from apparmor.rule.signal import SignalRuleset
+from apparmor.rule import quote_if_needed
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
ruletypes = {
+ 'abi': {'ruleset': AbiRuleset},
+ 'inc_ie': {'ruleset': IncludeRuleset},
'capability': {'ruleset': CapabilityRuleset},
'change_profile': {'ruleset': ChangeProfileRuleset},
'dbus': {'ruleset': DbusRuleset},
@@ -51,15 +61,11 @@ class ProfileStorage:
for rule in ruletypes:
data[rule] = ruletypes[rule]['ruleset']()
- data['alias'] = dict()
- data['abi'] = []
- data['include'] = dict()
- data['lvar'] = dict()
- data['repo'] = dict()
-
data['filename'] = ''
+ data['logprof_suggest'] = '' # set in abstractions that should be suggested by aa-logprof
data['name'] = ''
data['attachment'] = ''
+ data['xattrs'] = ''
data['flags'] = ''
data['external'] = False
data['header_comment'] = '' # currently only set by change_profile_flags()
@@ -70,9 +76,6 @@ class ProfileStorage:
data['allow'] = dict()
data['deny'] = dict()
- data['allow']['link'] = hasher()
- data['deny']['link'] = hasher()
-
# mount, pivot_root, unix have a .get() fallback to list() - initialize them nevertheless
data['allow']['mount'] = list()
data['deny']['mount'] = list()
@@ -90,21 +93,82 @@ class ProfileStorage:
raise AppArmorBug('attempt to read unknown key %s' % key)
def __setitem__(self, key, value):
- # TODO: Most of the keys (containing *Ruleset, dict(), list() or hasher()) should be read-only.
- # Their content needs to be changed, but the container shouldn't
- # Note: serialize_profile_from_old_profile.write_prior_segments() and write_prior_segments() expect the container to be writeable!
- # TODO: check if value has the expected type
- if key in self.data:
- self.data[key] = value
- else:
+ if key not in self.data:
raise AppArmorBug('attempt to set unknown key %s' % key)
+ # allow writing bool values
+ if type(self.data[key]) == bool:
+ if type(value) == bool:
+ self.data[key] = value
+ else:
+ raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
+
+ # allow writing str or None to some keys
+ elif key in ('xattrs', 'flags', 'filename'):
+ if type_is_str(value) or value is None:
+ self.data[key] = value
+ else:
+ raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
+
+ # allow writing str values
+ elif type_is_str(self.data[key]):
+ if type_is_str(value):
+ self.data[key] = value
+ else:
+ raise AppArmorBug('Attempt to change type of "%s" from %s to %s, value %s' % (key, type(self.data[key]), type(value), value))
+
+ # don't allow overwriting of other types
+ else:
+ raise AppArmorBug('Attempt to overwrite "%s" with %s, type %s' % (key, value, type(value)))
+
+ def __repr__(self):
+ return('\n<ProfileStorage>\n%s\n</ProfileStorage>\n' % '\n'.join(self.get_rules_clean(1)))
+
def get(self, key, fallback=None):
if key in self.data:
return self.data.get(key, fallback)
else:
raise AppArmorBug('attempt to read unknown key %s' % key)
+ def get_rules_clean(self, depth):
+ '''return all clean rules of a profile (with default formatting, and leading whitespace as specified in the depth parameter)
+
+ Note that the profile header and the closing "}" are _not_ included.
+ '''
+
+ # "old" write functions for rule types not implemented as *Rule class yet
+ write_functions = {
+ 'mount': write_mount,
+ 'pivot_root': write_pivot_root,
+ 'unix': write_unix,
+ }
+
+ write_order = [
+ 'abi',
+ 'inc_ie',
+ 'rlimit',
+ 'capability',
+ 'network',
+ 'dbus',
+ 'mount',
+ 'signal',
+ 'ptrace',
+ 'pivot_root',
+ 'unix',
+ 'file',
+ 'change_profile',
+ ]
+
+ data = []
+
+ for ruletype in write_order:
+ if write_functions.get(ruletype):
+ data += write_functions[ruletype](self.data, depth)
+ else:
+ data += self.data[ruletype].get_clean(depth)
+
+ return data
+
def split_flags(flags):
'''split the flags given as string into a sorted, de-duplicated list'''
@@ -117,28 +181,85 @@ def split_flags(flags):
# sort and remove duplicates
return sorted(set(flags_list))
-def add_or_remove_flag(flags, flag_to_change, set_flag):
- '''add (if set_flag == True) or remove the given flag_to_change to flags'''
+def add_or_remove_flag(flags, flags_to_change, set_flag):
+ '''add (if set_flag == True) or remove the given flags_to_change to flags'''
if type_is_str(flags) or flags is None:
flags = split_flags(flags)
+ if type_is_str(flags_to_change) or flags_to_change is None:
+ flags_to_change = split_flags(flags_to_change)
+
if set_flag:
- if flag_to_change not in flags:
- flags.append(flag_to_change)
+ for flag_to_change in flags_to_change:
+ if flag_to_change not in flags:
+ flags.append(flag_to_change)
else:
- if flag_to_change in flags:
- flags.remove(flag_to_change)
+ for flag_to_change in flags_to_change:
+ if flag_to_change in flags:
+ flags.remove(flag_to_change)
return sorted(flags)
-def write_abi(ref, depth):
+
+def var_transform(ref):
+ data = []
+ for value in sorted(ref):
+ if not value:
+ value = '""'
+ data.append(quote_if_needed(value))
+ return ' '.join(data)
+
+def write_mount_rules(prof_data, depth, allow):
+ pre = ' ' * depth
+ data = []
+
+ # no mount rules, so return
+ if not prof_data[allow].get('mount', False):
+ return data
+
+ for mount_rule in prof_data[allow]['mount']:
+ data.append('%s%s' % (pre, mount_rule.serialize()))
+ data.append('')
+ return data
+
+def write_mount(prof_data, depth):
+ data = write_mount_rules(prof_data, depth, 'deny')
+ data += write_mount_rules(prof_data, depth, 'allow')
+ return data
+
+def write_pivot_root_rules(prof_data, depth, allow):
+ pre = ' ' * depth
+ data = []
+
+ # no pivot_root rules, so return
+ if not prof_data[allow].get('pivot_root', False):
+ return data
+
+ for pivot_root_rule in prof_data[allow]['pivot_root']:
+ data.append('%s%s' % (pre, pivot_root_rule.serialize()))
+ data.append('')
+ return data
+
+def write_pivot_root(prof_data, depth):
+ data = write_pivot_root_rules(prof_data, depth, 'deny')
+ data += write_pivot_root_rules(prof_data, depth, 'allow')
+ return data
+
+def write_unix(prof_data, depth):
+ data = write_unix_rules(prof_data, depth, 'deny')
+ data += write_unix_rules(prof_data, depth, 'allow')
+ return data
+
+def write_unix_rules(prof_data, depth, allow):
pre = ' ' * depth
data = []
- if ref.get('abi'):
- for line in ref.get('abi'):
- data.append('%s%s' % (pre, line))
- data.append('')
+ # no unix rules, so return
+ if not prof_data[allow].get('unix', False):
+ return data
+ for unix_rule in prof_data[allow]['unix']:
+ data.append('%s%s' % (pre, unix_rule.serialize()))
+ data.append('')
return data
diff --git a/utils/apparmor/regex.py b/utils/apparmor/regex.py
index ca7dbc9687f8ef0398ed572bd544bf644fbd5cc6..868e3cc14e87ee4c8cc65cfa6908f115f28b760c 100644
--- a/utils/apparmor/regex.py
+++ b/utils/apparmor/regex.py
@@ -30,20 +30,21 @@ RE_PATH = '/\S*|"/[^"]*"' # filename (starting with '/') withou
RE_PROFILE_PATH = '(?P<%s>(' + RE_PATH + '))' # quoted or unquoted filename. %s is the match group name
RE_PROFILE_PATH_OR_VAR = '(?P<%s>(' + RE_PATH + '|@{\S+}\S*|"@{\S+}[^"]*"))' # quoted or unquoted filename or variable. %s is the match group name
RE_SAFE_OR_UNSAFE = '(?P<execmode>(safe|unsafe))'
+RE_XATTRS = '(\s+xattrs\s*=\s*\((?P<xattrs>([^)=]+(=[^)=]+)?\s?)+)\)\s*)?'
+RE_FLAGS = '(\s+(flags\s*=\s*)?\((?P<flags>[^)]+)\))?'
RE_PROFILE_END = re.compile('^\s*\}' + RE_EOL)
RE_PROFILE_CAP = re.compile(RE_AUDIT_DENY + 'capability(?P<capability>(\s+\S+)+)?' + RE_COMMA_EOL)
-RE_PROFILE_LINK = re.compile(RE_AUDIT_DENY + 'link\s+(((subset)|(<=))\s+)?([\"\@\/].*?"??)\s+->\s*([\"\@\/].*?"??)' + RE_COMMA_EOL)
-RE_PROFILE_ALIAS = re.compile('^\s*alias\s+("??.+?"??)\s+->\s*("??.+?"??)' + RE_COMMA_EOL)
+RE_PROFILE_ALIAS = re.compile('^\s*alias\s+(?P<orig_path>"??.+?"??)\s+->\s*(?P<target>"??.+?"??)' + RE_COMMA_EOL)
RE_PROFILE_RLIMIT = re.compile('^\s*set\s+rlimit\s+(?P<rlimit>[a-z]+)\s*<=\s*(?P<value>[^ ]+(\s+[a-zA-Z]+)?)' + RE_COMMA_EOL)
RE_PROFILE_BOOLEAN = re.compile('^\s*(\$\{?\w*\}?)\s*=\s*(true|false)\s*,?' + RE_EOL, flags=re.IGNORECASE)
-RE_PROFILE_VARIABLE = re.compile('^\s*(@\{?\w+\}?)\s*(\+?=)\s*(@*.+?)\s*,?' + RE_EOL)
+RE_PROFILE_VARIABLE = re.compile('^\s*(?P<varname>@\{?\w+\}?)\s*(?P<mode>\+?=)\s*(?P<values>@*.+?)' + RE_EOL)
RE_PROFILE_CONDITIONAL = re.compile('^\s*if\s+(not\s+)?(\$\{?\w*\}?)\s*\{' + RE_EOL)
RE_PROFILE_CONDITIONAL_VARIABLE = re.compile('^\s*if\s+(not\s+)?defined\s+(@\{?\w+\}?)\s*\{\s*(#.*)?$')
RE_PROFILE_CONDITIONAL_BOOLEAN = re.compile('^\s*if\s+(not\s+)?defined\s+(\$\{?\w+\}?)\s*\{\s*(#.*)?$')
RE_PROFILE_NETWORK = re.compile(RE_AUDIT_DENY + 'network(?P<details>\s+.*)?' + RE_COMMA_EOL)
RE_PROFILE_CHANGE_HAT = re.compile('^\s*\^(\"??.+?\"??)' + RE_COMMA_EOL)
-RE_PROFILE_HAT_DEF = re.compile('^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>\"??.+?\"??)\s+((flags=)?\((?P<flags>.+)\)\s+)*\{' + RE_EOL)
+RE_PROFILE_HAT_DEF = re.compile('^(?P<leadingspace>\s*)(?P<hat_keyword>\^|hat\s+)(?P<hat>\"??[^)]+?\"??)' + RE_FLAGS + '\s*\{' + RE_EOL)
RE_PROFILE_DBUS = re.compile(RE_AUDIT_DENY + '(dbus\s*,|dbus(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
RE_PROFILE_MOUNT = re.compile(RE_AUDIT_DENY + '((mount|remount|umount|unmount)(\s+[^#]*)?\s*,)' + RE_EOL)
RE_PROFILE_SIGNAL = re.compile(RE_AUDIT_DENY + '(signal\s*,|signal(?P<details>\s+[^#]*)\s*,)' + RE_EOL)
@@ -68,7 +69,9 @@ RE_PROFILE_START = re.compile(
'|' + # or
'(' + 'profile' + '\s+' + RE_PROFILE_NAME % 'namedprofile' + '(\s+' + RE_PROFILE_PATH_OR_VAR % 'attachment' + ')?' + ')' + # 'profile', profile name, optionally attachment
')' +
- '\s+((flags\s*=\s*)?\((?P<flags>.+)\)\s*)?\{' +
+ RE_XATTRS +
+ RE_FLAGS +
+ '\s*\{' +
RE_EOL)
@@ -98,6 +101,12 @@ RE_PROFILE_FILE_ENTRY = re.compile(
RE_PATH_PERMS % 'perms2' + '\s+' + RE_PROFILE_PATH_OR_VAR % 'path2' + # perms and path
')' +
'(\s+->\s*' + RE_PROFILE_NAME % 'target' + ')?' +
+ '|' + # or
+ '(?P<link_keyword>link\s+)' + # 'link' keyword
+ '(?P<subset_keyword>subset\s+)?' + # optional 'subset' keyword
+ RE_PROFILE_PATH_OR_VAR % 'link_path' + # path
+ '\s+' + '->' + '\s+' + # ' -> '
+ RE_PROFILE_PATH_OR_VAR % 'link_target' + # path
')' +
RE_COMMA_EOL)
@@ -110,7 +119,7 @@ def parse_profile_start_line(line, filename):
result = {}
- for section in [ 'leadingspace', 'plainprofile', 'namedprofile', 'attachment', 'flags', 'comment']:
+ for section in [ 'leadingspace', 'plainprofile', 'namedprofile', 'attachment', 'xattrs', 'flags', 'comment']:
if matches.group(section):
result[section] = matches.group(section)
@@ -132,40 +141,72 @@ def parse_profile_start_line(line, filename):
return result
-RE_ABI = re.compile('^\s*#?abi\s*(<(?P<magicpath>.*)>|"(?P<quotedpath>.*)"|(?P<unquotedpath>[^<>"]*))' + RE_COMMA_EOL)
+RE_MAGIC_OR_QUOTED_PATH = '(<(?P<magicpath>.*)>|"(?P<quotedpath>.*)"|(?P<unquotedpath>[^<>"]*))'
+RE_ABI = re.compile('^\s*#?abi\s*' + RE_MAGIC_OR_QUOTED_PATH + RE_COMMA_EOL)
+RE_INCLUDE = re.compile('^\s*#?include(?P<ifexists>\s+if\s+exists)?\s*' + RE_MAGIC_OR_QUOTED_PATH + RE_EOL)
-RE_INCLUDE = re.compile('^\s*#?include\s*(<(?P<magicpath>.*)>|"(?P<quotedpath>.*)"|(?P<unquotedpath>[^<>"]*))' + RE_EOL)
+def re_match_include_parse(line, rule_name):
+ '''Matches the path for include, include if exists and abi rules
-def re_match_include(line):
- """Matches the path for include and returns the include path"""
- matches = RE_INCLUDE.search(line)
+ rule_name can be 'include' or 'abi'
+
+ Returns a tuple with
+ - if the "if exists" condition is given
+ - the include/abi path
+ - if the path is a magic path (enclosed in <...>)
+ '''
+
+ if rule_name == 'include':
+ matches = RE_INCLUDE.search(line)
+ elif rule_name == 'abi':
+ matches = RE_ABI.search(line)
+ else:
+ raise AppArmorBug('re_match_include_parse() called with invalid rule name %s' % rule_name)
if not matches:
- return None
+ return None, None, None
path = None
+ ismagic = False
if matches.group('magicpath'):
path = matches.group('magicpath').strip()
+ ismagic = True
elif matches.group('unquotedpath'):
+ path = matches.group('unquotedpath').strip()
+ if re.search('\s', path):
+ raise AppArmorException(_('Syntax error: %s must use quoted path or <...>') % rule_name)
# LP: #1738879 - parser doesn't handle unquoted paths everywhere
- # path = matches.group('unquotedpath').strip()
- raise AppArmorException(_('Syntax error: #include must use quoted path or <...>'))
+ if rule_name == 'include':
+ raise AppArmorException(_('Syntax error: %s must use quoted path or <...>') % rule_name)
elif matches.group('quotedpath'):
path = matches.group('quotedpath')
# LP: 1738880 - parser doesn't handle relative paths everywhere, and
# neither do we (see aa.py)
- if len(path) > 0 and path[0] != '/':
- raise AppArmorException(_('Syntax error: #include must use quoted path or <...>'))
+ if rule_name == 'include' and len(path) > 0 and path[0] != '/':
+ raise AppArmorException(_('Syntax error: %s must use quoted path or <...>') % rule_name)
# if path is empty or the empty string
if path is None or path == "":
- raise AppArmorException(_('Syntax error: #include rule with empty filename'))
+ raise AppArmorException(_('Syntax error: %s rule with empty filename') % rule_name)
# LP: #1738877 - parser doesn't handle files with spaces in the name
- if re.search('\s', path):
- raise AppArmorException(_('Syntax error: #include rule filename cannot contain spaces'))
+ if rule_name == 'include' and re.search('\s', path):
+ raise AppArmorException(_('Syntax error: %s rule filename cannot contain spaces') % rule_name)
+
+ ifexists = False
+ if rule_name == 'include' and matches.group('ifexists'):
+ ifexists = True
+
+ return path, ifexists, ismagic
+
+def re_match_include(line):
+ ''' return path of a 'include' rule '''
+ (path, ifexists, ismagic) = re_match_include_parse(line, 'include')
+
+ if not ifexists:
+ return path
- return path
+ return None
def strip_parenthesis(data):
'''strips parenthesis from the given string and returns the strip()ped result.
diff --git a/utils/apparmor/rule/__init__.py b/utils/apparmor/rule/__init__.py
index 060a6b7800d665231de4e545a394fa2ad8dabf19..0484b2b03b43d45da9ef69e368e035caf2c9ece9 100644
--- a/utils/apparmor/rule/__init__.py
+++ b/utils/apparmor/rule/__init__.py
@@ -140,7 +140,7 @@ class BaseRule(object):
'''check if other_rule is covered by this rule object'''
if not type(other_rule) == type(self):
- raise AppArmorBug('Passes %s instead of %s' % (str(other_rule),self.__class__.__name__))
+ raise AppArmorBug('Passes %s instead of %s' % (str(other_rule), self.__class__.__name__))
if check_allow_deny and self.deny != other_rule.deny:
return False
@@ -192,15 +192,6 @@ class BaseRule(object):
# still here? -> then it is covered
return True
- def _is_covered_aare_compat(self, self_value, self_all, other_value, other_all, cond_name):
- '''check if other_* is covered by self_* - for AARE
- Note: this function checks against other_value.regex, which is not really correct, but avoids overly strict results when matching one regex against another
- '''
- if type(other_value) == AARE:
- other_value = other_value.regex
-
- return self._is_covered_aare(self_value, self_all, other_value, other_all, cond_name)
-
def _is_covered_aare(self, self_value, self_all, other_value, other_all, cond_name):
'''check if other_* is covered by self_* - for AARE'''
@@ -411,6 +402,20 @@ class BaseRuleset(object):
return cleandata
+ def get_clean_unsorted(self, depth=0):
+ '''return all rules (in clean/default formatting) in original order
+ Returns an array of lines, with depth * leading whitespace'''
+
+ all_rules = []
+
+ for rule in self.rules:
+ all_rules.append(rule.get_clean(depth))
+
+ if all_rules:
+ all_rules.append('')
+
+ return all_rules
+
def is_covered(self, rule, check_allow_deny=True, check_audit=False):
'''return True if rule is covered by existing rules, otherwise False'''
diff --git a/utils/apparmor/rule/abi.py b/utils/apparmor/rule/abi.py
new file mode 100644
index 0000000000000000000000000000000000000000..261d206682eb595afdfdf8b65eea4f4cb13f993d
--- /dev/null
+++ b/utils/apparmor/rule/abi.py
@@ -0,0 +1,64 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+from apparmor.regex import RE_ABI
+from apparmor.common import AppArmorBug
+from apparmor.rule.include import IncludeRule, IncludeRuleset
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+# abi and include rules have a very similar syntax
+# base AbiRule on IncludeRule to inherit most of its behaviour
+class AbiRule(IncludeRule):
+ '''Class to handle and store a single abi rule'''
+
+ rule_name = 'abi'
+
+ def __init__(self, path, ifexists, ismagic, audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super(AbiRule, self).__init__(path, ifexists, ismagic,
+ audit=audit, deny=deny, allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ # abi doesn't support 'if exists'
+ if ifexists:
+ raise AppArmorBug('Attempt to use %s rule with if exists flag' % self.__class__.__name__)
+
+ @classmethod
+ def _match(cls, raw_rule):
+ return RE_ABI.search(raw_rule)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ if self.ismagic:
+ return('%s%s <%s>,%s' % (space, self.rule_name, self.path, self.comment))
+ else:
+ return('%s%s "%s",%s' % (space, self.rule_name, self.path, self.comment))
+
+ def logprof_header_localvars(self):
+ return [
+ _('Abi'), self.get_clean(),
+ ]
+
+
+class AbiRuleset(IncludeRuleset):
+ '''Class to handle and store a collection of abi rules'''
+ pass
diff --git a/utils/apparmor/rule/alias.py b/utils/apparmor/rule/alias.py
new file mode 100644
index 0000000000000000000000000000000000000000..365002bd5a74afeec10abb8bc6fa346736927e27
--- /dev/null
+++ b/utils/apparmor/rule/alias.py
@@ -0,0 +1,116 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+from apparmor.regex import RE_PROFILE_ALIAS, strip_quotes
+from apparmor.common import AppArmorBug, AppArmorException, type_is_str
+from apparmor.rule import BaseRule, BaseRuleset, parse_comment, quote_if_needed
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class AliasRule(BaseRule):
+ '''Class to handle and store a single alias rule'''
+
+ rule_name = 'alias'
+
+ def __init__(self, orig_path, target, audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super(AliasRule, self).__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ # aliass don't support audit or deny
+ if audit:
+ raise AppArmorBug('Attempt to initialize %s with audit flag' % self.__class__.__name__)
+ if deny:
+ raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
+
+ if not type_is_str(orig_path):
+ raise AppArmorBug('Passed unknown type for orig_path to %s: %s' % (self.__class__.__name__, orig_path))
+ if not orig_path:
+ raise AppArmorException('Passed empty orig_path to %s: %s' % (self.__class__.__name__, orig_path))
+ if not orig_path.startswith('/'):
+ raise AppArmorException("Alias path doesn't start with '/'")
+
+ if not type_is_str(target):
+ raise AppArmorBug('Passed unknown type for target to %s: %s' % (self.__class__.__name__, target))
+ if not target:
+ raise AppArmorException('Passed empty target to %s: %s' % (self.__class__.__name__, target))
+ if not target.startswith('/'):
+ raise AppArmorException("Alias target doesn't start with '/'")
+
+ self.orig_path = orig_path
+ self.target = target
+
+ @classmethod
+ def _match(cls, raw_rule):
+ return RE_PROFILE_ALIAS.search(raw_rule)
+
+ @classmethod
+ def _parse(cls, raw_rule):
+ '''parse raw_rule and return AliasRule'''
+
+ matches = cls._match(raw_rule)
+ if not matches:
+ raise AppArmorException(_("Invalid alias rule '%s'") % raw_rule)
+
+ comment = parse_comment(matches)
+
+ orig_path = strip_quotes(matches.group('orig_path').strip())
+ target = strip_quotes(matches.group('target').strip())
+
+ return AliasRule(orig_path, target,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ return '%salias %s -> %s,' % (space, quote_if_needed(self.orig_path), quote_if_needed(self.target))
+
+ def is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ # the only way aliases can be covered are exact duplicates
+ return self.is_equal_localvars(other_rule, False)
+
+ def is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific aliass are equal'''
+
+ if not type(rule_obj) == AliasRule:
+ raise AppArmorBug('Passed non-alias rule: %s' % str(rule_obj))
+
+ if self.orig_path != rule_obj.orig_path:
+ return False
+
+ if self.target != rule_obj.target:
+ return False
+
+ return True
+
+ def logprof_header_localvars(self):
+ headers = []
+
+ return headers + [
+ _('Alias'), '%s -> %s' % (self.orig_path, self.target),
+ ]
+
+class AliasRuleset(BaseRuleset):
+ '''Class to handle and store a collection of alias rules'''
+ pass
diff --git a/utils/apparmor/rule/dbus.py b/utils/apparmor/rule/dbus.py
index 4ac4c1e9036998b2380f0bd8f75c86b1eb8dcf6c..2d5fe6d47b79c6f07a16756953cc3164fc76231d 100644
--- a/utils/apparmor/rule/dbus.py
+++ b/utils/apparmor/rule/dbus.py
@@ -98,9 +98,9 @@ class DbusRule(BaseRule):
# not all combinations are allowed
if self.access and 'bind' in self.access and (self.path or self.interface or self.member or self.peername or self.peerlabel):
- raise AppArmorException(_('dbus bind rules must not contain a path, interface, member or peer conditional'))
+ raise AppArmorException(_('dbus bind rules must not contain a path, interface, member or peer conditional'))
elif self.access and 'eavesdrop' in self.access and (self.name or self.path or self.interface or self.member or self.peername or self.peerlabel):
- raise AppArmorException(_('dbus eavesdrop rules must not contain a name, path, interface, member or peer conditional'))
+ raise AppArmorException(_('dbus eavesdrop rules must not contain a name, path, interface, member or peer conditional'))
elif self.access and self.name:
for msg in message_keywords:
if msg in self.access:
@@ -240,25 +240,25 @@ class DbusRule(BaseRule):
if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
return False
- if not self._is_covered_aare_compat(self.bus, self.all_buses, other_rule.bus, other_rule.all_buses, 'bus'):
+ if not self._is_covered_aare(self.bus, self.all_buses, other_rule.bus, other_rule.all_buses, 'bus'):
return False
- if not self._is_covered_aare_compat(self.path, self.all_paths, other_rule.path, other_rule.all_paths, 'path'):
+ if not self._is_covered_aare(self.path, self.all_paths, other_rule.path, other_rule.all_paths, 'path'):
return False
- if not self._is_covered_aare_compat(self.name, self.all_names, other_rule.name, other_rule.all_names, 'name'):
+ if not self._is_covered_aare(self.name, self.all_names, other_rule.name, other_rule.all_names, 'name'):
return False
- if not self._is_covered_aare_compat(self.interface, self.all_interfaces, other_rule.interface, other_rule.all_interfaces, 'interface'):
+ if not self._is_covered_aare(self.interface, self.all_interfaces, other_rule.interface, other_rule.all_interfaces, 'interface'):
return False
- if not self._is_covered_aare_compat(self.member, self.all_members, other_rule.member, other_rule.all_members, 'member'):
+ if not self._is_covered_aare(self.member, self.all_members, other_rule.member, other_rule.all_members, 'member'):
return False
- if not self._is_covered_aare_compat(self.peername, self.all_peernames, other_rule.peername, other_rule.all_peernames, 'peername'):
+ if not self._is_covered_aare(self.peername, self.all_peernames, other_rule.peername, other_rule.all_peernames, 'peername'):
return False
- if not self._is_covered_aare_compat(self.peerlabel, self.all_peerlabels, other_rule.peerlabel, other_rule.all_peerlabels, 'peerlabel'):
+ if not self._is_covered_aare(self.peerlabel, self.all_peerlabels, other_rule.peerlabel, other_rule.all_peerlabels, 'peerlabel'):
return False
# still here? -> then it is covered
diff --git a/utils/apparmor/rule/file.py b/utils/apparmor/rule/file.py
index baf502a4ed7e8c488ae49af51704890a544231ea..3867bd08e353ae204f55677f6db04fe635e41a05 100644
--- a/utils/apparmor/rule/file.py
+++ b/utils/apparmor/rule/file.py
@@ -25,7 +25,7 @@ _ = init_translation()
allow_exec_transitions = ('ix', 'ux', 'Ux', 'px', 'Px', 'cx', 'Cx') # 2 chars - len relevant for split_perms()
allow_exec_fallback_transitions = ('pix', 'Pix', 'cix', 'Cix', 'pux', 'PUx', 'cux', 'CUx') # 3 chars - len relevant for split_perms()
deny_exec_transitions = ('x')
-file_permissions = ('m', 'r', 'w', 'a', 'l', 'k') # also defines the write order
+file_permissions = ('m', 'r', 'w', 'a', 'l', 'k', 'link', 'subset') # also defines the write order
@@ -76,16 +76,24 @@ class FileRule(BaseRule):
elif perms == None:
perms = set()
- self.perms, self.all_perms, unknown_items = check_and_split_list(perms, file_permissions, FileRule.ALL, 'FileRule', 'permissions', allow_empty_list=True)
- if unknown_items:
- raise AppArmorBug('Passed unknown perms to FileRule: %s' % str(unknown_items))
- if self.perms and 'a' in self.perms and 'w' in self.perms:
- raise AppArmorException("Conflicting permissions found: 'a' and 'w'")
+ if perms == {'subset'}:
+ raise AppArmorBug('subset without link permissions given')
+ elif perms in [{'link'}, {'link', 'subset'}]:
+ self.perms = perms
+ self.all_perms = False
+ else:
+ self.perms, self.all_perms, unknown_items = check_and_split_list(perms, file_permissions, FileRule.ALL, 'FileRule', 'permissions', allow_empty_list=True)
+ if unknown_items:
+ raise AppArmorBug('Passed unknown perms to FileRule: %s' % str(unknown_items))
+ if self.perms and 'a' in self.perms and 'w' in self.perms:
+ raise AppArmorException("Conflicting permissions found: 'a' and 'w'")
self.original_perms = None # might be set by aa-logprof / aa.py propose_file_rules()
if exec_perms is None:
self.exec_perms = None
+ elif 'link' in self.perms:
+ raise AppArmorBug("link rules can't have execute permissions")
elif exec_perms == self.ANY_EXEC:
self.exec_perms = exec_perms
elif type_is_str(exec_perms):
@@ -146,6 +154,9 @@ class FileRule(BaseRule):
elif matches.group('path2'):
path = strip_quotes(matches.group('path2'))
leading_perms = True
+ elif matches.group('link_path'):
+ path = strip_quotes(matches.group('link_path'))
+ leading_perms = True
else:
path = FileRule.ALL
@@ -156,12 +167,21 @@ class FileRule(BaseRule):
perms = matches.group('perms2')
perms, exec_perms = split_perms(perms, deny)
leading_perms = True
+ elif matches.group('link_keyword'):
+ if matches.group('subset_keyword'):
+ perms = {'link', 'subset'}
+ else:
+ perms = {'link'}
+ exec_perms = None
+ leading_perms = True
else:
perms = FileRule.ALL
exec_perms = None
if matches.group('target'):
target = strip_quotes(matches.group('target'))
+ elif matches.group('link_target'):
+ target = strip_quotes(matches.group('link_target'))
else:
target = FileRule.ALL
@@ -227,6 +247,8 @@ class FileRule(BaseRule):
perm_string = ''
for perm in file_permissions:
if perm in perms:
+ if perm == 'subset':
+ perm = ' subset' # add leading space
perm_string = perm_string + perm
if exec_perms == self.ANY_EXEC:
@@ -242,11 +264,17 @@ class FileRule(BaseRule):
if not self._is_covered_aare(self.path, self.all_paths, other_rule.path, other_rule.all_paths, 'path'):
return False
- # perms can be empty if only exec_perms are specified, therefore disable the sanity check in _is_covered_list()...
- # 'w' covers 'a', therefore use perms_with_a() to temporarily add 'a' if 'w' is present
- if not self._is_covered_list(perms_with_a(self.perms), self.all_perms, perms_with_a(other_rule.perms), other_rule.all_perms, 'perms', sanity_check=False):
+ if self.perms and 'subset' in self.perms and other_rule.perms and 'subset' not in other_rule.perms:
+ return False # subset is a restriction (also, if subset is included, this means this instance is a link rule, so other file permissions can't be covered)
+ elif self.perms and 'link' in self.perms and other_rule.perms and 'link' in other_rule.perms:
+ pass # skip _is_covered_list() because it would interpret 'subset' as additional permissions, not as restriction
+ elif not self._is_covered_list(perms_with_a(self.perms), self.all_perms, perms_with_a(other_rule.perms), other_rule.all_perms, 'perms', sanity_check=False):
+ # perms can be empty if only exec_perms are specified, therefore disable the sanity check in _is_covered_list()...
+ # 'w' covers 'a', therefore use perms_with_a() to temporarily add 'a' if 'w' is present
return False
+ # TODO: check link / link subset vs. 'l'?
+
# ... and do our own sanity check
if not other_rule.perms and not other_rule.all_perms and not other_rule.exec_perms:
raise AppArmorBug('No permission or exec permission specified in other file rule')
@@ -262,7 +290,9 @@ class FileRule(BaseRule):
# check exec_mode and target only if other_rule contains exec_perms (except ANY_EXEC) or link permissions
# (for mrwk permissions, the target is ignored anyway)
- if (other_rule.exec_perms and other_rule.exec_perms != self.ANY_EXEC) or (other_rule.perms and 'l' in other_rule.perms):
+ if (other_rule.exec_perms and other_rule.exec_perms != self.ANY_EXEC) or \
+ (other_rule.perms and 'l' in other_rule.perms) or \
+ (other_rule.perms and 'link' in other_rule.perms):
if not self._is_covered_aare(self.target, self.all_targets, other_rule.target, other_rule.all_targets, 'target'):
return False
@@ -318,6 +348,7 @@ class FileRule(BaseRule):
severity = sev_db.rank_path('/**', 'mrwlkix')
else:
severity = -1
+ # TODO: special handling for link / link subset?
sev = sev_db.rank_path(self.path.regex, self._joint_perms())
if isinstance(sev, int): # type check avoids breakage caused by 'unknown'
severity = max(severity, sev)
@@ -362,13 +393,15 @@ class FileRule(BaseRule):
headers += [_('New Mode'), perms]
+ # TODO: different output for link rules?
+
# file_keyword and leading_perms are not really relevant
return headers
def glob(self):
'''Change path to next possible glob'''
if self.all_paths:
- return
+ return
self.path = self.path.glob_path()
self.raw_rule = None
@@ -376,7 +409,7 @@ class FileRule(BaseRule):
def glob_ext(self):
'''Change path to next possible glob with extension'''
if self.all_paths:
- return
+ return
self.path = self.path.glob_path_withext()
self.raw_rule = None
diff --git a/utils/apparmor/rule/include.py b/utils/apparmor/rule/include.py
new file mode 100644
index 0000000000000000000000000000000000000000..f2cb76e0c5566a451b458d1ec50c199a8a4bf351
--- /dev/null
+++ b/utils/apparmor/rule/include.py
@@ -0,0 +1,166 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+from apparmor.regex import RE_INCLUDE, re_match_include_parse
+from apparmor.common import AppArmorBug, AppArmorException, is_skippable_file, type_is_str
+from apparmor.rule import BaseRule, BaseRuleset, parse_comment
+import os
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class IncludeRule(BaseRule):
+ '''Class to handle and store a single include rule'''
+
+ rule_name = 'include'
+
+ def __init__(self, path, ifexists, ismagic, audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super(IncludeRule, self).__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ # include doesn't support audit or deny
+ if audit:
+ raise AppArmorBug('Attempt to initialize %s with audit flag' % self.__class__.__name__)
+ if deny:
+ raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
+
+ if type(ifexists) is not bool:
+ raise AppArmorBug('Passed unknown type for ifexists to %s: %s' % (self.__class__.__name__, ifexists))
+ if type(ismagic) is not bool:
+ raise AppArmorBug('Passed unknown type for ismagic to %s: %s' % (self.__class__.__name__, ismagic))
+ if not type_is_str(path):
+ raise AppArmorBug('Passed unknown type for path to %s: %s' % (self.__class__.__name__, path))
+ if not path:
+ raise AppArmorBug('Passed empty path to %s: %s' % (self.__class__.__name__, path))
+
+ self.path = path
+ self.ifexists = ifexists
+ self.ismagic = ismagic
+
+ @classmethod
+ def _match(cls, raw_rule):
+ return RE_INCLUDE.search(raw_rule)
+
+ @classmethod
+ def _parse(cls, raw_rule):
+ '''parse raw_rule and return IncludeRule'''
+
+ matches = cls._match(raw_rule)
+ if not matches:
+ raise AppArmorException(_("Invalid %s rule '%s'") % (cls.rule_name, raw_rule))
+
+ comment = parse_comment(matches)
+
+ # TODO: move re_match_include_parse() from regex.py to this class after converting all code to use IncludeRule
+ path, ifexists, ismagic = re_match_include_parse(raw_rule, cls.rule_name)
+
+ return cls(path, ifexists, ismagic,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ ifexists_txt = ''
+ if self.ifexists:
+ ifexists_txt = ' if exists'
+
+ if self.ismagic:
+ return('%s%s%s <%s>%s' % (space, self.rule_name, ifexists_txt, self.path, self.comment))
+ else:
+ return('%s%s%s "%s"%s' % (space, self.rule_name, ifexists_txt, self.path, self.comment))
+
+ def is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ if (self.path != other_rule.path):
+ return False
+
+ if (self.ifexists != other_rule.ifexists) and (self.ifexists == True): # "if exists" is allowed to differ
+ return False
+
+ if (self.ismagic != other_rule.ismagic):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific variables are equal'''
+
+ if not type(rule_obj) == type(self):
+ raise AppArmorBug('Passed non-%s rule: %s' % (self.rule_name, str(rule_obj)))
+
+ if (self.path != rule_obj.path):
+ return False
+
+ if (self.ifexists != rule_obj.ifexists):
+ return False
+
+ if (self.ismagic != rule_obj.ismagic):
+ return False
+
+ return True
+
+ def logprof_header_localvars(self):
+ return [
+ _('Include'), self.get_clean(),
+ ]
+
+ def get_full_paths(self, profile_dir):
+ ''' get list of full paths of an include (can contain multiple paths if self.path is a directory) '''
+
+ # TODO: improve/fix logic to honor magic vs. quoted include paths
+ if self.path.startswith('/'):
+ full_path = self.path
+ else:
+ full_path = os.path.join(profile_dir, self.path)
+
+ files = []
+
+ if os.path.isdir(full_path):
+ for path in sorted(os.listdir(full_path)):
+ if is_skippable_file(path):
+ continue
+
+ file_name = os.path.join(full_path, path)
+ if os.path.isfile(file_name): # only add files, but not subdirectories etc.
+ files.append(file_name)
+
+ elif os.path.exists(full_path):
+ files.append(full_path)
+
+ elif self.ifexists == False:
+ files.append(full_path) # add full_path even if it doesn't exist on disk. Might cause a 'file not found' error later.
+
+ return files
+
+class IncludeRuleset(BaseRuleset):
+ '''Class to handle and store a collection of include rules'''
+
+ def get_all_full_paths(self, profile_dir):
+ ''' get full path of all includes '''
+
+ paths = []
+ for rule_obj in self.rules:
+ paths += rule_obj.get_full_paths(profile_dir)
+
+ return paths
diff --git a/utils/apparmor/rule/network.py b/utils/apparmor/rule/network.py
index 1acec80058644b3cc5cc8db115a73ad7ecad1626..c2efc6b31432111dc7d757192894b8214250360a 100644
--- a/utils/apparmor/rule/network.py
+++ b/utils/apparmor/rule/network.py
@@ -27,7 +27,7 @@ _ = init_translation()
network_domain_keywords = [ 'unspec', 'unix', 'inet', 'ax25', 'ipx', 'appletalk', 'netrom', 'bridge', 'atmpvc', 'x25', 'inet6',
'rose', 'netbeui', 'security', 'key', 'netlink', 'packet', 'ash', 'econet', 'atmsvc', 'rds', 'sna',
'irda', 'pppox', 'wanpipe', 'llc', 'ib', 'mpls', 'can', 'tipc', 'bluetooth', 'iucv', 'rxrpc', 'isdn',
- 'phonet', 'ieee802154', 'caif', 'alg', 'nfc', 'vsock', 'kcm', 'qipcrtr', 'smc', 'xdp' ]
+ 'phonet', 'ieee802154', 'caif', 'alg', 'nfc', 'vsock', 'kcm', 'qipcrtr', 'smc', 'xdp', 'mctp' ]
network_type_keywords = ['stream', 'dgram', 'seqpacket', 'rdm', 'raw', 'packet']
network_protocol_keywords = ['tcp', 'udp', 'icmp']
diff --git a/utils/apparmor/rule/ptrace.py b/utils/apparmor/rule/ptrace.py
index a82d06a48e7d60ab6ba2b0de54858825ad155ffd..db230c5c3d3e206d3d5345754d5c6c88b1207a2d 100644
--- a/utils/apparmor/rule/ptrace.py
+++ b/utils/apparmor/rule/ptrace.py
@@ -138,7 +138,7 @@ class PtraceRule(BaseRule):
if not self._is_covered_list(self.access, self.all_access, other_rule.access, other_rule.all_access, 'access'):
return False
- if not self._is_covered_aare_compat(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
+ if not self._is_covered_aare(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
return False
# still here? -> then it is covered
diff --git a/utils/apparmor/rule/signal.py b/utils/apparmor/rule/signal.py
index e37fec8d786f70bf49653bf631a9a58c5d2cb446..af83f920db2b8b3a9a5c465f09238e35fa61729b 100644
--- a/utils/apparmor/rule/signal.py
+++ b/utils/apparmor/rule/signal.py
@@ -188,7 +188,7 @@ class SignalRule(BaseRule):
if not self._is_covered_list(self.signal, self.all_signals, other_rule.signal, other_rule.all_signals, 'signal'):
return False
- if not self._is_covered_aare_compat(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
+ if not self._is_covered_aare(self.peer, self.all_peers, other_rule.peer, other_rule.all_peers, 'peer'):
return False
# still here? -> then it is covered
diff --git a/utils/apparmor/rule/variable.py b/utils/apparmor/rule/variable.py
new file mode 100644
index 0000000000000000000000000000000000000000..a785e149ff0b06b498f062437ef33ae295d3e861
--- /dev/null
+++ b/utils/apparmor/rule/variable.py
@@ -0,0 +1,194 @@
+# ----------------------------------------------------------------------
+# Copyright (C) 2013 Kshitij Gupta <kgupta8592@gmail.com>
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+from apparmor.regex import RE_PROFILE_VARIABLE, strip_quotes
+from apparmor.common import AppArmorBug, AppArmorException, type_is_str
+from apparmor.rule import BaseRule, BaseRuleset, parse_comment, quote_if_needed
+
+import re
+
+# setup module translations
+from apparmor.translations import init_translation
+_ = init_translation()
+
+
+class VariableRule(BaseRule):
+ '''Class to handle and store a single variable rule'''
+
+ rule_name = 'variable'
+
+ def __init__(self, varname, mode, values, audit=False, deny=False, allow_keyword=False,
+ comment='', log_event=None):
+
+ super(VariableRule, self).__init__(audit=audit, deny=deny,
+ allow_keyword=allow_keyword,
+ comment=comment,
+ log_event=log_event)
+
+ # variables don't support audit or deny
+ if audit:
+ raise AppArmorBug('Attempt to initialize %s with audit flag' % self.__class__.__name__)
+ if deny:
+ raise AppArmorBug('Attempt to initialize %s with deny flag' % self.__class__.__name__)
+
+ if not type_is_str(varname):
+ raise AppArmorBug('Passed unknown type for varname to %s: %s' % (self.__class__.__name__, varname))
+ if not varname.startswith('@{'):
+ raise AppArmorException("Passed invalid varname to %s (doesn't start with '@{'): %s" % (self.__class__.__name__, varname))
+ if not varname.endswith('}'):
+ raise AppArmorException("Passed invalid varname to %s (doesn't end with '}'): %s" % (self.__class__.__name__, varname))
+
+ if not type_is_str(mode):
+ raise AppArmorBug('Passed unknown type for variable assignment mode to %s: %s' % (self.__class__.__name__, mode))
+ if mode not in ['=', '+=']:
+ raise AppArmorBug('Passed unknown variable assignment mode to %s: %s' % (self.__class__.__name__, mode))
+
+ if type(values) is not set:
+ raise AppArmorBug('Passed unknown type for values to %s: %s' % (self.__class__.__name__, values))
+ if not values:
+ raise AppArmorException('Passed empty list of values to %s: %s' % (self.__class__.__name__, values))
+
+ self.varname = varname
+ self.mode = mode
+ self.values = values
+
+ @classmethod
+ def _match(cls, raw_rule):
+ return RE_PROFILE_VARIABLE.search(raw_rule)
+
+ @classmethod
+ def _parse(cls, raw_rule):
+ '''parse raw_rule and return VariableRule'''
+
+ matches = cls._match(raw_rule)
+ if not matches:
+ raise AppArmorException(_("Invalid variable rule '%s'") % raw_rule)
+
+ comment = parse_comment(matches)
+
+ varname = matches.group('varname')
+ mode = matches.group('mode')
+ values = separate_vars(matches.group('values'))
+
+ return VariableRule(varname, mode, values,
+ audit=False, deny=False, allow_keyword=False, comment=comment)
+
+ def get_clean(self, depth=0):
+ '''return rule (in clean/default formatting)'''
+
+ space = ' ' * depth
+
+ data = []
+ for value in sorted(self.values):
+ if not value:
+ value = '""'
+ data.append(quote_if_needed(value))
+
+ return '%s%s %s %s' % (space, self.varname, self.mode, ' '.join(data))
+
+ def is_covered_localvars(self, other_rule):
+ '''check if other_rule is covered by this rule object'''
+
+ if self.varname != other_rule.varname:
+ return False
+
+ if self.mode != other_rule.mode:
+ return False
+
+ if not self._is_covered_list(self.values, None, set(other_rule.values), None, 'values'):
+ return False
+
+ # still here? -> then it is covered
+ return True
+
+ def is_equal_localvars(self, rule_obj, strict):
+ '''compare if rule-specific variables are equal'''
+
+ if not type(rule_obj) == VariableRule:
+ raise AppArmorBug('Passed non-variable rule: %s' % str(rule_obj))
+
+ if self.varname != rule_obj.varname:
+ return False
+
+ if self.mode != rule_obj.mode:
+ return False
+
+ if self.values != rule_obj.values:
+ return False
+
+ return True
+
+ def logprof_header_localvars(self):
+ headers = []
+
+ return headers + [
+ _('Variable'), self.get_clean(),
+ ]
+
+class VariableRuleset(BaseRuleset):
+ '''Class to handle and store a collection of variable rules'''
+
+ def add(self, rule, cleanup=False):
+ ''' Add variable rule object
+
+ If the variable name is already known, raise an exception because re-defining a variable isn't allowed.
+ '''
+
+ if rule.mode == '=':
+ for knownrule in self.rules:
+ if rule.varname == knownrule.varname:
+ raise AppArmorException(_('Redefining existing variable %(variable)s: %(value)s') % { 'variable': rule.varname, 'value': rule.values })
+
+ super(VariableRuleset, self).add(rule, cleanup)
+
+ def get_merged_variables(self):
+ ''' Get merged variables of this VariableRuleset.
+
+ Note that no error checking is done because variables can be defined in one file and extended in another.
+ '''
+
+ var_set = {}
+ var_add = {}
+
+ for rule in self.rules:
+ if rule.mode == '=':
+ var_set[rule.varname] = rule.values # blindly set, add() prevents redefinition of variables
+ else:
+ if not var_add.get(rule.varname):
+ var_add[rule.varname] = rule.values
+ else:
+ var_add[rule.varname] |= rule.values
+
+ return {'=': var_set, '+=': var_add}
+
+def separate_vars(vs):
+ """Returns a list of all the values for a variable"""
+ data = set()
+ vs = vs.strip()
+
+ RE_VARS = re.compile('^(("[^"]*")|([^"\s]+))\s*(.*)$')
+ while RE_VARS.search(vs):
+ matches = RE_VARS.search(vs).groups()
+
+ if matches[0].endswith(','):
+ raise AppArmorException(_('Variable declarations do not accept trailing commas'))
+
+ data.add(strip_quotes(matches[0]))
+ vs = matches[3].strip()
+
+ if vs:
+ raise AppArmorException('Variable assignments contains invalid parts (unbalanced quotes?): %s' % vs)
+
+ return data
diff --git a/utils/apparmor/sandbox.py b/utils/apparmor/sandbox.py
index 17e413ea8a071a788f4e790afd69b2c608e9ee67..76acebb7145e713c38176e3dbf1115dd3a5237f4 100644
--- a/utils/apparmor/sandbox.py
+++ b/utils/apparmor/sandbox.py
@@ -81,8 +81,8 @@ def parse_args(args=None, parser=None):
valid_xservers = ['xpra', 'xpra3d', 'xephyr']
if my_opt.withx and my_opt.xserver.lower() not in valid_xservers:
- error("Invalid server '%s'. Use one of: %s" % (my_opt.xserver, \
- ", ".join(valid_xservers)))
+ error("Invalid server '%s'. Use one of: %s" % (my_opt.xserver, \
+ ", ".join(valid_xservers)))
if my_opt.withx:
if my_opt.xephyr_geometry and my_opt.xserver.lower() != "xephyr":
diff --git a/utils/apparmor/severity.py b/utils/apparmor/severity.py
index 890a9e5dfd734603b3fb16d32661d2385770f474..eed43116ecb5ab35fef12ebef9b45ef5cf03ebb3 100644
--- a/utils/apparmor/severity.py
+++ b/utils/apparmor/severity.py
@@ -12,10 +12,8 @@
#
# ----------------------------------------------------------------------
from __future__ import with_statement
-import os
import re
from apparmor.common import AppArmorException, open_file_read, warn, convert_regexp # , msg, error, debug
-from apparmor.regex import re_match_include
class Severity(object):
def __init__(self, dbname=None, default_rank=10):
@@ -170,43 +168,12 @@ class Severity(object):
leading = True
if resource.find(variable + "/") != -1 and resource.find(variable + "//") == -1:
trailing = True
- if replacement[0] == '/' and replacement[:2] != '//' and leading: # finds if the replacement has leading / or not
+ if replacement.startswith('/') and not replacement.startswith('//') and leading: # finds if the replacement has leading / or not
replacement = replacement[1:]
- if replacement[-1] == '/' and replacement[-2:] != '//' and trailing:
+ if replacement.endswith('/') and not replacement.endswith('//') and trailing:
replacement = replacement[:-1]
return resource.replace(variable, replacement)
- def load_variables(self, prof_path):
- """Loads the variables for the given profile"""
- if os.path.isfile(prof_path):
- with open_file_read(prof_path) as f_in:
- for line in f_in:
- line = line.strip()
- # If any includes, load variables from them first
- match = re_match_include(line)
- if match:
- new_path = match
- if not new_path.startswith('/'):
- new_path = self.PROF_DIR + '/' + match
- self.load_variables(new_path)
- else:
- # Remove any comments
- if '#' in line:
- line = line.split('#')[0].rstrip()
- # Expected format is @{Variable} = value1 value2 ..
- if line.startswith('@') and '=' in line:
- if '+=' in line:
- line = line.split('+=')
- try:
- self.severity['VARIABLES'][line[0]] += [i.strip('"') for i in line[1].split()]
- except KeyError:
- raise AppArmorException("Variable %s was not previously declared, but is being assigned additional value in file: %s" % (line[0], prof_path))
- else:
- line = line.split('=')
- if line[0] in self.severity['VARIABLES'].keys():
- raise AppArmorException("Variable %s was previously declared in file: %s" % (line[0], prof_path))
- self.severity['VARIABLES'][line[0]] = [i.strip('"') for i in line[1].split()]
-
- def unload_variables(self):
- """Clears all loaded variables"""
- self.severity['VARIABLES'] = dict()
+ def set_variables(self, vars):
+ ''' Set the profile variables to use for rating the severity '''
+ self.severity['VARIABLES'] = vars
diff --git a/utils/apparmor/tools.py b/utils/apparmor/tools.py
index 0887ceb65647c451a3a6a6e69e7cdf41eca36af3..639df807c63ddf1d27cb3ebc85f9285a5214589d 100644
--- a/utils/apparmor/tools.py
+++ b/utils/apparmor/tools.py
@@ -219,7 +219,7 @@ class aa_tools:
apparmor.write_profile_ui_feedback(program, True)
self.reload_profile(filename)
elif ans == 'CMD_VIEW_CHANGES':
- #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, '')
+ #oldprofile = apparmor.serialize_profile(apparmor.original_aa[program], program, {})
newprofile = apparmor.serialize_profile(apparmor.aa[program], program, {'is_attachment': True})
aaui.UI_Changes(filename, newprofile, comments=True)
else:
diff --git a/utils/apparmor/ui.py b/utils/apparmor/ui.py
index 58ff8cedcf554b7249dccc0c080274d9ebbffee1..a3a9112368230833e523ed9c1a3f208bf81fd6ef 100644
--- a/utils/apparmor/ui.py
+++ b/utils/apparmor/ui.py
@@ -32,22 +32,41 @@ _ = init_translation()
debug_logger = DebugLogger('UI')
# If Python3, wrap input in raw_input so make check passes
-if not 'raw_input' in dir(__builtins__): raw_input = input
+if 'raw_input' not in dir(__builtins__):
+ raw_input = input
ARROWS = {'A': 'UP', 'B': 'DOWN', 'C': 'RIGHT', 'D': 'LEFT'}
UI_mode = 'text'
+
def write_json(jsonout):
- print(json.dumps(jsonout, sort_keys=False, separators=(',', ': ')))
- sys.stdout.flush()
+ print(json.dumps(jsonout, sort_keys=False, separators=(',', ': ')))
+ sys.stdout.flush()
+
def set_json_mode():
+ """
+ Currently this is only used by aa-genprof and aa-logprof, while e.g.
+ aa-status generates its own JSON output.
+
+ Remember to bump the JSON API version number if the output commands
+ in this file are modified.
+
+ Current known consumers of the JSON output:
+ - YaST
+ """
global UI_mode
UI_mode = 'json'
jsonout = {'dialog': 'apparmor-json-version', 'data': '2.12'}
write_json(jsonout)
+
+def set_text_mode():
+ """Output plaintext"""
+ global UI_mode
+ UI_mode = 'text'
+
# reads the response on command line for json and verifies the response
# for the dialog type
def json_response(dialog_type):
@@ -57,6 +76,7 @@ def json_response(dialog_type):
raise AppArmorException('Expected response %s got %s.' % (dialog_type, string))
return rh
+
def getkey():
key = readkey()
if key == '\x1B':
@@ -67,7 +87,9 @@ def getkey():
key = ARROWS[key]
return key.strip()
+
def UI_Info(text):
+ """Facility to output normal text"""
debug_logger.info(text)
if UI_mode == 'json':
jsonout = {'dialog': 'info', 'data': text}
@@ -75,7 +97,9 @@ def UI_Info(text):
else: # text mode
sys.stdout.write(text + '\n')
+
def UI_Important(text):
+ """Facility to output important text"""
debug_logger.debug(text)
if UI_mode == 'json':
jsonout = {'dialog': 'important', 'data': text}
@@ -83,6 +107,7 @@ def UI_Important(text):
else: # text mode
sys.stdout.write('\n' + text + '\n')
+
def get_translated_hotkey(translated, cmsg=''):
msg = 'PromptUser: ' + _('Invalid hotkey for')
@@ -95,6 +120,7 @@ def get_translated_hotkey(translated, cmsg=''):
else:
raise AppArmorException('%s %s' % (msg, translated))
+
def UI_YesNo(text, default):
debug_logger.debug('UI_YesNo: %s: %s %s' % (UI_mode, text, default))
default = default.lower()
@@ -134,6 +160,7 @@ def UI_YesNo(text, default):
ans = default
return ans
+
def UI_YesNoCancel(text, default):
debug_logger.debug('UI_YesNoCancel: %s: %s %s' % (UI_mode, text, default))
default = default.lower()
@@ -184,6 +211,7 @@ def UI_YesNoCancel(text, default):
ans = default
return ans
+
def UI_GetString(text, default):
debug_logger.debug('UI_GetString: %s: %s %s' % (UI_mode, text, default))
string = default
@@ -201,6 +229,7 @@ def UI_GetString(text, default):
readline.set_startup_hook()
return string.strip()
+
def UI_GetFile(file):
debug_logger.debug('UI_GetFile: %s' % UI_mode)
filename = None
@@ -213,24 +242,29 @@ def UI_GetFile(file):
filename = sys.stdin.read()
return filename
+
def UI_BusyStart(message):
debug_logger.debug('UI_BusyStart: %s' % UI_mode)
UI_Info(message)
+
def UI_BusyStop():
debug_logger.debug('UI_BusyStop: %s' % UI_mode)
+
def diff(oldprofile, newprofile):
difftemp = tempfile.NamedTemporaryFile('w')
subprocess.call('diff -u -p %s %s > %s' % (oldprofile, newprofile, difftemp.name), shell=True)
return difftemp
+
def write_profile_to_tempfile(profile):
temp = tempfile.NamedTemporaryFile('w')
temp.write(profile)
temp.flush()
return temp
+
def generate_diff(oldprofile, newprofile):
oldtemp = write_profile_to_tempfile(oldprofile)
newtemp = write_profile_to_tempfile(newprofile)
@@ -239,6 +273,7 @@ def generate_diff(oldprofile, newprofile):
newtemp.close()
return difftemp
+
def generate_diff_with_comments(oldprofile, newprofile):
if not os.path.exists(oldprofile):
raise AppArmorException(_("Can't find existing profile %s to compare changes.") % oldprofile)
@@ -247,13 +282,14 @@ def generate_diff_with_comments(oldprofile, newprofile):
newtemp.close()
return difftemp
+
def UI_Changes(oldprofile, newprofile, comments=False):
- if comments == False:
- difftemp = generate_diff(oldprofile, newprofile)
- header = 'View Changes'
+ if not comments:
+ difftemp = generate_diff(oldprofile, newprofile)
+ header = 'View Changes'
else:
- difftemp = generate_diff_with_comments(oldprofile, newprofile)
- header = 'View Changes with comments'
+ difftemp = generate_diff_with_comments(oldprofile, newprofile)
+ header = 'View Changes with comments'
UI_ShowFile(header, difftemp.name)
difftemp.close()
@@ -265,6 +301,7 @@ def UI_ShowFile(header, filename):
else:
subprocess.call(['less', filename])
+
CMDS = {'CMD_ALLOW': _('(A)llow'),
'CMD_OTHER': _('(M)ore'),
'CMD_AUDIT_NEW': _('Audi(t)'),
@@ -309,14 +346,11 @@ CMDS = {'CMD_ALLOW': _('(A)llow'),
'CMD_IGNORE_UPDATE': _('(I)gnore Update'),
'CMD_SAVE_CHANGES': _('(S)ave Changes'),
'CMD_SAVE_SELECTED': _('Save Selec(t)ed Profile'),
- 'CMD_UPLOAD_CHANGES': _('(U)pload Changes'),
'CMD_VIEW_CHANGES': _('(V)iew Changes'),
'CMD_VIEW_CHANGES_CLEAN': _('View Changes b/w (C)lean profiles'),
'CMD_VIEW': _('(V)iew'),
'CMD_ENABLE_REPO': _('(E)nable Repository'),
'CMD_DISABLE_REPO': _('(D)isable Repository'),
- 'CMD_ASK_NEVER': _('(N)ever Ask Again'),
- 'CMD_ASK_LATER': _('Ask Me (L)ater'),
'CMD_YES': _('(Y)es'),
'CMD_NO': _('(N)o'),
'CMD_CANCEL': _('(C)ancel'),
@@ -327,6 +361,7 @@ CMDS = {'CMD_ALLOW': _('(A)llow'),
'CMD_IGNORE_ENTRY': _('(I)gnore')
}
+
class PromptQuestion(object):
title = None
headers = None
@@ -497,12 +532,14 @@ class PromptQuestion(object):
return ans, selected
+
def confirm_and_abort():
ans = UI_YesNo(_('Are you sure you want to abandon this set of profile changes and exit?'), 'n')
if ans == 'y':
UI_Info(_('Abandoning all changes.'))
sys.exit(0)
+
def is_number(number):
try:
return int(number)
diff --git a/utils/logprof.conf b/utils/logprof.conf
index 75859f6d862b2290314d871dd58e8474429bd0b2..88e2209b1c5d7157800f241b97c10e7e84e0d76a 100644
--- a/utils/logprof.conf
+++ b/utils/logprof.conf
@@ -36,11 +36,6 @@
custom_includes =
-[repository]
- distro = ubuntu-intrepid
- url = http://apparmor.test.opensuse.org/backend/api
- preferred_user = ubuntu
-
[qualifiers]
# things will be painfully broken if bash has a profile
/bin/bash = icnu
@@ -117,6 +112,18 @@
/usr/bin/python3.5 = icn
/usr/bin/python3.6 = icn
/usr/bin/python3.7 = icn
+ /usr/bin/python3.8 = icn
+ /usr/bin/python3.9 = icn
+ /usr/bin/python3.10 = icn
+ /usr/bin/python3.11 = icn
+ /usr/bin/python3.12 = icn
+ /usr/bin/python3.13 = icn
+ /usr/bin/python3.14 = icn
+ /usr/bin/python3.15 = icn
+ /usr/bin/python3.16 = icn
+ /usr/bin/python3.17 = icn
+ /usr/bin/python3.18 = icn
+ /usr/bin/python3.19 = icn
/usr/bin/tr = icn
[required_hats]
diff --git a/utils/logprof.conf.5 b/utils/logprof.conf.5
index 68e55a19d545b046b86e3a903b6c8b5213b173dc..624a3ac749bc5d7f02dc466ea22f9b93af4eb207 100644
--- a/utils/logprof.conf.5
+++ b/utils/logprof.conf.5
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LOGPROF.CONF 5"
-.TH LOGPROF.CONF 5 "2020-12-07" "AppArmor 2.13.6" "AppArmor"
+.TH LOGPROF.CONF 5 "2022-11-22" "AppArmor 3.0.8" "AppArmor"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,7 +143,7 @@ logprof.conf \- configuration file for expert options that modify the
behavior of the AppArmor aa\-logprof(1) program.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIaa\-logprof\fR\|(1) program can be configured to have certain default behavior
+The \fBaa\-logprof\fR\|(1) program can be configured to have certain default behavior
by the contents of logprof.conf.
.PP
The \fB[qualifiers]\fR section lists specific programs that should have
@@ -166,7 +170,7 @@ If the user is doing something tricky and wants different behavior,
they can tweak or remove the corresponding line in the conf file.
.PP
The \fB[defaulthat]\fR section lists changehat-aware programs and what hat
-\&\fIaa\-logprof\fR\|(1) will collapse the entries to for that program if the user
+\&\fBaa\-logprof\fR\|(1) will collapse the entries to for that program if the user
specifies that the access should be allowed, but should not have it's
own hat.
.PP
@@ -175,7 +179,7 @@ with respect to globbing suggestions that the user will be prompted with.
.PP
The format of each line is\*(-- \*(L"<perl glob> = <apparmor glob>\*(R".
.PP
-When \fIaa\-logprof\fR\|(1) asks about a specific path, if the perl glob matches the
+When \fBaa\-logprof\fR\|(1) asks about a specific path, if the perl glob matches the
path, it replaces the part of the path that matched with the corresponding
apparmor glob and adds it to the list of globbing suggestions.
.PP
@@ -214,9 +218,9 @@ Lines starting with # are comments and are ignored.
.SH "BUGS"
.IX Header "BUGS"
If you find any bugs, please report them at
-<https://bugs.launchpad.net/apparmor/+filebug>.
+<https://gitlab.com/apparmor/apparmor/\-/issues>.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIapparmor\fR\|(7), \fIapparmor.d\fR\|(5), \fIaa\-enforce\fR\|(1), \fIaa\-complain\fR\|(1),
-\&\fIaa\-disable\fR\|(1), \fIaa_change_hat\fR\|(2), \fIaa\-logprof\fR\|(1), \fIaa\-genprof\fR\|(1), and
+\&\fBapparmor\fR\|(7), \fBapparmor.d\fR\|(5), \fBaa\-enforce\fR\|(1), \fBaa\-complain\fR\|(1),
+\&\fBaa\-disable\fR\|(1), \fBaa_change_hat\fR\|(2), \fBaa\-logprof\fR\|(1), \fBaa\-genprof\fR\|(1), and
<https://wiki.apparmor.net>.
diff --git a/utils/logprof.conf.5.html b/utils/logprof.conf.5.html
index 4ab4e8ce97de4a7edaefe7ec5062ec49f2860493..8a678db3622b9be49d1dcdb203a6b008d6e366d4 100644
--- a/utils/logprof.conf.5.html
+++ b/utils/logprof.conf.5.html
@@ -2,7 +2,7 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<title></title>
+<title>logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</title>
<link rel="stylesheet" href="apparmor.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
@@ -11,7 +11,7 @@
<body>
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</span></strong></big>
</td></tr>
</table>
@@ -57,37 +57,37 @@
<h1 id="EXAMPLE">EXAMPLE</h1>
-<pre><code> [qualifiers]
- # things will very likely be painfully broken if bash has it's own profile
- /bin/bash = iu
+<pre><code>[qualifiers]
+ # things will very likely be painfully broken if bash has it's own profile
+ /bin/bash = iu
- # mount doesn't work if it's confined
- /bin/mount = u
+ # mount doesn't work if it's confined
+ /bin/mount = u
- # these helper utilities should inherit the parent profile and
- # shouldn't have their own profiles
- /bin/awk = i
- /bin/grep = i
- /bin/sed = i
+ # these helper utilities should inherit the parent profile and
+ # shouldn't have their own profiles
+ /bin/awk = i
+ /bin/grep = i
+ /bin/sed = i
- [defaulthat]
- /usr/sbin/sshd = EXEC
- /usr/sbin/httpd2 = DEFAULT_URI
- /usr/sbin/httpd2-prefork = DEFAULT_URI
+[defaulthat]
+ /usr/sbin/sshd = EXEC
+ /usr/sbin/httpd2 = DEFAULT_URI
+ /usr/sbin/httpd2-prefork = DEFAULT_URI
- [globs]
- # /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib*
- /lib/lib[^\/]+so[^\/]*$ = /lib/lib*so*
+[globs]
+ # /foo/bar/lib/libbaz.so -> /foo/bar/lib/lib*
+ /lib/lib[^\/]+so[^\/]*$ = /lib/lib*so*
- # strip kernel version numbers from kernel module accesses
- ^/lib/modules/[^\/]+\/ = /lib/modules/*/
+ # strip kernel version numbers from kernel module accesses
+ ^/lib/modules/[^\/]+\/ = /lib/modules/*/
- # strip pid numbers from /proc accesses
- ^/proc/\d+/ = /proc/*/</code></pre>
+ # strip pid numbers from /proc accesses
+ ^/proc/\d+/ = /proc/*/</code></pre>
<h1 id="BUGS">BUGS</h1>
-<p>If you find any bugs, please report them at <a href="https://bugs.launchpad.net/apparmor/+filebug">https://bugs.launchpad.net/apparmor/+filebug</a>.</p>
+<p>If you find any bugs, please report them at <a href="https://gitlab.com/apparmor/apparmor/-/issues">https://gitlab.com/apparmor/apparmor/-/issues</a>.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
@@ -95,7 +95,7 @@
<table border="0" width="100%" cellspacing="0" cellpadding="3">
<tr><td class="_podblock_" valign="middle">
-<big><strong><span class="_podblock_"> </span></strong></big>
+<big><strong><span class="_podblock_"> logprof.conf - configuration file for expert options that modify the behavior of the AppArmor aa-logprof(1) program.</span></strong></big>
</td></tr>
</table>
diff --git a/utils/logprof.conf.pod b/utils/logprof.conf.pod
index 3e549aecba72866ce2ebeb140802e6a7a7ffe57e..f429d4f2188b7725019552021e947dd8e37bac79 100644
--- a/utils/logprof.conf.pod
+++ b/utils/logprof.conf.pod
@@ -103,7 +103,7 @@ Lines starting with # are comments and are ignored.
=head1 BUGS
If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO
diff --git a/utils/po/af.po b/utils/po/af.po
new file mode 100644
index 0000000000000000000000000000000000000000..a93d0ceafcd8f59233958ef01427ab6e5380fce2
--- /dev/null
+++ b/utils/po/af.po
@@ -0,0 +1,1165 @@
+# Afrikaans translation for apparmor
+# Copyright (c) 2020 Rosetta Contributors and Canonical Ltd 2020
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2020-03-06 01:24+0000\n"
+"Last-Translator: bernard stafford <Unknown>\n"
+"Language-Team: Afrikaans <af@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2020-03-06 05:43+0000\n"
+"X-Generator: Launchpad (build e0878392dc799b267dea80578fa65500a5d74155)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr "Genereer profiel vir die gegewe programe"
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr "pad- om profiele"
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr "pad na loglêer"
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr "naam van program na profiel"
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr "Die loglêer %s bestaan nie. Tjek asseblief die -pad"
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+"Dit lyk AppArmor was nie begin het. Aktiveer asseblief AppArmor en probeer "
+"weer."
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr "%s is nie 'n gids."
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+"Kan nie vind %(profiling)s in die stelselpadlys. Indien die naam van die "
+"aansoek is korrek, asseblief hardloop 'which %(profiling)s' as gebruiker met "
+"korrekte PATH\n"
+"omgewing opgestel in orde om die volle gekwalifiseerde pad te vind en\n"
+"gebruik die volledige pad as parameter."
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr "%s nie bestaan, dubbel-tjek die pad."
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+"\n"
+"Voor jy begin, jy mag wens om tjek indien 'n\n"
+"profiel bestaan ​​reeds vir die toepassing wat jy\n"
+"wens om confine. Sien die volgende wiki bladsy vir\n"
+"meer inligting:"
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+"Begin asseblief die aansoek om geprofileer te word in\n"
+"'n ander venster en uitoefening funksionaliteit daarvan nou.\n"
+"\n"
+"Sodra dit voltooi is, kies die \"Scan\" opsie hieronder in \n"
+"orde om skandering die die stelsel logs vir AppArmor gebeurtenise. \n"
+"\n"
+"Vir elke AppArmor gebeurtenis, jy sal gegee word om die \n"
+"geleentheid om te kies whether die toegang behoort te wees \n"
+"toegelaat of geweier."
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr "Profilering"
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+"\n"
+"Weer gelaai AppArmor profiele in afdwing modus."
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+"\n"
+"Oorweeg asseblief bydraende jou nuwe profiel!\n"
+"Sien die volgende wiki bladsy vir meer inligting:"
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr "Afgewerkte genererende profiel vir %s."
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr "Proses log inskrywings om profiele te genereer"
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr "merk in die log te begin met die verwerking na"
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr "Maak skoon die profiele vir die gegewe programme"
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr "naam van programe"
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr "Oorskryf stilweg met 'n skoon profiel"
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr "Presteer 'n 2-manier of 3-manier saamsmelt op die gegewe profiele"
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr "jou profiel"
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr "base profiel"
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr "ander profiel"
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr "Die volgende plaaslike profiele is verander. Wil jy hulle red?"
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr "Pad"
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr "Kies die toepaslike modus"
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr "Onbekend seleksie"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr "Lêer sluit in"
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr "Seleksie die wat jy wil byvoeg"
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr "Toevoeging van %s na die lêer."
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr "onbekend"
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr "Geskrap %s vorige ooreenstemmende profiel inskrywings."
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr "Profiel"
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr "Capvermoë"
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr "Ernstigheidsgraad"
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr "Toevoeging van %s na profiel."
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr "Die capvermoë %s by profiel gevoeg."
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr "Weier die capvermoë %s om te profiel."
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr "(toestemmings vir eienaars af)"
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr "(dwing nuwe permitte aan die eienaar)"
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr "(Dwing alle heerskappy perms om eienaar)"
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr "Ou Modus"
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr "Nuwe Modus"
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr "(dwing perms aan eienaar)"
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr "Modus"
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr "Toevoeging %(path)s %(mod)s om profiel"
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr "Voer nuwe pad in: "
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr "Netwerk Familie"
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr "Socket Tipe"
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr "Voeg %s by profiel"
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr "Voeg netwerk toegang %(family)s %(type)s na profiel."
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr "Ontken netwerk toegang %(family)s %(type)s na profiel"
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr "Genereer 'n basiese AppArmor profiel deur raai van vereistes"
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr "Oorskryf bestaande profiel"
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr "Skakelaar die gegewe programme om oudit modus"
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr "verwyder oudit modus"
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr "Wys volle spore"
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr "Skakelaar die gegewe programe om te kla modus"
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr "Skakelaar die gegewe programe om afdwing modus"
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr "Deaktiveer die profiel vir die gegewe programes"
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr "Lys unconfined prosesse met tcp of udp poorte"
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr "skandeer alle prosesse vanaf / proc"
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr "%(pid)s %(program)s (%(commandline)s) nie confined"
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr "%(pid)s %(program)s%(pname)s nie confined"
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s (%(commandline)s) confined deur '%(attribute)s'"
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr "%(pid)s %(program)s%(pname)s confined deur '%(attribute)s'"
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr "Gevolg te veel links terwyl reoplossing %s"
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr "Kan nie vind %s"
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr "Instelling %s om kla modus."
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr "Instellings %s om afdwing modus."
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr "Nie in staat om vind basenaam vir %s."
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr "Kon skep nie %(link)s symlink om %(filename)s."
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr "Nie in staat om lees eerste reël vanaf %s: Lêer Nie Gevind"
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+"Nie in staat vurk: %(program)s\n"
+"\t%(error)s"
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+"Is jy seker jy wil hierdie stel laat vaar van profiel wysigings en uitgang?"
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr "Laat vaar alle veranderinge."
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr "Konnekteer tans na bewaarplek..."
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr "WAARSKUWING: Fout haal tans profiele van die repository"
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr "Fout aktiveer profiele: %s"
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr "%s bevat geen profiel"
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+"WAARSKUWING: Fout sinchronisasie profiele met die bewaarplek:\n"
+"%s\n"
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+"WAARSKUWING: Fout sinchronisasie profiele met die bewaarplek\n"
+"%s"
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+"WAARSKUWING: 'N fout tydens die oplaai van die profiel %(profile)s\n"
+"%(ret)s"
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr "Opgelaaide verander na repository."
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr "Verander log inskrywing: "
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+"Bewaarplek Fout\n"
+"Registrasie of Inlog was onsuksesvol. Gebruiker aanmelding\n"
+"inligting word benodig om profiele na die bewaarplek op te laai.\n"
+"Hierdie veranderinge kon nie gestuur word nie."
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr "Verstek Hoed"
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr "Aangevraagde Hoed"
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr "%s het oorgangsnaam maar nie oorgangsmodus"
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/bo.po b/utils/po/bo.po
new file mode 100644
index 0000000000000000000000000000000000000000..3ec697b78798956e1266a41e948b77321c83bb2a
--- /dev/null
+++ b/utils/po/bo.po
@@ -0,0 +1,1126 @@
+# Tibetan translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2019-12-12 02:59+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Tibetan <bo@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-13 05:38+0000\n"
+"X-Generator: Launchpad (build c597c3229eb023b1e626162d5947141bf7befb13)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr ""
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr ""
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr ""
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr ""
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr ""
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr ""
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr ""
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr ""
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr ""
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr ""
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr ""
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr ""
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/de.po b/utils/po/de.po
index 6686ee03da8fa0c0ede639f2d6d4fe34672df433..ecafc5dad0c12af418aa0c94279f238fa66b758a 100644
--- a/utils/po/de.po
+++ b/utils/po/de.po
@@ -7,14 +7,14 @@ msgstr ""
"Project-Id-Version: apparmor-utils\n"
"Report-Msgid-Bugs-To: <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2019-04-17 23:42+0000\n"
-"Last-Translator: Tobias Bannert <tobannert@gmail.com>\n"
+"PO-Revision-Date: 2020-02-21 16:45+0000\n"
+"Last-Translator: Stephan Woidowski <swoidowski@t-online.de>\n"
"Language-Team: German <de@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-04-19 05:30+0000\n"
-"X-Generator: Launchpad (build 18928)\n"
+"X-Launchpad-Export-Date: 2020-02-22 05:41+0000\n"
+"X-Generator: Launchpad (build 19413b719a8df7423ab1390528edadce9e0e4aca)\n"
"Language: de\n"
#: ../aa-genprof:56
@@ -881,7 +881,7 @@ msgstr ""
#: ../apparmor/aa.py:3343
#, python-format
msgid "Invalid allow string: %(allow)s"
-msgstr ""
+msgstr "ungültiger allow string: %(allow)s"
#: ../apparmor/aa.py:3778
msgid "Can't find existing profile to modify"
@@ -1075,23 +1075,23 @@ msgstr "(K)ind"
#: ../apparmor/ui.py:238
msgid "(C)hild Clean Exec"
-msgstr ""
+msgstr "(C)hild sauber ausführen"
#: ../apparmor/ui.py:239
msgid "(N)amed"
-msgstr ""
+msgstr "Be(n)annt"
#: ../apparmor/ui.py:240
msgid "(N)amed Clean Exec"
-msgstr ""
+msgstr "Be(n)annte sauber ausführen"
#: ../apparmor/ui.py:241
msgid "(U)nconfined"
-msgstr ""
+msgstr "(U)nbeschränkt"
#: ../apparmor/ui.py:242
msgid "(U)nconfined Clean Exec"
-msgstr ""
+msgstr "(U)nbeschränkte sauber ausführen"
#: ../apparmor/ui.py:243
msgid "(P)rofile Inherit"
@@ -1099,7 +1099,7 @@ msgstr "(P)rofil erben"
#: ../apparmor/ui.py:244
msgid "(P)rofile Inherit Clean Exec"
-msgstr ""
+msgstr "(P)rofil vererbt saubere Ausführung"
#: ../apparmor/ui.py:245
msgid "(C)hild Inherit"
@@ -1107,23 +1107,23 @@ msgstr "(K)ind erben"
#: ../apparmor/ui.py:246
msgid "(C)hild Inherit Clean Exec"
-msgstr ""
+msgstr "(C)hild vererbt saubere Ausführung"
#: ../apparmor/ui.py:247
msgid "(N)amed Inherit"
-msgstr ""
+msgstr "Be(n)annte Vererbung"
#: ../apparmor/ui.py:248
msgid "(N)amed Inherit Clean Exec"
-msgstr ""
+msgstr "Be(n)annte Vererbung sauber ausführen"
#: ../apparmor/ui.py:249
msgid "(X) ix On"
-msgstr ""
+msgstr "(X) ix An"
#: ../apparmor/ui.py:250
msgid "(X) ix Off"
-msgstr ""
+msgstr "(X) ix Aus"
#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
msgid "(S)ave Changes"
@@ -1131,7 +1131,7 @@ msgstr "Änderungen (s)peichern"
#: ../apparmor/ui.py:252
msgid "(C)ontinue Profiling"
-msgstr ""
+msgstr "P(r)ofiling fortsetzen"
#: ../apparmor/ui.py:253
msgid "(N)ew"
@@ -1147,15 +1147,15 @@ msgstr ""
#: ../apparmor/ui.py:256
msgid "(A)dd Requested Hat"
-msgstr ""
+msgstr "Angeforderten Hat (H)inzufügen"
#: ../apparmor/ui.py:257
msgid "(U)se Default Hat"
-msgstr ""
+msgstr "Standard-Hat (N)utzen"
#: ../apparmor/ui.py:258
msgid "(S)can system log for AppArmor events"
-msgstr ""
+msgstr "Systemprotokoll nach AppArmor-Ereignissen (s)cannen"
#: ../apparmor/ui.py:259
msgid "(H)elp"
@@ -1163,23 +1163,23 @@ msgstr "(H)ilfe"
#: ../apparmor/ui.py:260
msgid "(V)iew Profile"
-msgstr ""
+msgstr "(P)rofil ansehen"
#: ../apparmor/ui.py:261
msgid "(U)se Profile"
-msgstr ""
+msgstr "(B)enutze Profil"
#: ../apparmor/ui.py:262
msgid "(C)reate New Profile"
-msgstr ""
+msgstr "(E)rstelle Neues Profil"
#: ../apparmor/ui.py:263
msgid "(U)pdate Profile"
-msgstr ""
+msgstr "(A)ktualisiere Profil"
#: ../apparmor/ui.py:264
msgid "(I)gnore Update"
-msgstr ""
+msgstr "(I)gnoriere Aktualisierung"
#: ../apparmor/ui.py:266
msgid "Save Selec(t)ed Profile"
@@ -1187,19 +1187,19 @@ msgstr "Ausgewähl(t)es Profil speichern"
#: ../apparmor/ui.py:267
msgid "(U)pload Changes"
-msgstr ""
+msgstr "Änderungen (h)ochladen"
#: ../apparmor/ui.py:268
msgid "(V)iew Changes"
-msgstr ""
+msgstr "Änderungen an(z)eigen"
#: ../apparmor/ui.py:269
msgid "View Changes b/w (C)lean profiles"
-msgstr ""
+msgstr "Änderungen zwischen sau(b)eren Profilen anzeigen"
#: ../apparmor/ui.py:270
msgid "(V)iew"
-msgstr ""
+msgstr "(A)nsicht"
#: ../apparmor/ui.py:271
msgid "(E)nable Repository"
@@ -1215,27 +1215,27 @@ msgstr "(N)icht mehr fragen"
#: ../apparmor/ui.py:274
msgid "Ask Me (L)ater"
-msgstr ""
+msgstr "Später (n)achfragen"
#: ../apparmor/ui.py:277
msgid "Allow All (N)etwork"
-msgstr ""
+msgstr "Alle (N)etzwerke erlauben"
#: ../apparmor/ui.py:278
msgid "Allow Network Fa(m)ily"
-msgstr ""
+msgstr "Netzwerk-Fa(m)ilie erlauben"
#: ../apparmor/ui.py:279
msgid "(O)verwrite Profile"
-msgstr ""
+msgstr "Profil (ü)berschreiben"
#: ../apparmor/ui.py:280
msgid "(K)eep Profile"
-msgstr ""
+msgstr "Profil (b)ehalten"
#: ../apparmor/ui.py:281
msgid "(C)ontinue"
-msgstr ""
+msgstr "(F)ortsetzen"
#: ../apparmor/ui.py:282
msgid "(I)gnore"
diff --git a/utils/po/es.po b/utils/po/es.po
index e82f2a5d32e01bbbed96b91475bb404d35f10cff..a911edeb851e6b353c15751e30ef5aace695f135 100644
--- a/utils/po/es.po
+++ b/utils/po/es.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2019-06-09 14:14+0000\n"
+"PO-Revision-Date: 2019-06-22 05:18+0000\n"
"Last-Translator: Paco Molinero <paco@byasl.com>\n"
"Language-Team: Spanish <es@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-06-10 04:32+0000\n"
-"X-Generator: Launchpad (build 18978)\n"
+"X-Launchpad-Export-Date: 2019-06-23 04:31+0000\n"
+"X-Generator: Launchpad (build 18989)\n"
#: ../aa-genprof:56
msgid "Generate profile for the given program"
@@ -48,7 +48,7 @@ msgstr ""
#: ../aa-genprof:80 ../aa-mergeprof:47
#, python-format
msgid "%s is not a directory."
-msgstr ""
+msgstr "%s no es un directorio."
#: ../aa-genprof:94
#, python-format
@@ -157,7 +157,7 @@ msgstr "Ruta"
#: ../aa-mergeprof:149
msgid "Select the appropriate mode"
-msgstr ""
+msgstr "Seleccione el modo apropiado"
#: ../aa-mergeprof:166
msgid "Unknown selection"
@@ -174,7 +174,7 @@ msgstr ""
#: ../aa-mergeprof:195 ../aa-mergeprof:222
#, python-format
msgid "Adding %s to the file."
-msgstr ""
+msgstr "Añadiendo %s al archivo."
#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
msgid "unknown"
@@ -192,7 +192,7 @@ msgstr ""
#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
msgid "Profile"
-msgstr ""
+msgstr "Perfil"
#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
msgid "Capability"
@@ -207,7 +207,7 @@ msgstr ""
#: ../apparmor/aa.py:1857
#, python-format
msgid "Adding %s to profile."
-msgstr ""
+msgstr "Añadiendo %s al perfil."
#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
#, python-format
diff --git a/utils/po/fa.po b/utils/po/fa.po
new file mode 100644
index 0000000000000000000000000000000000000000..812020f2d4f7da79c18497c186709f2c59b38c00
--- /dev/null
+++ b/utils/po/fa.po
@@ -0,0 +1,1128 @@
+# Persian translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2019-12-27 08:21+0000\n"
+"Last-Translator: VahidNameni <Unknown>\n"
+"Language-Team: Persian <fa@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-28 05:38+0000\n"
+"X-Generator: Launchpad (build bceb5ef013b87ef7aafe0755545ceb689ca7ac60)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr "ایجاد نمایه برای برنامه داده شده"
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr "مسیر نمایه ها"
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr "مسیر رخدادنگاشت Ùایل"
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr "نام برنامه جهت نمایه"
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+"به نظر Ù…ÛŒ رسد AppArmor آغاز نشده است. لطÙا AppArmor را Ùعال Ùˆ سپس امتØان "
+"نمایید."
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr "%s پوشه نمی باشد."
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr "پاک سازی نمایه ها برای برنامه های داده شده"
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr "نام برنامه"
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr "نمایه شما"
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr "نمایه اصلی"
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr "دیگر نمایه ها"
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr "Øالت مناسب را انتخاب نمایید"
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr "هر گزینه ای Ú©Ù‡ Ù…ÛŒ خواد اضاÙÙ‡ کنید را انتخاب نمایید"
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/po/sv.po b/utils/po/sv.po
index 19d99c55aa5fdb64184a8720311b1d8cc2b1d07f..e128ffda589f7d43e1e988ea6bf10f1e27b588ac 100644
--- a/utils/po/sv.po
+++ b/utils/po/sv.po
@@ -8,14 +8,14 @@ msgstr ""
"Project-Id-Version: apparmor\n"
"Report-Msgid-Bugs-To: AppArmor list <apparmor@lists.ubuntu.com>\n"
"POT-Creation-Date: 2014-09-14 19:29+0530\n"
-"PO-Revision-Date: 2019-05-26 08:20+0000\n"
+"PO-Revision-Date: 2019-11-01 09:51+0000\n"
"Last-Translator: Jonatan Nyberg <Unknown>\n"
"Language-Team: Swedish <sv@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Launchpad-Export-Date: 2019-05-27 05:35+0000\n"
-"X-Generator: Launchpad (build 18968)\n"
+"X-Launchpad-Export-Date: 2019-11-02 05:45+0000\n"
+"X-Generator: Launchpad (build 469f241f4e73cc0bdffa4e30654052a2af068e06)\n"
"Language: sv\n"
#: ../aa-genprof:56
@@ -600,7 +600,7 @@ msgstr "Klaglägeändringar:"
#: ../apparmor/aa.py:1525
msgid "Enforce-mode changes:"
-msgstr ""
+msgstr "Tvinga-läge ändringar:"
#: ../apparmor/aa.py:1528
#, python-format
@@ -887,6 +887,13 @@ msgid ""
"the corresponding entry in the [qualifiers] section in "
"/etc/apparmor/logprof.conf."
msgstr ""
+"%s är för närvarande markerad som ett program som inte ska ha sin egen\n"
+"profil. Vanligtvis markeras program på detta sätt om du skapar en profil "
+"för \n"
+"de kommer sannolikt att bryta resten av systemet. Om du vet vad du är\n"
+"gör och är säker på att du vill skapa en profil för det här programmet, "
+"redigera\n"
+"motsvarande post i avsnittet [qualifiers] i /etc/apparmor/logprof.conf."
#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
#, python-format
@@ -902,6 +909,11 @@ msgid ""
"environment set up in order to find the fully-qualified path and\n"
"use the full path as parameter."
msgstr ""
+"Det går inte att hitta %(program)s i systemsökvägslistan. Om namnet på "
+"applikationen\n"
+"är korrekt, kör \"which %(program)s\" som användare med rätt SÖKVÄG-\n"
+"miljö som inrättats för att hitta den fullt kvalificerade sökvägen och\n"
+"använd hela sökvägen som parameter."
#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
#, python-format
@@ -943,6 +955,8 @@ msgid ""
"Please pass an application to generate a profile for, not a profile itself - "
"skipping %s."
msgstr ""
+"Vänligen skicka ett program för att generera en profil för, inte profilen "
+"själv - hoppar över %s."
#: ../apparmor/tools.py:220
#, python-format
diff --git a/utils/po/zh_CN.po b/utils/po/zh_CN.po
new file mode 100644
index 0000000000000000000000000000000000000000..1c9c1d2b4d3399614bcb212c4a323b7a0b7495fb
--- /dev/null
+++ b/utils/po/zh_CN.po
@@ -0,0 +1,1126 @@
+# Chinese (Simplified) translation for apparmor
+# Copyright (c) 2019 Rosetta Contributors and Canonical Ltd 2019
+# This file is distributed under the same license as the apparmor package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, 2019.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: apparmor\n"
+"Report-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>\n"
+"POT-Creation-Date: 2014-09-14 19:29+0530\n"
+"PO-Revision-Date: 2019-12-24 02:58+0000\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: Chinese (Simplified) <zh_CN@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Launchpad-Export-Date: 2019-12-25 05:41+0000\n"
+"X-Generator: Launchpad (build bceb5ef013b87ef7aafe0755545ceb689ca7ac60)\n"
+
+#: ../aa-genprof:56
+msgid "Generate profile for the given program"
+msgstr ""
+
+#: ../aa-genprof:57 ../aa-logprof:25 ../aa-cleanprof:24 ../aa-mergeprof:34
+#: ../aa-autodep:25 ../aa-audit:25 ../aa-complain:24 ../aa-enforce:24
+#: ../aa-disable:24
+msgid "path to profiles"
+msgstr ""
+
+#: ../aa-genprof:58 ../aa-logprof:26
+msgid "path to logfile"
+msgstr ""
+
+#: ../aa-genprof:59
+msgid "name of program to profile"
+msgstr ""
+
+#: ../aa-genprof:69 ../aa-logprof:37
+#, python-format
+msgid "The logfile %s does not exist. Please check the path"
+msgstr ""
+
+#: ../aa-genprof:75 ../aa-logprof:43 ../aa-unconfined:36
+msgid ""
+"It seems AppArmor was not started. Please enable AppArmor and try again."
+msgstr ""
+
+#: ../aa-genprof:80 ../aa-mergeprof:47
+#, python-format
+msgid "%s is not a directory."
+msgstr ""
+
+#: ../aa-genprof:94
+#, python-format
+msgid ""
+"Can't find %(profiling)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(profiling)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../aa-genprof:96
+#, python-format
+msgid "%s does not exists, please double-check the path."
+msgstr ""
+
+#: ../aa-genprof:124
+msgid ""
+"\n"
+"Before you begin, you may wish to check if a\n"
+"profile already exists for the application you\n"
+"wish to confine. See the following wiki page for\n"
+"more information:"
+msgstr ""
+
+#: ../aa-genprof:126
+msgid ""
+"Please start the application to be profiled in\n"
+"another window and exercise its functionality now.\n"
+"\n"
+"Once completed, select the \"Scan\" option below in \n"
+"order to scan the system logs for AppArmor events. \n"
+"\n"
+"For each AppArmor event, you will be given the \n"
+"opportunity to choose whether the access should be \n"
+"allowed or denied."
+msgstr ""
+
+#: ../aa-genprof:147
+msgid "Profiling"
+msgstr ""
+
+#: ../aa-genprof:165
+msgid ""
+"\n"
+"Reloaded AppArmor profiles in enforce mode."
+msgstr ""
+
+#: ../aa-genprof:166
+msgid ""
+"\n"
+"Please consider contributing your new profile!\n"
+"See the following wiki page for more information:"
+msgstr ""
+
+#: ../aa-genprof:167
+#, python-format
+msgid "Finished generating profile for %s."
+msgstr ""
+
+#: ../aa-logprof:24
+msgid "Process log entries to generate profiles"
+msgstr ""
+
+#: ../aa-logprof:27
+msgid "mark in the log to start processing after"
+msgstr ""
+
+#: ../aa-cleanprof:23
+msgid "Cleanup the profiles for the given programs"
+msgstr ""
+
+#: ../aa-cleanprof:25 ../aa-autodep:26 ../aa-audit:27 ../aa-complain:25
+#: ../aa-enforce:25 ../aa-disable:25
+msgid "name of program"
+msgstr ""
+
+#: ../aa-cleanprof:26
+msgid "Silently overwrite with a clean profile"
+msgstr ""
+
+#: ../aa-mergeprof:29
+msgid "Perform a 2-way or 3-way merge on the given profiles"
+msgstr ""
+
+#: ../aa-mergeprof:31
+msgid "your profile"
+msgstr ""
+
+#: ../aa-mergeprof:32
+msgid "base profile"
+msgstr ""
+
+#: ../aa-mergeprof:33
+msgid "other profile"
+msgstr ""
+
+#: ../aa-mergeprof:67 ../apparmor/aa.py:2345
+msgid ""
+"The following local profiles were changed. Would you like to save them?"
+msgstr ""
+
+#: ../aa-mergeprof:148 ../aa-mergeprof:430 ../apparmor/aa.py:1767
+msgid "Path"
+msgstr ""
+
+#: ../aa-mergeprof:149
+msgid "Select the appropriate mode"
+msgstr ""
+
+#: ../aa-mergeprof:166
+msgid "Unknown selection"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "File includes"
+msgstr ""
+
+#: ../aa-mergeprof:183 ../aa-mergeprof:209
+msgid "Select the ones you wish to add"
+msgstr ""
+
+#: ../aa-mergeprof:195 ../aa-mergeprof:222
+#, python-format
+msgid "Adding %s to the file."
+msgstr ""
+
+#: ../aa-mergeprof:199 ../apparmor/aa.py:2258
+msgid "unknown"
+msgstr ""
+
+#: ../aa-mergeprof:224 ../aa-mergeprof:275 ../aa-mergeprof:516
+#: ../aa-mergeprof:558 ../aa-mergeprof:675 ../apparmor/aa.py:1620
+#: ../apparmor/aa.py:1859 ../apparmor/aa.py:1899 ../apparmor/aa.py:2012
+#, python-format
+msgid "Deleted %s previous matching profile entries."
+msgstr ""
+
+#: ../aa-mergeprof:244 ../aa-mergeprof:429 ../aa-mergeprof:629
+#: ../aa-mergeprof:656 ../apparmor/aa.py:992 ../apparmor/aa.py:1252
+#: ../apparmor/aa.py:1562 ../apparmor/aa.py:1603 ../apparmor/aa.py:1766
+#: ../apparmor/aa.py:1958 ../apparmor/aa.py:1994
+msgid "Profile"
+msgstr ""
+
+#: ../aa-mergeprof:245 ../apparmor/aa.py:1563 ../apparmor/aa.py:1604
+msgid "Capability"
+msgstr ""
+
+#: ../aa-mergeprof:246 ../aa-mergeprof:480 ../apparmor/aa.py:1258
+#: ../apparmor/aa.py:1564 ../apparmor/aa.py:1605 ../apparmor/aa.py:1817
+msgid "Severity"
+msgstr ""
+
+#: ../aa-mergeprof:273 ../aa-mergeprof:514 ../apparmor/aa.py:1618
+#: ../apparmor/aa.py:1857
+#, python-format
+msgid "Adding %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:282 ../apparmor/aa.py:1627
+#, python-format
+msgid "Adding capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:289 ../apparmor/aa.py:1634
+#, python-format
+msgid "Denying capability %s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:439 ../aa-mergeprof:470 ../apparmor/aa.py:1776
+#: ../apparmor/aa.py:1807
+msgid "(owner permissions off)"
+msgstr ""
+
+#: ../aa-mergeprof:444 ../apparmor/aa.py:1781
+msgid "(force new perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:447 ../apparmor/aa.py:1784
+msgid "(force all rule perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:459 ../apparmor/aa.py:1796
+msgid "Old Mode"
+msgstr ""
+
+#: ../aa-mergeprof:460 ../apparmor/aa.py:1797
+msgid "New Mode"
+msgstr ""
+
+#: ../aa-mergeprof:475 ../apparmor/aa.py:1812
+msgid "(force perms to owner)"
+msgstr ""
+
+#: ../aa-mergeprof:478 ../apparmor/aa.py:1815
+msgid "Mode"
+msgstr ""
+
+#: ../aa-mergeprof:556
+#, python-format
+msgid "Adding %(path)s %(mod)s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:574 ../apparmor/aa.py:1915
+msgid "Enter new path: "
+msgstr ""
+
+#: ../aa-mergeprof:630 ../aa-mergeprof:657 ../apparmor/aa.py:1959
+#: ../apparmor/aa.py:1995
+msgid "Network Family"
+msgstr ""
+
+#: ../aa-mergeprof:631 ../aa-mergeprof:658 ../apparmor/aa.py:1960
+#: ../apparmor/aa.py:1996
+msgid "Socket Type"
+msgstr ""
+
+#: ../aa-mergeprof:673 ../apparmor/aa.py:2010
+#, python-format
+msgid "Adding %s to profile"
+msgstr ""
+
+#: ../aa-mergeprof:683 ../apparmor/aa.py:2020
+#, python-format
+msgid "Adding network access %(family)s %(type)s to profile."
+msgstr ""
+
+#: ../aa-mergeprof:689 ../apparmor/aa.py:2026
+#, python-format
+msgid "Denying network access %(family)s %(type)s to profile"
+msgstr ""
+
+#: ../aa-autodep:23
+msgid "Generate a basic AppArmor profile by guessing requirements"
+msgstr ""
+
+#: ../aa-autodep:24
+msgid "overwrite existing profile"
+msgstr ""
+
+#: ../aa-audit:24
+msgid "Switch the given programs to audit mode"
+msgstr ""
+
+#: ../aa-audit:26
+msgid "remove audit mode"
+msgstr ""
+
+#: ../aa-audit:28
+msgid "Show full trace"
+msgstr ""
+
+#: ../aa-complain:23
+msgid "Switch the given program to complain mode"
+msgstr ""
+
+#: ../aa-enforce:23
+msgid "Switch the given program to enforce mode"
+msgstr ""
+
+#: ../aa-disable:23
+msgid "Disable the profile for the given programs"
+msgstr ""
+
+#: ../aa-unconfined:28
+msgid "Lists unconfined processes having tcp or udp ports"
+msgstr ""
+
+#: ../aa-unconfined:29
+msgid "scan all processes from /proc"
+msgstr ""
+
+#: ../aa-unconfined:81
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) not confined"
+msgstr ""
+
+#: ../aa-unconfined:85
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s not confined"
+msgstr ""
+
+#: ../aa-unconfined:90
+#, python-format
+msgid "%(pid)s %(program)s (%(commandline)s) confined by '%(attribute)s'"
+msgstr ""
+
+#: ../aa-unconfined:94
+#, python-format
+msgid "%(pid)s %(program)s%(pname)s confined by '%(attribute)s'"
+msgstr ""
+
+#: ../apparmor/aa.py:196
+#, python-format
+msgid "Followed too many links while resolving %s"
+msgstr ""
+
+#: ../apparmor/aa.py:252 ../apparmor/aa.py:259
+#, python-format
+msgid "Can't find %s"
+msgstr ""
+
+#: ../apparmor/aa.py:264 ../apparmor/aa.py:548
+#, python-format
+msgid "Setting %s to complain mode."
+msgstr ""
+
+#: ../apparmor/aa.py:271
+#, python-format
+msgid "Setting %s to enforce mode."
+msgstr ""
+
+#: ../apparmor/aa.py:286
+#, python-format
+msgid "Unable to find basename for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:301
+#, python-format
+msgid "Could not create %(link)s symlink to %(filename)s."
+msgstr ""
+
+#: ../apparmor/aa.py:314
+#, python-format
+msgid "Unable to read first line from %s: File Not Found"
+msgstr ""
+
+#: ../apparmor/aa.py:328
+#, python-format
+msgid ""
+"Unable to fork: %(program)s\n"
+"\t%(error)s"
+msgstr ""
+
+#: ../apparmor/aa.py:449 ../apparmor/ui.py:303
+msgid ""
+"Are you sure you want to abandon this set of profile changes and exit?"
+msgstr ""
+
+#: ../apparmor/aa.py:451 ../apparmor/ui.py:305
+msgid "Abandoning all changes."
+msgstr ""
+
+#: ../apparmor/aa.py:464
+msgid "Connecting to repository..."
+msgstr ""
+
+#: ../apparmor/aa.py:470
+msgid "WARNING: Error fetching profiles from the repository"
+msgstr ""
+
+#: ../apparmor/aa.py:550
+#, python-format
+msgid "Error activating profiles: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:605
+#, python-format
+msgid "%s contains no profile"
+msgstr ""
+
+#: ../apparmor/aa.py:706
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository:\n"
+"%s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:744
+#, python-format
+msgid ""
+"WARNING: Error synchronizing profiles with the repository\n"
+"%s"
+msgstr ""
+
+#: ../apparmor/aa.py:832 ../apparmor/aa.py:883
+#, python-format
+msgid ""
+"WARNING: An error occurred while uploading the profile %(profile)s\n"
+"%(ret)s"
+msgstr ""
+
+#: ../apparmor/aa.py:833
+msgid "Uploaded changes to repository."
+msgstr ""
+
+#: ../apparmor/aa.py:865
+msgid "Changelog Entry: "
+msgstr ""
+
+#: ../apparmor/aa.py:885
+msgid ""
+"Repository Error\n"
+"Registration or Signin was unsuccessful. User login\n"
+"information is required to upload profiles to the repository.\n"
+"These changes could not be sent."
+msgstr ""
+
+#: ../apparmor/aa.py:995
+msgid "Default Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:997
+msgid "Requested Hat"
+msgstr ""
+
+#: ../apparmor/aa.py:1218
+#, python-format
+msgid "%s has transition name but not transition mode"
+msgstr ""
+
+#: ../apparmor/aa.py:1232
+#, python-format
+msgid "Target profile exists: %s\n"
+msgstr ""
+
+#: ../apparmor/aa.py:1254
+msgid "Program"
+msgstr ""
+
+#: ../apparmor/aa.py:1257
+msgid "Execute"
+msgstr ""
+
+#: ../apparmor/aa.py:1287
+msgid "Are you specifying a transition to a local profile?"
+msgstr ""
+
+#: ../apparmor/aa.py:1299
+msgid "Enter profile name to transition to: "
+msgstr ""
+
+#: ../apparmor/aa.py:1308
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but some applications depend on the presence\n"
+"of LD_PRELOAD or LD_LIBRARY_PATH."
+msgstr ""
+
+#: ../apparmor/aa.py:1310
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"switching profiles?\n"
+"\n"
+"Sanitising environment is more secure,\n"
+"but this application appears to be using LD_PRELOAD\n"
+"or LD_LIBRARY_PATH and sanitising the environment\n"
+"could cause functionality problems."
+msgstr ""
+
+#: ../apparmor/aa.py:1318
+#, python-format
+msgid ""
+"Launching processes in an unconfined state is a very\n"
+"dangerous operation and can cause serious security holes.\n"
+"\n"
+"Are you absolutely certain you wish to remove all\n"
+"AppArmor protection when executing %s ?"
+msgstr ""
+
+#: ../apparmor/aa.py:1320
+msgid ""
+"Should AppArmor sanitise the environment when\n"
+"running this program unconfined?\n"
+"\n"
+"Not sanitising the environment when unconfining\n"
+"a program opens up significant security holes\n"
+"and should be avoided if at all possible."
+msgstr ""
+
+#: ../apparmor/aa.py:1396 ../apparmor/aa.py:1414
+#, python-format
+msgid ""
+"A profile for %s does not exist.\n"
+"Do you want to create one?"
+msgstr ""
+
+#: ../apparmor/aa.py:1523
+msgid "Complain-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1525
+msgid "Enforce-mode changes:"
+msgstr ""
+
+#: ../apparmor/aa.py:1528
+#, python-format
+msgid "Invalid mode found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:1897
+#, python-format
+msgid "Adding %(path)s %(mode)s to profile"
+msgstr ""
+
+#: ../apparmor/aa.py:1918
+#, python-format
+msgid ""
+"The specified path does not match this log entry:\n"
+"\n"
+" Log Entry: %(path)s\n"
+" Entered Path: %(ans)s\n"
+"Do you really want to use this path?"
+msgstr ""
+
+#: ../apparmor/aa.py:2251
+#, python-format
+msgid "Reading log entries from %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2254
+#, python-format
+msgid "Updating AppArmor profiles in %s."
+msgstr ""
+
+#: ../apparmor/aa.py:2323
+msgid ""
+"Select which profile changes you would like to save to the\n"
+"local profile set."
+msgstr ""
+
+#: ../apparmor/aa.py:2324
+msgid "Local profile changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2418
+msgid "Profile Changes"
+msgstr ""
+
+#: ../apparmor/aa.py:2428
+#, python-format
+msgid "Can't find existing profile %s to compare changes."
+msgstr ""
+
+#: ../apparmor/aa.py:2566 ../apparmor/aa.py:2581
+#, python-format
+msgid "Can't read AppArmor profiles in %s"
+msgstr ""
+
+#: ../apparmor/aa.py:2677
+#, python-format
+msgid ""
+"%(profile)s profile in %(file)s contains syntax errors in line: %(line)s."
+msgstr ""
+
+#: ../apparmor/aa.py:2734
+#, python-format
+msgid ""
+"Syntax Error: Unexpected End of Profile reached in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2749
+#, python-format
+msgid ""
+"Syntax Error: Unexpected capability entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2770
+#, python-format
+msgid ""
+"Syntax Error: Unexpected link entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2798
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change profile entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2820
+#, python-format
+msgid ""
+"Syntax Error: Unexpected rlimit entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2831
+#, python-format
+msgid ""
+"Syntax Error: Unexpected boolean definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2871
+#, python-format
+msgid ""
+"Syntax Error: Unexpected bare file rule found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2894
+#, python-format
+msgid ""
+"Syntax Error: Unexpected path entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2922
+#, python-format
+msgid "Syntax Error: Invalid Regex %(path)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2925
+#, python-format
+msgid "Invalid mode %(mode)s in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:2977
+#, python-format
+msgid ""
+"Syntax Error: Unexpected network entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3007
+#, python-format
+msgid ""
+"Syntax Error: Unexpected dbus entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3030
+#, python-format
+msgid ""
+"Syntax Error: Unexpected mount entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3052
+#, python-format
+msgid ""
+"Syntax Error: Unexpected signal entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3074
+#, python-format
+msgid ""
+"Syntax Error: Unexpected ptrace entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3096
+#, python-format
+msgid ""
+"Syntax Error: Unexpected pivot_root entry found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3118
+#, python-format
+msgid ""
+"Syntax Error: Unexpected unix entry found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3140
+#, python-format
+msgid ""
+"Syntax Error: Unexpected change hat declaration found in file: %(file)s "
+"line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3152
+#, python-format
+msgid ""
+"Syntax Error: Unexpected hat definition found in file: %(file)s line: "
+"%(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3168
+#, python-format
+msgid "Error: Multiple definitions for hat %(hat)s in profile %(profile)s."
+msgstr ""
+
+#: ../apparmor/aa.py:3185
+#, python-format
+msgid "Warning: invalid \"REPOSITORY:\" line in %s, ignoring."
+msgstr ""
+
+#: ../apparmor/aa.py:3198
+#, python-format
+msgid "Syntax Error: Unknown line found in file: %(file)s line: %(line)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3211
+#, python-format
+msgid ""
+"Syntax Error: Missing '}' or ','. Reached end of file %(file)s while inside "
+"profile %(profile)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3277
+#, python-format
+msgid "Redefining existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3282
+#, python-format
+msgid ""
+"Values added to a non-existing variable %(variable)s: %(value)s in %(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3284
+#, python-format
+msgid ""
+"Unknown variable operation %(operation)s for variable %(variable)s in "
+"%(file)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3343
+#, python-format
+msgid "Invalid allow string: %(allow)s"
+msgstr ""
+
+#: ../apparmor/aa.py:3778
+msgid "Can't find existing profile to modify"
+msgstr ""
+
+#: ../apparmor/aa.py:4347
+#, python-format
+msgid "Writing updated profile for %s."
+msgstr ""
+
+#: ../apparmor/aa.py:4481
+#, python-format
+msgid "File Not Found: %s"
+msgstr ""
+
+#: ../apparmor/aa.py:4591
+#, python-format
+msgid ""
+"%s is currently marked as a program that should not have its own\n"
+"profile. Usually, programs are marked this way if creating a profile for \n"
+"them is likely to break the rest of the system. If you know what you're\n"
+"doing and are certain you want to create a profile for this program, edit\n"
+"the corresponding entry in the [qualifiers] section in "
+"/etc/apparmor/logprof.conf."
+msgstr ""
+
+#: ../apparmor/logparser.py:127 ../apparmor/logparser.py:132
+#, python-format
+msgid "Log contains unknown mode %s"
+msgstr ""
+
+#: ../apparmor/tools.py:84 ../apparmor/tools.py:126
+#, python-format
+msgid ""
+"Can't find %(program)s in the system path list. If the name of the "
+"application\n"
+"is correct, please run 'which %(program)s' as a user with correct PATH\n"
+"environment set up in order to find the fully-qualified path and\n"
+"use the full path as parameter."
+msgstr ""
+
+#: ../apparmor/tools.py:86 ../apparmor/tools.py:102 ../apparmor/tools.py:128
+#, python-format
+msgid "%s does not exist, please double-check the path."
+msgstr ""
+
+#: ../apparmor/tools.py:100
+msgid ""
+"The given program cannot be found, please try with the fully qualified path "
+"name of the program: "
+msgstr ""
+
+#: ../apparmor/tools.py:113 ../apparmor/tools.py:137 ../apparmor/tools.py:157
+#: ../apparmor/tools.py:175 ../apparmor/tools.py:193
+#, python-format
+msgid "Profile for %s not found, skipping"
+msgstr ""
+
+#: ../apparmor/tools.py:140
+#, python-format
+msgid "Disabling %s."
+msgstr ""
+
+#: ../apparmor/tools.py:198
+#, python-format
+msgid "Setting %s to audit mode."
+msgstr ""
+
+#: ../apparmor/tools.py:200
+#, python-format
+msgid "Removing audit mode from %s."
+msgstr ""
+
+#: ../apparmor/tools.py:212
+#, python-format
+msgid ""
+"Please pass an application to generate a profile for, not a profile itself - "
+"skipping %s."
+msgstr ""
+
+#: ../apparmor/tools.py:220
+#, python-format
+msgid "Profile for %s already exists - skipping."
+msgstr ""
+
+#: ../apparmor/tools.py:232
+#, python-format
+msgid ""
+"\n"
+"Deleted %s rules."
+msgstr ""
+
+#: ../apparmor/tools.py:240
+#, python-format
+msgid ""
+"The local profile for %(program)s in file %(file)s was changed. Would you "
+"like to save it?"
+msgstr ""
+
+#: ../apparmor/tools.py:260
+#, python-format
+msgid "The profile for %s does not exists. Nothing to clean."
+msgstr ""
+
+#: ../apparmor/ui.py:61
+msgid "Invalid hotkey for"
+msgstr ""
+
+#: ../apparmor/ui.py:77 ../apparmor/ui.py:121 ../apparmor/ui.py:275
+msgid "(Y)es"
+msgstr ""
+
+#: ../apparmor/ui.py:78 ../apparmor/ui.py:122 ../apparmor/ui.py:276
+msgid "(N)o"
+msgstr ""
+
+#: ../apparmor/ui.py:123
+msgid "(C)ancel"
+msgstr ""
+
+#: ../apparmor/ui.py:223
+msgid "(A)llow"
+msgstr ""
+
+#: ../apparmor/ui.py:224
+msgid "(M)ore"
+msgstr ""
+
+#: ../apparmor/ui.py:225
+msgid "Audi(t)"
+msgstr ""
+
+#: ../apparmor/ui.py:226
+msgid "Audi(t) off"
+msgstr ""
+
+#: ../apparmor/ui.py:227
+msgid "Audit (A)ll"
+msgstr ""
+
+#: ../apparmor/ui.py:229
+msgid "(O)wner permissions on"
+msgstr ""
+
+#: ../apparmor/ui.py:230
+msgid "(O)wner permissions off"
+msgstr ""
+
+#: ../apparmor/ui.py:231
+msgid "(D)eny"
+msgstr ""
+
+#: ../apparmor/ui.py:232
+msgid "Abo(r)t"
+msgstr ""
+
+#: ../apparmor/ui.py:233
+msgid "(F)inish"
+msgstr ""
+
+#: ../apparmor/ui.py:234
+msgid "(I)nherit"
+msgstr ""
+
+#: ../apparmor/ui.py:235
+msgid "(P)rofile"
+msgstr ""
+
+#: ../apparmor/ui.py:236
+msgid "(P)rofile Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:237
+msgid "(C)hild"
+msgstr ""
+
+#: ../apparmor/ui.py:238
+msgid "(C)hild Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:239
+msgid "(N)amed"
+msgstr ""
+
+#: ../apparmor/ui.py:240
+msgid "(N)amed Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:241
+msgid "(U)nconfined"
+msgstr ""
+
+#: ../apparmor/ui.py:242
+msgid "(U)nconfined Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:243
+msgid "(P)rofile Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:244
+msgid "(P)rofile Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:245
+msgid "(C)hild Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:246
+msgid "(C)hild Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:247
+msgid "(N)amed Inherit"
+msgstr ""
+
+#: ../apparmor/ui.py:248
+msgid "(N)amed Inherit Clean Exec"
+msgstr ""
+
+#: ../apparmor/ui.py:249
+msgid "(X) ix On"
+msgstr ""
+
+#: ../apparmor/ui.py:250
+msgid "(X) ix Off"
+msgstr ""
+
+#: ../apparmor/ui.py:251 ../apparmor/ui.py:265
+msgid "(S)ave Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:252
+msgid "(C)ontinue Profiling"
+msgstr ""
+
+#: ../apparmor/ui.py:253
+msgid "(N)ew"
+msgstr ""
+
+#: ../apparmor/ui.py:254
+msgid "(G)lob"
+msgstr ""
+
+#: ../apparmor/ui.py:255
+msgid "Glob with (E)xtension"
+msgstr ""
+
+#: ../apparmor/ui.py:256
+msgid "(A)dd Requested Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:257
+msgid "(U)se Default Hat"
+msgstr ""
+
+#: ../apparmor/ui.py:258
+msgid "(S)can system log for AppArmor events"
+msgstr ""
+
+#: ../apparmor/ui.py:259
+msgid "(H)elp"
+msgstr ""
+
+#: ../apparmor/ui.py:260
+msgid "(V)iew Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:261
+msgid "(U)se Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:262
+msgid "(C)reate New Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:263
+msgid "(U)pdate Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:264
+msgid "(I)gnore Update"
+msgstr ""
+
+#: ../apparmor/ui.py:266
+msgid "Save Selec(t)ed Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:267
+msgid "(U)pload Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:268
+msgid "(V)iew Changes"
+msgstr ""
+
+#: ../apparmor/ui.py:269
+msgid "View Changes b/w (C)lean profiles"
+msgstr ""
+
+#: ../apparmor/ui.py:270
+msgid "(V)iew"
+msgstr ""
+
+#: ../apparmor/ui.py:271
+msgid "(E)nable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:272
+msgid "(D)isable Repository"
+msgstr ""
+
+#: ../apparmor/ui.py:273
+msgid "(N)ever Ask Again"
+msgstr ""
+
+#: ../apparmor/ui.py:274
+msgid "Ask Me (L)ater"
+msgstr ""
+
+#: ../apparmor/ui.py:277
+msgid "Allow All (N)etwork"
+msgstr ""
+
+#: ../apparmor/ui.py:278
+msgid "Allow Network Fa(m)ily"
+msgstr ""
+
+#: ../apparmor/ui.py:279
+msgid "(O)verwrite Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:280
+msgid "(K)eep Profile"
+msgstr ""
+
+#: ../apparmor/ui.py:281
+msgid "(C)ontinue"
+msgstr ""
+
+#: ../apparmor/ui.py:282
+msgid "(I)gnore"
+msgstr ""
+
+#: ../apparmor/ui.py:344
+#, python-format
+msgid "PromptUser: Unknown command %s"
+msgstr ""
+
+#: ../apparmor/ui.py:351
+#, python-format
+msgid "PromptUser: Duplicate hotkey for %(command)s: %(menutext)s "
+msgstr ""
+
+#: ../apparmor/ui.py:363
+msgid "PromptUser: Invalid hotkey in default item"
+msgstr ""
+
+#: ../apparmor/ui.py:368
+#, python-format
+msgid "PromptUser: Invalid default %s"
+msgstr ""
diff --git a/utils/python-tools-setup.py b/utils/python-tools-setup.py
index 56825f5954b2b5f59a2a788b11134e5b0b8590ed..2cbde8fc1b97991b94d7ca178c0506545bc808b0 100644
--- a/utils/python-tools-setup.py
+++ b/utils/python-tools-setup.py
@@ -20,14 +20,14 @@
# Note: --version=... must be the last argument to this script
#
-from distutils.command.install import install as _install
-from distutils.core import setup
+from setuptools.command.install import install as _install
+from setuptools import setup
import os
import shutil
import sys
class Install(_install, object):
- '''Override distutils to install the files where we want them.'''
+ '''Override setuptools to install the files where we want them.'''
def run(self):
# Now byte-compile everything
super(Install, self).run()
@@ -70,7 +70,7 @@ setup (name='apparmor',
long_description='Python libraries for AppArmor utilities',
author='AppArmor Developers',
author_email='apparmor@lists.ubuntu.com',
- url='https://launchpad.net/apparmor',
+ url='https://gitlab.com/apparmor/apparmor',
license='GPL-2',
cmdclass={'install': Install},
package_dir={'apparmor': 'staging'},
diff --git a/utils/test/Makefile b/utils/test/Makefile
index 628c9a77fa8c724344a55788b4c72b0577a83ca1..e9abb725a51fe322eeee82f8339d1c9988051d4d 100644
--- a/utils/test/Makefile
+++ b/utils/test/Makefile
@@ -27,8 +27,7 @@ ifdef USE_SYSTEM
BASEDIR=
PARSER=
else
- # PYTHON_DIST_BUILD_PATH based on libapparmor/swig/python/test/Makefile.am
- PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) -c "import distutils.util; import platform; print(\"lib.%s-%s\" %(distutils.util.get_platform(), platform.python_version()[:3]))")
+ PYTHON_DIST_BUILD_PATH = ../../libraries/libapparmor/swig/python/build/$$($(PYTHON) ../../libraries/libapparmor/swig/python/test/buildpath.py)
LIBAPPARMOR_PATH=../../libraries/libapparmor/src/.libs/
LD_LIBRARY_PATH=$(LIBAPPARMOR_PATH):$(PYTHON_DIST_BUILD_PATH)
PYTHONPATH=..:$(PYTHON_DIST_BUILD_PATH)
@@ -92,4 +91,3 @@ coverage-report: .coverage
coverage-html: .coverage
$(PYTHON) -m coverage html --omit="$(COVERAGE_OMIT)" $(HTML_COVR_ARGS)
-
diff --git a/utils/test/README.md b/utils/test/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..2ac1fa09f6fb3737e0ed85ac10cde0129e466d52
--- /dev/null
+++ b/utils/test/README.md
@@ -0,0 +1,18 @@
+# Running individual tests
+
+Python's unittest allows individual tests to be executed by specifying the class name and the test on the command line.
+When running tests individually, the unittest framework executes the "setUp" and "tearDown" methods automatically.
+For more information, refer to the [unittest documentation](https://docs.python.org/3/library/unittest.html).
+
+Make sure to set the environment variables pointing to the in-tree apparmor modules, and the in-tree libapparmor and its python wrapper:
+
+```bash
+$ export PYTHONPATH=..:../../libraries/libapparmor/swig/python/build/$(/usr/bin/python3 ../../libraries/libapparmor/swig/python/test/buildpath.py)
+$ export __AA_CONFDIR=.
+```
+
+To execute the test individually, run:
+
+```bash
+$ python3 ./test-tile.py ClassFoo.test_bar
+```
diff --git a/utils/test/cleanprof_test.in b/utils/test/cleanprof_test.in
index c9cd27fcf1e85c2a9222bf27a0f52b08149c6ed4..593c0b179666cd4394e6b7e79540998fc73bc2ea 100644
--- a/utils/test/cleanprof_test.in
+++ b/utils/test/cleanprof_test.in
@@ -1,13 +1,27 @@
# A simple test comment which will persist
#include <tunables/global>
+#include if exists <tunables/nothing>
+
+ #include if exists <tunables/global>
+ include if exists <tunables/global>
+
alias /foo -> /bar ,
+
+@{xy} = y x
+
abi <abi/4.19> ,
+ @{asdf} = foo ""
+
/usr/bin/a/simple/cleanprof/test/profile {
# Just for the heck of it, this comment wont see the day of light
#include <abstractions/base>
+#include if exists <foo>
+ #include if exists <abstractions/base>
+ include <abstractions/base>
+
capability sys_admin,
audit capability,
@@ -44,6 +58,12 @@
^foo, # hat declarations are obsolete and will be removed when aa-cleanprof or aa-logprof writes the profile
+ mount options=(rw,suid) /c -> /3,
+
+ pivot_root oldroot=/mnt/root/old/,
+
+ deny owner link /some/thing -> /foo/bar ,
+ unix shutdown addr=@HypotheticalServiceDaemon,
link subset /alpha/beta -> /tmp/**,
@@ -57,3 +77,9 @@
allow /home/*/** rw,
allow /home/foo/bar r,
}
+
+/what/ever/xattr xattrs=( foo=bar )
+ flags=( complain
+ ) {
+ /what/ever r,
+ }
diff --git a/utils/test/cleanprof_test.out b/utils/test/cleanprof_test.out
index 71de1bd8ee84eadbdda6cae8ac6c011124858975..dfe251e1fd64dd8dc9864fdbe3e0c44a779206a1 100644
--- a/utils/test/cleanprof_test.out
+++ b/utils/test/cleanprof_test.out
@@ -1,16 +1,21 @@
-abi <abi/4.19> ,
+abi <abi/4.19>,
alias /foo -> /bar,
-#include <tunables/global>
+include <tunables/global>
+include if exists <tunables/nothing>
+
+@{xy} = x y
+@{asdf} = "" foo
# A simple test comment which will persist
/usr/bin/a/simple/cleanprof/test/profile {
- abi "abi/4.20" ,
+ abi "abi/4.20",
- #include <abstractions/base>
+ include <abstractions/base>
+ include if exists <foo>
set rlimit nofile <= 256,
@@ -20,14 +25,20 @@ alias /foo -> /bar,
dbus send bus=session,
+ mount options=(rw,suid) /c -> /3,
+
signal set=(abrt alrm bus chld fpe hup ill int kill pipe quit segv stkflt term trap usr1 usr2),
+ pivot_root oldroot=/mnt/root/old/,
+
unix (receive) type=dgram,
+ unix shutdown addr=@HypotheticalServiceDaemon,
- link subset /alpha/beta -> /tmp/**,
+ deny owner link /some/thing -> /foo/bar,
allow /home/*/** r,
allow /home/foo/** w,
+ link subset /alpha/beta -> /tmp/**,
change_profile,
@@ -44,3 +55,7 @@ alias /foo -> /bar,
allow /home/foo/bar r,
}
+/what/ever/xattr xattrs=( foo=bar ) flags=( complain ) {
+ /what/ever r,
+
+}
diff --git a/utils/test/logprof.conf b/utils/test/logprof.conf
index 31ed5c9bd53780f66767355f05afea59b19e3728..71b50e48229f5a5c0c62a2ad323ee6ff8d85938a 100644
--- a/utils/test/logprof.conf
+++ b/utils/test/logprof.conf
@@ -36,11 +36,6 @@
custom_includes =
-[repository]
- distro = ubuntu-intrepid
- url = http://apparmor.test.opensuse.org/backend/api
- preferred_user = ubuntu
-
[qualifiers]
# things will be painfully broken if bash has a profile
/bin/bash = icnu
diff --git a/utils/test/test-aa-cli-bootstrap.py b/utils/test/test-aa-cli-bootstrap.py
new file mode 100644
index 0000000000000000000000000000000000000000..8b8883d0f0cd04e11f5c3af2531ba2df6f06771d
--- /dev/null
+++ b/utils/test/test-aa-cli-bootstrap.py
@@ -0,0 +1,77 @@
+#! /usr/bin/python3
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2019 Otto Kekäläinen <otto@kekalainen.net>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import unittest
+from common_test import AATest, setup_all_loops, setup_aa
+
+# Imports for test code
+import io
+import os
+import sys
+
+# Imports for AppArmor
+import atexit
+import apparmor.aa as aa
+import apparmor.ui as aaui
+from apparmor.common import DebugLogger
+from apparmor.fail import enable_aa_exception_handler
+from apparmor.translations import init_translation
+
+
+class AACliBootstrapTest(AATest):
+ '''
+ Generic test of the core AppArmor Python libraries that all command
+ line tools rely on.
+ '''
+ def AASetup(self):
+ # Redirect sys.stdout to a buffer
+ sys.stdout = io.StringIO()
+
+ global _, debug_logger
+
+ enable_aa_exception_handler()
+ _ = init_translation()
+ atexit.register(aa.on_exit)
+ debug_logger = DebugLogger('Test AA')
+ debug_logger.debug('Starting test')
+
+ def AATeardown(self):
+ debug_logger.debug('Ended test')
+
+ def test_loadincludes(self):
+ self.assertEqual(aa.loadincludes(), None)
+
+ def test_i18n(self):
+ self.assertEqual('Test string - do not translate', _('Test string - do not translate'))
+
+ def test_aa_conf(self):
+ confdir = os.getenv('__AA_CONFDIR')
+ if confdir:
+ self.assertEqual(aa.conf.CONF_DIR, confdir)
+ else:
+ self.assertEqual(aa.conf.CONF_DIR, '/etc/apparmor')
+
+ def test_aa_ui_info(self):
+ aaui.UI_Info('Test string')
+ self.assertEqual(sys.stdout.getvalue(), 'Test string\n')
+
+ def test_aa_ui_info_json(self):
+ aaui.set_json_mode()
+ sys.stdout.getvalue()
+ aaui.UI_Info('Test string')
+ self.assertEqual(sys.stdout.getvalue(), '{"dialog": "apparmor-json-version","data": "2.12"}\n{"dialog": "info","data": "Test string"}\n')
+ aaui.set_text_mode()
+
+
+setup_aa(aa) # Wrapper for aa.init_aa()
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-aa-decode.py b/utils/test/test-aa-decode.py
index d9da7c3742a44894317420d1c9605ff0b517e30b..96dfcfb48c55e2e35b9344f59d94fe2fbac2ac07 100755
--- a/utils/test/test-aa-decode.py
+++ b/utils/test/test-aa-decode.py
@@ -28,23 +28,33 @@ def subprocess_setup():
# non-Python subprocesses expect.
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
-def cmd(command, input = None, stderr = subprocess.STDOUT, stdout = subprocess.PIPE, stdin = None, timeout = None):
+# Define only arguments that are actually ever used: command and stdin
+def cmd(command, stdin=None):
'''Try to execute given command (array) and return its stdout, or return
a textual error if it failed.'''
try:
- sp = subprocess.Popen(command, stdin=stdin, stdout=stdout, stderr=stderr, close_fds=True, preexec_fn=subprocess_setup)
+ sp = subprocess.Popen(
+ command,
+ stdin=stdin,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ close_fds=True,
+ preexec_fn=subprocess_setup
+ )
except OSError as e:
return [127, str(e)]
- out, outerr = sp.communicate(input)
- # Handle redirection of stdout
- if out == None:
- out = b''
- # Handle redirection of stderr
- if outerr == None:
- outerr = b''
- return [sp.returncode, out.decode('utf-8') + outerr.decode('utf-8')]
+ stdout, stderr = sp.communicate(input)
+
+ # If there was some error output, show that instead of stdout to ensure
+ # test fails and does not mask potentially major warnings and errors.
+ if stderr:
+ out = stderr
+ else:
+ out = stdout
+
+ return [sp.returncode, out.decode('utf-8')]
def mkstemp_fill(contents, suffix='', prefix='tst-aadecode-', dir=None):
diff --git a/utils/test/test-aa-notify.py b/utils/test/test-aa-notify.py
new file mode 100644
index 0000000000000000000000000000000000000000..cfb5fa5a88aea73d01520544529ea183e38badf2
--- /dev/null
+++ b/utils/test/test-aa-notify.py
@@ -0,0 +1,292 @@
+#! /usr/bin/python3
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2011-2012 Canonical Ltd.
+# Copyright (C) 2019 Otto Kekäläinen
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import os
+import signal
+import subprocess
+import tempfile
+import time
+import unittest
+
+from common_test import AATest, setup_all_loops, setup_aa
+import apparmor.aa as aa
+
+# The location of the aa-notify utility can be overridden by setting
+# the APPARMOR_NOTIFY environment variable; this is useful for running
+# these tests in an installed environment
+aanotify_bin = "../aa-notify"
+
+# http://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/2009-07-02-python-sigpipe.html
+# This is needed so that the subprocesses that produce endless output
+# actually quit when the reader goes away.
+def subprocess_setup():
+ # Python installs a SIGPIPE handler by default. This is usually not what
+ # non-Python subprocesses expect.
+ signal.signal(signal.SIGPIPE, signal.SIG_DFL)
+
+
+def cmd(command):
+ '''Try to execute given command (array) and return its stdout, or return
+ a textual error if it failed.'''
+
+ try:
+ sp = subprocess.Popen(
+ command,
+ stdin=None,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE,
+ close_fds=True,
+ preexec_fn=subprocess_setup
+ )
+ except OSError as e:
+ return [127, str(e)]
+
+ stdout, stderr = sp.communicate(input)
+
+ # If there was some error output, show that instead of stdout to ensure
+ # test fails and does not mask potentially major warnings and errors.
+ if stderr:
+ out = stderr
+ else:
+ out = stdout
+
+ return [sp.returncode, out.decode('utf-8')]
+
+
+class AANotifyTest(AATest):
+
+ def AASetup(self):
+ '''Create temporary log file with 30 enties of different age'''
+
+ test_logfile_contents_999_days_old = \
+'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+'''.format(epoch=round(time.time(), 3) - 60*60*24*999)
+
+ test_logfile_contents_30_days_old = \
+'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+'''.format(epoch=round(time.time(), 3) - 60*60*24*30)
+
+ test_logfile_contents_unrelevant_entries = \
+'''Feb 1 19:35:44 XPS-13-9370 kernel: [99848.048761] audit: type=1400 audit(1549042544.968:72): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/snap/core/6350/usr/lib/snapd/snap-confine" pid=12871 comm="apparmor_parser"
+Feb 2 00:40:09 XPS-13-9370 kernel: [103014.549071] audit: type=1400 audit(1549060809.600:89): apparmor="STATUS" operation="profile_load" profile="unconfined" name="docker-default" pid=17195 comm="apparmor_parser"
+Feb 4 20:05:42 XPS-13-9370 kernel: [132557.202931] audit: type=1400 audit(1549303542.661:136): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="snap.atom.apm" pid=11306 comm="apparmor_parser"
+'''
+
+ test_logfile_contents_0_seconds_old = \
+'''Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834382] audit: type=1400 audit({epoch}:113): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/bin/uname" pid=4097 comm="sh" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/bin/uname"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834888] audit: type=1400 audit({epoch}:114): apparmor="ALLOWED" operation="file_inherit" profile="libreoffice-soffice//null-/bin/uname" name="/dev/null" pid=4097 comm="uname" requested_mask="w" denied_mask="w" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.834890] audit: type=1400 audit({epoch}:115): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/bin/uname" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835136] audit: type=1400 audit({epoch}:116): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/ld-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835377] audit: type=1400 audit({epoch}:117): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/etc/ld.so.cache" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835405] audit: type=1400 audit({epoch}:118): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835421] audit: type=1400 audit({epoch}:119): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/bin/uname" name="/lib/x86_64-linux-gnu/libc-2.27.so" pid=4097 comm="uname" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.835696] audit: type=1400 audit({epoch}:120): apparmor="ALLOWED" operation="open" profile="libreoffice-soffice//null-/bin/uname" name="/usr/lib/locale/locale-archive" pid=4097 comm="uname" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.875891] audit: type=1400 audit({epoch}:121): apparmor="ALLOWED" operation="exec" profile="libreoffice-soffice" name="/usr/bin/file" pid=4111 comm="soffice.bin" requested_mask="x" denied_mask="x" fsuid=1001 ouid=0 target="libreoffice-soffice//null-/usr/bin/file"
+Feb 4 13:40:38 XPS-13-9370 kernel: [128552.880347] audit: type=1400 audit({epoch}:122): apparmor="ALLOWED" operation="file_mmap" profile="libreoffice-soffice//null-/usr/bin/file" name="/usr/bin/file" pid=4111 comm="file" requested_mask="rm" denied_mask="rm" fsuid=1001 ouid=0
+'''.format(epoch=round(time.time(), 3))
+
+ handle, self.test_logfile = tempfile.mkstemp(prefix='test-aa-notify-')
+ os.close(handle)
+ handle = open(self.test_logfile, "w+")
+ handle.write(
+ test_logfile_contents_999_days_old +
+ test_logfile_contents_30_days_old +
+ test_logfile_contents_unrelevant_entries +
+ test_logfile_contents_0_seconds_old
+ )
+ handle.close()
+
+ def AATeardown(self):
+ '''Remove temporary log file after tests ended'''
+
+ if self.test_logfile and os.path.exists(self.test_logfile):
+ os.remove(self.test_logfile)
+
+ # The Perl aa-notify script was written so, that it will checked for kern.log
+ # before printing help when invoked without arguments (sic!).
+ @unittest.skipUnless(os.path.isfile('/var/log/kern.log'), 'Requires kern.log on system')
+ def test_no_arguments(self):
+ '''Test using no arguments at all'''
+
+ expected_return_code = 0
+ expected_output_has = 'usage: aa-notify'
+
+ return_code, output = cmd([aanotify_bin])
+ result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ def test_help_contents(self):
+ '''Test output of help text'''
+
+ expected_return_code = 0
+ expected_output_1 = \
+'''usage: aa-notify [-h] [-p] [--display DISPLAY] [-f FILE] [-l] [-s NUM] [-v]
+ [-u USER] [-w NUM] [--debug]
+
+Display AppArmor notifications or messages for DENIED entries.
+'''
+
+ expected_output_2 = \
+'''
+ -h, --help show this help message and exit
+ -p, --poll poll AppArmor logs and display notifications
+ --display DISPLAY set the DISPLAY environment variable (might be needed if
+ sudo resets $DISPLAY)
+ -f FILE, --file FILE search FILE for AppArmor messages
+ -l, --since-last display stats since last login
+ -s NUM, --since-days NUM
+ show stats for last NUM days (can be used alone or with
+ -p)
+ -v, --verbose show messages with stats
+ -u USER, --user USER user to drop privileges to when not using sudo
+ -w NUM, --wait NUM wait NUM seconds before displaying notifications (with
+ -p)
+ --debug debug mode
+'''
+
+ return_code, output = cmd([aanotify_bin, '--help'])
+ result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+
+ self.assertIn(expected_output_1, output)
+ self.assertIn(expected_output_2, output)
+
+ def test_entries_since_100_days(self):
+ '''Test showing log entries since 100 days'''
+
+ expected_return_code = 0
+ expected_output_has = 'AppArmor denials: 20 (since'
+
+ return_code, output = cmd([aanotify_bin, '-f', self.test_logfile, '-s', '100'])
+ result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_entries_since_login(self):
+ '''Test showing log entries since last login'''
+
+ expected_return_code = 0
+ expected_output_has = 'AppArmor denials: 10 (since'
+
+ return_code, output = cmd([aanotify_bin, '-f', self.test_logfile, '-l'])
+ if "ERROR: Could not find last login" in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+ @unittest.skipUnless(os.path.isfile('/var/log/wtmp'), 'Requires wtmp on system')
+ def test_entries_since_login_verbose(self):
+ '''Test showing log entries since last login in verbose mode'''
+
+ expected_return_code = 0
+ expected_output_has = \
+'''Profile: libreoffice-soffice
+Operation: exec
+Name: /bin/uname
+Denied: x
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: file_inherit
+Name: /dev/null
+Denied: w
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: file_mmap
+Name: /bin/uname
+Denied: rm
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: file_mmap
+Name: /lib/x86_64-linux-gnu/ld-2.27.so
+Denied: rm
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: open
+Name: /etc/ld.so.cache
+Denied: r
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: open
+Name: /lib/x86_64-linux-gnu/libc-2.27.so
+Denied: r
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: file_mmap
+Name: /lib/x86_64-linux-gnu/libc-2.27.so
+Denied: rm
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/bin/uname
+Operation: open
+Name: /usr/lib/locale/locale-archive
+Denied: r
+Logfile: {logfile}
+
+Profile: libreoffice-soffice
+Operation: exec
+Name: /usr/bin/file
+Denied: x
+Logfile: {logfile}
+
+Profile: libreoffice-soffice//null-/usr/bin/file
+Operation: file_mmap
+Name: /usr/bin/file
+Denied: rm
+Logfile: {logfile}
+
+AppArmor denials: 10 (since'''.format(logfile=self.test_logfile)
+
+ return_code, output = cmd([aanotify_bin, '-f', self.test_logfile, '-l', '-v'])
+ if "ERROR: Could not find last login" in output:
+ self.skipTest('Could not find last login')
+ result = 'Got return code %d, expected %d\n' % (return_code, expected_return_code)
+ self.assertEqual(expected_return_code, return_code, result + output)
+ result = 'Got output "%s", expected "%s"\n' % (output, expected_output_has)
+ self.assertIn(expected_output_has, output, result + output)
+
+
+setup_aa(aa) # Wrapper for aa.init_aa()
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ if 'APPARMOR_NOTIFY' in os.environ:
+ aanotify_bin = os.environ['APPARMOR_NOTIFY']
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-aa.py b/utils/test/test-aa.py
index 890cfac74eca4a8d329129087d98eea3ff7fcf78..89a5c3da33cfe7995fbfd58be30f61c20965eb63 100644
--- a/utils/test/test-aa.py
+++ b/utils/test/test-aa.py
@@ -20,11 +20,12 @@ import sys
import apparmor.aa # needed to set global vars in some tests
from apparmor.aa import (check_for_apparmor, get_output, get_reqs, get_interpreter_and_abstraction, create_new_profile,
get_profile_flags, change_profile_flags, set_options_audit_mode, set_options_owner_mode, is_skippable_file, is_skippable_dir,
- parse_profile_start, parse_profile_data, separate_vars, store_list_var, write_header,
- var_transform, serialize_parse_profile_start, get_file_perms, propose_file_rules)
+ parse_profile_start, parse_profile_data, write_header,
+ get_file_perms, propose_file_rules)
from apparmor.aare import AARE
from apparmor.common import AppArmorException, AppArmorBug
from apparmor.rule.file import FileRule
+from apparmor.rule.include import IncludeRule
class AaTestWithTempdir(AATest):
def AASetup(self):
@@ -131,8 +132,8 @@ class AaTest_create_new_profile(AATest):
# load the abstractions we need in the test
apparmor.aa.profile_dir = self.profile_dir
- apparmor.aa.load_include('abstractions/base')
- apparmor.aa.load_include('abstractions/bash')
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/base'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/bash'))
exp_interpreter_path, exp_abstraction = expected
# damn symlinks!
@@ -149,9 +150,9 @@ class AaTest_create_new_profile(AATest):
self.assertEqual(set(profile[program][program]['file'].get_clean()), {'%s mr,' % program, ''})
if exp_abstraction:
- self.assertEqual(set(profile[program][program]['include'].keys()), {exp_abstraction, 'abstractions/base'})
+ self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', 'include <%s>' % exp_abstraction, ''])
else:
- self.assertEqual(set(profile[program][program]['include'].keys()), {'abstractions/base'})
+ self.assertEqual(profile[program][program]['inc_ie'].get_clean(), ['include <abstractions/base>', ''])
class AaTest_get_interpreter_and_abstraction(AATest):
tests = [
@@ -507,36 +508,51 @@ class AaTest_is_skippable_dir(AATest):
class AaTest_parse_profile_start(AATest):
def _parse(self, line, profile, hat):
return parse_profile_start(line, 'somefile', 1, profile, hat)
- # (profile, hat, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
+ # (profile, hat, attachment, xattrs, flags, in_contained_hat, pps_set_profile, pps_set_hat_external)
def test_parse_profile_start_01(self):
result = self._parse('/foo {', None, None)
- expected = ('/foo', '/foo', None, None, False, False, False)
+ expected = ('/foo', '/foo', None, None, None, False, False, False)
self.assertEqual(result, expected)
def test_parse_profile_start_02(self):
result = self._parse('/foo (complain) {', None, None)
- expected = ('/foo', '/foo', None, 'complain', False, False, False)
+ expected = ('/foo', '/foo', None, None, 'complain', False, False, False)
self.assertEqual(result, expected)
def test_parse_profile_start_03(self):
result = self._parse('profile foo /foo {', None, None) # named profile
- expected = ('foo', 'foo', '/foo', None, False, False, False)
+ expected = ('foo', 'foo', '/foo', None, None, False, False, False)
self.assertEqual(result, expected)
def test_parse_profile_start_04(self):
result = self._parse('profile /foo {', '/bar', '/bar') # child profile
- expected = ('/bar', '/foo', None, None, True, True, False)
+ expected = ('/bar', '/foo', None, None, None, True, True, False)
self.assertEqual(result, expected)
def test_parse_profile_start_05(self):
result = self._parse('/foo//bar {', None, None) # external hat
- expected = ('/foo', 'bar', None, None, False, False, True)
+ expected = ('/foo', 'bar', None, None, None, False, False, True)
self.assertEqual(result, expected)
def test_parse_profile_start_06(self):
result = self._parse('profile "/foo" (complain) {', None, None)
- expected = ('/foo', '/foo', None, 'complain', False, False, False)
+ expected = ('/foo', '/foo', None, None, 'complain', False, False, False)
+ self.assertEqual(result, expected)
+
+ def test_parse_profile_start_07(self):
+ result = self._parse('profile "/foo" xattrs=(user.bar=bar) {', None, None)
+ expected = ('/foo', '/foo', None, 'user.bar=bar', None, False, False, False)
+ self.assertEqual(result, expected)
+
+ def test_parse_profile_start_08(self):
+ result = self._parse('profile "/foo" xattrs=(user.bar=bar user.foo=*) {', None, None)
+ expected = ('/foo', '/foo', None, 'user.bar=bar user.foo=*', None, False, False, False)
+ self.assertEqual(result, expected)
+
+ def test_parse_profile_start_09(self):
+ result = self._parse('/usr/bin/xattrs-test xattrs=(myvalue="foo.bar") {', None, None)
+ expected = ('/usr/bin/xattrs-test', '/usr/bin/xattrs-test', None, 'myvalue="foo.bar"', None, False, False, False)
self.assertEqual(result, expected)
def test_parse_profile_start_unsupported_01(self):
@@ -561,79 +577,57 @@ class AaTest_parse_profile_data(AATest):
self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
self.assertEqual(prof['/foo']['/foo']['flags'], None)
- def test_parse_empty_profile_02(self):
+ def test_parse_duplicate_profile(self):
with self.assertRaises(AppArmorException):
# file contains two profiles with the same name
parse_profile_data('profile /foo {\n}\nprofile /foo {\n}\n'.split(), 'somefile', False)
-class AaTest_separate_vars(AATest):
- tests = [
- ('' , set() ),
- (' ' , set() ),
- (' foo bar' , {'foo', 'bar' }),
- ('foo " ' , AppArmorException ),
- (' " foo ' , AppArmorException ), # half-quoted
- (' foo bar ' , {'foo', 'bar' }),
- (' foo bar # comment' , {'foo', 'bar', '#', 'comment'}), # XXX should comments be stripped?
- ('foo' , {'foo' }),
- ('"foo" "bar baz"' , {'foo', 'bar baz' }),
- ('foo "bar baz" xy' , {'foo', 'bar baz', 'xy' }),
- ('foo "bar baz ' , AppArmorException ), # half-quoted
- (' " foo" bar' , {' foo', 'bar' }),
- (' " foo" bar x' , {' foo', 'bar', 'x' }),
- ('""' , {'' }), # empty value
- ('"" foo' , {'', 'foo' }), # empty value + 'foo'
- ('"" foo "bar"' , {'', 'foo', 'bar' }), # empty value + 'foo' + 'bar' (bar has superfluous quotes)
- ('"bar"' , {'bar' }), # 'bar' with superfluous quotes
- ]
-
- def _run_test(self, params, expected):
- if expected == AppArmorException:
- with self.assertRaises(expected):
- separate_vars(params)
- else:
- result = separate_vars(params)
- self.assertEqual(result, expected)
-
-
-class AaTest_store_list_var(AATest):
- tests = [
- # old var value operation expected (False for exception)
- ([ {} , 'foo' , '=' ], {'foo'} ), # set
- ([ {} , 'foo bar' , '=' ], {'foo', 'bar'} ), # set multi
- ([ {'@{var}': {'foo'}} , 'bar' , '=' ], False ), # redefine var
- ([ {} , 'bar' , '+=' ], False ), # add to undefined var
- ([ {'@{var}': {'foo'}} , 'bar' , '+=' ], {'foo', 'bar'} ), # add
- ([ {'@{var}': {'foo'}} , 'bar baz' , '+=' ], {'foo', 'bar', 'baz'} ), # add multi
- ([ {'@{var}': {'foo', 'xy'}} , 'bar baz' , '+=' ], {'foo', 'xy', 'bar', 'baz'} ), # add multi to multi
- ([ {} , 'foo' , '-=' ], False ), # unknown operation
- ]
+ def test_parse_duplicate_child_profile(self):
+ with self.assertRaises(AppArmorException):
+ # file contains two child profiles with the same name
+ parse_profile_data('profile /foo {\nprofile /bar {\n}\nprofile /bar {\n}\n}\n'.split(), 'somefile', False)
- def _run_test(self, params, expected):
- var = params[0]
- value = params[1]
- operation = params[2]
+ def test_parse_duplicate_hat(self):
+ with self.assertRaises(AppArmorException):
+ # file contains two hats with the same name
+ parse_profile_data('profile /foo {\n^baz {\n}\n^baz {\n}\n}\n'.split(), 'somefile', False)
- if not expected:
- with self.assertRaises(AppArmorException):
- store_list_var(var, '@{var}', value, operation, 'somefile')
- return
+ def test_parse_xattrs_01(self):
+ prof = parse_profile_data('/foo xattrs=(user.bar=bar) {\n}\n'.split(), 'somefile', False)
- # dumy value that must not be changed
- var['@{foo}'] = {'one', 'two'}
+ self.assertEqual(list(prof.keys()), ['/foo'])
+ self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
+ self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
+ self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
+ self.assertEqual(prof['/foo']['/foo']['flags'], None)
+ self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar')
- exp_var = {
- '@{foo}': {'one', 'two'},
- '@{var}': expected,
- }
+ def test_parse_xattrs_02(self):
+ prof = parse_profile_data('/foo xattrs=(user.bar=bar user.foo=*) {\n}\n'.split(), 'somefile', False)
- store_list_var(var, '@{var}', value, operation, 'somefile')
+ self.assertEqual(list(prof.keys()), ['/foo'])
+ self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
+ self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
+ self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
+ self.assertEqual(prof['/foo']['/foo']['flags'], None)
+ self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar user.foo=*')
- self.assertEqual(var.keys(), exp_var.keys())
+ def test_parse_xattrs_03(self):
+ d = '/foo xattrs=(user.bar=bar) flags=(complain) {\n}\n'
+ prof = parse_profile_data(d.split(), 'somefile', False)
- for key in exp_var:
- self.assertEqual(var[key], exp_var[key])
+ self.assertEqual(list(prof.keys()), ['/foo'])
+ self.assertEqual(list(prof['/foo'].keys()), ['/foo'])
+ self.assertEqual(prof['/foo']['/foo']['name'], '/foo')
+ self.assertEqual(prof['/foo']['/foo']['filename'], 'somefile')
+ self.assertEqual(prof['/foo']['/foo']['flags'], 'complain')
+ self.assertEqual(prof['/foo']['/foo']['xattrs'], 'user.bar=bar')
+ def test_parse_xattrs_04(self):
+ with self.assertRaises(AppArmorException):
+ # flags before xattrs
+ d = '/foo flags=(complain) xattrs=(user.bar=bar) {\n}\n'
+ parse_profile_data(d.split(), 'somefile', False)
class AaTest_write_header(AATest):
tests = [
@@ -670,107 +664,49 @@ class AaTest_write_header(AATest):
embedded_hat = params[1]
write_flags = params[2]
depth = params[3]
- prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': params[6], 'header_comment': params[7] }
+ prof_data = { 'flags': params[4], 'attachment': params[5], 'profile_keyword': params[6], 'header_comment': params[7], 'xattrs': '' }
result = write_header(prof_data, depth, name, embedded_hat, write_flags)
self.assertEqual(result, [expected])
-class AaTest_var_transform(AATest):
- tests = [
- (['foo', ''], 'foo ""' ),
- (['foo', 'bar'], 'foo bar' ),
- ([''], '""' ),
- (['bar baz', 'foo'], '"bar baz" foo' ),
- ]
-
- def _run_test(self, params, expected):
- self.assertEqual(var_transform(params), expected)
-
-class AaTest_serialize_parse_profile_start(AATest):
- def _parse(self, line, profile, hat, prof_data_profile, prof_data_external):
- # 'correct' is always True in the code that uses serialize_parse_profile_start() (set some lines above the function call)
- return serialize_parse_profile_start(line, 'somefile', 1, profile, hat, prof_data_profile, prof_data_external, True)
-
- def test_serialize_parse_profile_start_01(self):
- result = self._parse('/foo {', None, None, False, False)
- expected = ('/foo', '/foo', None, None, False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_02(self):
- result = self._parse('/foo (complain) {', None, None, False, False)
- expected = ('/foo', '/foo', None, 'complain', False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_03(self):
- result = self._parse('profile foo /foo {', None, None, False, False) # named profile
- expected = ('foo', 'foo', '/foo', None, False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_04(self):
- result = self._parse('profile /foo {', '/bar', '/bar', False, False) # child profile
- expected = ('/bar', '/foo', None, None, True, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_05(self):
- result = self._parse('/foo//bar {', None, None, False, False) # external hat
- expected = ('/foo', 'bar', None, None, False, False) # note correct == False here
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_06(self):
- result = self._parse('profile "/foo" (complain) {', None, None, False, False)
- expected = ('/foo', '/foo', None, 'complain', False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_07(self):
- result = self._parse('/foo {', None, None, True, False)
- expected = ('/foo', '/foo', None, None, False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_08(self):
- result = self._parse('/foo {', None, None, False, True)
- expected = ('/foo', '/foo', None, None, False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_09(self):
- result = self._parse('/foo {', None, None, True, True)
- expected = ('/foo', '/foo', None, None, False, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_10(self):
- result = self._parse('profile /foo {', '/bar', '/bar', True, False) # child profile
- expected = ('/bar', '/foo', None, None, True, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_11(self):
- result = self._parse('profile /foo {', '/bar', '/bar', False, True) # child profile
- expected = ('/bar', '/foo', None, None, True, True)
- self.assertEqual(result, expected)
-
- def test_serialize_parse_profile_start_12(self):
- result = self._parse('profile /foo {', '/bar', '/bar', True, True) # child profile
- expected = ('/bar', '/foo', None, None, True, True)
- self.assertEqual(result, expected)
-
-class AaTestInvalid_serialize_parse_profile_start(AATest):
+class AaTest_write_header_01(AATest):
tests = [
- # line profile hat p_d_profile p_d_external expected
- (['/foo {', '/bar', '/bar', False, False ], AppArmorException), # child profile without 'profile' keyword
- (['profile /foo {', '/bar', '/xy', False, False ], AppArmorException), # already inside a child profile - nesting level reached
- (['/ext//hat {', '/bar', '/bar', True, True ], AppArmorException), # external hat inside a profile
- (['/ext//hat {', '/bar', '/bar', True, False ], AppArmorException), # external hat inside a profile
- (['xy', '/bar', '/bar', False, False ], AppArmorBug ), # not a profile start
- ]
+ (
+ {'name': '/foo', 'write_flags': True, 'depth': 1, 'flags': 'complain'},
+ ' /foo flags=(complain) {',
+ ),
+ (
+ {'name': '/foo', 'write_flags': True, 'depth': 1, 'flags': 'complain', 'profile_keyword': 'profile'},
+ ' profile /foo flags=(complain) {',
+ ),
+ (
+ {'name': '/foo', 'write_flags': True, 'flags': 'complain'},
+ '/foo flags=(complain) {',
+ ),
+ (
+ {'name': '/foo', 'xattrs': 'user.foo=bar', 'write_flags': True, 'flags': 'complain'},
+ '/foo xattrs=(user.foo=bar) flags=(complain) {',
+ ),
+ (
+ {'name': '/foo', 'xattrs': 'user.foo=bar', 'embedded_hat': True},
+ 'profile /foo xattrs=(user.foo=bar) {',
+ ),
+ ]
def _run_test(self, params, expected):
- line = params[0]
- profile = params[1]
- hat = params[2]
- prof_data_profile = params[3]
- prof_data_external = params[4]
-
- with self.assertRaises(expected):
- # 'correct' is always True in the code that uses serialize_parse_profile_start() (set some lines above the function call)
- serialize_parse_profile_start(line, 'somefile', 1, profile, hat, prof_data_profile, prof_data_external, True)
+ name = params['name']
+ embedded_hat = params.get('embedded_hat', False)
+ write_flags = params.get('write_flags', False)
+ depth = params.get('depth', 0)
+ prof_data = {
+ 'xattrs': params.get('xattrs', None),
+ 'flags': params.get('flags', None),
+ 'attachment': params.get('attachment', None),
+ 'profile_keyword': params.get('profile_keyword', None),
+ 'header_comment': params.get('header_comment', None),
+ }
+ result = write_header(prof_data, depth, name, embedded_hat, write_flags)
+ self.assertEqual(result, [expected])
class AaTest_get_file_perms_1(AATest):
tests = [
@@ -819,15 +755,15 @@ class AaTest_get_file_perms_2(AATest):
# load the abstractions we need in the test
apparmor.aa.profile_dir = self.profile_dir
- apparmor.aa.load_include('abstractions/base')
- apparmor.aa.load_include('abstractions/bash')
- apparmor.aa.load_include('abstractions/enchant')
- apparmor.aa.load_include('abstractions/aspell')
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/base'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/bash'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/enchant'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['include']['abstractions/base'] = True
- profile['include']['abstractions/bash'] = True
- profile['include']['abstractions/enchant'] = True # includes abstractions/aspell
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/what/ever a,')) # covered by the above 'w' rule, so 'a' should be ignored
@@ -857,19 +793,20 @@ class AaTest_propose_file_rules(AATest):
# load the abstractions we need in the test
apparmor.aa.profile_dir = self.profile_dir
- apparmor.aa.load_include('abstractions/base')
- apparmor.aa.load_include('abstractions/bash')
- apparmor.aa.load_include('abstractions/enchant')
- apparmor.aa.load_include('abstractions/aspell')
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/base'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/bash'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/enchant'))
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/aspell'))
# add some user_globs ('(N)ew') to simulate a professional aa-logprof user (and to make sure that part of the code also gets tested)
apparmor.aa.user_globs['/usr/share/common*/foo/*'] = AARE('/usr/share/common*/foo/*', True)
apparmor.aa.user_globs['/no/thi*ng'] = AARE('/no/thi*ng', True)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['include']['abstractions/base'] = True
- profile['include']['abstractions/bash'] = True
- profile['include']['abstractions/enchant'] = True # includes abstractions/aspell
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/bash>'))
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/enchant>'))
+
profile['file'].add(FileRule.parse('owner /usr/share/common-licenses/** w,'))
profile['file'].add(FileRule.parse('/dev/null rwk,'))
@@ -899,7 +836,7 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
# load the abstractions we need in the test
apparmor.aa.profile_dir = self.profile_dir
- apparmor.aa.load_include('abstractions/base')
+ apparmor.aa.load_include(os.path.join(self.profile_dir, 'abstractions/base'))
abs_include1 = write_file(self.tmpdir, 'test-abs1', "/some/random/include rw,")
apparmor.aa.load_include(abs_include1)
@@ -911,10 +848,10 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
apparmor.aa.load_include(abs_include3)
profile = apparmor.aa.ProfileStorage('/test', '/test', 'test-aa.py')
- profile['include']['abstractions/base'] = False
- profile['include'][abs_include1] = False
- profile['include'][abs_include2] = False
- profile['include'][abs_include3] = False
+ profile['inc_ie'].add(IncludeRule.parse('include <abstractions/base>'))
+ profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include1))
+ profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include2))
+ profile['inc_ie'].add(IncludeRule.parse('include "%s"' % abs_include3))
rule_obj = FileRule(params[0], params[1], None, FileRule.ALL, owner=False, log_event=True)
proposals = propose_file_rules(profile, rule_obj)
@@ -922,15 +859,14 @@ class AaTest_propose_file_rules_with_absolute_includes(AATest):
class AaTest_nonexistent_includes(AATest):
- def test_bad_includes(self):
- tests = [
- "/nonexistent/absolute/path",
- "nonexistent/relative/path",
- ]
-
- for i in tests:
- with self.assertRaises(AppArmorException):
- apparmor.aa.load_include(i)
+ tests = [
+ ("/nonexistent/absolute/path", AppArmorException),
+ ("nonexistent/relative/path", AppArmorBug), # load_include() only accepts absolute paths
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ apparmor.aa.load_include(params)
setup_aa(apparmor.aa)
diff --git a/utils/test/test-aamode.py b/utils/test/test-aamode.py
deleted file mode 100644
index 93653cd29d1aee14fa0f4e9bc177b062a18c1041..0000000000000000000000000000000000000000
--- a/utils/test/test-aamode.py
+++ /dev/null
@@ -1,114 +0,0 @@
-#! /usr/bin/python3
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2014-2016 Christian Boltz
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-
-import unittest
-from common_test import AATest, setup_all_loops
-
-import apparmor.aamode
-
-from apparmor.aamode import split_log_mode, str_to_mode, sub_str_to_mode, validate_log_mode
-from apparmor.common import AppArmorBug
-
-class AamodeTest_split_log_mode(AATest):
- def test_split_log_mode_1(self):
- self.assertEqual(split_log_mode(''), ('', ''))
- def test_split_log_mode_2(self):
- self.assertEqual(split_log_mode('r'), ('r', 'r'))
- def test_split_log_mode_3(self):
- self.assertEqual(split_log_mode('r::'), ('r', ''))
- def test_split_log_mode_4(self):
- self.assertEqual(split_log_mode('::r'), ('', 'r'))
- def test_split_log_mode_5(self):
- self.assertEqual(split_log_mode('r::w'), ('r', 'w'))
- def test_split_log_mode_6(self):
- self.assertEqual(split_log_mode('rw::rw'), ('rw', 'rw'))
- def test_split_log_mode_invalid_1(self):
- with self.assertRaises(AppArmorBug):
- split_log_mode('r::w::r')
-
-class AamodeTest_str_to_mode(AATest):
- tests = [
- ('x', apparmor.aamode.AA_MAY_EXEC),
- ('w', apparmor.aamode.AA_MAY_WRITE),
- ('r', apparmor.aamode.AA_MAY_READ),
- ('a', apparmor.aamode.AA_MAY_APPEND),
- ('l', apparmor.aamode.AA_MAY_LINK),
- ('k', apparmor.aamode.AA_MAY_LOCK),
- ('m', apparmor.aamode.AA_EXEC_MMAP),
- ('i', apparmor.aamode.AA_EXEC_INHERIT),
- ('u', apparmor.aamode.AA_EXEC_UNCONFINED | apparmor.aamode.AA_EXEC_UNSAFE),
- ('U', apparmor.aamode.AA_EXEC_UNCONFINED),
- ('p', apparmor.aamode.AA_EXEC_PROFILE | apparmor.aamode.AA_EXEC_UNSAFE),
- ('P', apparmor.aamode.AA_EXEC_PROFILE),
- ('c', apparmor.aamode.AA_EXEC_CHILD | apparmor.aamode.AA_EXEC_UNSAFE),
- ('C', apparmor.aamode.AA_EXEC_CHILD),
- (None, set()),
- ]
-
- def _run_test(self, params, expected):
- mode = expected | apparmor.aamode.AA_OTHER(expected)
- #print("mode: %s params: %s str_to_mode(params): %s" % (mode, params, apparmor.aamode.str_to_mode(params)))
- self.assertEqual(mode, str_to_mode(params), 'mode is %s and expected string is %s'%(mode, expected))
-
-class AamodeTest_sub_str_to_mode(AATest):
- def test_sub_str_to_mode_1(self):
- self.assertEqual(sub_str_to_mode(''), set())
- def test_sub_str_to_mode_2(self):
- self.assertEqual(sub_str_to_mode('ix'), {'i', 'x'})
- def test_sub_str_to_mode_3(self):
- self.assertEqual(sub_str_to_mode('rw'), {'r', 'w'})
- def test_sub_str_to_mode_4(self):
- self.assertEqual(sub_str_to_mode('rPix'), {'i', 'P', 'r', 'x'})
- def test_sub_str_to_mode_5(self):
- self.assertEqual(sub_str_to_mode('rPUx'), {'P', 'r', 'U', 'x'})
- def test_sub_str_to_mode_6(self):
- self.assertEqual(sub_str_to_mode('cix'), {'i', 'x', 'C', 'execunsafe'})
- def test_sub_str_to_mode_7(self):
- self.assertEqual(sub_str_to_mode('rwlk'), {'k', 'r', 'l', 'w'})
- def test_sub_str_to_mode_dupes(self):
- self.assertEqual(sub_str_to_mode('rwrwrw'), {'r', 'w'})
-
- def test_sub_str_to_mode_invalid_1(self):
- with self.assertRaises(AppArmorBug):
- sub_str_to_mode('asdf42')
-
- def test_sub_str_to_mode_invalid_2(self):
- import apparmor.aamode
- apparmor.aamode.MODE_HASH = {'x': 'foo'} # simulate MODE_HASH and MODE_MAP_SET getting out of sync
-
- with self.assertRaises(AppArmorBug):
- sub_str_to_mode('r')
-
-
-
-class AamodeTest_validate_log_mode(AATest):
- def test_validate_log_mode_1(self):
- self.assertTrue(validate_log_mode('a'))
- def test_validate_log_mode_2(self):
- self.assertTrue(validate_log_mode('rw'))
- def test_validate_log_mode_3(self):
- self.assertTrue(validate_log_mode('Pixrw'))
- def test_validate_log_mode_4(self):
- self.assertTrue(validate_log_mode('rrrr'))
-
- def test_validate_log_mode_invalid_1(self):
- self.assertFalse(validate_log_mode('c')) # 'c' (create) must be converted to 'a' before calling validate_log_mode()
- def test_validate_log_mode_invalid_2(self):
- self.assertFalse(validate_log_mode('R')) # only lowercase 'r' is valid
- def test_validate_log_mode_invalid_3(self):
- self.assertFalse(validate_log_mode('foo'))
- def test_validate_log_mode_invalid_4(self):
- self.assertFalse(validate_log_mode(''))
-
-
-setup_all_loops(__name__)
-if __name__ == '__main__':
- unittest.main(verbosity=1)
diff --git a/utils/test/test-aare.py b/utils/test/test-aare.py
index ef91e00ff5d7691e4fda3a0b1eb8ae3c11658316..bc1f30f900c9de576d772fbee6272186eea9d223 100644
--- a/utils/test/test-aare.py
+++ b/utils/test/test-aare.py
@@ -42,6 +42,7 @@ class Test_convert_expression_to_aare(AATest):
('/foo', '/foo' ),
('/foo?', '/foo\\?' ),
('/foo*', '/foo\\*' ),
+ (r'/foo\*', r'/foo\\\*' ), # raw string, no backslash doubling
('/foo[bar]', '/foo\\[bar\\]' ),
('/foo{bar}', '/foo\\{bar\\}' ),
('/foo{', '/foo\\{' ),
diff --git a/utils/test/test-abi.py b/utils/test/test-abi.py
new file mode 100644
index 0000000000000000000000000000000000000000..f0a64dd28a29f44d0368a563e83bd67a20ae6aa4
--- /dev/null
+++ b/utils/test/test-abi.py
@@ -0,0 +1,350 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.abi import AbiRule, AbiRuleset
+#from apparmor.rule import BaseRule
+from apparmor.common import AppArmorException, AppArmorBug
+#from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()
+
+exp = namedtuple('exp', [ # 'audit', 'allow_keyword', 'deny',
+ 'comment',
+ 'path', 'ifexists', 'ismagic'])
+
+# --- tests for single AbiRule --- #
+
+class AbiTest(AATest):
+ def _compare_obj(self, obj, expected):
+ self.assertEqual(False, obj.allow_keyword) # not supported in abi rules, expected to be always False
+ self.assertEqual(False, obj.audit) # not supported in abi rules, expected to be always False
+ self.assertEqual(False, obj.deny) # not supported in abi rules, expected to be always False
+ self.assertEqual(expected.comment, obj.comment)
+
+ self.assertEqual(expected.path, obj.path)
+ self.assertEqual(False, expected.ifexists) # tests bug - should always expect ifexists==False
+ self.assertEqual(False, obj.ifexists) # not supported in abi rules, expected to be always False
+ self.assertEqual(expected.ismagic, obj.ismagic)
+
+class AbiTestParse(AbiTest):
+ tests = [
+ # AbiRule object comment path if exists ismagic
+ ('abi <abstractions/base>,', exp('', 'abstractions/base', False, True )), # magic path
+ ('abi <abstractions/base>, # comment', exp(' # comment', 'abstractions/base', False, True )),
+ ('abi<abstractions/base>,#comment', exp(' #comment', 'abstractions/base', False, True )),
+ (' abi <abstractions/base> , ', exp('', 'abstractions/base', False, True )),
+ ('abi "/foo/bar",', exp('', '/foo/bar', False, False)), # absolute path
+ ('abi "/foo/bar", # comment', exp(' # comment', '/foo/bar', False, False)),
+ ('abi "/foo/bar",#comment', exp(' #comment', '/foo/bar', False, False)),
+ (' abi "/foo/bar" , ', exp('', '/foo/bar', False, False)),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AbiRule.match(rawrule))
+ obj = AbiRule.parse(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+class AbiTestParseInvalid(AbiTest):
+ tests = [
+# (' some abi <abstractions/base>', AppArmorException),
+# (' /etc/fstab r,', AppArmorException),
+# ('/usr/abi r,', AppArmorException),
+# ('/abi r,', AppArmorException),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AbiRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ AbiRule.parse(rawrule)
+
+# class AbiTestParseFromLog(AbiTest): # we'll never have log events for abi
+
+class AbiFromInit(AbiTest):
+ tests = [
+ # AbiRule object ifexists ismagic comment path ifexists ismagic
+ (AbiRule('abi/4.19', False, False) , exp('', 'abi/4.19', False, False )),
+ (AbiRule('foo', False, False) , exp('', 'foo', False, False )),
+ (AbiRule('bar', False, True) , exp('', 'bar', False, True )),
+ (AbiRule('comment', False, False, comment='# cmt') , exp('# cmt', 'comment', False, False )),
+ ]
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+class InvalidAbiInit(AATest):
+ tests = [
+ # init params expected exception
+ ([False, False, False ] , AppArmorBug), # wrong type for path
+ (['', False, False ] , AppArmorBug), # empty path
+ ([None, False, False ] , AppArmorBug), # wrong type for path
+# ([' ', False, False ] , AppArmorBug), # whitespace-only path
+ (['foo', None, False ] , AppArmorBug), # wrong type for ifexists
+ (['foo', '', False ] , AppArmorBug), # wrong type for ifexists
+ (['foo', False, None ] , AppArmorBug), # wrong type for ismagic
+ (['foo', False, '' ] , AppArmorBug), # wrong type for ismagic
+ (['', True, False ] , AppArmorBug), # ifexists set
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ AbiRule(params[0], params[1], params[2])
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ AbiRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ AbiRule('foo')
+
+ def test_missing_params_3(self):
+ with self.assertRaises(TypeError):
+ AbiRule('foo', False)
+
+ def test_audit_true(self):
+ with self.assertRaises(AppArmorBug):
+ AbiRule('foo', False, False, audit=True)
+
+ def test_deny_true(self):
+ with self.assertRaises(AppArmorBug):
+ AbiRule('foo', False, False, deny=True)
+
+ def test_ifexists_true(self):
+ with self.assertRaises(AppArmorBug):
+ AbiRule('foo', True, False)
+
+class InvalidAbiTest(AATest):
+ def _check_invalid_rawrule(self, rawrule, matches_regex = False):
+ obj = None
+ self.assertEqual(AbiRule.match(rawrule), matches_regex)
+ with self.assertRaises(AppArmorException):
+ obj = AbiRule.parse(rawrule)
+
+ self.assertIsNone(obj, 'AbiRule handed back an object unexpectedly')
+
+ def test_invalid_abi_missing_path(self):
+ self._check_invalid_rawrule('abi ,', matches_regex=True) # missing path
+
+ def test_invalid_non_AbiRule(self):
+ self._check_invalid_rawrule('dbus,') # not a abi rule
+
+# def test_empty_data_1(self):
+# obj = AbiRule('foo', False, False)
+# obj.path = ''
+# # no path set
+# with self.assertRaises(AppArmorBug):
+# obj.get_clean(1)
+
+class WriteAbiTestAATest(AATest):
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AbiRule.match(rawrule))
+ obj = AbiRule.parse(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ tests = [
+ # raw rule clean rule
+ (' abi <foo> , ', 'abi <foo>,' ),
+ (' abi foo , ', 'abi "foo",' ),
+ (' abi "foo" , ', 'abi "foo",' ),
+ (' abi /foo , ', 'abi "/foo",' ),
+ (' abi "/foo" , ', 'abi "/foo",' ),
+
+ (' abi <foo>, # bar ', 'abi <foo>, # bar' ),
+ (' abi foo , # bar ', 'abi "foo", # bar' ),
+ (' abi "foo", # bar ', 'abi "foo", # bar' ),
+ (' abi /foo, # bar ', 'abi "/foo", # bar' ),
+ (' abi "/foo", # bar ', 'abi "/foo", # bar' ),
+ ]
+
+ def test_write_manually(self):
+ obj = AbiRule('abs/foo', False, True, comment=' # cmt')
+
+ expected = ' abi <abs/foo>, # cmt'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class AbiCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = AbiRule.parse(self.rule)
+ check_obj = AbiRule.parse(param)
+
+ self.assertTrue(AbiRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+
+class AbiCoveredTest_01(AbiCoveredTest):
+ rule = 'abi <foo>,'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('abi <foo>,' , [ True , True , True , True ]),
+ ('abi "foo",' , [ False , False , False , False ]),
+ ('abi <foobar>,' , [ False , False , False , False ]),
+ ('abi "foo",' , [ False , False , False , False ]),
+ ]
+
+class AbiCoveredTest_02(AbiCoveredTest):
+ rule = 'abi "foo",'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('abi <foo>,' , [ False , False , False , False ]),
+ ('abi "foo",' , [ True , True , True , True ]),
+ ('abi "foobar",' , [ False , False , False , False ]),
+ ('abi foo,' , [ True , False , True , True ]),
+ ]
+
+#class AbiCoveredTest_Invalid(AATest):
+# def test_borked_obj_is_covered_1(self):
+# obj = AbiRule.parse('abi <foo>')
+
+# testobj = AbiRule('foo', True, True)
+# testobj.path = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_borked_obj_is_covered_2(self):
+# obj = AbiRule.parse('abi send set=quit peer=/foo,')
+
+# testobj = AbiRule('send', 'quit', '/foo')
+# testobj.abi = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_borked_obj_is_covered_3(self):
+# obj = AbiRule.parse('abi send set=quit peer=/foo,')
+
+# testobj = AbiRule('send', 'quit', '/foo')
+# testobj.peer = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_invalid_is_covered(self):
+# obj = AbiRule.parse('abi send,')
+
+# testobj = BaseRule() # different type
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_invalid_is_equal(self):
+# obj = AbiRule.parse('abi send,')
+
+# testobj = BaseRule() # different type
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_equal(testobj)
+
+class AbiLogprofHeaderTest(AATest):
+# tests = [
+# ('abi,', [ _('Access mode'), _('ALL'), _('Abi'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('abi send,', [ _('Access mode'), 'send', _('Abi'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('abi send set=quit,', [ _('Access mode'), 'send', _('Abi'), 'quit', _('Peer'), _('ALL'), ]),
+# ('deny abi,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Abi'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('allow abi send,', [_('Qualifier'), 'allow', _('Access mode'), 'send', _('Abi'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('audit abi send set=quit,', [_('Qualifier'), 'audit', _('Access mode'), 'send', _('Abi'), 'quit', _('Peer'), _('ALL'), ]),
+# ('audit deny abi send,', [_('Qualifier'), 'audit deny', _('Access mode'), 'send', _('Abi'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('abi set=(int, quit),', [ _('Access mode'), _('ALL'), _('Abi'), 'int quit', _('Peer'), _('ALL'), ]),
+# ('abi set=( quit, int),', [ _('Access mode'), _('ALL'), _('Abi'), 'int quit', _('Peer'), _('ALL'), ]),
+# ('abi (send, receive) set=( quit, int) peer=/foo,', [ _('Access mode'), 'receive send', _('Abi'), 'int quit', _('Peer'), '/foo', ]),
+# ]
+
+ def _run_test(self, params, expected):
+ obj = AbiRule._parse(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+## --- tests for AbiRuleset --- #
+
+class AbiRulesTest(AATest):
+ def test_empty_ruleset(self):
+ ruleset = AbiRuleset()
+ ruleset_2 = AbiRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+ self.assertEqual([], ruleset_2.get_clean_unsorted(2))
+
+ def test_ruleset_1(self):
+ ruleset = AbiRuleset()
+ rules = [
+ ' abi <foo> ,',
+ ' abi "/bar", ',
+ ]
+
+ expected_raw = [
+ 'abi <foo> ,',
+ 'abi "/bar",',
+ '',
+ ]
+
+ expected_clean = [
+ 'abi "/bar",',
+ 'abi <foo>,',
+ '',
+ ]
+
+ expected_clean_unsorted = [
+ 'abi <foo>,',
+ 'abi "/bar",',
+ '',
+ ]
+
+ for rule in rules:
+ ruleset.add(AbiRule.parse(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+ self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
+
+class AbiGlobTestAATest(AATest):
+ def setUp(self):
+ self.maxDiff = None
+ self.ruleset = AbiRuleset()
+
+# def test_glob(self):
+# with self.assertRaises(NotImplementedError):
+# # get_glob_ext is not available for include rules
+# self.ruleset.get_glob('include send set=int,')
+
+ def test_glob_ext(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob_ext is not available for include rules
+ self.ruleset.get_glob_ext('include send set=int,')
+
+#class AbiDeleteTestAATest(AATest):
+# pass
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-alias.py b/utils/test/test-alias.py
new file mode 100644
index 0000000000000000000000000000000000000000..eff621c8d13f75cc3e670d14eb3ef4bfe6dd3586
--- /dev/null
+++ b/utils/test/test-alias.py
@@ -0,0 +1,308 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.alias import AliasRule, AliasRuleset
+from apparmor.rule import BaseRule
+from apparmor.common import AppArmorException, AppArmorBug
+from apparmor.translations import init_translation
+_ = init_translation()
+
+exp = namedtuple('exp', ['comment',
+ 'orig_path', 'target'])
+
+# --- tests for single AliasRule --- #
+
+class AliasTest(AATest):
+ def _compare_obj(self, obj, expected):
+ # aliass don't support the allow, audit or deny keyword
+ self.assertEqual(False, obj.allow_keyword)
+ self.assertEqual(False, obj.audit)
+ self.assertEqual(False, obj.deny)
+
+ self.assertEqual(expected.orig_path, obj.orig_path)
+ self.assertEqual(expected.target, obj.target)
+ self.assertEqual(expected.comment, obj.comment)
+
+class AliasTestParse(AliasTest):
+ tests = [
+ # rawrule comment orig_path target
+ ('alias /foo -> /bar,', exp('', '/foo', '/bar' )),
+ (' alias /foo -> /bar , # comment', exp(' # comment', '/foo', '/bar' )),
+ ('alias "/foo 2" -> "/bar 2" ,', exp('', '/foo 2', '/bar 2' )),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AliasRule.match(rawrule))
+ obj = AliasRule.parse(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+class AliasTestParseInvalid(AliasTest):
+ tests = [
+ # rawrule matches regex exception
+ ('alias ,' , (False, AppArmorException)),
+ ('alias /foo ,' , (False, AppArmorException)),
+ ('alias /foo -> ,' , (True, AppArmorException)),
+ ('alias -> /bar ,' , (True, AppArmorException)),
+ ('/foo -> bar ,' , (False, AppArmorException)),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertEqual(AliasRule.match(rawrule), expected[0])
+ with self.assertRaises(expected[1]):
+ AliasRule.parse(rawrule)
+
+class AliasFromInit(AliasTest):
+ tests = [
+ # AliasRule object comment orig_path target
+ (AliasRule('/foo', '/bar'), exp('', '/foo', '/bar' )),
+ (AliasRule('/foo', '/bar', comment='# cmt'), exp('# cmt', '/foo', '/bar' )),
+ ]
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+
+class InvalidAliasInit(AATest):
+ tests = [
+ # init params expected exception
+ ([None, '/bar' ], AppArmorBug), # orig_path not a str
+ (['', '/bar' ], AppArmorException), # empty orig_path
+ (['foo', '/bar' ], AppArmorException), # orig_path not starting with /
+
+ (['/foo', None ], AppArmorBug), # target not a str
+ (['/foo', '' ], AppArmorException), # empty target
+ (['/foo', 'bar' ], AppArmorException), # target not starting with /
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ AliasRule(params[0], params[1])
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ AliasRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ AliasRule('/foo')
+
+ def test_invalid_audit(self):
+ with self.assertRaises(AppArmorBug):
+ AliasRule('/foo', '/bar', audit=True)
+
+ def test_invalid_deny(self):
+ with self.assertRaises(AppArmorBug):
+ AliasRule('/foo', '/bar', deny=True)
+
+
+class InvalidAliasTest(AATest):
+ def _check_invalid_rawrule(self, rawrule, matches_regex=False):
+ obj = None
+ self.assertEqual(AliasRule.match(rawrule), matches_regex)
+ with self.assertRaises(AppArmorException):
+ obj = AliasRule.parse(rawrule)
+
+ self.assertIsNone(obj, 'AliasRule handed back an object unexpectedly')
+
+ def test_invalid_missing_orig_path(self):
+ self._check_invalid_rawrule('alias -> /bar , ', matches_regex=True) # missing orig_path
+
+ def test_invalid_missing_target(self):
+ self._check_invalid_rawrule('alias /foo -> , ', matches_regex=True) # missing target
+
+ def test_invalid_net_non_AliasRule(self):
+ self._check_invalid_rawrule('dbus,') # not a alias rule
+
+
+class WriteAliasTestAATest(AATest):
+ tests = [
+ # raw rule clean rule
+ (' alias /foo -> /bar, ', 'alias /foo -> /bar,'),
+ (' alias /foo -> /bar, # comment', 'alias /foo -> /bar,'),
+ (' alias "/foo" -> "/bar", ', 'alias /foo -> /bar,'),
+ (' alias "/foo 2" -> "/bar 2", ', 'alias "/foo 2" -> "/bar 2",'),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(AliasRule.match(rawrule))
+ obj = AliasRule.parse(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually_1(self):
+ obj = AliasRule('/foo', '/bar')
+
+ expected = ' alias /foo -> /bar,'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+ def test_write_manually_2(self):
+ obj = AliasRule('/foo 2', '/bar 2')
+
+ expected = ' alias "/foo 2" -> "/bar 2",'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class AliasCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = AliasRule.parse(self.rule)
+ check_obj = AliasRule.parse(param)
+
+ self.assertTrue(AliasRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+
+class AliasCoveredTest_01(AliasCoveredTest):
+ rule = 'alias /foo -> /bar,'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ (' alias /foo -> /bar,' , [ True , True , True , True ]),
+ (' alias /foo -> /bar , ' , [ True , False , True , True ]),
+ (' alias /foo -> /bar, # comment' , [ True , False , True , True ]),
+ (' alias /foo -> /bar, # comment' , [ True , False , True , True ]),
+ (' alias /foo -> /asdf,' , [ False , False , False , False ]),
+ (' alias /whatever -> /bar,' , [ False , False , False , False ]),
+ (' alias /whatever -> /asdf,' , [ False , False , False , False ]),
+ ]
+
+class AliasCoveredTest_Invalid(AATest):
+# def test_borked_obj_is_covered_1(self):
+# obj = AliasRule.parse('alias /foo -> /bar,')
+
+# testobj = AliasRule('/foo', '/bar')
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_borked_obj_is_covered_2(self):
+# obj = AliasRule.parse('alias /foo -> /bar,')
+
+# testobj = AliasRule('/foo', '/bar')
+# testobj.target = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+ def test_invalid_is_covered_3(self):
+ obj = AliasRule.parse('alias /foo -> /bar,')
+
+ testobj = BaseRule() # different type
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ def test_invalid_is_equal(self):
+ obj = AliasRule.parse('alias /foo -> /bar,')
+
+ testobj = BaseRule() # different type
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(testobj)
+
+class AliasLogprofHeaderTest(AATest):
+ tests = [
+ ('alias /foo -> /bar,', [_('Alias'), '/foo -> /bar' ]),
+ ]
+
+ def _run_test(self, params, expected):
+ obj = AliasRule._parse(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+# --- tests for AliasRuleset --- #
+
+class AliasRulesTest(AATest):
+ def test_empty_ruleset(self):
+ ruleset = AliasRuleset()
+ ruleset_2 = AliasRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+
+ def test_ruleset_1(self):
+ ruleset = AliasRuleset()
+ rules = [
+ 'alias /foo -> /bar,',
+ ' alias /asdf -> /whatever ,',
+ 'alias /asdf -> /somewhere,',
+ 'alias /foo -> /bar,',
+ ]
+
+ expected_raw = [
+ 'alias /foo -> /bar,',
+ 'alias /asdf -> /whatever ,',
+ 'alias /asdf -> /somewhere,',
+ 'alias /foo -> /bar,',
+ '',
+ ]
+
+ expected_clean = [
+ 'alias /asdf -> /somewhere,',
+ 'alias /asdf -> /whatever,',
+ 'alias /foo -> /bar,',
+ 'alias /foo -> /bar,',
+ '',
+ ]
+
+ expected_clean_unsorted = [
+ 'alias /foo -> /bar,',
+ 'alias /asdf -> /whatever,',
+ 'alias /asdf -> /somewhere,',
+ 'alias /foo -> /bar,',
+ '',
+ ]
+
+ for rule in rules:
+ ruleset.add(AliasRule.parse(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+ self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
+
+class AliasGlobTestAATest(AATest):
+ def setUp(self):
+ self.ruleset = AliasRuleset()
+
+# def test_glob_1(self):
+# with self.assertRaises(NotImplementedError):
+# self.ruleset.get_glob('@{foo} = /bar')
+
+ def test_glob_ext(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob_ext is not available for change_profile rules
+ self.ruleset.get_glob_ext('@{foo} = /bar')
+
+class AliasDeleteTestAATest(AATest):
+ pass
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-capability.py b/utils/test/test-capability.py
index 9b0b0c80c6b6e75956d4887df6001b7058c580ab..ab25223c46273608b9e0207a50d239a54107d386 100644
--- a/utils/test/test-capability.py
+++ b/utils/test/test-capability.py
@@ -96,7 +96,7 @@ class CapabilityTest(AATest):
# })
def test_cap_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="net_raw"'
parsed_event = parser.parse_event(event)
@@ -138,7 +138,7 @@ class CapabilityTest(AATest):
self.assertEqual(obj.get_raw(1), ' capability net_raw,')
# def test_cap_from_invalid_log(self):
-# parser = ReadLog('', '', '', '')
+# parser = ReadLog('', '', '')
# # invalid log entry, name= should contain the capability name
# event = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname=""'
#
@@ -153,7 +153,7 @@ class CapabilityTest(AATest):
# obj.get_raw(1)
#
# def test_cap_from_non_cap_log(self):
-# parser = ReadLog('', '', '', '')
+# parser = ReadLog('', '', '')
# # log entry for different rule type
# event = 'type=AVC msg=audit(1415403814.973:667): apparmor="ALLOWED" operation="setsockopt" profile="/home/sys-tmp/ping" pid=15454 comm="ping" lport=1 family="inet" sock_type="raw" protocol=1'
#
@@ -220,7 +220,7 @@ class InvalidCapabilityTest(AATest):
def _check_invalid_rawrule(self, rawrule):
obj = None
with self.assertRaises(AppArmorException):
- obj = CapabilityRule(CapabilityRule.parse(rawrule))
+ obj = CapabilityRule.parse(rawrule)
self.assertFalse(CapabilityRule.match(rawrule))
self.assertIsNone(obj, 'CapbilityRule handed back an object unexpectedly')
@@ -611,7 +611,7 @@ class CapabilityRulesCoveredTest(AATest):
# def _test_log_covered(self, expected, capability):
# event_base = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="%s"'
-# parser = ReadLog('', '', '', '')
+# parser = ReadLog('', '', '')
# self.assertEqual(expected, self.ruleset.is_log_covered(parser.parse_event(event_base%capability)))
#
# def test_ruleset_is_log_covered_1(self):
@@ -627,7 +627,7 @@ class CapabilityRulesCoveredTest(AATest):
# def test_ruleset_is_log_covered_6(self):
# event_base = 'type=AVC msg=audit(1415403814.628:662): apparmor="ALLOWED" operation="capable" profile="/bin/ping" pid=15454 comm="ping" capability=13 capname="%s"'
#
-# parser = ReadLog('', '', '', '')
+# parser = ReadLog('', '', '')
# self.assertEqual(True, self.ruleset.is_log_covered(parser.parse_event(event_base%'chgrp'), False)) # ignores allow/deny
class CapabilityGlobTest(AATest):
diff --git a/utils/test/test-change_profile.py b/utils/test/test-change_profile.py
index 5191aa65a5f1eda2ca7d9838d3f3367c5e50738f..3fe3c4891a92907335c12805522a73ea28868ae6 100644
--- a/utils/test/test-change_profile.py
+++ b/utils/test/test-change_profile.py
@@ -93,7 +93,7 @@ class ChangeProfileTestParseInvalid(ChangeProfileTest):
class ChangeProfileTestParseFromLog(ChangeProfileTest):
def test_change_profile_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="change_profile" profile="/foo/changeprofile" pid=3459 comm="changeprofile" target="/foo/rename"'
@@ -185,7 +185,7 @@ class InvalidChangeProfileTest(AATest):
obj = None
self.assertFalse(ChangeProfileRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = ChangeProfileRule(ChangeProfileRule.parse(rawrule))
+ obj = ChangeProfileRule.parse(rawrule)
self.assertIsNone(obj, 'ChangeProfileRule handed back an object unexpectedly')
diff --git a/utils/test/test-common.py b/utils/test/test-common.py
index 64badf9f2bbc51b8adf97b729760971daf534643..cf46530d0ae1ee8c725ff2a9700d755cfb0f3b6e 100644
--- a/utils/test/test-common.py
+++ b/utils/test/test-common.py
@@ -12,7 +12,7 @@
import unittest
from common_test import AATest, setup_all_loops
-from apparmor.common import type_is_str
+from apparmor.common import type_is_str, split_name
class TestIs_str_type(AATest):
tests = [
@@ -26,6 +26,17 @@ class TestIs_str_type(AATest):
def _run_test(self, params, expected):
self.assertEqual(type_is_str(params), expected)
+class AaTest_split_name(AATest):
+ tests = [
+ # full profile name expected parts
+ ('foo', ('foo', 'foo')),
+ ('foo//bar', ('foo', 'bar')),
+ ('foo//bar//baz', ('foo', 'bar')), # XXX nested child profiles get cut off
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(split_name(params), expected)
+
setup_all_loops(__name__)
if __name__ == '__main__':
diff --git a/utils/test/test-config.py b/utils/test/test-config.py
index 3468c3bfaec18adfaed710cda73b6f4c0f885d25..1e0e63084c707f0cbef099fade16a1e454bdd9cb 100755
--- a/utils/test/test-config.py
+++ b/utils/test/test-config.py
@@ -22,7 +22,7 @@ class Test(unittest.TestCase):
ini_config = config.Config('ini')
ini_config.CONF_DIR = '.'
conf = ini_config.read_config('logprof.conf')
- logprof_sections = ['settings', 'repository', 'qualifiers', 'required_hats', 'defaulthat', 'globs']
+ logprof_sections = ['settings', 'qualifiers', 'required_hats', 'defaulthat', 'globs']
logprof_sections_options = ['profiledir', 'inactive_profiledir', 'logfiles', 'parser', 'ldd', 'logger', 'default_owner_prompt', 'custom_includes']
logprof_settings_parser = '../../parser/apparmor_parser'
diff --git a/utils/test/test-dbus.py b/utils/test/test-dbus.py
index 0eb230f9db39a94c0749626e82844c6f659a4416..069445089188c31bd1d81cb972ad49fa174e428a 100644
--- a/utils/test/test-dbus.py
+++ b/utils/test/test-dbus.py
@@ -123,7 +123,7 @@ class DbusTestParseInvalid(DbusTest):
class DbusTestParseFromLog(DbusTest):
def test_dbus_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=USER_AVC msg=audit(1375323372.644:157): pid=363 uid=102 auid=4294967295 ses=4294967295 msg=\'apparmor="DENIED" operation="dbus_method_call" bus="system" name="org.freedesktop.DBus" path="/org/freedesktop/DBus" interface="org.freedesktop.DBus" member="Hello" mask="send" pid=2833 profile="/tmp/apparmor-2.8.0/tests/regression/apparmor/dbus_service" peer_profile="unconfined" exe="/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?\''
parsed_event = parser.parse_event(event)
@@ -299,7 +299,7 @@ class InvalidDbusTest(AATest):
obj = None
self.assertFalse(DbusRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = DbusRule(DbusRule.parse(rawrule))
+ obj = DbusRule.parse(rawrule)
self.assertIsNone(obj, 'DbusRule handed back an object unexpectedly')
@@ -606,9 +606,9 @@ class DbusCoveredTest_09(DbusCoveredTest):
('dbus,' , [ False , False , False , False ]),
('dbus send,' , [ False , False , False , False ]),
('dbus send member=/foo/bar,' , [ False , False , True , True ]),
- ('dbus send member=/foo/*,' , [ False , False , True , True ]),
- ('dbus send member=/**,' , [ False , False , True , True ]),
- ('dbus send member=/what/*,' , [ False , False , True , True ]),
+ ('dbus send member=/foo/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('dbus send member=/**,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('dbus send member=/what/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
('dbus member=/foo/bar,' , [ False , False , False , False ]),
('dbus send, # comment' , [ False , False , False , False ]),
('allow dbus send,' , [ False , False , False , False ]),
diff --git a/utils/test/test-example.py b/utils/test/test-example.py
index 9f6650f0e179603b4935dcc8a50196aba8824f88..84b28c964df5de37a5e538d6f72599e52e09fde6 100644
--- a/utils/test/test-example.py
+++ b/utils/test/test-example.py
@@ -10,7 +10,8 @@
# ------------------------------------------------------------------
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_all_loops # , setup_aa
+# import apparmor.aa as aa # see the setup_aa() call for details
class TestFoo(AATest):
tests = [
@@ -46,8 +47,8 @@ class TestBaz(AATest):
def test_Baz_only_one_test(self):
self.assertEqual("baz", "baz")
-
-
+# if you import apparmor.aa and call init_aa() in your tests, uncomment this
+# setup_aa(aa)
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=1)
diff --git a/utils/test/test-file.py b/utils/test/test-file.py
index f12f3dcf5a1420b25c7fba1b353698ad17117f15..3e285cfef52a36bd4b84f87633d1fe240c011b64 100644
--- a/utils/test/test-file.py
+++ b/utils/test/test-file.py
@@ -92,6 +92,10 @@ class FileTestParse(FileTest):
# duplicated (but not conflicting) permissions
('/foo PxPxPxPxrwPx -> bar,' , exp(False, False, False, '', '/foo', False, {'r', 'w'}, False, 'Px', 'bar', False, False, False, False )),
('/foo CixCixrwCix -> bar, ' , exp(False, False, False, '', '/foo', False, {'r', 'w'}, False, 'Cix', 'bar', False, False, False, False )),
+
+ # link rules
+ ('link /foo -> /bar,' , exp(False, False, False, '', '/foo', False, {'link'}, False, None, '/bar', False, False, False, True )),
+ ('link subset /foo -> /bar,' , exp(False, False, False, '', '/foo', False, {'link', 'subset'}, False, None, '/bar', False, False, False, True )),
]
def _run_test(self, rawrule, expected):
@@ -128,6 +132,10 @@ class FileTestNonMatch(AATest):
('file Px -> bar,' , False ),
('/foo bar,' , False ),
('dbus /foo,' , False ),
+ ('link /foo,' , False ), # missing '-> /target'
+ ('link -> /bar,' , False ), # missing path
+ ('/foo -> bar link,', False ), # link has to be leading keyword
+ ('link,' , False ), # link isn't available as bare keyword
]
def _run_test(self, rawrule, expected):
@@ -135,7 +143,7 @@ class FileTestNonMatch(AATest):
class FileTestParseFromLog(FileTest):
def test_file_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'Nov 11 07:33:07 myhost kernel: [50812.879558] type=1502 audit(1236774787.169:369): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=1000 name="/bin/dash" pid=13726 profile="/bin/foobar"'
parsed_event = parser.parse_event(event)
@@ -176,6 +184,8 @@ class FileTestParseFromLog(FileTest):
self.assertEqual(obj.get_raw(1), ' /bin/dash r,')
+# TODO: add logparser example for link event
+
class FileFromInit(FileTest):
tests = [
@@ -189,6 +199,11 @@ class FileFromInit(FileTest):
#exp# audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
exp( False, True, False, '', '/foo', False, set(), False, 'Pix', 'bar_prof', False, True, True, True )),
+ #FileRule# path, perms, exec_perms, target, owner, file_keyword, leading_perms
+ (FileRule( '/foo', {'link', 'subset'}, None, '/bar', False, False, True, audit=True, deny=True ),
+ #exp# audit allow deny comment path all_paths perms all? exec_perms target all? owner file keyword leading perms
+ exp( True, False, True, '', '/foo', False, {'link', 'subset'}, False, None, '/bar', False, False, False, True )),
+
]
def _run_test(self, obj, expected):
@@ -240,6 +255,14 @@ class InvalidFileInit(AATest):
( ( '/foo', 'rw', 'ax', '/bar', False, False, False ), AppArmorBug), # invalid exec mode 'ax'
( ( '/foo', 'rw', 'x', '/bar', False, False, False ), AppArmorException), # plain 'x' is only allowed in deny rules
( ( FileRule.ALL, FileRule.ALL, None, '/bar', False, False, False ), AppArmorBug), # plain 'file,' doesn't allow exec target
+
+ # link rules
+ ( ( None, {'link'}, None, None, False, False, False, ), AppArmorBug), # missing path and target
+ ( ( '/foo', {'link'}, None, None, False, False, False, ), AppArmorBug), # missing target
+ ( ( None, {'link'}, None, '/bar', False, False, False, ), AppArmorBug), # missing path
+ ( ( '/foo', {'subset'}, None, '/bar', False, False, False, ), AppArmorBug), # subset without link
+ ( ( '/foo', {'link'}, 'ix', '/bar', False, False, False, ), AppArmorBug), # link rule with exec perms
+ ( ( '/foo', {'link', 'subset'}, 'ix', '/bar', False, False, False, ), AppArmorBug), # link subset rule with exec perms
]
def _run_test(self, params, expected):
@@ -271,7 +294,7 @@ class InvalidFileTest(AATest):
obj = None
self.assertFalse(FileRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = FileRule(FileRule.parse(rawrule))
+ obj = FileRule.parse(rawrule)
self.assertIsNone(obj, 'FileRule handed back an object unexpectedly')
@@ -346,6 +369,7 @@ class FileGlobTest(AATest):
('/foo/bar.xy r,', (True, True, '/foo/* r,', '/foo/*.xy r,')),
('/foo/*.xy r,', (True, True, '/foo/* r,', '/**.xy r,')),
('file,', (False, False, 'file,', 'file,')), # bare 'file,' rules can't be globbed
+ ('link /a/b -> /c,', (True, True, 'link /a/* -> /c,', 'link /a/b -> /c,')),
]
class WriteFileTest(AATest):
@@ -388,6 +412,11 @@ class WriteFileTest(AATest):
(' r /foo ,' , 'r /foo,'),
(' klwr /foo ,' , 'rwlk /foo,'),
(' Pxrm /foo -> bar,' , 'mrPx /foo -> bar,'),
+
+ # link rules
+ (' link /foo -> /bar,' , 'link /foo -> /bar,'),
+ (' audit deny owner link subset /foo -> /bar,' , 'audit deny owner link subset /foo -> /bar,'),
+ (' link subset /foo -> /bar,' , 'link subset /foo -> /bar,')
]
def test_write_manually_1(self):
@@ -607,6 +636,35 @@ class FileCoveredTest_07(FileCoveredTest):
('deny /foo a,' , [ False , False , False , False ]),
]
+class FileCoveredTest_08(FileCoveredTest):
+ rule = 'link /foo -> /bar,'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('link /foo -> /bar,' , [ True , True , True , True ]),
+ ('link /asdf -> /bar,' , [ False , False , False , False ]),
+ ('link /foo -> /asdf,' , [ False , False , False , False ]),
+ ('deny link /foo -> /bar,' , [ False , False , False , False ]),
+ ('deny link /foo -> /bar,' , [ False , False , False , False ]),
+ ('link subset /foo -> /bar,' , [ False , False , True , True ]), # subset makes the rule more strict
+ # ('/foo l -> /bar,' , [ ? , ? , ? , ? ]), # TODO
+ # ('l /foo -> /bar,' , [ ? , ? , ? , ? ]), # TODO
+ ]
+
+class FileCoveredTest_09(FileCoveredTest):
+ rule = 'link subset /foo -> /bar,'
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('link subset /foo -> /bar,' , [ True , True , True , True ]),
+ ('link subset /asdf -> /bar,' , [ False , False , False , False ]),
+ ('link subset /foo -> /asdf,' , [ False , False , False , False ]),
+ ('deny link subset /foo -> /bar,' , [ False , False , False , False ]),
+ ('deny link subset /foo -> /bar,' , [ False , False , False , False ]),
+ ('link /foo -> /bar,' , [ False , False , False , False ]), # no subset means more permissions
+ # ('/foo l -> /bar,' , [ ? , ? , ? , ? ]), # TODO
+ # ('l /foo -> /bar,' , [ ? , ? , ? , ? ]), # TODO
+ ]
+
class FileCoveredTest_ManualOrInvalid(AATest):
def AASetup(self):
#FileRule# path, perms, exec_perms, target, owner, file_keyword, leading_perms
@@ -761,6 +819,8 @@ class FileLogprofHeaderTest(AATest):
(['/foo rw,', set(), set('rw') ], [ _('Path'), '/foo', _('Old Mode'), _('owner rw'), _('New Mode'), _('rw') ]),
(['/foo mrw,', set('r'), set('k') ], [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw') ]),
(['/foo mrw,', set('r'), set('rk') ], [ _('Path'), '/foo', _('Old Mode'), _('r + owner k'), _('New Mode'), _('mrw') ]),
+ (['link /foo -> /bar,', set(), set() ], [ _('Path'), '/foo', _('New Mode'), 'link -> /bar' ]),
+ (['link subset /foo -> /bar,', set(), set() ], [ _('Path'), '/foo', _('New Mode'), 'link subset -> /bar' ]),
]
def _run_test(self, params, expected):
@@ -784,6 +844,7 @@ class FileEditHeaderTest(AATest):
tests = [
('/foo/bar/baz r,', '/foo/bar/baz'),
('/foo/**/baz r,', '/foo/**/baz'),
+ ('link /foo/** -> /bar,', '/foo/**'),
]
def test_edit_header_bare_file(self):
diff --git a/utils/test/test-include.py b/utils/test/test-include.py
new file mode 100644
index 0000000000000000000000000000000000000000..a64a3910592ef04e18e42fe551f1d7b13ca00e36
--- /dev/null
+++ b/utils/test/test-include.py
@@ -0,0 +1,508 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops, write_file
+
+import os
+import shutil
+
+from apparmor.rule.include import IncludeRule, IncludeRuleset
+#from apparmor.rule import BaseRule
+from apparmor.common import AppArmorException, AppArmorBug
+#from apparmor.logparser import ReadLog
+from apparmor.translations import init_translation
+_ = init_translation()
+
+exp = namedtuple('exp', [ # 'audit', 'allow_keyword', 'deny',
+ 'comment',
+ 'path', 'ifexists', 'ismagic'])
+
+# --- tests for single IncludeRule --- #
+
+class IncludeTest(AATest):
+ def _compare_obj(self, obj, expected):
+ self.assertEqual(False, obj.allow_keyword) # not supported in include rules, expected to be always False
+ self.assertEqual(False, obj.audit) # not supported in include rules, expected to be always False
+ self.assertEqual(False, obj.deny) # not supported in include rules, expected to be always False
+ self.assertEqual(expected.comment, obj.comment)
+
+ self.assertEqual(expected.path, obj.path)
+ self.assertEqual(expected.ifexists, obj.ifexists)
+ self.assertEqual(expected.ismagic, obj.ismagic)
+
+class IncludeTestParse(IncludeTest):
+ tests = [
+ # IncludeRule object comment path if exists ismagic
+ # #include
+ ('#include <abstractions/base>', exp('', 'abstractions/base', False, True )), # magic path
+ ('#include <abstractions/base> # comment', exp(' # comment', 'abstractions/base', False, True )),
+ ('#include<abstractions/base>#comment', exp(' #comment', 'abstractions/base', False, True )),
+ (' #include <abstractions/base> ', exp('', 'abstractions/base', False, True )),
+ ('#include "/foo/bar"', exp('', '/foo/bar', False, False)), # absolute path
+ ('#include "/foo/bar" # comment', exp(' # comment', '/foo/bar', False, False)),
+ ('#include "/foo/bar"#comment', exp(' #comment', '/foo/bar', False, False)),
+ (' #include "/foo/bar" ', exp('', '/foo/bar', False, False)),
+ # include (without #)
+ ('include <abstractions/base>', exp('', 'abstractions/base', False, True )), # magic path
+ ('include <abstractions/base> # comment', exp(' # comment', 'abstractions/base', False, True )),
+ ('include<abstractions/base>#comment', exp(' #comment', 'abstractions/base', False, True )),
+ (' include <abstractions/base> ', exp('', 'abstractions/base', False, True )),
+ ('include "/foo/bar"', exp('', '/foo/bar', False, False)), # absolute path
+ ('include "/foo/bar" # comment', exp(' # comment', '/foo/bar', False, False)),
+ ('include "/foo/bar"#comment', exp(' #comment', '/foo/bar', False, False)),
+ (' include "/foo/bar" ', exp('', '/foo/bar', False, False)),
+ # #include if exists
+ ('#include if exists <abstractions/base>', exp('', 'abstractions/base', True, True )), # magic path
+ ('#include if exists <abstractions/base> # comment', exp(' # comment', 'abstractions/base', True, True )),
+ ('#include if exists<abstractions/base>#comment', exp(' #comment', 'abstractions/base', True, True )),
+ (' #include if exists<abstractions/base> ', exp('', 'abstractions/base', True, True )),
+ ('#include if exists "/foo/bar"', exp('', '/foo/bar', True, False)), # absolute path
+ ('#include if exists "/foo/bar" # comment', exp(' # comment', '/foo/bar', True, False)),
+ ('#include if exists "/foo/bar"#comment', exp(' #comment', '/foo/bar', True, False)),
+ (' #include if exists "/foo/bar" ', exp('', '/foo/bar', True, False)),
+ # include if exists (without #)
+ ('include if exists <abstractions/base>', exp('', 'abstractions/base', True, True )), # magic path
+ ('include if exists <abstractions/base> # comment', exp(' # comment', 'abstractions/base', True, True )),
+ ('include if exists<abstractions/base>#comment', exp(' #comment', 'abstractions/base', True, True )),
+ (' include if exists<abstractions/base> ', exp('', 'abstractions/base', True, True )),
+ ('include if exists "/foo/bar"', exp('', '/foo/bar', True, False)), # absolute path
+ ('include if exists "/foo/bar" # comment', exp(' # comment', '/foo/bar', True, False)),
+ ('include if exists "/foo/bar"#comment', exp(' #comment', '/foo/bar', True, False)),
+ (' include if exists "/foo/bar" ', exp('', '/foo/bar', True, False)),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IncludeRule.match(rawrule))
+ obj = IncludeRule.parse(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+class IncludeTestParseInvalid(IncludeTest):
+ tests = [
+# (' some #include if exists <abstractions/base>', AppArmorException),
+# (' /etc/fstab r,', AppArmorException),
+# ('/usr/include r,', AppArmorException),
+# ('/include r,', AppArmorException),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IncludeRule.match(rawrule)) # the above invalid rules still match the main regex!
+ with self.assertRaises(expected):
+ IncludeRule.parse(rawrule)
+
+# class IncludeTestParseFromLog(IncludeTest): # we'll never have log events for includes
+
+class IncludeFromInit(IncludeTest):
+ tests = [
+ # IncludeRule object ifexists ismagic comment path ifexists ismagic
+ (IncludeRule('abstractions/base', False, False) , exp('', 'abstractions/base', False, False )),
+ (IncludeRule('foo', True, False) , exp('', 'foo', True, False )),
+ (IncludeRule('bar', False, True) , exp('', 'bar', False, True )),
+ (IncludeRule('baz', True, True) , exp('', 'baz', True, True )),
+ (IncludeRule('comment', False, False, comment='# cmt') , exp('# cmt', 'comment', False, False )),
+ ]
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+class InvalidIncludeInit(AATest):
+ tests = [
+ # init params expected exception
+ ([False, False, False ] , AppArmorBug), # wrong type for path
+ (['', False, False ] , AppArmorBug), # empty path
+ ([None, False, False ] , AppArmorBug), # wrong type for path
+# ([' ', False, False ] , AppArmorBug), # whitespace-only path
+ (['foo', None, False ] , AppArmorBug), # wrong type for ifexists
+ (['foo', '', False ] , AppArmorBug), # wrong type for ifexists
+ (['foo', False, None ] , AppArmorBug), # wrong type for ismagic
+ (['foo', False, '' ] , AppArmorBug), # wrong type for ismagic
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ IncludeRule(params[0], params[1], params[2])
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ IncludeRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ IncludeRule('foo')
+
+ def test_missing_params_3(self):
+ with self.assertRaises(TypeError):
+ IncludeRule('foo', False)
+
+ def test_audit_true(self):
+ with self.assertRaises(AppArmorBug):
+ IncludeRule('foo', False, False, audit=True)
+
+ def test_deny_true(self):
+ with self.assertRaises(AppArmorBug):
+ IncludeRule('foo', False, False, deny=True)
+
+class InvalidIncludeTest(AATest):
+ def _check_invalid_rawrule(self, rawrule, matches_regex = False):
+ obj = None
+ self.assertEqual(IncludeRule.match(rawrule), matches_regex)
+ with self.assertRaises(AppArmorException):
+ obj = IncludeRule.parse(rawrule)
+
+ self.assertIsNone(obj, 'IncludeRule handed back an object unexpectedly')
+
+ def test_invalid_include_missing_path(self):
+ self._check_invalid_rawrule('include', matches_regex=True) # missing path
+
+ def test_invalid_non_IncludeRule(self):
+ self._check_invalid_rawrule('dbus,') # not a include rule
+
+# def test_empty_data_1(self):
+# obj = IncludeRule('foo', False, False)
+# obj.path = ''
+# # no path set
+# with self.assertRaises(AppArmorBug):
+# obj.get_clean(1)
+
+class WriteIncludeTestAATest(AATest):
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(IncludeRule.match(rawrule))
+ obj = IncludeRule.parse(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ tests = [
+ # raw rule clean rule
+ (' include <foo> ', 'include <foo>' ),
+# (' include foo ', 'include "foo"' ), # several test cases disabled due to implementation restrictions, see re_match_include_parse()
+# (' include "foo" ', 'include "foo"' ),
+# (' include /foo ', 'include "/foo"' ),
+ (' include "/foo" ', 'include "/foo"' ),
+
+ (' include <foo> # bar ', 'include <foo> # bar' ),
+# (' include foo # bar ', 'include "foo" # bar' ),
+# (' include "foo" # bar ', 'include "foo" # bar' ),
+# (' include /foo # bar ', 'include "/foo" # bar' ),
+ (' include "/foo" # bar ', 'include "/foo" # bar' ),
+
+ (' include if exists <foo> ', 'include if exists <foo>' ),
+# (' include if exists foo ', 'include if exists "foo"' ),
+# (' include if exists "foo" ', 'include if exists "foo"' ),
+# (' include if exists /foo ', 'include if exists "/foo"' ),
+ (' include if exists "/foo" ', 'include if exists "/foo"' ),
+
+ # and the same again with #include...
+ (' #include <foo> ', 'include <foo>' ),
+# (' #include foo ', 'include "foo"' ),
+# (' #include "foo" ', 'include "foo"' ),
+# (' #include /foo ', 'include "/foo"' ),
+ (' #include "/foo" ', 'include "/foo"' ),
+
+ (' #include <foo> # bar ', 'include <foo> # bar' ),
+# (' #include foo # bar ', 'include "foo" # bar' ),
+# (' #include "foo" # bar ', 'include "foo" # bar' ),
+# (' #include /foo # bar ', 'include "/foo" # bar' ),
+ (' #include "/foo" # bar ', 'include "/foo" # bar' ),
+
+ (' #include if exists <foo> ', 'include if exists <foo>' ),
+# (' #include if exists foo ', 'include if exists "foo"' ),
+# (' #include if exists "foo" ', 'include if exists "foo"' ),
+# (' #include if exists /foo ', 'include if exists "/foo"' ),
+ (' #include if exists "/foo" ', 'include if exists "/foo"' ),
+ ]
+
+ def test_write_manually(self):
+ obj = IncludeRule('abs/foo', False, True, comment=' # cmt')
+
+ expected = ' include <abs/foo> # cmt'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class IncludeCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = IncludeRule.parse(self.rule)
+ check_obj = IncludeRule.parse(param)
+
+ self.assertTrue(IncludeRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+
+class IncludeCoveredTest_01(IncludeCoveredTest):
+ rule = 'include <foo>'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('include <foo>' , [ True , True , True , True ]),
+ ('#include <foo>' , [ True , False , True , True ]),
+ ('include if exists <foo>' , [ False , False , True , True ]),
+ ('#include if exists <foo>' , [ False , False , True , True ]),
+ ('include <foobar>' , [ False , False , False , False ]),
+# ('include "foo"' , [ False , False , False , False ]), # disabled due to implementation restrictions, see re_match_include_parse()
+# ('include if exists "foo"' , [ False , False , False , False ]),
+ ]
+
+class IncludeCoveredTest_02(IncludeCoveredTest):
+ rule = 'include if exists <foo>'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ ('include <foo>' , [ False , False , False , False ]),
+ ('#include <foo>' , [ False , False , False , False ]),
+ ('#include if exists <foo>' , [ True , False , True , True ]),
+ ('include <foobar>' , [ False , False , False , False ]),
+# ('include "foo"' , [ False , False , False , False ]), # disabled due to implementation restrictions, see re_match_include_parse()
+# ('include if exists "foo"' , [ False , False , False , False ]),
+ ]
+
+#class IncludeCoveredTest_Invalid(AATest):
+# def test_borked_obj_is_covered_1(self):
+# obj = IncludeRule.parse('include <foo>')
+
+# testobj = IncludeRule('foo', True, True)
+# testobj.path = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_borked_obj_is_covered_2(self):
+# obj = IncludeRule.parse('include send set=quit peer=/foo,')
+
+# testobj = IncludeRule('send', 'quit', '/foo')
+# testobj.include = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_borked_obj_is_covered_3(self):
+# obj = IncludeRule.parse('include send set=quit peer=/foo,')
+
+# testobj = IncludeRule('send', 'quit', '/foo')
+# testobj.peer = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_invalid_is_covered(self):
+# obj = IncludeRule.parse('include send,')
+
+# testobj = BaseRule() # different type
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+# def test_invalid_is_equal(self):
+# obj = IncludeRule.parse('include send,')
+
+# testobj = BaseRule() # different type
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_equal(testobj)
+
+class IncludeLogprofHeaderTest(AATest):
+# tests = [
+# ('include,', [ _('Access mode'), _('ALL'), _('Include'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('include send,', [ _('Access mode'), 'send', _('Include'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('include send set=quit,', [ _('Access mode'), 'send', _('Include'), 'quit', _('Peer'), _('ALL'), ]),
+# ('deny include,', [_('Qualifier'), 'deny', _('Access mode'), _('ALL'), _('Include'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('allow include send,', [_('Qualifier'), 'allow', _('Access mode'), 'send', _('Include'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('audit include send set=quit,', [_('Qualifier'), 'audit', _('Access mode'), 'send', _('Include'), 'quit', _('Peer'), _('ALL'), ]),
+# ('audit deny include send,', [_('Qualifier'), 'audit deny', _('Access mode'), 'send', _('Include'), _('ALL'), _('Peer'), _('ALL'), ]),
+# ('include set=(int, quit),', [ _('Access mode'), _('ALL'), _('Include'), 'int quit', _('Peer'), _('ALL'), ]),
+# ('include set=( quit, int),', [ _('Access mode'), _('ALL'), _('Include'), 'int quit', _('Peer'), _('ALL'), ]),
+# ('include (send, receive) set=( quit, int) peer=/foo,', [ _('Access mode'), 'receive send', _('Include'), 'int quit', _('Peer'), '/foo', ]),
+# ]
+
+ def _run_test(self, params, expected):
+ obj = IncludeRule._parse(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+class IncludeFullPathsTest(AATest):
+ def AASetup(self):
+ self.createTmpdir()
+
+ #copy the local profiles to the test directory
+ self.profile_dir = '%s/profiles' % self.tmpdir
+ shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
+
+ inc_dir = os.path.join(self.profile_dir, 'abstractions/inc.d')
+ os.mkdir(inc_dir, 0o755)
+ write_file(inc_dir, 'incfoo', '/incfoo r,')
+ write_file(inc_dir, 'incbar', '/incbar r,')
+ write_file(inc_dir, 'README', '# README') # gets skipped
+
+ sub_dir = os.path.join(self.profile_dir, 'abstractions/inc.d/subdir') # gets skipped
+ os.mkdir(sub_dir, 0o755)
+
+ empty_dir = os.path.join(self.profile_dir, 'abstractions/empty.d')
+ os.mkdir(empty_dir, 0o755)
+
+ tests = [
+ # @@ will be replaced with self.profile_dir
+ ('include <abstractions/base>', ['@@/abstractions/base'] ),
+# ('include "foo"', ['@@/foo'] ), # TODO: adjust logic to honor quoted vs. magic paths (and allow quoted relative paths in re_match_include_parse())
+ ('include "/foo/bar"', ['/foo/bar'] ),
+ ('include <abstractions/inc.d>', ['@@/abstractions/inc.d/incbar', '@@/abstractions/inc.d/incfoo'] ),
+ ('include <abstractions/empty.d>', [] ),
+ ('include <abstractions/not_found>', ['@@/abstractions/not_found'] ),
+ ('include if exists <abstractions/not_found>', [] ),
+ ]
+
+ def _run_test(self, params, expected):
+ exp2 = []
+ for path in expected:
+ exp2.append(path.replace('@@', self.profile_dir))
+
+ obj = IncludeRule._parse(params)
+ self.assertEqual(obj.get_full_paths(self.profile_dir), exp2)
+
+## --- tests for IncludeRuleset --- #
+
+class IncludeRulesTest(AATest):
+ def AASetup(self):
+ self.createTmpdir()
+
+ #copy the local profiles to the test directory
+ self.profile_dir = '%s/profiles' % self.tmpdir
+ shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
+
+ write_file(self.profile_dir, 'baz', '/baz r,')
+
+ def test_empty_ruleset(self):
+ ruleset = IncludeRuleset()
+ ruleset_2 = IncludeRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+ self.assertEqual([], ruleset_2.get_clean_unsorted(2))
+ self.assertEqual([], ruleset.get_all_full_paths(self.profile_dir))
+
+ def test_ruleset_1(self):
+ ruleset = IncludeRuleset()
+ rules = [
+ ' include <foo> ',
+ ' #include "/bar" ',
+ ]
+
+ expected_raw = [
+ 'include <foo>',
+ '#include "/bar"',
+ '',
+ ]
+
+ expected_clean = [
+ 'include "/bar"',
+ 'include <foo>',
+ '',
+ ]
+
+ expected_clean_unsorted = [
+ 'include <foo>',
+ 'include "/bar"',
+ '',
+ ]
+
+ expected_fullpaths = [
+ os.path.join(self.profile_dir, 'foo'),
+ '/bar'
+ ]
+
+ for rule in rules:
+ ruleset.add(IncludeRule.parse(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+ self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
+ self.assertEqual(expected_fullpaths, ruleset.get_all_full_paths(self.profile_dir))
+
+ def test_ruleset_2(self):
+ ruleset = IncludeRuleset()
+ rules = [
+ ' include if exists <baz> ',
+ ' include <foo> ',
+ ' #include "/bar" ',
+ '#include if exists "/asdf" ',
+ ]
+
+ expected_raw = [
+ 'include if exists <baz>',
+ 'include <foo>',
+ '#include "/bar"',
+ '#include if exists "/asdf"',
+ '',
+ ]
+
+ expected_clean = [
+ 'include "/bar"',
+ 'include <foo>',
+ 'include if exists "/asdf"',
+ 'include if exists <baz>',
+ '',
+ ]
+
+ expected_clean_unsorted = [
+ 'include if exists <baz>',
+ 'include <foo>',
+ 'include "/bar"',
+ 'include if exists "/asdf"',
+ '',
+ ]
+
+ expected_fullpaths = [
+ os.path.join(self.profile_dir, 'baz'),
+ os.path.join(self.profile_dir, 'foo'),
+ '/bar',
+ ]
+
+ for rule in rules:
+ ruleset.add(IncludeRule.parse(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+ self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
+ self.assertEqual(expected_fullpaths, ruleset.get_all_full_paths(self.profile_dir))
+
+class IncludeGlobTestAATest(AATest):
+ def setUp(self):
+ self.maxDiff = None
+ self.ruleset = IncludeRuleset()
+
+# def test_glob(self):
+# with self.assertRaises(NotImplementedError):
+# # get_glob_ext is not available for include rules
+# self.ruleset.get_glob('include send set=int,')
+
+ def test_glob_ext(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob_ext is not available for include rules
+ self.ruleset.get_glob_ext('include send set=int,')
+
+#class IncludeDeleteTestAATest(AATest):
+# pass
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-libapparmor-test_multi.py b/utils/test/test-libapparmor-test_multi.py
index ba370a1e3e2cd3dec03d457257027f3be5d02cc9..1c61eef9e26e119309082000708f968869bd9298 100644
--- a/utils/test/test-libapparmor-test_multi.py
+++ b/utils/test/test-libapparmor-test_multi.py
@@ -13,7 +13,8 @@ import unittest
from common_test import AATest, setup_all_loops, setup_aa, read_file
import os
-from apparmor.common import open_file_read
+import sys
+from apparmor.common import open_file_read, split_name
import apparmor.aa
from apparmor.logparser import ReadLog
@@ -42,7 +43,7 @@ class TestLibapparmorTestMulti(AATest):
self.assertEqual(len(loglines2), 1, '%s.in should only contain one line!' % params)
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
parsed_event = parser.parse_event(loglines2[0])
if parsed_event and expected:
@@ -150,9 +151,6 @@ log_to_skip = [
# tests that do not produce the expected profile (checked with assertNotEqual)
log_to_profile_known_failures = [
- 'testcase_dmesg_changeprofile_01', # change_profile not yet supported in logparser
- 'testcase_changeprofile_01', # change_profile not yet supported in logparser
-
'testcase_mount_01', # mount rules not yet supported in logparser
'testcase_pivotroot_01', # pivot_rot not yet supported in logparser
@@ -161,27 +159,6 @@ log_to_profile_known_failures = [
'testcase01',
'testcase12',
'testcase13',
-
- # null-* hats get ignored by handle_children() if it didn't see an exec event for that null-* hat
- 'syslog_datetime_01',
- 'syslog_datetime_02',
- 'syslog_datetime_03',
- 'syslog_datetime_04',
- 'syslog_datetime_05',
- 'syslog_datetime_06',
- 'syslog_datetime_07',
- 'syslog_datetime_08',
- 'syslog_datetime_09',
- 'syslog_datetime_10',
- 'syslog_datetime_11',
- 'syslog_datetime_12',
- 'syslog_datetime_13',
- 'syslog_datetime_14',
- 'syslog_datetime_15',
- 'syslog_datetime_16',
- 'syslog_datetime_17',
- 'syslog_datetime_18',
- 'testcase_network_send_receive',
]
# tests that cause crashes or need user interaction (will be skipped)
@@ -195,6 +172,16 @@ log_to_profile_skip = [
'testcase_dbus_09', # multiline log not currently supported
]
+# tests that cause an empty log
+log_to_profile_known_empty_log = [
+ 'change_onexec_lp1648143', # change_onexec not supported in logparser.py yet (and the log is about "no new privs" error)
+ 'testcase_mount_01', # mount rules not supported in logparser
+ 'testcase_pivotroot_01', # pivotroot not yet supported in logparser
+ 'ptrace_garbage_lp1689667_1', # no denied= in log
+ 'ptrace_no_denied_mask', # no denied= in log
+ 'unconfined-change_hat', # unconfined trying to change_hat, which isn't allowed
+]
+
class TestLogToProfile(AATest):
'''Check if the libraries/libapparmor/testsuite/test_multi tests result in the expected profile'''
@@ -202,64 +189,93 @@ class TestLogToProfile(AATest):
def _run_test(self, params, expected):
logfile = '%s.in' % params
- profile_dummy_file = 'AATest_does_exist'
- # we need to find out the profile name and aamode (complain vs. enforce mode) so that the test can access the correct place in storage
- parser = ReadLog('', '', '', '')
- parsed_event = parser.parse_event(read_file(logfile))
-
- if not parsed_event: # AA_RECORD_INVALID
+ if params.split('/')[-1] in log_to_profile_skip:
return
- if params.split('/')[-1] in log_to_profile_skip:
+ profile, new_profile = logfile_to_profile(logfile)
+ if profile is None:
return
- aamode = parsed_event['aamode']
+ expected_profile = read_file('%s.profile' % params)
- if aamode in['AUDIT', 'STATUS', 'HINT']: # ignore some event types # XXX maybe we shouldn't ignore AUDIT events?
- return
+ if params.split('/')[-1] in log_to_profile_known_failures:
+ self.assertNotEqual(new_profile, expected_profile) # known failure
+ else:
+ self.assertEqual(new_profile, expected_profile)
- if aamode not in ['PERMITTING', 'REJECTING']:
- raise Exception('Unexpected aamode %s' % parsed_event['aamode'])
- # cleanup apparmor.aa storage
- apparmor.aa.log = dict()
- apparmor.aa.aa = apparmor.aa.hasher()
- apparmor.aa.prelog = apparmor.aa.hasher()
+def logfile_to_profile(logfile):
+ profile_dummy_file = 'AATest_does_exist'
- profile = parsed_event['profile']
- hat = profile
- if '//' in profile:
- profile, hat = profile.split('//')
+ # we need to find out the profile name and aamode (complain vs. enforce mode) so that the test can access the correct place in storage
+ parser = ReadLog('', '', '')
+ parsed_event = parser.parse_event(read_file(logfile))
- apparmor.aa.active_profiles = ProfileList()
+ if not parsed_event: # AA_RECORD_INVALID
+ return None, 'INVALID'
- # optional for now, might be needed one day
- # if profile.startswith('/'):
- # apparmor.aa.active_profiles.add(profile_dummy_file, profile, profile)
- # else:
- apparmor.aa.active_profiles.add(profile_dummy_file, profile, '')
+ aamode = parsed_event['aamode']
- log_reader = ReadLog(dict(), logfile, apparmor.aa.active_profiles, '')
- log = log_reader.read_log('')
+ if aamode in['AUDIT', 'STATUS', 'HINT']: # ignore some event types # XXX maybe we shouldn't ignore AUDIT events?
+ return None, aamode
- for root in log:
- apparmor.aa.handle_children('', '', root) # interactive for exec events!
+ if aamode not in ['PERMITTING', 'REJECTING']:
+ raise Exception('Unexpected aamode %s' % parsed_event['aamode'])
- log_dict = apparmor.aa.collapse_log()
+ # cleanup apparmor.aa storage
+ apparmor.aa.log = dict()
+ apparmor.aa.aa = apparmor.aa.hasher()
- apparmor.aa.filelist = apparmor.aa.hasher()
- apparmor.aa.filelist[profile_dummy_file]['profiles'][profile] = True
+ profile, hat = split_name(parsed_event['profile'])
- new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile], profile, None)
+ apparmor.aa.active_profiles = ProfileList()
- expected_profile = read_file('%s.profile' % params)
+ # optional for now, might be needed one day
+ # if profile.startswith('/'):
+ # apparmor.aa.active_profiles.add_profile(profile_dummy_file, profile, profile)
+ # else:
+ apparmor.aa.active_profiles.add_profile(profile_dummy_file, profile, '')
- if params.split('/')[-1] in log_to_profile_known_failures:
- self.assertNotEqual(new_profile, expected_profile) # known failure
- else:
- self.assertEqual(new_profile, expected_profile)
+ log_reader = ReadLog(logfile, apparmor.aa.active_profiles, '')
+ hashlog = log_reader.read_log('')
+
+ apparmor.aa.ask_exec(hashlog)
+ apparmor.aa.ask_addhat(hashlog)
+
+ log_dict = apparmor.aa.collapse_log(hashlog, ignore_null_profiles=False)
+
+ if profile != hat:
+ # log event for a child profile means log_dict only contains the child profile
+ # initialize parent profile in log_dict as ProfileStorage to ensure writing the profile doesn't fail
+ # (in "normal" usage outside of this test, log_dict will not be handed over to serialize_profile())
+
+ if log_dict[aamode][profile][profile] != {}:
+ raise Exception('event for child profile, but parent profile was initialized nevertheless. Logfile: %s' % logfile)
+
+ log_dict[aamode][profile][profile] = apparmor.aa.ProfileStorage('TEST DUMMY for empty parent profile', profile_dummy_file, 'logfile_to_profile()')
+
+ log_is_empty = True
+
+ for tmpaamode in hashlog:
+ for tmpprofile in hashlog[tmpaamode]:
+ for tmpruletype in hashlog[tmpaamode][tmpprofile]:
+ if tmpruletype == 'final_name' and hashlog[tmpaamode][tmpprofile]['final_name'] == tmpprofile:
+ continue # final_name is a copy of the profile name (may be changed by ask_exec(), but that won't happen in this test)
+ if hashlog[tmpaamode][tmpprofile][tmpruletype]:
+ log_is_empty = False
+
+ if logfile.split('/')[-1][:-3] in log_to_profile_known_empty_log:
+ # unfortunately this function might be called outside Unittest.TestCase, therefore we can't use assertEqual / assertNotEqual
+ if log_is_empty == False:
+ raise Exception('got non-empty log for logfile in log_to_profile_known_empty_log: %s %s' % (logfile, hashlog))
+ else:
+ if log_is_empty == True:
+ raise Exception('got empty log for logfile not in log_to_profile_known_empty_log: %s %s' % (logfile, hashlog))
+
+ new_profile = apparmor.aa.serialize_profile(log_dict[aamode][profile], profile, {})
+ return profile, new_profile
def find_test_multi(log_dir):
'''find all log sniplets in the given log_dir'''
@@ -280,7 +296,12 @@ def find_test_multi(log_dir):
return tests
+# if a logfile is given as parameter, print the resulting profile and exit (with $? = 42 to make sure tests break if the caller accidently hands over a parameter)
+if __name__ == '__main__' and len(sys.argv) == 2:
+ print(logfile_to_profile(sys.argv[1])[1])
+ exit(42)
+# still here? That means a normal test run
print('Testing libapparmor test_multi tests...')
TestLibapparmorTestMulti.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
TestLogToProfile.tests = find_test_multi('../../libraries/libapparmor/testsuite/test_multi/')
diff --git a/utils/test/test-logparser.py b/utils/test/test-logparser.py
index c7b3cf516fd9cf9e926279f4d70eba96e04c17ac..b3d8e105a5ce5b9811239371b41bb8c78be925ae 100644
--- a/utils/test/test-logparser.py
+++ b/utils/test/test-logparser.py
@@ -16,9 +16,14 @@ import unittest
from apparmor.logparser import ReadLog
-class TestParseEvent(unittest.TestCase):
+from common_test import AATest, setup_all_loops # , setup_aa
+from apparmor.common import AppArmorException
+
+class TestParseEvent(AATest):
+ tests = []
+
def setUp(self):
- self.parser = ReadLog('', '', '', '')
+ self.parser = ReadLog('', '', '')
def test_parse_event_audit_1(self):
event = 'type=AVC msg=audit(1345027352.096:499): apparmor="ALLOWED" operation="rename_dest" parent=6974 profile="/usr/sbin/httpd2-prefork//vhost_foo" name=2F686F6D652F7777772F666F6F2E6261722E696E2F68747470646F63732F61707061726D6F722F696D616765732F746573742F696D61676520312E6A7067 pid=20143 comm="httpd2-prefork" requested_mask="wc" denied_mask="wc" fsuid=30 ouid=30'
@@ -94,6 +99,22 @@ class TestParseEvent(unittest.TestCase):
self.assertIsNotNone(ReadLog.RE_LOG_ALL.search(event))
+class TestParseEventForTreeInvalid(AATest):
+ tests = [
+ ('type=AVC msg=audit(1556742870.707:3614): apparmor="ALLOWED" operation="open" profile="/bin/hello" name="/dev/tty" pid=12856 comm="hello" requested_mask="wr" denied_mask="foo" fsuid=1000 ouid=0', AppArmorException), # invalid file permissions "foo"
+ ('type=AVC msg=audit(1556742870.707:3614): apparmor="ALLOWED" operation="open" profile="/bin/hello" name="/dev/tty" pid=12856 comm="hello" requested_mask="wr" denied_mask="wr::w" fsuid=1000 ouid=0', AppArmorException), # "wr::w" mixes owner and other
+ ]
+
+ def _fake_profile_exists(self, program):
+ return True
+
+ def _run_test(self, params, expected):
+ self.parser = ReadLog('', '', '')
+ self.parser.profile_exists = self._fake_profile_exists # inject fake function that always returns True - much easier than handing over a ProfileList object to __init__
+ parsed_event = self.parser.parse_event(params)
+ with self.assertRaises(expected):
+ self.parser.parse_event_for_tree(parsed_event)
+setup_all_loops(__name__)
if __name__ == "__main__":
unittest.main(verbosity=1)
diff --git a/utils/test/test-network.py b/utils/test/test-network.py
index 73a6b9d1f0a851017db15a7dbc0c4c53cd870f4e..afff4de913832965ed654f085dac29a0abdfb05a 100644
--- a/utils/test/test-network.py
+++ b/utils/test/test-network.py
@@ -96,7 +96,7 @@ class NetworkTestParseInvalid(NetworkTest):
class NetworkTestParseFromLog(NetworkTest):
def test_net_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=AVC msg=audit(1428699242.551:386): apparmor="DENIED" operation="create" profile="/bin/ping" pid=10589 comm="ping" family="inet" sock_type="raw" protocol=1'
parsed_event = parser.parse_event(event)
@@ -182,7 +182,7 @@ class InvalidNetworkTest(AATest):
obj = None
self.assertFalse(NetworkRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = NetworkRule(NetworkRule.parse(rawrule))
+ obj = NetworkRule.parse(rawrule)
self.assertIsNone(obj, 'NetworkRule handed back an object unexpectedly')
diff --git a/utils/test/test-notify.py b/utils/test/test-notify.py
new file mode 100644
index 0000000000000000000000000000000000000000..f82bf68e0b75b5c3fe8dc7b0093924717939cfa8
--- /dev/null
+++ b/utils/test/test-notify.py
@@ -0,0 +1,54 @@
+#! /usr/bin/python3
+# ------------------------------------------------------------------
+#
+# Copyright (C) 2021 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+import unittest
+from common_test import AATest, setup_all_loops
+
+from apparmor.common import AppArmorBug
+from apparmor.notify import get_last_login_timestamp, sane_timestamp
+
+class TestSane_timestamp(AATest):
+ tests = [
+ (2524704400, False), # Sun Jan 2 03:46:40 CET 2050
+ ( 944780400, False), # Fri Dec 10 00:00:00 CET 1999
+ (1635026400, True ), # Sun Oct 24 00:00:00 CEST 2021
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(sane_timestamp(params), expected)
+
+class TestGet_last_login_timestamp(AATest):
+ tests = [
+ (['wtmp-x86_64', 'root' ], 1635070346), # Sun Oct 24 12:12:26 CEST 2021
+ (['wtmp-x86_64', 'whoever' ], 0),
+ (['wtmp-s390x', 'root' ], 1626368763), # Thu Jul 15 19:06:03 CEST 2021
+ (['wtmp-s390x', 'linux1' ], 1626368772), # Thu Jul 15 19:06:12 CEST 2021
+ (['wtmp-s390x', 'whoever' ], 0),
+ (['wtmp-aarch64', 'guillaume' ], 1611562789), # Mon Jan 25 09:19:49 CET 2021
+ (['wtmp-aarch64', 'whoever' ], 0),
+ (['wtmp-truncated', 'root' ], 0),
+ (['wtmp-truncated', 'whoever' ], 0),
+ ]
+
+ def _run_test(self, params, expected):
+ filename, user = params
+ filename = 'wtmp-examples/%s' % filename
+ self.assertEqual(get_last_login_timestamp(user, filename), expected)
+
+ def test_date_1999(self):
+ with self.assertRaises(AppArmorBug):
+ # wtmp-x86_64-past is hand-edited to Thu Dec 30 00:00:00 CET 1999, which is outside the expected data range
+ get_last_login_timestamp('root', 'wtmp-examples/wtmp-x86_64-past')
+
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/test-parser-simple-tests.py b/utils/test/test-parser-simple-tests.py
index 19453d641834c8f13c86172a296576593c411391..2314960c89b95ee36bad22c575fb9929c4a19c6b 100644
--- a/utils/test/test-parser-simple-tests.py
+++ b/utils/test/test-parser-simple-tests.py
@@ -100,6 +100,10 @@ exception_not_raised = [
'mount/bad_opt_7.sd',
'mount/bad_opt_8.sd',
'mount/bad_opt_9.sd',
+ 'mount/bad_opt_25.sd',
+ 'mount/bad_opt_26.sd',
+ 'mount/bad_opt_27.sd',
+ 'mount/bad_opt_28.sd',
'profile/flags/flags_bad10.sd',
'profile/flags/flags_bad11.sd',
'profile/flags/flags_bad12.sd',
@@ -119,6 +123,24 @@ exception_not_raised = [
'profile/flags/flags_bad_debug_2.sd',
'profile/flags/flags_bad_debug_3.sd',
'profile/flags/flags_bad_debug_4.sd',
+ # detection of conflicting flags not supported
+ 'profile/flags/flags_bad30.sd',
+ 'profile/flags/flags_bad31.sd',
+ 'profile/flags/flags_bad32.sd',
+ 'profile/flags/flags_bad33.sd',
+ 'profile/flags/flags_bad34.sd',
+ 'profile/flags/flags_bad35.sd',
+ 'profile/flags/flags_bad36.sd',
+ 'profile/flags/flags_bad37.sd',
+ 'profile/flags/flags_bad38.sd',
+ 'profile/flags/flags_bad39.sd',
+ 'profile/flags/flags_bad40.sd',
+ 'profile/flags/flags_bad41.sd',
+ 'profile/flags/flags_bad42.sd',
+ 'profile/flags/flags_bad43.sd',
+ 'profile/flags/flags_bad44.sd',
+ 'profile/flags/flags_bad45.sd',
+ 'profile/flags/flags_bad46.sd',
'profile/simple_bad_no_close_brace4.sd',
'profile/profile_ns_bad8.sd', # 'profile :ns/t' without terminating ':'
'ptrace/bad_05.sd', # actually contains a capability rule with invalid (ptrace-related) keyword
@@ -150,18 +172,16 @@ exception_not_raised = [
'unix/bad_regex_04.sd',
'unix/bad_shutdown_1.sd',
'unix/bad_shutdown_2.sd',
+ 'unix/bad_peer_2.sd',
+ 'unix/bad_attr_5.sd',
+ 'unix/bad_opt_5.sd',
+ 'unix/bad_shutdown_3.sd',
'vars/boolean/boolean_bad_2.sd',
'vars/boolean/boolean_bad_3.sd',
'vars/boolean/boolean_bad_4.sd',
'vars/vars_bad_3.sd',
'vars/vars_bad_4.sd',
'vars/vars_bad_5.sd',
- 'vars/vars_bad_7.sd',
- 'vars/vars_bad_8.sd',
- 'vars/vars_bad_trailing_comma_1.sd',
- 'vars/vars_bad_trailing_comma_2.sd',
- 'vars/vars_bad_trailing_comma_3.sd',
- 'vars/vars_bad_trailing_comma_4.sd',
'vars/vars_dbus_bad_01.sd',
'vars/vars_dbus_bad_02.sd',
'vars/vars_dbus_bad_03.sd',
@@ -169,7 +189,6 @@ exception_not_raised = [
'vars/vars_dbus_bad_05.sd',
'vars/vars_dbus_bad_06.sd',
'vars/vars_dbus_bad_07.sd',
- 'vars/vars_file_evaluation_7.sd',
'vars/vars_file_evaluation_8.sd',
# profile name in var doesn't start with /
@@ -240,47 +259,54 @@ unknown_line = [
'bare_include_tests/ok_64.sd',
'bare_include_tests/ok_69.sd',
- # "include if exists" and various exotic "include" variants are not supported yet
+ # include with quoted relative path
'bare_include_tests/ok_11.sd',
'bare_include_tests/ok_12.sd',
'bare_include_tests/ok_13.sd',
'bare_include_tests/ok_15.sd',
+ # include with unquoted relative path
'bare_include_tests/ok_16.sd',
'bare_include_tests/ok_17.sd',
'bare_include_tests/ok_18.sd',
'bare_include_tests/ok_20.sd',
+ # include with quoted relative path with spaces
'bare_include_tests/ok_26.sd',
'bare_include_tests/ok_27.sd',
+ # include with quoted magic path with spaces
'bare_include_tests/ok_28.sd',
'bare_include_tests/ok_29.sd',
+ # include with magic path with spaces
'bare_include_tests/ok_30.sd',
'bare_include_tests/ok_31.sd',
+ # include if exists with quoted relative path
'bare_include_tests/ok_61.sd',
'bare_include_tests/ok_62.sd',
'bare_include_tests/ok_63.sd',
+ # include if exists with unquoted relative path
'bare_include_tests/ok_65.sd',
'bare_include_tests/ok_66.sd',
'bare_include_tests/ok_67.sd',
'bare_include_tests/ok_68.sd',
'bare_include_tests/ok_70.sd',
+ # include if exists with quoted relative path with spaces
'bare_include_tests/ok_76.sd',
'bare_include_tests/ok_77.sd',
+ # include if exists with quoted magic path with spaces
'bare_include_tests/ok_78.sd',
'bare_include_tests/ok_79.sd',
+ # include if exists with unquoted magic path with spaces
'bare_include_tests/ok_80.sd',
'bare_include_tests/ok_81.sd',
+ # include if exists with quoted relative path, non-existing include file
'bare_include_tests/ok_82.sd',
- 'bare_include_tests/ok_83.sd',
'bare_include_tests/ok_84.sd',
'bare_include_tests/ok_85.sd',
'bare_include_tests/ok_86.sd',
- 'bare_include_tests/ok_87.sd',
- 'bare_include_tests/ok_88.sd',
]
# testcases with various unexpected failures
syntax_failure = [
- # profile keyword?
+ # missing profile keywords
'profile/re_named_ok2.sd',
# Syntax Error: Unexpected hat definition found (external hat)
@@ -384,7 +410,6 @@ syntax_failure = [
# misc
'vars/vars_dbus_8.sd', # Path doesn't start with / or variable: {/@{TLDS}/foo,/com/@{DOMAINS}}
'vars/vars_simple_assignment_12.sd', # Redefining existing variable @{BAR} ('\' not handled)
- 'rewrite/alias_good_5.sd', # Values added to a non-existing variable @{FOO} (defined in include, lp:1331856)
'bare_include_tests/ok_2.sd', # two #include<...> in one line
]
@@ -404,11 +429,17 @@ class TestParseParserTests(AATest):
# this makes sure we notice any behaviour change, especially not being wrong anymore
expected = not expected
+ # make sure the profile is known in active_profiles.files
+ apparmor.active_profiles.init_file(params['file'])
+
if expected:
apparmor.parse_profile_data(data, params['file'], 0)
+ apparmor.active_profiles.get_all_merged_variables(params['file'], apparmor.include_list_recursive(apparmor.active_profiles.files[params['file']]))
+
else:
with self.assertRaises(AppArmorException):
apparmor.parse_profile_data(data, params['file'], 0)
+ apparmor.active_profiles.get_all_merged_variables(params['file'], apparmor.include_list_recursive(apparmor.active_profiles.files[params['file']]))
def parse_test_profiles(file_with_path):
'''parse the test-related headers of a profile (for example EXRESULT) and add the profile to the set of tests'''
@@ -427,7 +458,7 @@ def parse_test_profiles(file_with_path):
if line.startswith('#=EXRESULT '):
exresult = line.split()[1]
if exresult == 'PASS':
- exresult == True
+ exresult = True
exresult_found = True
elif exresult == 'FAIL':
exresult = False
@@ -491,7 +522,7 @@ def find_and_setup_test_profiles(profile_dir):
apparmor.profile_dir = profile_dir
- print('Searching for parser simpe_tests... (this will take a while)')
+ print('Searching for parser simple_tests... (this will take a while)')
for root, dirs, files in os.walk(profile_dir):
relpath = os.path.relpath(root, profile_dir)
@@ -514,7 +545,8 @@ def find_and_setup_test_profiles(profile_dir):
setup_aa(apparmor)
-find_and_setup_test_profiles('../../parser/tst/simple_tests/')
+profile_dir = os.path.abspath('../../parser/tst/simple_tests/')
+find_and_setup_test_profiles(profile_dir)
setup_all_loops(__name__)
if __name__ == '__main__':
diff --git a/utils/test/test-profile-list.py b/utils/test/test-profile-list.py
index 5976ad5aa9cd1fb4904af7fd55d15c978013ef21..559f8a7d5f29d62cc105f018d640acc5aa4fc7ab 100644
--- a/utils/test/test-profile-list.py
+++ b/utils/test/test-profile-list.py
@@ -10,78 +10,100 @@
# ------------------------------------------------------------------
import unittest
-from common_test import AATest, setup_all_loops
+from common_test import AATest, setup_aa, setup_all_loops, write_file
+
+import apparmor.aa
+import os
+import shutil
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.profile_list import ProfileList
+from apparmor.rule.abi import AbiRule
+from apparmor.rule.alias import AliasRule
+from apparmor.rule.include import IncludeRule
+from apparmor.rule.variable import VariableRule
-class TestAdd(AATest):
+class TestAdd_profile(AATest):
def AASetup(self):
self.pl = ProfileList()
def testEmpty(self):
self.assertEqual(self.pl.profile_names, {})
self.assertEqual(self.pl.attachments, {})
+ self.assertEqual('%s' % self.pl, "\n".join(['', '<ProfileList>', '', '</ProfileList>', '']))
- def testAdd_1(self):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ def testAdd_profile_1(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.attachments, {'/bin/foo': '/etc/apparmor.d/bin.foo'})
+ self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
+ self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
- def testAdd_2(self):
- self.pl.add('/etc/apparmor.d/bin.foo', None, '/bin/foo')
+ def testAdd_profile_2(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
self.assertEqual(self.pl.profile_names, {})
self.assertEqual(self.pl.attachments, {'/bin/foo': '/etc/apparmor.d/bin.foo'})
+ self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['/bin/foo'])
+ self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
- def testAdd_3(self):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', None)
+ def testAdd_profile_3(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
self.assertEqual(self.pl.profile_names, {'foo': '/etc/apparmor.d/bin.foo'})
self.assertEqual(self.pl.attachments, {})
+ self.assertEqual(self.pl.profiles_in_file('/etc/apparmor.d/bin.foo'), ['foo'])
+ self.assertEqual('%s' % self.pl, '\n<ProfileList>\n/etc/apparmor.d/bin.foo\n</ProfileList>\n')
+ def testAdd_profileError_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_profile('', 'foo', '/bin/foo') # no filename
- def testAddError_1(self):
+ def testAdd_profileError_2(self):
with self.assertRaises(AppArmorBug):
- self.pl.add('', 'foo', '/bin/foo') # no filename
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', None, None) # neither attachment or profile name
- def testAddError_2(self):
+ def testAdd_profileError_list_nonexisting_file(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
with self.assertRaises(AppArmorBug):
- self.pl.add('/etc/apparmor.d/bin.foo', None, None) # neither attachment or profile name
+ self.pl.profiles_in_file('/etc/apparmor.d/not.found') # different filename
- def testAddError_twice_1(self):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ def testAdd_profileError_twice_1(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
with self.assertRaises(AppArmorException):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
- def testAddError_twice_2(self):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ def testAdd_profileError_twice_2(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
with self.assertRaises(AppArmorException):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', None)
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
- def testAddError_twice_3(self):
- self.pl.add('/etc/apparmor.d/bin.foo', None, '/bin/foo')
+ def testAdd_profileError_twice_3(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
with self.assertRaises(AppArmorException):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
- def testAddError_twice_4(self):
- self.pl.add('/etc/apparmor.d/bin.foo', None, '/bin/foo')
+ def testAdd_profileError_twice_4(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', None, '/bin/foo')
with self.assertRaises(AppArmorException):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
- def testAddError_twice_5(self):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', None)
+ def testAdd_profileError_twice_5(self):
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', None)
with self.assertRaises(AppArmorException):
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
class TestFilename_from_profile_name(AATest):
tests = [
('foo', '/etc/apparmor.d/bin.foo'),
('/bin/foo', None),
('bar', None),
+ ('/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/etc/apparmor.d/usr.bin.wine'),
+ ('/usr/lib/wine/bin/wine-preloader-staging-foo', None), # no AARE matching for profile names
]
def AASetup(self):
self.pl = ProfileList()
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}')
def _run_test(self, params, expected):
self.assertEqual(self.pl.filename_from_profile_name(params), expected)
@@ -93,13 +115,16 @@ class TestFilename_from_attachment(AATest):
('/bin/foobar', '/etc/apparmor.d/bin.foobar'),
('@{foo}', None), # XXX variables not supported yet (and @{foo} isn't defined in this test)
('/bin/404', None),
+ ('/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/etc/apparmor.d/usr.bin.wine'), # XXX should this really match, or should attachment matching only use AARE?
+ ('/usr/lib/wine/bin/wine-preloader-staging-foo', '/etc/apparmor.d/usr.bin.wine'), # AARE match
]
def AASetup(self):
self.pl = ProfileList()
- self.pl.add('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
- self.pl.add('/etc/apparmor.d/bin.baz', 'baz', '/bin/ba*')
- self.pl.add('/etc/apparmor.d/bin.foobar', 'foobar', '/bin/foo{bar,baz}')
+ self.pl.add_profile('/etc/apparmor.d/bin.foo', 'foo', '/bin/foo')
+ self.pl.add_profile('/etc/apparmor.d/bin.baz', 'baz', '/bin/ba*')
+ self.pl.add_profile('/etc/apparmor.d/bin.foobar', 'foobar', '/bin/foo{bar,baz}')
+ self.pl.add_profile('/etc/apparmor.d/usr.bin.wine', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}', '/usr{,{/lib,/lib32,/lib64}/wine}/bin/wine{,-preloader,server}{,-staging-*,-vanilla-*}')
def _run_test(self, params, expected):
self.assertEqual(self.pl.filename_from_attachment(params), expected)
@@ -108,7 +133,244 @@ class TestFilename_from_attachment(AATest):
with self.assertRaises(AppArmorBug):
self.pl.filename_from_attachment('foo')
+class TestAdd_inc_ie(AATest):
+ def AASetup(self):
+ self.pl = ProfileList()
+
+ def testAdd_inc_ie_1(self):
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/global', False, True))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
+
+ def testAdd_inc_ie_2(self):
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/global', False, True))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule('tunables/dovecot', False, True))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', 'include <tunables/dovecot>', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', 'include <tunables/dovecot>', ''])
+
+ def testAdd_inc_ie_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', 'tunables/global') # str insteadd of IncludeRule
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def test_dedup_inc_ie_1(self):
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('include <tunables/global>'))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse('#include if exists <tunables/global> # comment'))
+ self.pl.add_inc_ie('/etc/apparmor.d/bin.foo', IncludeRule.parse(' #include <tunables/global> '))
+ deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
+ self.assertEqual(deleted, 2)
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['include <tunables/global>', ''])
+
+ def test_dedup_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.delete_preamble_duplicates('/file/not/found')
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+class TestAdd_abi(AATest):
+ def AASetup(self):
+ self.pl = ProfileList()
+
+ def testAdd_abi_1(self):
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule('abi/4.19', False, True))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', ''])
+
+ def testAdd_abi_2(self):
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule('abi/4.19', False, True))
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule('foo', False, False))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', 'abi "foo",', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', 'abi "foo",', ''])
+
+ def testAdd_abi_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', 'abi/4.19') # str insteadd of AbiRule
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def test_dedup_abi_1(self):
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse('abi <abi/4.19>,'))
+ self.pl.add_abi('/etc/apparmor.d/bin.foo', AbiRule.parse(' abi <abi/4.19> , # comment'))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
+ self.assertEqual(deleted, 1)
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['abi <abi/4.19>,', ''])
+
+class TestAdd_alias(AATest):
+ def AASetup(self):
+ self.pl = ProfileList()
+
+ def testAdd_alias_1(self):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/bar'))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', ''])
+
+ def testAdd_alias_2(self):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/bar'))
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/xyz', '/zyx'))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /xyz -> /zyx,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /xyz -> /zyx,', ''])
+
+ def testAdd_alias_two_targets(self):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/bar'))
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/another_target'))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /foo -> /another_target,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /foo -> /another_target,', ''])
+
+ def testAdd_alias_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule(None, '/foo')) # alias None insteadd of str
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def testAdd_alias_error_2(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', None)) # target None insteadd of str
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def testAdd_alias_error_3(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', 'alias /foo -> /bar,') # str insteadd of AliasRule
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def test_dedup_alias_1(self):
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/bar'))
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/another_target'))
+ self.pl.add_alias('/etc/apparmor.d/bin.foo', AliasRule('/foo', '/bar')) # duplicate
+ deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
+ self.assertEqual(deleted, 1)
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /foo -> /another_target,', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['alias /foo -> /bar,', 'alias /foo -> /another_target,', ''])
+
+class TestAdd_variable(AATest):
+ def AASetup(self):
+ self.pl = ProfileList()
+
+ def testAdd_variable_1(self):
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule('@{foo}', '=', {'/foo'}))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', ''])
+
+ def testAdd_variable_2(self):
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule('@{foo}', '=', {'/foo'}))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule('@{bar}', '=', {'/bar'}))
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', '@{bar} = /bar', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', '@{bar} = /bar', ''])
+
+ def testAdd_variable_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', '@{foo}') # str insteadd of IncludeRule
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+ def test_dedup_variable_1(self):
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} = /foo'))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar # comment'))
+ self.pl.add_variable('/etc/apparmor.d/bin.foo', VariableRule.parse('@{foo} += /bar /baz'))
+ deleted = self.pl.delete_preamble_duplicates('/etc/apparmor.d/bin.foo')
+ self.assertEqual(deleted, 1)
+ self.assertEqual(list(self.pl.files.keys()), ['/etc/apparmor.d/bin.foo'])
+ self.assertEqual(self.pl.get_clean('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', '@{foo} += /bar /baz', ''])
+ self.assertEqual(self.pl.get_raw('/etc/apparmor.d/bin.foo'), ['@{foo} = /foo', '@{foo} += /bar /baz', ''])
+
+ def test_dedup_error_1(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.delete_preamble_duplicates('/file/not/found')
+ self.assertEqual(list(self.pl.files.keys()), [])
+
+class TestGet(AATest):
+ def AASetup(self):
+ self.pl = ProfileList()
+
+ def testGet_clean_error(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.get_clean('/etc/apparmor.d/not.found')
+
+ def testGet_raw_error(self):
+ with self.assertRaises(AppArmorBug):
+ self.pl.get_raw('/etc/apparmor.d/not.found')
+
+class AaTest_get_all_merged_variables(AATest):
+ tests = []
+
+ def AASetup(self):
+ self.createTmpdir()
+
+ # copy the local profiles to the test directory
+ self.profile_dir = '%s/profiles' % self.tmpdir
+ apparmor.aa.profile_dir = self.profile_dir
+ shutil.copytree('../../profiles/apparmor.d/', self.profile_dir, symlinks=True)
+
+ def _load_profiles(self):
+ apparmor.aa.reset_aa()
+
+ # load the profiles and abstractions
+ apparmor.aa.profile_dir = self.profile_dir
+ apparmor.aa.loadincludes()
+ apparmor.aa.read_profiles()
+
+ def test_unchanged(self):
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'usr.sbin.dnsmasq')
+ vars = apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'usr.sbin.dnsmasq'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+ self.assertEqual(vars['@{TFTP_DIR}'], {'/var/tftp', '/srv/tftp', '/srv/tftpboot'})
+ self.assertEqual(vars['@{HOME}'], {'@{HOMEDIRS}/*/', '/root/'})
+
+ def test_extended_home(self):
+ write_file(self.profile_dir, 'tunables/home.d/extend_home', '@{HOME} += /my/castle/')
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'usr.sbin.dnsmasq')
+ vars = apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'usr.sbin.dnsmasq'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+ self.assertEqual(vars['@{TFTP_DIR}'], {'/var/tftp', '/srv/tftp', '/srv/tftpboot'})
+ self.assertEqual(vars['@{HOME}'], {'@{HOMEDIRS}/*/', '/root/', '/my/castle/'})
+
+ def test_extended_home_2(self):
+ write_file(self.profile_dir, 'tunables/home.d/extend_home', '@{HOME} += /my/castle/')
+ write_file(self.profile_dir, 'tunables/home.d/moving_around', '@{HOME} += /on/the/road/')
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'usr.sbin.dnsmasq')
+ vars = apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'usr.sbin.dnsmasq'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+ self.assertEqual(vars['@{TFTP_DIR}'], {'/var/tftp', '/srv/tftp', '/srv/tftpboot'})
+ self.assertEqual(vars['@{HOME}'], {'@{HOMEDIRS}/*/', '/root/', '/my/castle/', '/on/the/road/'})
+
+ def test_extend_home_in_mainfile(self):
+ write_file(self.profile_dir, 'tunables/home.d/extend_home', '@{HOME} += /my/castle/')
+ write_file(self.profile_dir, 'dummy_profile', 'include <tunables/global>\n@{HOME} += /in/the/profile/')
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'dummy_profile')
+ vars = apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'dummy_profile'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+ self.assertEqual(vars.get('@{TFTP_DIR}', None), None)
+ self.assertEqual(vars['@{HOME}'], {'@{HOMEDIRS}/*/', '/root/', '/my/castle/', '/in/the/profile/'})
+
+ def test_redefine_home(self):
+ write_file(self.profile_dir, 'tunables/home.d/overwrite_home', '@{HOME} = /my/castle/') # note: =, not +=
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'usr.sbin.dnsmasq')
+ with self.assertRaises(AppArmorException):
+ apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'usr.sbin.dnsmasq'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+
+ def test_add_to_nonexisting(self):
+ write_file(self.profile_dir, 'tunables/home.d/no_such_var', '@{NO_SUCH_HOME} += /my/castle/') # add to non-existing variable
+ self._load_profiles()
+ prof_filename = os.path.join(self.profile_dir, 'usr.sbin.dnsmasq')
+ with self.assertRaises(AppArmorException):
+ apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'usr.sbin.dnsmasq'), apparmor.aa.include_list_recursive(apparmor.aa.active_profiles.files[prof_filename]))
+
+ def test_vars_from_nonexisting_profile(self):
+ with self.assertRaises(AppArmorBug):
+ apparmor.aa.active_profiles.get_all_merged_variables(os.path.join(self.profile_dir, 'file.not.found'), list())
+
+setup_aa(apparmor.aa)
setup_all_loops(__name__)
if __name__ == '__main__':
unittest.main(verbosity=1)
diff --git a/utils/test/test-profile-storage.py b/utils/test/test-profile-storage.py
index 59ff89d4322baffc94fb97a530f96c5134ad19c3..bc219ea75c201cceda4a1d90e41a08d71f138d1a 100644
--- a/utils/test/test-profile-storage.py
+++ b/utils/test/test-profile-storage.py
@@ -13,7 +13,7 @@ import unittest
from common_test import AATest, setup_all_loops
from apparmor.common import AppArmorBug
-from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags
+from apparmor.profile_storage import ProfileStorage, add_or_remove_flag, split_flags, var_transform
class TestUnknownKey(AATest):
def AASetup(self):
@@ -50,6 +50,14 @@ class AaTest_add_or_remove_flag(AATest):
([ None, 'audit', False ], [] ),
([ 'complain', 'audit', True ], ['audit', 'complain'] ),
([ ' complain ', 'audit', False ], ['complain'] ),
+ ([ 'audit complain', ['audit', 'complain'], False ], [] ),
+ ([ 'audit complain', 'audit complain', False ], [] ),
+ ([ 'audit complain', ['audit', 'enforce'], False ], ['complain'] ),
+ ([ 'audit complain', 'audit enforce', False ], ['complain'] ),
+ ([ '', ['audit', 'complain'], True ], ['audit', 'complain'] ),
+ ([ '', 'audit complain', True ], ['audit', 'complain'] ),
+ ([ 'audit', ['audit', 'enforce'], True ], ['audit', 'enforce'] ),
+ ([ 'audit', 'audit enforce', True ], ['audit', 'enforce'] ),
]
def _run_test(self, params, expected):
@@ -72,6 +80,17 @@ class AaTest_split_flags(AATest):
split = split_flags(params)
self.assertEqual(split, expected)
+class AaTest_var_transform(AATest):
+ tests = [
+ (['foo', ''], '"" foo' ),
+ (['foo', 'bar'], 'bar foo' ),
+ ([''], '""' ),
+ (['bar baz', 'foo'], '"bar baz" foo' ),
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(var_transform(params), expected)
+
setup_all_loops(__name__)
if __name__ == '__main__':
diff --git a/utils/test/test-ptrace.py b/utils/test/test-ptrace.py
index 6029d82bc22209d83ae8a43a16645c9e0ab2b503..e8b637fbe6e18da194169eb4b893bdf7ee4d0490 100644
--- a/utils/test/test-ptrace.py
+++ b/utils/test/test-ptrace.py
@@ -84,7 +84,7 @@ class PtraceTestParseInvalid(PtraceTest):
class PtraceTestParseFromLog(PtraceTest):
def test_ptrace_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=AVC msg=audit(1409700683.304:547661): apparmor="DENIED" operation="ptrace" profile="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace" pid=22465 comm="ptrace" requested_mask="tracedby" denied_mask="tracedby" peer="/home/ubuntu/bzr/apparmor/tests/regression/apparmor/ptrace"'
@@ -169,7 +169,7 @@ class InvalidPtraceTest(AATest):
obj = None
self.assertFalse(PtraceRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = PtraceRule(PtraceRule.parse(rawrule))
+ obj = PtraceRule.parse(rawrule)
self.assertIsNone(obj, 'PtraceRule handed back an object unexpectedly')
@@ -368,9 +368,9 @@ class PtraceCoveredTest_07(PtraceCoveredTest):
('ptrace,' , [ False , False , False , False ]),
('ptrace read,' , [ False , False , False , False ]),
('ptrace read peer=/foo/bar,' , [ False , False , True , True ]),
- ('ptrace read peer=/foo/*,' , [ False , False , True , True ]),
- ('ptrace read peer=/**,' , [ False , False , True , True ]),
- ('ptrace read peer=/what/*,' , [ False , False , True , True ]),
+ ('ptrace read peer=/foo/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('ptrace read peer=/**,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('ptrace read peer=/what/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
('ptrace peer=/foo/bar,' , [ False , False , False , False ]),
('ptrace read, # comment' , [ False , False , False , False ]),
('allow ptrace read,' , [ False , False , False , False ]),
@@ -443,7 +443,7 @@ class PtraceCoveredTest_Invalid(AATest):
with self.assertRaises(AppArmorBug):
obj.is_covered(testobj)
- def test_invalid_is_equal(self):
+ def test_invalid_is_equal_1(self):
obj = PtraceRule.parse('ptrace read,')
testobj = BaseRule() # different type
@@ -451,6 +451,15 @@ class PtraceCoveredTest_Invalid(AATest):
with self.assertRaises(AppArmorBug):
obj.is_equal(testobj)
+ def test_invalid_is_equal_2(self):
+ obj = PtraceRule.parse('ptrace read,')
+
+ testobj = PtraceRule.parse('ptrace read,')
+ testobj.all_peers = False # make testobj invalid (should trigger exception in _is_equal_aare())
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(testobj)
+
class PtraceLogprofHeaderTest(AATest):
tests = [
@@ -478,6 +487,10 @@ class PtraceRulesTest(AATest):
self.assertEqual([], ruleset_2.get_raw(2))
self.assertEqual([], ruleset_2.get_clean(2))
+ # test __repr__() for empty ruleset
+ as_string = '%s' % ruleset
+ self.assertEqual(as_string, '<PtraceRuleset (empty) />')
+
def test_ruleset_1(self):
ruleset = PtraceRuleset()
rules = [
@@ -503,6 +516,10 @@ class PtraceRulesTest(AATest):
self.assertEqual(expected_raw, ruleset.get_raw())
self.assertEqual(expected_clean, ruleset.get_clean())
+ # test __repr__() for non-empty ruleset
+ as_string = '%s' % ruleset
+ self.assertEqual(as_string, '<PtraceRuleset>\n ptrace peer=/foo,\n ptrace read,\n</PtraceRuleset>')
+
def test_ruleset_2(self):
ruleset = PtraceRuleset()
rules = [
diff --git a/utils/test/test-regex_matches.py b/utils/test/test-regex_matches.py
index c34b59047c6305eef486eb9cf1de047bc7d7dceb..dfe25960c18b9555ea1a4e758cfeb16d5d5b65dc 100644
--- a/utils/test/test-regex_matches.py
+++ b/utils/test/test-regex_matches.py
@@ -15,6 +15,7 @@ from common_test import AATest, setup_all_loops, setup_aa
from apparmor.common import AppArmorBug, AppArmorException
from apparmor.regex import ( strip_parenthesis, strip_quotes, parse_profile_start_line, re_match_include,
+ re_match_include_parse,
RE_PROFILE_START, RE_PROFILE_DBUS, RE_PROFILE_CAP, RE_PROFILE_PTRACE, RE_PROFILE_SIGNAL )
@@ -437,6 +438,7 @@ class TestInvalid_parse_profile_start_line(AATest):
class Test_re_match_include(AATest):
tests = [
+ # #include
('#include <abstractions/base>', 'abstractions/base' ), # magic path
('#include <abstractions/base> # comment', 'abstractions/base' ),
('#include<abstractions/base>#comment', 'abstractions/base' ),
@@ -445,6 +447,7 @@ class Test_re_match_include(AATest):
('#include "/foo/bar" # comment', '/foo/bar' ),
('#include "/foo/bar"#comment', '/foo/bar' ),
(' #include "/foo/bar" ', '/foo/bar' ),
+ # include (without #)
('include <abstractions/base>', 'abstractions/base' ), # magic path
('include <abstractions/base> # comment', 'abstractions/base' ),
('include<abstractions/base>#comment', 'abstractions/base' ),
@@ -458,6 +461,8 @@ class Test_re_match_include(AATest):
(' /etc/fstab r,', None, ),
('/usr/include r,', None, ),
('/include r,', None, ),
+ (' #include if exists <abstractions/base>', None, ), # include if exists
+ (' #include if exists "/foo/bar"', None, ),
]
def _run_test(self, params, expected):
@@ -518,6 +523,92 @@ class TestInvalid_re_match_include(AATest):
with self.assertRaises(expected):
re_match_include(params)
+class Test_re_match_include_parse(AATest):
+ tests = [
+ # path if exists magic path
+ # #include
+ ('#include <abstractions/base>', ('abstractions/base', False, True ) ), # magic path
+ ('#include <abstractions/base> # comment', ('abstractions/base', False, True ) ),
+ ('#include<abstractions/base>#comment', ('abstractions/base', False, True ) ),
+ (' #include <abstractions/base> ', ('abstractions/base', False, True ) ),
+ ('#include "/foo/bar"', ('/foo/bar', False, False) ), # absolute path
+ ('#include "/foo/bar" # comment', ('/foo/bar', False, False) ),
+ ('#include "/foo/bar"#comment', ('/foo/bar', False, False) ),
+ (' #include "/foo/bar" ', ('/foo/bar', False, False) ),
+ # include (without #)
+ ('include <abstractions/base>', ('abstractions/base', False, True ) ), # magic path
+ ('include <abstractions/base> # comment', ('abstractions/base', False, True ) ),
+ ('include<abstractions/base>#comment', ('abstractions/base', False, True ) ),
+ (' include <abstractions/base> ', ('abstractions/base', False, True ) ),
+ ('include "/foo/bar"', ('/foo/bar', False, False) ), # absolute path
+ ('include "/foo/bar" # comment', ('/foo/bar', False, False) ),
+ ('include "/foo/bar"#comment', ('/foo/bar', False, False) ),
+ (' include "/foo/bar" ', ('/foo/bar', False, False) ),
+ # #include if exists
+ ('#include if exists <abstractions/base>', ('abstractions/base', True, True ) ), # magic path
+ ('#include if exists <abstractions/base> # comment', ('abstractions/base', True, True ) ),
+ ('#include if exists<abstractions/base>#comment', ('abstractions/base', True, True ) ),
+ (' #include if exists<abstractions/base> ', ('abstractions/base', True, True ) ),
+ ('#include if exists "/foo/bar"', ('/foo/bar', True, False) ), # absolute path
+ ('#include if exists "/foo/bar" # comment', ('/foo/bar', True, False) ),
+ ('#include if exists "/foo/bar"#comment', ('/foo/bar', True, False) ),
+ (' #include if exists "/foo/bar" ', ('/foo/bar', True, False) ),
+ # include if exists (without #)
+ ('include if exists <abstractions/base>', ('abstractions/base', True, True ) ), # magic path
+ ('include if exists <abstractions/base> # comment', ('abstractions/base', True, True ) ),
+ ('include if exists<abstractions/base>#comment', ('abstractions/base', True, True ) ),
+ (' include if exists<abstractions/base> ', ('abstractions/base', True, True ) ),
+ ('include if exists "/foo/bar"', ('/foo/bar', True, False) ), # absolute path
+ ('include if exists "/foo/bar" # comment', ('/foo/bar', True, False) ),
+ ('include if exists "/foo/bar"#comment', ('/foo/bar', True, False) ),
+ (' include if exists "/foo/bar" ', ('/foo/bar', True, False) ),
+
+ (' some #include if exists <abstractions/base>', (None, None, None ) ), # non-matching
+ (' /etc/fstab r,', (None, None, None ) ),
+ ('/usr/include r,', (None, None, None ) ),
+ ('/include r,', (None, None, None ) ),
+ ('abi <abi/4.19>,', (None, None, None ) ), # abi rule
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(re_match_include_parse(params, 'include'), expected)
+
+class Test_re_match_include_parse_abi(AATest):
+ tests = [
+ # path if exists magic path
+ ('abi <abi/4.19>,', ('abi/4.19', False, True ) ), # magic path
+ ('abi <abi/4.19>, # comment', ('abi/4.19', False, True ) ),
+ (' abi <abi/4.19> , # comment', ('abi/4.19', False, True ) ),
+ ('abi "/abi/4.19" ,', ('/abi/4.19', False, False) ), # quoted path starting with /
+ ('abi "/abi/4.19", # comment', ('/abi/4.19', False, False) ),
+ (' abi "/abi/4.19" , # comment ', ('/abi/4.19', False, False) ),
+ (' abi "abi/4.19" , # comment ', ('abi/4.19', False, False) ), # quoted path, no leading /
+ ('abi abi/4.19,', ('abi/4.19', False, False) ), # without quotes
+ ('some abi <abi/4.19>,', (None, None, None ) ), # non-matching
+ (' /etc/fstab r,', (None, None, None ) ),
+ ('/usr/abi r,', (None, None, None ) ),
+ ('/abi r,', (None, None, None ) ),
+ ('#include <abstractions/base>', (None, None, None ) ), # include rule path
+ ]
+
+ def _run_test(self, params, expected):
+ self.assertEqual(re_match_include_parse(params, 'abi'), expected)
+
+class Test_re_match_include_parse_errors(AATest):
+ tests = [
+ (('include <>', 'include'), AppArmorException), # various rules with empty filename
+ (('include ""', 'include'), AppArmorException),
+ (('include ', 'include'), AppArmorException),
+ (('abi <>,', 'abi'), AppArmorException),
+ (('abi "",', 'abi'), AppArmorException),
+ (('abi ,', 'abi'), AppArmorException),
+ (('abi <foo>,', 'invalid'), AppArmorBug), # invalid rule name
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ rule, rule_name = params
+ re_match_include_parse(rule, rule_name)
class TestStripParenthesis(AATest):
tests = [
diff --git a/utils/test/test-rlimit.py b/utils/test/test-rlimit.py
index 15dc8183ecb3aebe6b516ad81b20b69fcf7ec194..a1e0413408fc92601f3fc063dea708030021ec3e 100644
--- a/utils/test/test-rlimit.py
+++ b/utils/test/test-rlimit.py
@@ -96,7 +96,7 @@ class RlimitTestParseInvalid(RlimitTest):
class RlimitTestParseFromLog(RlimitTest):
pass
# def test_net_from_log(self):
- # parser = ReadLog('', '', '', '')
+ # parser = ReadLog('', '', '')
# event = 'type=AVC ...'
@@ -176,7 +176,7 @@ class InvalidRlimitTest(AATest):
obj = None
self.assertFalse(RlimitRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = RlimitRule(RlimitRule.parse(rawrule))
+ obj = RlimitRule.parse(rawrule)
self.assertIsNone(obj, 'RlimitRule handed back an object unexpectedly')
diff --git a/utils/test/test-severity.py b/utils/test/test-severity.py
index 9c9bb61a629d8c6e72b2e08279b7d2602ae862a7..1e80ff100030b64b161105c01e6cbd80c439c93c 100755
--- a/utils/test/test-severity.py
+++ b/utils/test/test-severity.py
@@ -75,32 +75,6 @@ class SeverityTestCap(SeverityBaseTest):
class SeverityVarsTest(SeverityBaseTest):
-
- VARIABLE_DEFINITIONS = '''
-@{HOME}=@{HOMEDIRS}/*/ /root/
-@{HOMEDIRS}=/home/
-# add another path to @{HOMEDIRS}
-@{HOMEDIRS}+=/storage/
-@{multiarch}=*-linux-gnu*
-@{TFTP_DIR}=/var/tftp /srv/tftpboot
-@{PROC}=/proc/
-@{pid}={[1-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9]}
-@{tid}=@{pid}
-@{pids}=@{pid}
-@{somepaths}=/home/foo/downloads @{HOMEDIRS}/foo/.ssh/
-'''
-
- def _init_tunables(self, content=''):
- if not content:
- content = self.VARIABLE_DEFINITIONS
-
- self.rules_file = self.writeTmpfile('tunables', content)
-
- self.sev_db.load_variables(self.rules_file)
-
- def AATeardown(self):
- self.sev_db.unload_variables()
-
tests = [
(['@{PROC}/sys/vm/overcommit_memory', 'r'], 6),
(['@{HOME}/sys/@{PROC}/overcommit_memory', 'r'], 4),
@@ -110,22 +84,17 @@ class SeverityVarsTest(SeverityBaseTest):
]
def _run_test(self, params, expected):
- self._init_tunables()
+ vars = {
+ '@{HOME}': {'@{HOMEDIRS}/*/', '/root/'},
+ '@{HOMEDIRS}': {'/home/', '/storage/'},
+ '@{multiarch}': {'*-linux-gnu*'},
+ '@{TFTP_DIR}': {'/var/tftp /srv/tftpboot'},
+ '@{PROC}': {'/proc/'},
+ '@{somepaths}': {'/home/foo/downloads', '@{HOMEDIRS}/foo/.ssh/'},
+ }
+ self.sev_db.set_variables(vars)
self._simple_severity_w_perm(params[0], params[1], expected)
- def test_include(self):
- self._init_tunables('#include <file/not/found>') # including non-existing files doesn't raise an exception
-
- self.assertTrue(True) # this test only makes sure that loading the tunables file works
-
- def test_invalid_variable_add(self):
- with self.assertRaises(AppArmorException):
- self._init_tunables('@{invalid} += /home/')
-
- def test_invalid_variable_double_definition(self):
- with self.assertRaises(AppArmorException):
- self._init_tunables('@{foo} = /home/\n@{foo} = /root/')
-
class SeverityDBTest(AATest):
def _test_db(self, contents):
self.db_file = self.writeTmpfile('severity.db', contents)
diff --git a/utils/test/test-signal.py b/utils/test/test-signal.py
index 29cfaf11cec751cb54d5bd15cb21f478be49b6b1..f95a17885931c3eaf58682429e449cdd47a1d796 100644
--- a/utils/test/test-signal.py
+++ b/utils/test/test-signal.py
@@ -89,7 +89,7 @@ class SignalTestParseInvalid(SignalTest):
class SignalTestParseFromLog(SignalTest):
def test_signal_from_log(self):
- parser = ReadLog('', '', '', '')
+ parser = ReadLog('', '', '')
event = 'type=AVC msg=audit(1409438250.564:201): apparmor="DENIED" operation="signal" profile="/usr/bin/pulseaudio" pid=2531 comm="pulseaudio" requested_mask="send" denied_mask="send" signal=term peer="/usr/bin/pulseaudio///usr/lib/pulseaudio/pulse/gconf-helper"'
parsed_event = parser.parse_event(event)
@@ -183,7 +183,7 @@ class InvalidSignalTest(AATest):
obj = None
self.assertFalse(SignalRule.match(rawrule))
with self.assertRaises(AppArmorException):
- obj = SignalRule(SignalRule.parse(rawrule))
+ obj = SignalRule.parse(rawrule)
self.assertIsNone(obj, 'SignalRule handed back an object unexpectedly')
@@ -416,9 +416,9 @@ class SignalCoveredTest_08(SignalCoveredTest):
('signal,' , [ False , False , False , False ]),
('signal send,' , [ False , False , False , False ]),
('signal send peer=/foo/bar,' , [ False , False , True , True ]),
- ('signal send peer=/foo/*,' , [ False , False , True , True ]),
- ('signal send peer=/**,' , [ False , False , True , True ]),
- ('signal send peer=/what/*,' , [ False , False , True , True ]),
+ ('signal send peer=/foo/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('signal send peer=/**,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
+ ('signal send peer=/what/*,' , [ False , False , False , False ]), # TODO: wildcard vs. wildcard never matches in is_covered_aare()
('signal peer=/foo/bar,' , [ False , False , False , False ]),
('signal send, # comment' , [ False , False , False , False ]),
('allow signal send,' , [ False , False , False , False ]),
diff --git a/utils/test/test-translations.py b/utils/test/test-translations.py
index 1391ffe26561251ad423921db41d0143a6cbdd34..e1b91623d4bc0a60916b35c40dd714e305ff6945 100644
--- a/utils/test/test-translations.py
+++ b/utils/test/test-translations.py
@@ -29,10 +29,9 @@ class TestHotkeyConflicts(AATest):
(['CMD_ALLOW', 'CMD_DENY', 'CMD_IGNORE_ENTRY', 'CMD_GLOB', 'CMD_GLOBEXT', 'CMD_NEW', 'CMD_AUDIT_NEW', 'CMD_USER_OFF', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py available_buttons() with CMD_AUDIT_NEW and CMD_USER_OFF
(['CMD_SAVE_CHANGES', 'CMD_SAVE_SELECTED', 'CMD_VIEW_CHANGES', 'CMD_VIEW_CHANGES_CLEAN', 'CMD_ABORT'], True), # aa.py save_profiles()
(['CMD_VIEW_PROFILE', 'CMD_USE_PROFILE', 'CMD_CREATE_PROFILE', 'CMD_ABORT'], True), # aa.py get_profile()
- (['CMD_UPLOAD_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ASK_LATER', 'CMD_ASK_NEVER', 'CMD_ABORT'], True), # aa.py console_select_and_upload_profiles()
(['CMD_ix', 'CMD_pix', 'CMD_cix', 'CMD_nix', 'CMD_EXEC_IX_OFF', 'CMD_ux', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py build_x_functions() with exec_toggle
(['CMD_ix', 'CMD_cx', 'CMD_px', 'CMD_nx', 'CMD_ux', 'CMD_EXEC_IX_ON', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py build_x_functions() without exec_toggle
- (['CMD_ADDHAT', 'CMD_USEDEFAULT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py handle_children()
+ (['CMD_ADDHAT', 'CMD_USEDEFAULT', 'CMD_DENY', 'CMD_ABORT', 'CMD_FINISHED'], True), # aa.py ask_addhat()
(['CMD_YES', 'CMD_NO', 'CMD_CANCEL'], True), # ui.py UI_YesNo() and UI_YesNoCancel
(['CMD_SAVE_CHANGES', 'CMD_VIEW_CHANGES', 'CMD_ABORT', 'CMD_IGNORE_ENTRY'], True), # aa-mergeprof act()
(['CMD_ALLOW', 'CMD_ABORT'], True), # aa-mergeprof conflict_mode()
diff --git a/utils/test/test-variable.py b/utils/test/test-variable.py
new file mode 100644
index 0000000000000000000000000000000000000000..95800acbcf20415b22a4bc4fce4f1327946946d7
--- /dev/null
+++ b/utils/test/test-variable.py
@@ -0,0 +1,406 @@
+#!/usr/bin/python3
+# ----------------------------------------------------------------------
+# Copyright (C) 2020 Christian Boltz <apparmor@cboltz.de>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of version 2 of the GNU General Public
+# License as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# ----------------------------------------------------------------------
+
+import unittest
+from collections import namedtuple
+from common_test import AATest, setup_all_loops
+
+from apparmor.rule.variable import VariableRule, VariableRuleset, separate_vars
+from apparmor.rule import BaseRule
+from apparmor.common import AppArmorException, AppArmorBug
+from apparmor.translations import init_translation
+_ = init_translation()
+
+exp = namedtuple('exp', ['comment',
+ 'varname', 'mode', 'values'])
+
+# --- tests for single VariableRule --- #
+
+class VariableTest(AATest):
+ def _compare_obj(self, obj, expected):
+ # variables don't support the allow, audit or deny keyword
+ self.assertEqual(False, obj.allow_keyword)
+ self.assertEqual(False, obj.audit)
+ self.assertEqual(False, obj.deny)
+
+ self.assertEqual(expected.varname, obj.varname)
+ self.assertEqual(expected.mode, obj.mode)
+ self.assertEqual(expected.values, obj.values)
+ self.assertEqual(expected.comment, obj.comment)
+
+class AaTest_separate_vars(AATest):
+ tests = [
+ ('' , set() ),
+ (' ' , set() ),
+ (' foo bar' , {'foo', 'bar' }),
+ ('foo " ' , AppArmorException ),
+ (' " foo ' , AppArmorException ), # half-quoted
+ (' foo bar ' , {'foo', 'bar' }),
+ (' foo bar # comment' , {'foo', 'bar', '#', 'comment'}), # XXX should comments be stripped?
+ ('foo' , {'foo' }),
+ ('"foo" "bar baz"' , {'foo', 'bar baz' }),
+ ('foo "bar baz" xy' , {'foo', 'bar baz', 'xy' }),
+ ('foo "bar baz ' , AppArmorException ), # half-quoted
+ (' " foo" bar' , {' foo', 'bar' }),
+ (' " foo" bar x' , {' foo', 'bar', 'x' }),
+ ('""' , {'' }), # empty value
+ ('"" foo' , {'', 'foo' }), # empty value + 'foo'
+ ('"" foo "bar"' , {'', 'foo', 'bar' }), # empty value + 'foo' + 'bar' (bar has superfluous quotes)
+ ('"bar"' , {'bar' }), # 'bar' with superfluous quotes
+ ]
+
+ def _run_test(self, params, expected):
+ if expected == AppArmorException:
+ with self.assertRaises(expected):
+ separate_vars(params)
+ else:
+ result = separate_vars(params)
+ self.assertEqual(result, expected)
+
+class VariableTestParse(VariableTest):
+ tests = [
+ # rawrule comment varname mode values
+ ('@{foo}=/bar', exp('', '@{foo}', '=', {'/bar'} )),
+ ('@{foo}+=/bar', exp('', '@{foo}', '+=', {'/bar'} )),
+ (' @{foo} = /bar ', exp('', '@{foo}', '=', {'/bar'} )),
+ (' @{foo} += /bar', exp('', '@{foo}', '+=', {'/bar'} )),
+ (' @{foo} = /bar # comment', exp(' # comment', '@{foo}', '=', {'/bar'} )),
+ (' @{foo} += /bar # comment', exp(' # comment', '@{foo}', '+=', {'/bar'} )),
+ ('@{foo}=/bar /baz', exp('', '@{foo}', '=', {'/bar', '/baz'} )),
+ ('@{foo} = "/bar," # comment', exp(' # comment', '@{foo}', '=', {'/bar,'} )), # value with trailing comma, needs to be quoted
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(VariableRule.match(rawrule))
+ obj = VariableRule.parse(rawrule)
+ self.assertEqual(rawrule.strip(), obj.raw_rule)
+ self._compare_obj(obj, expected)
+
+class VariableTestParseInvalid(VariableTest):
+ tests = [
+ # rawrule matches regex exception
+ ('@{foo} =', (False, AppArmorException)),
+ ('@ {foo} = # comment', (False, AppArmorException)),
+ ('@ {foo} = ', (False, AppArmorException)),
+ ('@{foo} = /foo,', (True, AppArmorException)), # trailing comma
+ ('@{foo} = /foo, ', (True, AppArmorException)), # trailing comma
+ ('@{foo} = /foo, # comment', (True, AppArmorException)), # trailing comma
+ ('@{foo} = /foo, /bar', (True, AppArmorException)), # trailing comma in first value
+ ('@{foo = /foo f', (True, AppArmorException)), # variable name broken, missing }
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertEqual(VariableRule.match(rawrule), expected[0])
+ with self.assertRaises(expected[1]):
+ VariableRule.parse(rawrule)
+
+class VariableFromInit(VariableTest):
+ tests = [
+ # VariableRule object comment varname mode values
+ (VariableRule('@{foo}', '=', {'/bar'}), exp('', '@{foo}', '=', {'/bar'} )),
+ (VariableRule('@{foo}', '+=', {'/bar'}), exp('', '@{foo}', '+=', {'/bar'} )),
+ (VariableRule('@{foo}', '=', {'/bar', '/baz'}), exp('', '@{foo}', '=', {'/bar', '/baz'} )),
+ (VariableRule('@{foo}', '+=', {'/bar', '/baz'}), exp('', '@{foo}', '+=', {'/bar', '/baz'} )),
+ (VariableRule('@{foo}', '=', {'/bar'}, comment='# cmt'), exp('# cmt', '@{foo}', '=', {'/bar'} )),
+ (VariableRule('@{foo}', '+=', {'/bar'}, comment='# cmt'), exp('# cmt', '@{foo}', '+=', {'/bar'} )),
+ ]
+
+ def _run_test(self, obj, expected):
+ self._compare_obj(obj, expected)
+
+
+class InvalidVariableInit(AATest):
+ tests = [
+ # init params expected exception
+ ([None, '=', ['/bar'] ], AppArmorBug), # varname not a str
+ (['', '=', ['/bar'] ], AppArmorException), # empty varname
+ (['foo', '=', ['/bar'] ], AppArmorException), # varname not starting with '@{'
+ (['foo', '=', ['/bar'] ], AppArmorException), # varname not starting with '@{'
+
+ (['@{foo}', '', ['/bar'] ], AppArmorBug), # mode not '=' or '+='
+ (['@{foo}', '-=', ['/bar'] ], AppArmorBug), # mode not '=' or '+='
+ (['@{foo}', ' ', ['/bar'] ], AppArmorBug), # mode not '=' or '+='
+ (['@{foo}', None, ['/bar'] ], AppArmorBug), # mode not '=' or '+='
+
+ (['@{foo}', '=', None ], AppArmorBug), # values not a set
+ (['@{foo}', '=', set() ], AppArmorException), # empty values
+ ]
+
+ def _run_test(self, params, expected):
+ with self.assertRaises(expected):
+ VariableRule(params[0], params[1], params[2])
+
+ def test_missing_params_1(self):
+ with self.assertRaises(TypeError):
+ VariableRule()
+
+ def test_missing_params_2(self):
+ with self.assertRaises(TypeError):
+ VariableRule('@{foo}')
+
+ def test_missing_params_3(self):
+ with self.assertRaises(TypeError):
+ VariableRule('@{foo}', '=')
+
+ def test_invalid_audit(self):
+ with self.assertRaises(AppArmorBug):
+ VariableRule('@{foo}', '=', '/bar', audit=True)
+
+ def test_invalid_deny(self):
+ with self.assertRaises(AppArmorBug):
+ VariableRule('@{foo}', '=', '/bar', deny=True)
+
+
+class InvalidVariableTest(AATest):
+ def _check_invalid_rawrule(self, rawrule, matches_regex=False):
+ obj = None
+ self.assertEqual(VariableRule.match(rawrule), matches_regex)
+ with self.assertRaises(AppArmorException):
+ obj = VariableRule.parse(rawrule)
+
+ self.assertIsNone(obj, 'VariableRule handed back an object unexpectedly')
+
+ def test_invalid_missing_values(self):
+ self._check_invalid_rawrule('@{foo} = ', matches_regex=True) # missing values
+
+ def test_invalid_net_non_VariableRule(self):
+ self._check_invalid_rawrule('dbus,') # not a variable rule
+
+
+class WriteVariableTestAATest(AATest):
+ tests = [
+ # raw rule clean rule
+ (' @{foo} = /bar ', '@{foo} = /bar'),
+ (' @{foo} = /bar # comment', '@{foo} = /bar'),
+ (' @{foo} = /bar ""', '@{foo} = "" /bar'),
+ (' @{foo} += /bar ', '@{foo} += /bar'),
+ (' @{foo} += /bar # comment', '@{foo} += /bar'),
+ (' @{foo} += /bar /baz', '@{foo} += /bar /baz'),
+ (' @{foo} += /bar /baz', '@{foo} += /bar /baz'),
+ (' @{foo} += /bar @{baz}', '@{foo} += /bar @{baz}'),
+ (' @{foo} += /bar @{baz}', '@{foo} += /bar @{baz}'),
+ ]
+
+ def _run_test(self, rawrule, expected):
+ self.assertTrue(VariableRule.match(rawrule))
+ obj = VariableRule.parse(rawrule)
+ clean = obj.get_clean()
+ raw = obj.get_raw()
+
+ self.assertEqual(expected.strip(), clean, 'unexpected clean rule')
+ self.assertEqual(rawrule.strip(), raw, 'unexpected raw rule')
+
+ def test_write_manually_1(self):
+ obj = VariableRule('@{foo}', '=', {'/bar'})
+
+ expected = ' @{foo} = /bar'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+ def test_write_manually_2(self):
+ obj = VariableRule('@{foo}', '=', {'/bar', ''})
+
+ expected = ' @{foo} = "" /bar'
+
+ self.assertEqual(expected, obj.get_clean(2), 'unexpected clean rule')
+ self.assertEqual(expected, obj.get_raw(2), 'unexpected raw rule')
+
+
+class VariableCoveredTest(AATest):
+ def _run_test(self, param, expected):
+ obj = VariableRule.parse(self.rule)
+ check_obj = VariableRule.parse(param)
+
+ self.assertTrue(VariableRule.match(param))
+
+ self.assertEqual(obj.is_equal(check_obj), expected[0], 'Mismatch in is_equal, expected %s' % expected[0])
+ self.assertEqual(obj.is_equal(check_obj, True), expected[1], 'Mismatch in is_equal/strict, expected %s' % expected[1])
+
+ self.assertEqual(obj.is_covered(check_obj), expected[2], 'Mismatch in is_covered, expected %s' % expected[2])
+ self.assertEqual(obj.is_covered(check_obj, True, True), expected[3], 'Mismatch in is_covered/exact, expected %s' % expected[3])
+
+class VariableCoveredTest_01(VariableCoveredTest):
+ rule = '@{foo} = /bar'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ (' @{foo} = /bar' , [ True , True , True , True ]),
+ (' @{foo} += /bar' , [ False , False , False , False ]),
+ (' @{foo} = /bar # comment' , [ True , False , True , True ]),
+ (' @{foo} += /bar # comment' , [ False , False , False , False ]),
+ (' @{foo} = /baz /bar' , [ False , False , False , False ]),
+ (' @{foo} += /baz /bar' , [ False , False , False , False ]),
+ (' @{foo} = /baz /bar # cmt' , [ False , False , False , False ]),
+ (' @{foo} += /baz /bar # cmt' , [ False , False , False , False ]),
+ (' @{bar} = /bar' , [ False , False , False , False ]), # different variable name
+ ]
+
+class VariableCoveredTest_02(VariableCoveredTest):
+ rule = '@{foo} = /bar /baz'
+
+ tests = [
+ # rule equal strict equal covered covered exact
+ (' @{foo} = /bar /baz' , [ True , True , True , True ]),
+ (' @{foo} += /bar /baz' , [ False , False , False , False ]),
+ (' @{foo} = /bar /baz # cmt' , [ True , False , True , True ]),
+ (' @{foo} += /bar /baz # cmt' , [ False , False , False , False ]),
+ # changed order of values
+ (' @{foo} = /baz /bar' , [ True , False , True , True ]),
+ (' @{foo} += /baz /bar' , [ False , False , False , False ]),
+ (' @{foo} = /baz /bar # cmt' , [ True , False , True , True ]),
+ (' @{foo} += /baz /bar # cmt' , [ False , False , False , False ]),
+ # only one value
+ (' @{foo} = /bar' , [ False , False , True , True ]),
+ (' @{foo} += /bar' , [ False , False , False , False ]),
+ (' @{foo} = /bar # comment' , [ False , False , True , True ]),
+ (' @{foo} += /bar # comment' , [ False , False , False , False ]),
+ (' @{bar} = /bar' , [ False , False , False , False ]), # different variable name
+ ]
+
+class VariableCoveredTest_Invalid(AATest):
+# def test_borked_obj_is_covered_1(self):
+# obj = VariableRule.parse('@{foo} = /bar')
+
+# testobj = VariableRule('@{foo}', '=', '/bar')
+# testobj.mode = ''
+
+# with self.assertRaises(AppArmorBug):
+# obj.is_covered(testobj)
+
+ def test_borked_obj_is_covered_2(self):
+ obj = VariableRule.parse('@{foo} = /bar')
+
+ testobj = VariableRule('@{foo}', '=', {'/bar'})
+ testobj.values = ''
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ def test_invalid_is_covered_3(self):
+ obj = VariableRule.parse('@{foo} = /bar')
+
+ testobj = BaseRule() # different type
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_covered(testobj)
+
+ def test_invalid_is_equal(self):
+ obj = VariableRule.parse('@{foo} = /bar')
+
+ testobj = BaseRule() # different type
+
+ with self.assertRaises(AppArmorBug):
+ obj.is_equal(testobj)
+
+class VariableLogprofHeaderTest(AATest):
+ tests = [
+ ('@{foo} = /bar', [_('Variable'), '@{foo} = /bar' ]),
+ ]
+
+ def _run_test(self, params, expected):
+ obj = VariableRule._parse(params)
+ self.assertEqual(obj.logprof_header(), expected)
+
+# --- tests for VariableRuleset --- #
+
+class VariableRulesTest(AATest):
+ def test_empty_ruleset(self):
+ ruleset = VariableRuleset()
+ ruleset_2 = VariableRuleset()
+ self.assertEqual([], ruleset.get_raw(2))
+ self.assertEqual([], ruleset.get_clean(2))
+ self.assertEqual([], ruleset_2.get_raw(2))
+ self.assertEqual([], ruleset_2.get_clean(2))
+ self.assertEqual({'=': {}, '+=': {}}, ruleset_2.get_merged_variables())
+
+ def test_ruleset_1(self):
+ ruleset = VariableRuleset()
+ rules = [
+ '@{foo} = /bar',
+ '@{baz}= /asdf',
+ '@{foo} += /whatever',
+ '@{foo} += /morestuff',
+ ]
+
+ expected_raw = [
+ '@{foo} = /bar',
+ '@{baz}= /asdf',
+ '@{foo} += /whatever',
+ '@{foo} += /morestuff',
+ '',
+ ]
+
+ expected_clean = [
+ '@{baz} = /asdf',
+ '@{foo} += /morestuff',
+ '@{foo} += /whatever',
+ '@{foo} = /bar',
+ '',
+ ]
+
+ expected_clean_unsorted = [
+ '@{foo} = /bar',
+ '@{baz} = /asdf',
+ '@{foo} += /whatever',
+ '@{foo} += /morestuff',
+ '',
+ ]
+
+ expected_merged = {
+ '=': {
+ '@{foo}': {'/bar'},
+ '@{baz}': {'/asdf'},
+ },
+ '+=': {
+ '@{foo}': {'/whatever', '/morestuff'},
+ }
+ }
+
+ for rule in rules:
+ ruleset.add(VariableRule.parse(rule))
+
+ self.assertEqual(expected_raw, ruleset.get_raw())
+ self.assertEqual(expected_clean, ruleset.get_clean())
+ self.assertEqual(expected_clean_unsorted, ruleset.get_clean_unsorted())
+ self.assertEqual(expected_merged, ruleset.get_merged_variables())
+
+ def test_ruleset_overwrite(self):
+ ruleset = VariableRuleset()
+
+ ruleset.add(VariableRule.parse('@{foo} = /bar'))
+ with self.assertRaises(AppArmorException):
+ ruleset.add(VariableRule.parse('@{foo} = /asdf')) # attempt to redefine @{foo}
+ self.assertEqual({'=': {'@{foo}': {'/bar'} }, '+=': {}}, ruleset.get_merged_variables())
+
+class VariableGlobTestAATest(AATest):
+ def setUp(self):
+ self.ruleset = VariableRuleset()
+
+# def test_glob_1(self):
+# with self.assertRaises(NotImplementedError):
+# self.ruleset.get_glob('@{foo} = /bar')
+
+ def test_glob_ext(self):
+ with self.assertRaises(NotImplementedError):
+ # get_glob_ext is not available for change_profile rules
+ self.ruleset.get_glob_ext('@{foo} = /bar')
+
+class VariableDeleteTestAATest(AATest):
+ pass
+
+setup_all_loops(__name__)
+if __name__ == '__main__':
+ unittest.main(verbosity=1)
diff --git a/utils/test/wtmp-examples/wtmp-aarch64 b/utils/test/wtmp-examples/wtmp-aarch64
new file mode 100644
index 0000000000000000000000000000000000000000..3703b5fc4f7dd11479e4918ac160904fa9d5e193
Binary files /dev/null and b/utils/test/wtmp-examples/wtmp-aarch64 differ
diff --git a/utils/test/wtmp-examples/wtmp-aarch64-expected-output b/utils/test/wtmp-examples/wtmp-aarch64-expected-output
new file mode 100644
index 0000000000000000000000000000000000000000..d3caeecf219f9d2134cf4c80d1a63ea48318523a
--- /dev/null
+++ b/utils/test/wtmp-examples/wtmp-aarch64-expected-output
@@ -0,0 +1,5 @@
+guillaum pts/3 192.168.0.2 Mon Jan 25 08:19 - 09:36 (01:17)
+
+Example and expected output taken from https://bugzilla.opensuse.org/show_bug.cgi?id=1181155
+
+On openSUSE, aarch64 is little endian.
diff --git a/utils/test/wtmp-examples/wtmp-s390x b/utils/test/wtmp-examples/wtmp-s390x
new file mode 100644
index 0000000000000000000000000000000000000000..9e218ea596aae9f1012a0090138778e245fa1b56
Binary files /dev/null and b/utils/test/wtmp-examples/wtmp-s390x differ
diff --git a/utils/test/wtmp-examples/wtmp-s390x-expected-output b/utils/test/wtmp-examples/wtmp-s390x-expected-output
new file mode 100644
index 0000000000000000000000000000000000000000..de4d5fff60effa7acfe03e363a0b2f0e26711c85
--- /dev/null
+++ b/utils/test/wtmp-examples/wtmp-s390x-expected-output
@@ -0,0 +1,13 @@
+linux1@opensuse03:~> last
+linux1 pts/0 77.21.253.246 Thu Jul 15 13:06 still logged in
+root pts/0 77.21.253.246 Thu Jul 15 13:06 - 13:06 (00:00)
+linux1 pts/0 77.21.253.246 Thu Jul 15 13:01 - 13:05 (00:04)
+linux1 pts/0 94.134.117.140 Thu Jul 15 08:15 - 08:16 (00:01)
+linux1 pts/0 10.6.22.160 Tue Jul 13 07:42 - 07:42 (00:00)
+reboot system boot 5.3.18-24.67-def Tue Jul 13 07:41 still running
+linux1 pts/0 10.6.22.160 Tue Jul 13 07:41 - 07:41 (00:00)
+linux1 pts/0 10.6.22.160 Tue Jul 13 07:37 - 07:41 (00:03)
+reboot system boot 5.3.18-24.64-def Tue Jul 13 07:30 - 07:41 (00:11)
+
+wtmp beginnt Tue Jul 13 07:30:36 2021
+linux1@opensuse03:~>
diff --git a/utils/test/wtmp-examples/wtmp-truncated b/utils/test/wtmp-examples/wtmp-truncated
new file mode 100644
index 0000000000000000000000000000000000000000..3b34f439c28bc4239a1cc869470b01173f34fbc1
Binary files /dev/null and b/utils/test/wtmp-examples/wtmp-truncated differ
diff --git a/utils/test/wtmp-examples/wtmp-x86_64 b/utils/test/wtmp-examples/wtmp-x86_64
new file mode 100644
index 0000000000000000000000000000000000000000..7620d49d5c2510727a2fb2af2f8825c4f1e6c823
Binary files /dev/null and b/utils/test/wtmp-examples/wtmp-x86_64 differ
diff --git a/utils/test/wtmp-examples/wtmp-x86_64-expected b/utils/test/wtmp-examples/wtmp-x86_64-expected
new file mode 100644
index 0000000000000000000000000000000000000000..643b408172799fdc358f0383b59ed252a8b4011f
--- /dev/null
+++ b/utils/test/wtmp-examples/wtmp-x86_64-expected
@@ -0,0 +1,3 @@
+root pts/0 monitor.infra.op Sun Oct 24 12:12 gone - no logout
+
+wtmp-x86_64 begins Sun Oct 24 12:12:25 2021
diff --git a/utils/test/wtmp-examples/wtmp-x86_64-past b/utils/test/wtmp-examples/wtmp-x86_64-past
new file mode 100644
index 0000000000000000000000000000000000000000..4cdbf693926caddcb6675466659cfe622830bb73
Binary files /dev/null and b/utils/test/wtmp-examples/wtmp-x86_64-past differ
diff --git a/utils/test/wtmp-examples/wtmp-x86_64-past-expected b/utils/test/wtmp-examples/wtmp-x86_64-past-expected
new file mode 100644
index 0000000000000000000000000000000000000000..1352ccbf7429ed30b107f78122db629498521f29
--- /dev/null
+++ b/utils/test/wtmp-examples/wtmp-x86_64-past-expected
@@ -0,0 +1,3 @@
+root pts/0 blast.from.the.p Thu Dec 30 00:00 gone - no logout
+
+wtmp-x86_64-past begins Thu Dec 30 00:00:00 1999
diff --git a/utils/vim/apparmor.vim.in b/utils/vim/apparmor.vim.in
index e2677d83fc78be2f63a58f25dc8f5e4251991512..89c6d2eabbf3608af4b479d72f4488573af216db 100644
--- a/utils/vim/apparmor.vim.in
+++ b/utils/vim/apparmor.vim.in
@@ -189,6 +189,8 @@ syn match sdInclude /\s*include\s<\S*>/ " TODO: doesn't check until $
syn match sdInclude /\s*#include\sif\sexists\s<\S*>/ " TODO: doesn't check until $
syn match sdInclude /\s*include\sif\sexists\s<\S*>/ " TODO: doesn't check until $
+syn match sdInclude /\s*abi\s<\S*>\s*,/ contains=sdComment " TODO: doesn't check until $
+
" basic profile block...
" \s+ does not work in end=, therefore using \s\s*
syn region Normal start=/\v^(profile\s+)?\S+\s+@@flags@@=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
diff --git a/utils/vim/apparmor.vim.pod b/utils/vim/apparmor.vim.pod
index 09f55721aa6104535c94104642103ccb5d99bbd1..1d9e1ed768c14d48bdabbf23036fb5faeb587568 100644
--- a/utils/vim/apparmor.vim.pod
+++ b/utils/vim/apparmor.vim.pod
@@ -48,7 +48,7 @@ but it may help you understand your profiles better.
B<apparmor.vim> does not properly detect dark versus light backgrounds.
Patches accepted. If you find any bugs, please report them at
-L<https://bugs.launchpad.net/apparmor/+filebug>.
+L<https://gitlab.com/apparmor/apparmor/-/issues>.
=head1 SEE ALSO